Trojaner Bundespolizei 2.07 (unter Window 7)

via75 · 17.11.2012, 23:21

Hi,

bei mir hat sich gestern der Trojaner Bundespolizei in der Version 2.07 eingenistet. Nach längerer Recherche, habe ich mit Kaspersky WindowsUnlocker meinen Rechner wieder entsperren können.

Dateien waren zum Glück keine verschlüsselt.

Heute habe ich mit Malwarebytes 6 Stunden lang einen Scan laufen lassen wo mir 24 Dateien als infiziert angezeigt wurden. Diese habe ich dann gelöscht (irgendwo hier habe ich dann später erst gelesen ich hätte die Files in Quarantäne platzieren sollen).

Der Rechner macht den "Anschein", den ersten "Schnupfen" überwunden zu haben. Was mich jetzt aber stutzig macht - ich kann avast professional zwar installieren aber nicht ausführen nach dem Re-Start.

Ich hoffe mir kann jemand helfen wie ich den Rechner wieder sauber bekomme.
Oder sollte ich den Rechner lieber gleich neu aufsetzen?

Beste Grüße
Oli

OTL.txt

Code:

ATTFilter

OTL logfile created on: 17.11.2012 22:43:47 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\im-med\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,30 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 57,43% Memory free
4,60 Gb Paging File | 3,27 Gb Available in Paging File | 71,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 284,99 Gb Total Space | 155,72 Gb Free Space | 54,64% Space Free | Partition Type: NTFS
 
