Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: bka trojaner entfernen - wie gehts weiter?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.08.2012, 12:16   #1
blossich
 
bka trojaner entfernen - wie gehts weiter? - Standard

bka trojaner entfernen - wie gehts weiter?



Hallo,

hab bisher alles gemacht, was mir im Forum empfohlen wurde;

Anti-Malware-Scanner, DeFogger, OTL und GMER hab ich alles druchlaufen lassen.

Hier sind die Ergebnisse.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Datenbank Version: v2012.07.03.05

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
achim :: LAPTOP [Administrator]

11.08.2012 10:07:49
mbam-log-2012-08-11 (10-42-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 281454
Laufzeit: 33 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\achim\AppData\Local\{f3c92b2c-5439-71c3-3586-388d3b45a58a}\n. -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\achim\AppData\Local\{f3c92b2c-5439-71c3-3586-388d3b45a58a}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Keine Aktion durchgeführt.
C:\Users\achim\AppData\Local\{f3c92b2c-5439-71c3-3586-388d3b45a58a}\U\80000000.@ (Trojan.Sirefef) -> Keine Aktion durchgeführt.

(Ende)


OTLOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.08.2012 12:13:37 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = E:\
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 80,79% Memory free
4,00 Gb Paging File | 3,68 Gb Available in Paging File | 92,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,43 Gb Total Space | 20,04 Gb Free Space | 26,92% Space Free | Partition Type: NTFS
Drive D: | 5,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 7,44 Gb Total Space | 7,43 Gb Free Space | 99,90% Space Free | Partition Type: FAT32
 
Computer Name: LAPTOP | User Name: achim | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.11 11:19:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.02.29 09:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.09.11 09:51:06 | 000,411,432 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.05.11 17:20:04 | 003,590,488 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2011.04.21 22:25:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.10.26 14:59:10 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.08.11 12:08:16 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\geoxjq.sys -- (kiqwaj)
DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.03.19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.02.22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011.02.24 22:53:10 | 000,032,840 | ---- | M] (wj32) [Kernel | System | Stopped] -- C:\Program Files\Process Hacker 2\kprocesshacker.sys -- (KProcessHacker2)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.04.09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.04.07 17:05:00 | 000,204,800 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010.03.25 10:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.03.20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009.07.14 17:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.07.14 00:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2009.05.07 02:01:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2009.05.07 02:01:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2009.03.06 12:52:00 | 007,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.07.06 14:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006.03.23 16:45:42 | 000,566,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2005.11.08 16:12:00 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005.11.08 16:11:00 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.11.08 16:11:00 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 FB 21 57 33 DF CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {8E7F3647-06E6-4FE5-8B59-CC955A80C4CD}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{21E85D67-BA33-459F-9B00-2A6815650EA8}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\..\SearchScopes\{50F2DC35-78A0-4A9B-B1F2-69060610B749}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_de
IE - HKCU\..\SearchScopes\{5FE029EB-2BBA-484A-8487-77133B5BA997}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{78F2962E-7A79-4F09-BC3A-D66F6E6E1D6E}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{8E7F3647-06E6-4FE5-8B59-CC955A80C4CD}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{A7266C9F-A576-4B30-A814-E07340971CE8}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{C0A3E3FE-3DAD-4CE2-8474-01F459385806}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=36202E08-FEFA-41C3-945C-F2DD54E9867E&apn_sauid=93E2D062-44F4-4261-B393-25B5904AF7A7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.07.17 10:01:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.06 09:48:46 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\Windows\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [Process Hacker 2] C:\Program Files\Process Hacker 2\ProcessHacker.exe (wj32)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7\ICQ7.7\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C0E520F-928C-4EBE-ADC6-2E04C19BD8B7}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A239AF62-9901-49F5-96F9-A795D5F81FA7}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B828C8DE-81AB-430E-BD92-7C7158C45660}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E02C4779-655B-4664-8571-29A7FA1BE80A}: NameServer = 192.168.1.1
O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\Program Files\Process Hacker 2\ProcessHacker.exe (wj32)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{034261ae-848d-11e0-9f23-0013020d585f}\Shell - "" = AutoRun
O33 - MountPoints2\{034261ae-848d-11e0-9f23-0013020d585f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{501589b8-db9d-11e0-bf57-001e101faa49}\Shell - "" = AutoRun
O33 - MountPoints2\{501589b8-db9d-11e0-bf57-001e101faa49}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{501589bd-db9d-11e0-bf57-001e101faa49}\Shell - "" = AutoRun
O33 - MountPoints2\{501589bd-db9d-11e0-bf57-001e101faa49}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5825a36a-dc43-11e0-b308-001636206379}\Shell - "" = AutoRun
O33 - MountPoints2\{5825a36a-dc43-11e0-b308-001636206379}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7f6d210d-845a-11e0-9b82-001e101f9aeb}\Shell - "" = AutoRun
O33 - MountPoints2\{7f6d210d-845a-11e0-9b82-001e101f9aeb}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{930bc752-86a4-11e0-9f5a-001636206379}\Shell - "" = AutoRun
O33 - MountPoints2\{930bc752-86a4-11e0-9f5a-001636206379}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{94e3ac37-8458-11e0-9fd5-001636206379}\Shell - "" = AutoRun
O33 - MountPoints2\{94e3ac37-8458-11e0-9fd5-001636206379}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{94e3ac46-8458-11e0-9fd5-001636206379}\Shell - "" = AutoRun
O33 - MountPoints2\{94e3ac46-8458-11e0-9fd5-001636206379}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b57b292b-848f-11e0-9ea4-001636206379}\Shell - "" = AutoRun
O33 - MountPoints2\{b57b292b-848f-11e0-9ea4-001636206379}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b57b2937-848f-11e0-9ea4-001636206379}\Shell - "" = AutoRun
O33 - MountPoints2\{b57b2937-848f-11e0-9ea4-001636206379}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{bbea4d4d-8455-11e0-9b89-0013020d585f}\Shell - "" = AutoRun
O33 - MountPoints2\{bbea4d4d-8455-11e0-9b89-0013020d585f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{bbea4d5d-8455-11e0-9b89-001636206379}\Shell - "" = AutoRun
O33 - MountPoints2\{bbea4d5d-8455-11e0-9b89-001636206379}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c797e8b4-db9e-11e0-84ef-001636206379}\Shell - "" = AutoRun
O33 - MountPoints2\{c797e8b4-db9e-11e0-84ef-001636206379}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c797e8c4-db9e-11e0-84ef-001636206379}\Shell - "" = AutoRun
O33 - MountPoints2\{c797e8c4-db9e-11e0-84ef-001636206379}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cc64d2ba-4b61-11e1-b435-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cc64d2ba-4b61-11e1-b435-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cc64d2cd-4b61-11e1-b435-0013020d585f}\Shell - "" = AutoRun
O33 - MountPoints2\{cc64d2cd-4b61-11e1-b435-0013020d585f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f4a618d4-848d-11e0-9bac-001636206379}\Shell - "" = AutoRun
O33 - MountPoints2\{f4a618d4-848d-11e0-9bac-001636206379}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f4a618da-848d-11e0-9bac-001636206379}\Shell - "" = AutoRun
O33 - MountPoints2\{f4a618da-848d-11e0-9bac-001636206379}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.11 10:05:38 | 000,000,000 | ---D | C] -- C:\Users\achim\AppData\Roaming\Malwarebytes
[2012.08.11 10:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.11 10:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.11 10:05:21 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.11 10:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.31 14:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.07.31 14:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\YTD Toolbar
[2012.07.31 14:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.07.31 14:40:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.17 10:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.11 12:12:14 | 000,000,000 | ---- | M] () -- C:\Users\achim\defogger_reenable
[2012.08.11 12:08:16 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\geoxjq.sys
[2012.08.11 11:27:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.11 11:27:32 | 1609,179,136 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.11 11:25:49 | 004,503,728 | ---- | M] () -- C:\ProgramData\ldsw_0paos.pad
[2012.08.11 11:23:36 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.11 11:23:36 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.11 11:23:36 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.11 11:23:36 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.11 10:05:23 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.10 11:40:04 | 000,001,885 | ---- | M] () -- C:\Users\achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.10 08:50:45 | 000,013,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.10 08:50:45 | 000,013,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.10 08:49:27 | 103,499,138 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.08.01 18:21:28 | 000,219,134 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012.07.17 10:01:03 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.11 12:12:14 | 000,000,000 | ---- | C] () -- C:\Users\achim\defogger_reenable
[2012.08.11 12:08:16 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\geoxjq.sys
[2012.08.11 10:05:23 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.10 11:40:04 | 004,503,728 | ---- | C] () -- C:\ProgramData\ldsw_0paos.pad
[2012.08.10 11:40:04 | 000,001,885 | ---- | C] () -- C:\Users\achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.11 11:23:16 | 000,095,744 | ---- | C] () -- C:\Users\achim\AppData\Local\{f3c92b2c-5439-71c3-3586-388d3b45a58a}\U\80000032.@
[2012.07.11 11:23:16 | 000,000,804 | ---- | C] () -- C:\Users\achim\AppData\Local\{f3c92b2c-5439-71c3-3586-388d3b45a58a}\L\00000004.@
[2012.07.11 11:23:15 | 000,002,048 | ---- | C] () -- C:\Users\achim\AppData\Local\{f3c92b2c-5439-71c3-3586-388d3b45a58a}\U\00000004.@
[2012.07.11 11:23:15 | 000,001,632 | ---- | C] () -- C:\Users\achim\AppData\Local\{f3c92b2c-5439-71c3-3586-388d3b45a58a}\U\000000cb.@
[2012.01.29 10:41:12 | 000,002,048 | -HS- | C] () -- C:\Users\achim\AppData\Local\{f3c92b2c-5439-71c3-3586-388d3b45a58a}\@
[2011.03.10 19:05:13 | 002,648,064 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2011.03.10 17:45:25 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.02.28 22:41:33 | 001,783,056 | ---- | C] () -- C:\Windows\System32\WavesLib.dll
 