Computer Name: im-medi | User Name: im-med | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.17 22:28:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\im-med\Desktop\OTL.exe
PRC - [2012.11.12 17:03:55 | 006,610,592 | ---- | M] (SlySoft, Inc.) -- C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2012.09.30 12:01:09 | 000,496,184 | ---- | M] (Conexant Systems, Inc.) -- C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.21 11:12:23 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\afwServ.exe
PRC - [2012.08.20 18:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.23 18:47:44 | 000,148,280 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\ezprint.exe
PRC - [2011.01.05 14:24:24 | 000,714,120 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2011.01.05 14:24:20 | 000,734,592 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2011.01.05 14:24:16 | 000,468,360 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.04.14 14:08:12 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeccoms.exe
PRC - [2009.09.11 11:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.31 23:15:05 | 000,460,312 | ---- | M] () -- C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
MOD - [2012.10.31 23:15:04 | 012,455,448 | ---- | M] () -- C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
MOD - [2012.10.31 23:15:02 | 004,007,448 | ---- | M] () -- C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
MOD - [2012.10.31 23:13:47 | 000,587,288 | ---- | M] () -- C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\libglesv2.dll
MOD - [2012.10.31 23:13:46 | 000,123,928 | ---- | M] () -- C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\libegl.dll
MOD - [2012.10.31 23:13:35 | 000,156,712 | ---- | M] () -- C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\avutil-51.dll
MOD - [2012.10.31 23:13:34 | 000,274,984 | ---- | M] () -- C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\avformat-54.dll
MOD - [2012.10.31 23:13:32 | 002,168,360 | ---- | M] () -- C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll
MOD - [2012.08.27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.01.08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2011.01.23 18:47:44 | 000,148,280 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\ezprint.exe
MOD - [2010.04.05 04:56:07 | 000,716,954 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epwizard.dll
MOD - [2010.04.05 04:55:15 | 000,159,890 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\customui.dll
MOD - [2010.04.05 04:55:04 | 000,061,604 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epfunct.dll
MOD - [2010.04.05 04:54:59 | 000,123,033 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\eputil.dll
MOD - [2010.04.05 04:54:52 | 000,143,502 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\imagutil.dll
MOD - [2009.11.16 19:31:58 | 000,069,632 | ---- | M] () -- C:\Programme\PSPad editor\PSPadShell.dll
MOD - [2009.06.23 05:11:04 | 000,102,400 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epoemdll.dll
MOD - [2009.06.23 05:10:29 | 000,045,056 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epstring.dll
MOD - [2009.06.23 05:09:11 | 002,203,648 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epwizres.dll
MOD - [2009.03.02 08:25:47 | 000,151,552 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\lxecptp.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.29 12:20:10 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.01 12:25:04 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.10 17:57:18 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.08.21 11:12:23 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.01.05 14:24:20 | 000,734,592 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.04.14 14:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeccoms.exe -- (lxec_device)
SRV - [2010.04.14 14:08:05 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.09.11 11:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2012.09.30 12:01:17 | 000,520,760 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2012.09.30 11:54:13 | 009,945,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.26 13:56:17 | 000,121,248 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.08.21 11:13:14 | 000,202,928 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.08.21 11:13:14 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012.08.21 11:13:14 | 000,018,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012.08.21 11:13:13 | 000,113,776 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.07.13 12:47:41 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.09.17 18:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.06.29 16:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.29 16:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009.04.09 12:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.10.09 12:50:08 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2008.10.09 12:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2000.07.24 00:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\BrPar.sys -- (BrPar)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 6C A8 21 F6 9E CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledAddons: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.10
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
FF - prefs.js..extensions.enabledAddons: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8
FF - prefs.js..extensions.enabledAddons: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.10
FF - prefs.js..extensions.enabledAddons: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.20
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\im-med\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\im-med\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2012.09.30 11:23:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.17 22:19:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 12:20:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 12:20:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.09.30 15:57:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\im-med\AppData\Roaming\mozilla\Extensions
[2012.11.02 08:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\im-med\AppData\Roaming\mozilla\Firefox\Profiles\367h1v77.default\extensions
[2012.10.13 20:12:31 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\im-med\AppData\Roaming\mozilla\Firefox\Profiles\367h1v77.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2012.09.30 21:47:25 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\im-med\AppData\Roaming\mozilla\Firefox\Profiles\367h1v77.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2012.11.02 08:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\im-med\AppData\Roaming\mozilla\Firefox\Profiles\367h1v77.default\extensions\trash
[2012.11.02 08:40:27 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\im-med\AppData\Roaming\mozilla\firefox\profiles\367h1v77.default\extensions\firebug@software.joehewitt.com.xpi
[2012.10.11 09:07:05 | 000,281,285 | ---- | M] () (No name found) -- C:\Users\im-med\AppData\Roaming\mozilla\firefox\profiles\367h1v77.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012.09.30 21:47:25 | 000,028,993 | ---- | M] () (No name found) -- C:\Users\im-med\AppData\Roaming\mozilla\firefox\profiles\367h1v77.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
[2012.09.30 21:47:26 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\im-med\AppData\Roaming\mozilla\firefox\profiles\367h1v77.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012.10.26 09:03:34 | 002,042,937 | ---- | M] () (No name found) -- C:\Users\im-med\AppData\Roaming\mozilla\firefox\profiles\367h1v77.default\extensions\trash\firebug@software.joehewitt.com.xpi