========== LOP Check ==========
 
[2012.05.04 15:27:21 | 000,000,000 | ---D | M] -- C:\Users\achim\AppData\Roaming\1&1 Mail & Media GmbH
[2012.06.05 15:04:56 | 000,000,000 | ---D | M] -- C:\Users\achim\AppData\Roaming\AVG2012
[2012.05.02 15:22:06 | 000,000,000 | ---D | M] -- C:\Users\achim\AppData\Roaming\ICQ
[2011.05.22 17:01:32 | 000,000,000 | ---D | M] -- C:\Users\achim\AppData\Roaming\Process Hacker 2
[2011.03.10 19:05:47 | 000,000,000 | ---D | M] -- C:\Users\achim\AppData\Roaming\Tobit
[2011.03.10 17:16:26 | 000,000,000 | ---D | M] -- C:\Users\achim\AppData\Roaming\toshiba
[2011.04.21 16:09:58 | 000,000,000 | ---D | M] -- C:\Users\achim\AppData\Roaming\TS3Client
[2011.03.04 19:36:43 | 000,000,000 | ---D | M] -- C:\Users\achim\AppData\Roaming\WinBatch
[2012.05.16 05:49:31 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

ExtrasOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.08.2012 12:13:37 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = E:\
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 80,79% Memory free
4,00 Gb Paging File | 3,68 Gb Available in Paging File | 92,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,43 Gb Total Space | 20,04 Gb Free Space | 26,92% Space Free | Partition Type: NTFS
Drive D: | 5,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 7,44 Gb Total Space | 7,43 Gb Free Space | 99,90% Space Free | Partition Type: FAT32
 