[2012.10.29 12:20:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.29 12:20:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.29 12:20:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.29 12:20:10 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\im-med\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\im-med\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\im-med\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\im-med\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: avast! WebRep = C:\Users\im-med\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Google Mail = C:\Users\im-med\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012.10.01 12:21:38 | 000,001,304 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\im-med\AppData\Roaming\Mozilla\Firefox\Profiles\367h1v77.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.98.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4 - HKLM..\Run: [lxecmon.exe] C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [{896FA599-5F89-AD42-B1F4-CEF0A900EDED}] "C:\Users\im-med\AppData\Roaming\Albea\samyh.exe" File not found
O4 - HKCU..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53A4E9AF-6E8F-42C6-B0FE-DD0505DF217D}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FEE007D-B489-49D7-B545-969B938158D4}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f690a86d-0ae5-11e2-b8c5-fc9ba9d164a1}\Shell - "" = AutoRun
O33 - MountPoints2\{f690a86d-0ae5-11e2-b8c5-fc9ba9d164a1}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f690a92b-0ae5-11e2-b8c5-fc9ba9d164a1}\Shell - "" = AutoRun
O33 - MountPoints2\{f690a92b-0ae5-11e2-b8c5-fc9ba9d164a1}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.17 22:28:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\im-med\Desktop\OTL.exe
[2012.11.17 22:21:48 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.11.17 22:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012.11.17 22:21:46 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.11.17 22:21:38 | 000,113,776 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2012.11.17 22:21:01 | 000,202,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2012.11.17 22:20:59 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012.11.17 22:20:57 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.11.17 22:20:56 | 000,018,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012.11.17 22:20:54 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.11.17 22:20:50 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.11.17 22:19:34 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2012.11.17 22:19:30 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.11.17 22:19:28 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.11.17 13:57:31 | 000,000,000 | ---D | C] -- C:\Users\im-med\AppData\Roaming\Malwarebytes
[2012.11.17 13:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.17 13:57:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.17 13:57:06 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.17 13:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.16 21:20:40 | 000,000,000 | ---D | C] -- C:\Users\im-med\AppData\Roaming\Canneverbe Limited
[2012.11.16 21:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012.11.16 21:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2012.11.14 15:41:48 | 000,000,000 | ---D | C] -- C:\Users\im-med\Desktop\Kreditkarte - Atlassian
[2012.11.14 15:22:10 | 000,000,000 | ---D | C] -- C:\Users\im-med\Desktop\Leadmanufaktur
[2012.11.14 11:04:46 | 000,000,000 | ---D | C] -- C:\Users\im-med\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XMind
[2012.11.14 11:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind
[2012.11.14 11:04:31 | 000,000,000 | ---D | C] -- C:\Users\im-med\Application Data
[2012.11.14 11:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\XMind
[2012.11.13 13:49:10 | 000,000,000 | ---D | C] -- C:\Users\im-med\Documents\#Companies
[2012.11.04 19:33:25 | 000,000,000 | ---D | C] -- C:\Users\im-med\Documents\_Privat
[2012.11.04 19:17:25 | 000,000,000 | ---D | C] -- C:\Users\im-med\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite
[2012.11.04 19:17:20 | 000,000,000 | ---D | C] -- C:\Users\im-med\AppData\Roaming\WindSolutions
[2012.11.04 19:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2012.11.04 19:09:26 | 000,000,000 | ---D | C] -- C:\Users\im-med\AppData\Roaming\Moka
[2012.11.04 19:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTwin
[2012.11.04 19:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTwin
[2012.11.02 10:37:31 | 000,000,000 | ---D | C] -- C:\Users\im-med\AppData\Roaming\GMX
[2012.11.02 10:37:25 | 000,086,016 | ---- | C] (GMX GmbH) -- C:\Windows\System32\UIGMXMON.DLL
[2012.11.02 10:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMX
[2012.11.02 10:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\GMX
[2012.11.02 10:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\GMX
[2012.10.29 12:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.24 13:31:03 | 000,000,000 | ---D | C] -- C:\Users\im-med\Desktop\Smooth_Arrows_by_Limoli.csh
[2012.10.24 11:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.10.24 11:25:01 | 000,086,528 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2012.10.24 11:07:05 | 000,000,000 | ---D | C] -- C:\Users\im-med\AppData\Local\Programs
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.17 22:49:00 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4229072982-2054732327-2107518541-1000UA.job
[2012.11.17 22:40:20 | 000,000,000 | ---- | M] () -- C:\Users\im-med\defogger_reenable
[2012.11.17 22:32:19 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.17 22:32:19 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.17 22:31:55 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.17 22:31:55 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.17 22:31:55 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.17 22:31:55 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.17 22:28:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\im-med\Desktop\OTL.exe
[2012.11.17 22:24:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.17 22:24:16 | 1853,136,896 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.17 22:21:48 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012.11.17 22:20:50 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.11.17 20:49:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4229072982-2054732327-2107518541-1000Core.job
[2012.11.17 13:58:54 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.17 12:56:48 | 002,338,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.16 21:20:33 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.11.15 10:35:20 | 000,003,849 | ---- | M] () -- C:\Users\im-med\Desktop\cid33_adcell_20121026_mailcom-check_dbf.eig
[2012.11.15 09:45:20 | 000,004,214 | ---- | M] () -- C:\Users\im-med\Desktop\xmregs  Report_raffle  Details_20121115.csv
[2012.11.12 11:58:31 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012.11.04 19:17:25 | 000,001,441 | ---- | M] () -- C:\Users\im-med\Desktop\CopyTrans Control Center.lnk
[2012.11.04 19:09:19 | 000,000,929 | ---- | M] () -- C:\Users\im-med\Desktop\iTwin.lnk
[2012.10.30 13:00:59 | 000,131,284 | ---- | M] () -- C:\Users\im-med\Desktop\cid33_adcell_20121026_mailcom-check.DBF
[2012.10.30 11:48:33 | 000,002,657 | ---- | M] () -- C:\Users\im-med\Desktop\adcell_stornos_20121030.csv
[2012.10.24 18:51:10 | 000,386,556 | ---- | M] () -- C:\Users\im-med\Desktop\Tobias Herrmann _ XING Kontakte.pdf
 
========== Files Created - No Company Name ==========
 
[2012.11.17 22:40:20 | 000,000,000 | ---- | C] () -- C:\Users\im-med\defogger_reenable
[2012.11.17 22:21:48 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012.11.17 13:57:08 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.17 12:46:40 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.17 12:45:19 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.16 21:20:33 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.11.16 21:20:32 | 000,001,853 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.11.15 09:45:15 | 000,004,214 | ---- | C] () -- C:\Users\im-med\Desktop\xmregs  Report_raffle  Details_20121115.csv
[2012.11.04 19:17:25 | 000,001,441 | ---- | C] () -- C:\Users\im-med\Desktop\CopyTrans Control Center.lnk
[2012.11.04 19:09:19 | 000,000,929 | ---- | C] () -- C:\Users\im-med\Desktop\iTwin.lnk
[2012.10.30 11:47:07 | 000,002,657 | ---- | C] () -- C:\Users\im-med\Desktop\adcell_stornos_20121030.csv
[2012.10.30 11:13:11 | 000,003,849 | ---- | C] () -- C:\Users\im-med\Desktop\cid33_adcell_20121026_mailcom-check_dbf.eig
[2012.10.30 11:10:22 | 000,131,284 | ---- | C] () -- C:\Users\im-med\Desktop\cid33_adcell_20121026_mailcom-check.DBF
[2012.10.24 18:51:04 | 000,386,556 | ---- | C] () -- C:\Users\im-med\Desktop\Tobias Herrmann _ XING Kontakte.pdf
[2012.10.01 14:20:09 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2012.10.01 14:20:07 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.10.01 14:20:07 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD5270DN.DAT
[2012.10.01 14:18:13 | 000,000,060 | R--- | C] () -- C:\Program Files\BRINST.INI
[2012.10.01 14:06:56 | 000,000,074 | ---- | C] () -- C:\Windows\Brownie.ini
[2012.10.01 13:27:13 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012.10.01 13:25:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.10.01 11:58:11 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxecvs.dll
[2012.10.01 11:58:10 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeccoin.dll
[2012.10.01 11:58:10 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxecgcfg.dll
[2012.10.01 11:58:09 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeccui.dll
[2012.10.01 11:58:09 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeccuir.dll
[2012.10.01 11:57:33 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxecserv.dll
[2012.10.01 11:57:33 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxecusb1.dll
[2012.10.01 11:57:33 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeccomc.dll
[2012.10.01 11:57:33 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxechbn3.dll
[2012.10.01 11:57:33 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxecpmui.dll
[2012.10.01 11:57:33 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeccoms.exe
[2012.10.01 11:57:33 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeclmpm.dll
[2012.10.01 11:57:33 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeccfg.exe
[2012.10.01 11:57:33 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeccomm.dll
[2012.10.01 11:57:33 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxecinpa.dll
[2012.10.01 11:57:33 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEChcp.dll
[2012.10.01 11:57:33 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeciesc.dll
[2012.10.01 11:57:33 | 000,331,776 | ---- | C] () -- C:\Windows\System32\LXECinst.dll
[2012.10.01 11:57:33 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxecih.exe
[2012.10.01 11:57:33 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxecins.dll
[2012.10.01 11:57:33 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxecinsb.dll
[2012.10.01 11:57:33 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeccu.dll
[2012.10.01 11:57:33 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxecgrd.dll
[2012.10.01 11:57:33 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxecinsr.dll
[2012.10.01 11:57:33 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeccub.dll
[2012.10.01 11:57:33 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxecjswr.dll
[2012.10.01 11:57:33 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeccur.dll
[2012.10.01 11:57:26 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXECsm.dll
[2012.10.01 11:57:26 | 000,024,064 | ---- | C] () -- C:\Windows\System32\LXECsmr.dll
[2012.10.01 07:25:20 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.09.30 12:18:25 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2012.09.30 12:02:10 | 000,001,096 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2011.01.11 20:41:30 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2011.01.11 20:41:28 | 000,874,048 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2011.01.11 20:41:28 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2011.01.11 20:09:12 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.01.11 20:06:56 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2009.06.16 12:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.11.17 20:39:32 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\Albea
[2012.09.30 11:24:15 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\Bytemobile
[2012.11.16 21:20:40 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\Canneverbe Limited
[2012.11.05 14:27:52 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\FileZilla
[2012.10.02 13:27:29 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\FireShot
[2012.11.02 10:37:31 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\GMX
[2012.11.04 19:09:26 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\Moka
[2012.10.24 11:25:02 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\pdfforge
[2012.09.30 11:24:15 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\Vodafone
[2012.09.30 11:27:00 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\Vodafone Mobile Connect
[2012.11.04 19:39:21 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\WindSolutions
 
========== Purity Check ==========
 
 

< End of report >

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 17.11.2012 22:43:47 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\im-med\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,30 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 57,43% Memory free
4,60 Gb Paging File | 3,27 Gb Available in Paging File | 71,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 284,99 Gb Total Space | 155,72 Gb Free Space | 54,64% Space Free | Partition Type: NTFS
 