Computer Name: LAPTOP | User Name: achim | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02795C0C-00B3-4B39-9D5C-C11F328D6AA8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{02EEB895-6B48-44EB-B3C5-595DBDB653C4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{21B51686-8282-4C85-AA7B-8E8993CCF1B1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{27CC4379-5EC4-43E8-9A06-EFA36DA2AA68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2B1D5095-0E2C-4EB3-9B64-DB8A85765C73}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{308AF2A5-E20C-4BE1-9DB9-EB080875C666}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{476BCC21-AE37-4C4D-AC6E-F8940718CA7B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{49025A59-E2A2-44B0-B405-5E0214C267DB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5809DD5D-D5D9-4A3F-8758-2604DA127DA1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5EBACEA3-EDD9-4CFA-B2CC-A18F6CF4CBEB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8828B6D5-8D4F-43DA-A13A-97B2C8245129}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9099CF09-A865-4639-BCE3-41A2C445571F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A641E961-641F-4A8C-A44F-3DB5ADAE0390}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B5110437-4787-4F8F-8285-04C7615C9BBC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B88D9655-560B-44C4-B183-16A3D581C694}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C41317AB-B3CA-4004-8EBF-8A0D4A6E9A70}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C9C22DAA-C8C8-4B62-8907-37DF4FE9C3AD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DBE6529C-B84E-4FBB-8B93-C831C30D4657}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E4FC1F41-8E6D-4020-8B52-E2E0C7FD8964}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{ED05FCF8-B4D8-43F9-A3E7-8784D4489D2D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F9A66791-E011-48EC-9944-0344F5B7614F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D93C70-A6CA-45FC-B48C-EAF1007620D8}" = protocol=6 | dir=out | app=system | 
"{084AA9F8-F351-454E-B73B-43B873504FE3}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
"{11B8AA9A-D473-4232-8F34-AF5167A30CD9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{13D69BC4-2A60-4645-B9D9-8AF155D07EE5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1C9950C4-1D56-4CD3-AEFC-A48878E47370}" = protocol=6 | dir=in | app=c:\program files\icq7\icq7.7\icq.exe | 
"{1E7AD015-C54B-4EDA-A7A7-22E874C3DCC1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{1ED7A41B-840A-42D0-9F2C-591911461C6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1EE389C0-1E76-4074-A726-DF35A3ACCD6A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | 
"{271E615B-28C3-4FBC-9A45-BCB3B9185C01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3C85010F-D987-417B-B703-C62187D7C1B0}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{4B273946-71B6-4FAD-B247-E21DFC41F917}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4B3464B4-D04A-4818-B4E7-9F8F87E3DD5B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4D500593-5B2F-40E8-8CF4-E3E03EED300D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4F27BF3D-98E1-4963-BB50-FE1117E44F10}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{55065431-E475-46BA-9596-DBC199130276}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{578F39AF-5C96-4ABE-812D-C888148A07D6}" = protocol=17 | dir=in | app=c:\program files\icq7\icq7.7\icq.exe | 
"{594260D1-73EC-40B6-A7D0-FF71C1195120}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{59EACD63-BC81-4D9E-BAA8-7E53347F9A6F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"{5DC77444-8BFE-4296-AE0C-E2A25AC95684}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{5E551D6C-805E-47E9-A531-9D5D5BFB80E9}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | 
"{5FDD027A-A431-4E09-865B-E9DCF96DB141}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6DA14E32-E1C9-45B6-931F-D9C3DCC0A7CC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{71CCDAD0-D29B-4FC3-83E2-83941CA5EEB3}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | 
"{78F0F007-36C7-4B91-A5B7-1830ABEB6D01}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8658B64E-E642-45DE-98C5-64D4F564394F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{86678CB8-E31D-4D4D-BB76-C0CED7987A36}" = protocol=6 | dir=in | app=c:\program files\icq7\icq7.7\icq.exe | 
"{88A07269-CD51-4CCF-B163-97BEFB958129}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8DDC49E0-0738-4DBC-A42A-4B9D9CD8EB20}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"{96331694-E159-409B-B02C-2808FC97A737}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe | 
"{9CA25908-6494-4A00-A88F-A77C843C98D6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"{A7BF5245-EE53-4834-A837-36312D5F3D75}" = protocol=17 | dir=in | app=c:\program files\icq7\icq7.7\icq.exe | 
"{A98E8723-9DC3-4664-8CE8-A4C779B539AA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AB675916-40F0-46DE-9148-DF59AE4DA4A3}" = protocol=17 | dir=in | app=c:\program files\icq7\icq7.7\icq.exe | 