Computer Name: im-medi | User Name: im-med | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009F7B72-A330-48C9-85D1-60AFD5DE52AF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{086BFEEF-C93C-497C-9437-227486795D0E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0999BB4A-7D4F-4B89-8D1D-C1265DE3F719}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{13B7AFB5-8479-4BB2-8EBC-EDAA36BF3C55}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{1FD09251-B030-4AF8-B9C9-DF722D8450ED}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2177F39A-5C20-4582-8874-A6DDB12F6F3C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{230FE251-99BC-42A6-9401-7D8FA63A44D4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{34AE78C5-1DEB-4BB6-896C-C40CEDBA4FA6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{35352748-6F7A-4023-A48D-E80026819A89}" = rport=139 | protocol=6 | dir=out | app=system | 
"{429162CD-CB76-4DB0-9A36-CC04DA5C200D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4CC11F06-62AF-4745-85FD-D1FC6ACEAAFA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{60A24E71-91F3-4668-B1C4-D6EF65EBC3B4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{618B6DDB-D1D3-4B40-B7D0-4351C924F8C0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{684DBBF6-4C64-4634-8207-E81EBACB0571}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6FE9E805-8B4F-4B9C-82E0-FFC6A60E9686}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{719EDAEE-5B4B-4EE3-827D-0ED0D34E9EEF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7418BE61-8611-478B-BBDB-36D0E7250880}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{95020FDF-545D-49BD-A1FD-92FA3C945D31}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A5496FF9-0430-418D-8671-E1B3DFF21AD0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{AF49D643-17F5-414A-A257-C8CA2752AEA3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C366341D-2B46-44A4-ACBF-94C3F914EDDE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C501AB6D-7E79-41A1-978F-A03F6655F408}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D6B019A6-E3C6-496F-BF1E-4CFA0408546A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FA15B0B8-3C62-470A-AE1C-211EBDB1004F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FFB4665D-75B5-4C47-83C7-D50F7A840E94}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0842BBE2-A663-4B05-A20A-C0880A005B37}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0B078D9D-3907-48AF-A459-5FF5785C4496}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"{0C5C935A-AB1C-4F8B-A36D-0F62201AD41A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1104325E-4DA8-4D43-9E4E-0534E42A7693}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{1F73A9DC-F2B9-4955-A989-1D0EE7B743A2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2A9AE2E2-3658-471A-BFBE-61BDE3DD0DFA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{30B929C7-8A1F-4E1E-BB4A-B191272B54B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3C324557-D38D-41A5-9441-8EC21B9E0A73}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3DDA006C-401E-4626-A8DE-58E9AABCB30A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5C36D7AC-B902-4F82-B94A-1D022AD759DE}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"{7A053C22-22E6-4037-8B92-DF4E49A5F7F8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8EF13B66-E933-449D-A81E-3936C23E47E9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{930859CF-8287-4AB9-B366-F792F47E626E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9BF41D3B-C7D1-47B5-B7FF-C485396CED78}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9C915439-9EA8-44A0-AE2D-3A4F0EEDD3FB}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{A7F5319F-F10F-47BD-BDCF-7B5C5A0DB827}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A9D05464-1F41-4A9D-8A46-1D1601D3B012}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{B36BB1EB-8F0D-4B11-B67E-E0581E51C7C1}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"{B7860D1F-1892-4227-B0E6-188832512744}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CA69FDD3-12CA-4ADB-88E3-F5AF3ADF5796}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{D27A7749-39F6-4940-BDCC-4FB16ACB4851}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{D93631C9-1DE1-483C-8FC1-BF1AADDCC0B0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DE59B111-2250-4C8B-A74B-F7F4AF20A8DC}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"{DF577650-10A1-40D2-A0EC-906955C1ACBE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E025B650-3217-46D7-8AB1-1156215E7B23}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F13D36AB-3E63-4F9A-B96F-A823CEBB41C7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F2ABEAEB-F58C-40DE-AC69-FDCE0E09B2A5}" = protocol=6 | dir=out | app=system | 
"{F346281D-D03C-4527-9586-E206B521003C}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{F625D04A-71C7-4D68-8DE1-50A6D52C8FBE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"TCP Query User{BC62F20F-922E-4C6F-A435-83288A008206}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{BEBD938C-906E-4448-A2D8-87A73634E864}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{D6D26B2D-EAA7-47D9-85DE-7220FC75E5AA}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{E6288DD0-5B3B-42B0-8C55-B31BD2D7AC75}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{E804E58F-1F43-40DC-B30C-EAFCF3D7D1FF}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{31AEDA06-A4F7-4BE9-B1C4-6FD1FAFBAA0C}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{3EAF3749-795E-4BFA-B2B7-4F745D090AC5}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{66287A91-A075-4BA9-BE56-8AD767D8CEA3}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{7C7A55AF-BCEA-4361-B41B-D33BF4FA7816}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{B4AA90C4-0BF2-4CC7-8069-7EA06CBA6F29}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0ED38503-B69A-44B4-98BE-21BFF284A9B6}" = Brother Driver Deployment Wizard
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1252F398-5142-4D81-AD31-8B0204C26E8C}" = ARIS Express
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.11
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_5445c5ddd9a5c69582d3c1e2bba18f7" = Adobe Creative Suite 4 Master Collection
"AnyDVD" = AnyDVD
"avast" = avast! Internet Security
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"CNXT_AUDIO_HDA" = Conexant HD Audio
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"FileZilla Client" = FileZilla Client 3.5.3
"GMX ProfiFax" = GMX ProfiFax
"iTwin_is1" = iTwin 3.3 Final
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"MailCom Adressen-Tools 7.0" = MailCom Adressen-Tools 7.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Professional 2010
"PSPad editor_is1" = PSPad editor
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.3
"XMind" = XMind
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.11.2012 13:15:30 | Computer Name = im-medi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1632737
 
Error - 17.11.2012 13:15:30 | Computer Name = im-medi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1632737
 
Error - 17.11.2012 15:37:42 | Computer Name = im-medi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17.11.2012 15:37:42 | Computer Name = im-medi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 455538
 
Error - 17.11.2012 15:37:42 | Computer Name = im-medi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 455538
 
Error - 17.11.2012 15:41:22 | Computer Name = im-medi | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 17.11.2012 16:11:16 | Computer Name = im-medi | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 17.11.2012 17:05:44 | Computer Name = im-medi | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 17.11.2012 17:15:42 | Computer Name = im-medi | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 17.11.2012 17:24:49 | Computer Name = im-medi | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
[ System Events ]
Error - 17.11.2012 17:15:35 | Computer Name = im-medi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 17.11.2012 17:15:47 | Computer Name = im-medi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   tcpipBM
 
Error - 17.11.2012 17:21:58 | Computer Name = im-medi | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 avast! Antivirus erreicht.
 
Error - 17.11.2012 17:21:58 | Computer Name = im-medi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "avast! Antivirus" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 17.11.2012 17:24:40 | Computer Name = im-medi | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 avast! Antivirus erreicht.
 
Error - 17.11.2012 17:24:40 | Computer Name = im-medi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "avast! Antivirus" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 17.11.2012 17:24:42 | Computer Name = im-medi | Source = Service Control Manager | ID = 7002
Description = Der Dienst "BrPar" ist von der Gruppe "Parallel arbitrator" abhängig.
 Kein Mitglied dieser Gruppe wurde jedoch gestartet.
 
Error - 17.11.2012 17:24:42 | Computer Name = im-medi | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 lxecCATSCustConnectService erreicht.
 
Error - 17.11.2012 17:24:42 | Computer Name = im-medi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 17.11.2012 17:24:53 | Computer Name = im-medi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   tcpipBM
 
 
< End of report >

t'john · 18.11.2012, 01:24

Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Code:

ATTFilter

:OTL
O4 - HKLM..\Run: [] File not found 
O4 - HKCU..\Run: [{896FA599-5F89-AD42-B1F4-CEF0A900EDED}] "C:\Users\im-med\AppData\Roaming\Albea\samyh.exe" File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\im-med\*.tmp
C:\Users\im-med\AppData\Local\{*}
C:\Users\im-med\AppData\Local\Temp\*.exe
C:\Users\im-med\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

2. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

4. Schritt

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

via75 · 18.11.2012, 22:27

Hallo t'john,

nachdem mein Rechner nicht stabil lief und immer wieder runtergefahren ist. Habe ich mich dazu entschlossen meinen Rechner neu aufzusetzen.

Da ich nicht sicher bin ob ich richtig vorgegangen bin und damit auch den Trojaner los geworden bin wollte ich mich bei dir nochmal vergewissern.

1) Win7 Installation und die Partitionen gelöscht und 2 neue eingerichtet (1 für Programme, 2 für Dateien).
2) zuerst avast und malebyteware installiert (man lernt ja dazu ;-) )
3) alle notwendigen Treiber für meinen Notebook installiert sowie ein paar Programme wie Firefox usw.
4) HINWEIS: Avast hat mich während ich online ware dann doch vor einem Trojaner gewarnt als eine URL aufgerufen wurde, die verdächtig so aussah wie die, als ich mir den Trojaner eingefangen habe. Deshalb habe ich die Befürchtung, dass der Trojaner doch noch irgendwo schlummert.