"{AC7D73B6-704C-4D0B-B420-4608B455718B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"{BB4181EA-58ED-43F7-BBD6-F86FA9C7F0CC}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{BC9E9A17-47D6-4AB1-BF28-793091B012E2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | 
"{BFC23E44-FBF4-4917-AAAB-1DCC2D28DA3B}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe | 
"{C08A4FFD-88FA-4B80-94F0-9BE865F49C6B}" = protocol=6 | dir=in | app=c:\program files\icq7\icq7.7\icq.exe | 
"{C302AD60-592B-4C47-9623-7E88F7DE3067}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
"{C92F457E-EB92-4B09-91A4-689E98F6131A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CFE4E3D0-42F4-4717-A04F-90CE35D3B957}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | 
"{D8DF9EB3-B622-400B-8003-CF6E76349625}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | 
"{E1430B44-CE4E-4E0E-9172-E6079FC3BB97}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe | 
"{E423BC1D-7851-4B7C-8F42-54385E4D4521}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E71951EB-DA80-42D3-ADEB-4CCE09A8A88F}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe | 
"{F038145D-02BC-412A-9ED3-E84EE5FDB3C5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F4C46E4C-A29B-4DAB-82EC-D0B564AF8513}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"TCP Query User{445B3992-A69A-4B20-B762-DCBB88E15851}C:\temp\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\temp\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"TCP Query User{49171F03-AAA0-45A4-A0EE-892177654726}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{7731B827-25F5-431D-9C4A-19F661F3DB0F}E:\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\launcher.exe | 
"TCP Query User{9322599E-AE58-4614-BA6D-11DFB1C81EB5}E:\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\launcher.exe | 
"TCP Query User{9701FEBA-D93C-44FF-A391-7F7013C6F9A4}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{AA674E5E-6099-4099-AC18-67F16E221612}C:\temp\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\temp\world of warcraft\launcher.exe | 
"TCP Query User{AC583122-829E-436F-B2F7-6C908700784E}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{AF29EAA9-F5C2-402B-A2E2-E10A02FBBD25}C:\temp\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\temp\world of warcraft\launcher.exe | 
"TCP Query User{D60A2AF4-F649-4979-BADC-7B98C1C6FFEB}C:\temp\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\temp\world of warcraft\launcher.patch.exe | 
"UDP Query User{0A1B00BD-941D-4E23-B46B-9C8E23C619BA}C:\temp\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\temp\world of warcraft\launcher.patch.exe | 
"UDP Query User{1C59CC5A-4440-4320-A3BC-F3D4A3273390}C:\temp\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\temp\world of warcraft\launcher.exe | 
"UDP Query User{50356605-E9CD-4156-9480-E6DBF9E27675}C:\temp\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\temp\world of warcraft\launcher.exe | 
"UDP Query User{647CEF99-820F-45C3-A643-EA3974931A28}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{6A227CE8-DCF8-4C27-8F78-2FD25DFBC6BD}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{6EF74A73-64FA-409E-BD00-31C171246B29}E:\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\launcher.exe | 
"UDP Query User{72EBEA4F-6834-44BF-881C-A52EEA94E054}E:\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\launcher.exe | 
"UDP Query User{B57C25DA-F23C-42C4-9BE0-9977E0812CAD}C:\temp\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\temp\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"UDP Query User{C359A6F9-AA24-4736-B6ED-7F87B29354AB}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{14AA72DA-DB40-4A34-93A6-401A81D7AF9E}" = Unreal Anthology
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3A9B3B6D-3C08-4283-AF50-FD82C49DD71E}" = TOSHIBA TEMPRO
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{A48A1D1C-307A-46F9-983E-9762863D15F1}" = GMX Toolbar MSVC100 CRT x86
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{BCC315E7-2E8F-4EFD-8A0B-F8F276FE73F2}" = YTD Toolbar v6.2
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG" = AVG 2012
"CCleaner" = CCleaner
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5047&SUBSYS_1179FF31" = HDAUDIO Soft Data Fax Modem with SmartCP
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Mobile Partner" = Mobile Partner
"NVIDIA Drivers" = NVIDIA Drivers
"Process_Hacker2_is1" = Process Hacker 2.15
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tobit Radio.fx Server" = Radio.fx
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.07.2012 08:48:06 | Computer Name = laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Updater.exe, Version: 1.2.0.20007,
 Zeitstempel: 0x4f039db9  Name des fehlerhaften Moduls: Updater.exe, Version: 1.2.0.20007,
 Zeitstempel: 0x4f039db9  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x0008fcd7  ID des fehlerhaften
 Prozesses: 0x96c  Startzeit der fehlerhaften Anwendung: 0x01cd5a9079885569  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Ask.com\Updater\Updater.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Ask.com\Updater\Updater.exe  Berichtskennung: aa693a55-c69f-11e1-882d-0013020d585f
 