Aus diesem Grund habe ich OTL nochmals ausgeführt und schicke Dir die beiden neuen Logfiles

OTL
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 18.11.2012 22:11:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\oh\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,30 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 50,75% Memory free
4,60 Gb Paging File | 3,43 Gb Available in Paging File | 74,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 83,46 Gb Free Space | 85,46% Space Free | Partition Type: NTFS
Drive D: | 187,33 Gb Total Space | 187,01 Gb Free Space | 99,83% Space Free | Partition Type: NTFS
Drive F: | 15,05 Gb Total Space | 1,71 Gb Free Space | 11,37% Space Free | Partition Type: FAT32
Drive G: | 644,12 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 930,86 Gb Total Space | 4,06 Gb Free Space | 0,44% Space Free | Partition Type: NTFS
 
Computer Name: XMV | User Name: oh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.18 22:10:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\oh\Downloads\OTL.exe
PRC - [2012.11.18 21:51:22 | 000,233,472 | ---- | M] (Alcor Micro Corp.) -- C:\Programme\AmIcoSingLun\AmIcoSinglun.exe
PRC - [2012.11.18 21:39:59 | 000,496,184 | ---- | M] (Conexant Systems, Inc.) -- C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.10.30 23:50:56 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\afwServ.exe
PRC - [2012.10.24 18:49:10 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011.01.05 15:24:16 | 000,468,360 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2010.12.03 14:47:42 | 000,701,832 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe
PRC - [2010.12.03 14:47:40 | 000,701,824 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 02:14:17 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dinotify.exe
PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.24 18:49:23 | 002,295,264 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.10.30 23:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012.10.24 18:49:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010.12.03 14:47:40 | 000,701,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.11.18 21:57:56 | 000,029,232 | ---- | M] (EgisTec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor)
DRV - [2012.11.18 21:40:06 | 000,520,760 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.30 23:51:58 | 000,199,320 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.10.30 23:51:56 | 000,106,560 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.10.30 23:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012.10.15 17:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012.09.30 11:54:13 | 009,945,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.07.13 12:47:41 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2009.09.17 19:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B E4 23 FB C4 C5 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.18 21:25:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.11.18 21:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oh\AppData\Roaming\mozilla\Extensions
[2012.11.18 22:07:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.18 22:07:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [BrowserChoice] C:\Windows\System32\browserchoice.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{297483FD-D1E7-47FD-A238-DD5B0743CE77}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.18 22:12:18 | 000,000,088 | ---- | M] () - G:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{8cc37f36-31b5-11e2-aeac-edee0ccccdeb}\Shell - "" = AutoRun
O33 - MountPoints2\{8cc37f36-31b5-11e2-aeac-edee0ccccdeb}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- [2009.10.14 22:28:45 | 003,271,968 | ---- | M] (Western Digital)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.18 22:07:57 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XMind
[2012.11.18 22:07:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind
[2012.11.18 22:07:43 | 000,000,000 | ---D | C] -- C:\Users\oh\Application Data
[2012.11.18 22:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.11.18 22:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.11.18 22:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.11.18 22:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\XMind
[2012.11.18 21:57:25 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2012.11.18 21:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM
[2012.11.18 21:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\Acer
[2012.11.18 21:53:42 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012.11.18 21:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AmUStor
[2012.11.18 21:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\AmIcoSingLun
[2012.11.18 21:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye webcam
[2012.11.18 21:53:06 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Roaming\Liteon
[2012.11.18 21:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Crystal Eye webcam
[2012.11.18 21:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2012.11.18 21:41:02 | 000,168,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\EED32A.dll
[2012.11.18 21:41:02 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\EEL32A.dll
[2012.11.18 21:41:02 | 000,062,664 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\EEG32A.dll
[2012.11.18 21:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.11.18 21:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.11.18 21:25:54 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Roaming\Mozilla
[2012.11.18 21:25:54 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Local\Mozilla
[2012.11.18 21:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.11.18 21:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.11.18 21:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.11.18 21:24:31 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Local\Google
[2012.11.18 21:24:16 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Local\Deployment
[2012.11.18 21:24:16 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Local\Apps
[2012.11.18 21:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.11.18 20:59:16 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Roaming\Malwarebytes