Error - 09.07.2012 10:19:46 | Computer Name = laptop | Source = VSS | ID = 8194
Description = 
 
Error - 11.07.2012 05:22:12 | Computer Name = laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: InstallFlashPlayer.exe, Version: 
11.0.1.152, Zeitstempel: 0x4e7d1453  Name des fehlerhaften Moduls: unknown, Version:
 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00337428
ID
 des fehlerhaften Prozesses: 0x1614  Startzeit der fehlerhaften Anwendung: 0x01cd5f46a25f1697
Pfad
 der fehlerhaften Anwendung: C:\Users\achim\AppData\Local\Temp\InstallFlashPlayer.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: e4fedaae-cb39-11e1-8dd7-001636206379
 
Error - 11.07.2012 07:24:42 | Computer Name = laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: jscript9.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4fb57f7f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x69c5c775
ID
 des fehlerhaften Prozesses: 0x1e50  Startzeit der fehlerhaften Anwendung: 0x01cd5f56f078d480
Pfad
 der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften
 Moduls: jscript9.dll  Berichtskennung: 01e42d90-cb4b-11e1-8dd7-001636206379
 
Error - 11.07.2012 12:58:48 | Computer Name = laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: jscript9.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4fb57f7f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x69c5c775
ID
 des fehlerhaften Prozesses: 0x1764  Startzeit der fehlerhaften Anwendung: 0x01cd5f8570f9e13b
Pfad
 der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften
 Moduls: jscript9.dll  Berichtskennung: ae79d77e-cb79-11e1-8dd7-001636206379
 
Error - 11.07.2012 12:59:04 | Computer Name = laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: jscript9.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4fb57f7f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x69b79f66
ID
 des fehlerhaften Prozesses: 0x1764  Startzeit der fehlerhaften Anwendung: 0x01cd5f8570f9e13b
Pfad
 der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften
 Moduls: jscript9.dll  Berichtskennung: b7e94fbc-cb79-11e1-8dd7-001636206379
 
Error - 17.07.2012 15:39:19 | Computer Name = laptop | Source = Desktop Window Manager | ID = 9020
Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8007000e)
 festgestellt.
 
Error - 17.07.2012 16:04:23 | Computer Name = laptop | Source = Desktop Window Manager | ID = 9020
Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8007000e)
 festgestellt.
 
Error - 17.07.2012 16:04:25 | Computer Name = laptop | Source = Desktop Window Manager | ID = 9020
Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8007000e)
 festgestellt.
 
Error - 09.08.2012 17:37:02 | Computer Name = laptop | Source = RasClient | ID = 20227
Description = 
 
[ System Events ]
Error - 11.08.2012 05:28:05 | Computer Name = laptop | Source = DCOM | ID = 10005
Description = 
 
Error - 11.08.2012 05:28:05 | Computer Name = laptop | Source = DCOM | ID = 10005
Description = 
 
Error - 11.08.2012 05:28:05 | Computer Name = laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.08.2012 05:28:05 | Computer Name = laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.08.2012 05:28:19 | Computer Name = laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.08.2012 05:28:19 | Computer Name = laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.08.2012 05:28:19 | Computer Name = laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.08.2012 05:28:19 | Computer Name = laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.08.2012 05:28:19 | Computer Name = laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.08.2012 05:28:19 | Computer Name = laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
--- --- ---


GMER
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-11 12:45:47
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK8032GSX rev.AS111G
Running: l7ke6ot2.exe; Driver: C:\Users\achim\AppData\Local\Temp\uxldapow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D  81E803C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2    81EB9D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004e         halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                  fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
--- --- ---


Besten Dank im Vorraus für eure Hilfe

Rocco

Alt 15.08.2012, 14:48   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
bka trojaner entfernen - wie gehts weiter? - Standard

bka trojaner entfernen - wie gehts weiter?



Code:
ATTFilter
Datenbank Version: v2012.07.03.05
         
Mit fast 6 Wochen alten Signaturen kann das nichts werden

Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! Bitte nachholen falls noch nicht getan!

NICHTS voreilig aus der Quarantäne löschen!



Bitte erstmal routinemäßig einen neuen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Antwort

Themen zu bka trojaner entfernen - wie gehts weiter?
00000008.@, administrator, adobe, adobe flash player, autorun, avg, bho, bka trojaner entfernen, defender, desktop, entfernen, error, excel, explorer, firefox, flash player, format, helper, install.exe, langs, locker, logfile, nvidia, origin, registry, rundll, security, software, svchost.exe, teamspeak, trojaner



Ähnliche Themen: bka trojaner entfernen - wie gehts weiter?


  1. ANTI-SPYWARE (wie gehts weiter) ?
    Plagegeister aller Art und deren Bekämpfung - 26.11.2014 (35)
  2. Diverse Viren auf Win8 Rechner - wie gehts weiter?
    Plagegeister aller Art und deren Bekämpfung - 05.11.2014 (13)
  3. GVU Trojaner! FRST scan schon durchgeführt, wie gehts weiter?
    Log-Analyse und Auswertung - 16.09.2013 (10)
  4. GVU Trojaner, Booten nur noch über REATOGO, OTLPE ist gelaufen, wie gehts weiter?
    Log-Analyse und Auswertung - 26.01.2013 (11)
  5. Bundestrojaner 1.13 entfernen ... OTL und EXTRAS schon vorhanden, wie gehts weiter?
    Log-Analyse und Auswertung - 25.11.2012 (4)
  6. Bundes Trojaner! Wie gehts weiter nach Systemwiederherstellung!
    Plagegeister aller Art und deren Bekämpfung - 01.11.2012 (13)
  7. OTLPE scan durchgeführt wie gehts weiter
    Log-Analyse und Auswertung - 04.05.2012 (5)
  8. Trojaner - OTL Log - wie gehts weiter?
    Log-Analyse und Auswertung - 01.05.2012 (2)
  9. BKA/Virus/OTLPE installiert wie gehts weiter
    Log-Analyse und Auswertung - 02.04.2012 (1)
  10. Habe den € 50 Trojaner, wie gehts nun weiter?
    Plagegeister aller Art und deren Bekämpfung - 13.02.2012 (1)
  11. LOG File für BRK Virus, wie gehts weiter?
    Log-Analyse und Auswertung - 14.08.2011 (18)
  12. TR/kazy.mekml.1 - OTL durchgeführt, wie gehts weiter
    Log-Analyse und Auswertung - 01.06.2011 (30)
  13. TR/Kazy.mekml.1 eingefangen. OTL ist drüber, wie gehts weiter?
    Log-Analyse und Auswertung - 02.05.2011 (15)
  14. Malwarebytes und OT Log nach cycbot.b - wie gehts jetzt weiter ?
    Log-Analyse und Auswertung - 03.04.2011 (5)
  15. HiJackThisLog File-? Wie gehts weiter?!
    Mülltonne - 12.11.2007 (1)
  16. Scan durchgefuehrt / wie gehts jetzt weiter
    Log-Analyse und Auswertung - 03.09.2005 (8)
  17. Hilfe Wie Gehts Jetzt Weiter
    Log-Analyse und Auswertung - 27.01.2005 (1)

Zum Thema bka trojaner entfernen - wie gehts weiter? - Hallo, hab bisher alles gemacht, was mir im Forum empfohlen wurde; Anti-Malware-Scanner, DeFogger, OTL und GMER hab ich alles druchlaufen lassen. Hier sind die Ergebnisse. Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank - bka trojaner entfernen - wie gehts weiter?...
Archiv
Du betrachtest: bka trojaner entfernen - wie gehts weiter? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.