[2012.11.18 20:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.18 20:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.18 20:59:04 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.18 20:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.18 20:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012.11.18 20:47:29 | 000,361,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.11.18 20:47:29 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.11.18 20:47:26 | 000,106,560 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2012.11.18 20:47:18 | 000,199,320 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2012.11.18 20:47:17 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.11.18 20:47:17 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012.11.18 20:47:17 | 000,020,624 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012.11.18 20:47:16 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.11.18 20:47:13 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.11.18 20:46:35 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.11.18 20:46:35 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.11.18 20:46:35 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2012.11.18 20:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.11.18 20:46:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.11.18 20:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2012.11.18 20:35:28 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.11.18 20:34:55 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2012.11.18 20:34:53 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Roaming\InstallShield
[2012.11.18 20:29:10 | 000,000,000 | R--D | C] -- C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.11.18 20:29:10 | 000,000,000 | R--D | C] -- C:\Users\oh\Searches
[2012.11.18 20:29:10 | 000,000,000 | R--D | C] -- C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.11.18 20:28:57 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Roaming\Identities
[2012.11.18 20:28:56 | 000,000,000 | R--D | C] -- C:\Users\oh\Contacts
[2012.11.18 20:28:47 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Local\VirtualStore
[2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\Vorlagen
[2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\AppData\Local\Verlauf
[2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\AppData\Local\Temporary Internet Files
[2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\Startmenü
[2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\SendTo
[2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\Recent
[2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\Netzwerkumgebung
[2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\Lokale Einstellungen
[2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\Documents\Eigene Videos
[2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\Documents\Eigene Musik
[2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\Eigene Dateien
[2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\Documents\Eigene Bilder
[2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\Druckumgebung
[2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\Cookies
[2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\AppData\Local\Anwendungsdaten
[2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\Anwendungsdaten
[2012.11.18 20:28:43 | 000,000,000 | --SD | C] -- C:\Users\oh\AppData\Roaming\Microsoft
[2012.11.18 20:28:43 | 000,000,000 | R--D | C] -- C:\Users\oh\Videos
[2012.11.18 20:28:43 | 000,000,000 | R--D | C] -- C:\Users\oh\Saved Games
[2012.11.18 20:28:43 | 000,000,000 | R--D | C] -- C:\Users\oh\Pictures
[2012.11.18 20:28:43 | 000,000,000 | R--D | C] -- C:\Users\oh\Music
[2012.11.18 20:28:43 | 000,000,000 | R--D | C] -- C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.11.18 20:28:43 | 000,000,000 | R--D | C] -- C:\Users\oh\Links
[2012.11.18 20:28:43 | 000,000,000 | R--D | C] -- C:\Users\oh\Favorites
[2012.11.18 20:28:43 | 000,000,000 | R--D | C] -- C:\Users\oh\Downloads
[2012.11.18 20:28:43 | 000,000,000 | R--D | C] -- C:\Users\oh\Documents
[2012.11.18 20:28:43 | 000,000,000 | R--D | C] -- C:\Users\oh\Desktop
[2012.11.18 20:28:43 | 000,000,000 | R--D | C] -- C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.11.18 20:28:43 | 000,000,000 | -H-D | C] -- C:\Users\oh\AppData
[2012.11.18 20:28:43 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Local\Temp
[2012.11.18 20:28:43 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Local\Microsoft
[2012.11.18 20:28:43 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Roaming\Media Center Programs
[2012.11.18 20:28:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.11.18 20:28:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.11.18 20:28:35 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.11.18 20:28:35 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.11.18 20:28:35 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.11.18 20:28:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.11.18 20:28:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.11.18 20:28:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.11.18 20:28:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.11.18 20:28:35 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.11.18 20:28:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.11.18 20:28:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.11.18 20:23:38 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.11.18 20:20:56 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.11.18 20:20:33 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012.11.18 20:19:57 | 000,000,000 | ---D | C] -- C:\Windows\Panther
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.18 22:07:57 | 000,000,915 | ---- | M] () -- C:\Users\oh\Desktop\XMind.lnk
[2012.11.18 21:57:56 | 000,029,232 | ---- | M] (EgisTec) -- C:\Windows\System32\drivers\FPSensor.sys
[2012.11.18 21:40:06 | 000,308,128 | ---- | M] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2012.11.18 21:40:00 | 000,001,096 | ---- | M] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2012.11.18 21:35:11 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.18 21:35:06 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.18 21:31:15 | 000,002,227 | ---- | M] () -- C:\Users\oh\Desktop\Google Chrome.lnk
[2012.11.18 21:26:40 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.18 21:26:40 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.18 21:26:40 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.18 21:26:40 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.18 21:25:47 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.18 21:23:07 | 000,012,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.18 21:23:07 | 000,012,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.18 21:21:35 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2012.11.18 21:20:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.18 21:20:31 | 1853,149,184 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.18 21:17:35 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.11.18 20:56:56 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.11.18 20:47:30 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012.11.18 20:35:14 | 000,707,378 | ---- | M] () -- C:\Windows\System32\oem1.inf
[2012.11.18 20:34:51 | 000,006,656 | ---- | M] () -- C:\Windows\System32\bcmwlrc.dll
[2012.11.18 20:31:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.11.18 20:24:55 | 000,265,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.18 20:23:43 | 000,057,050 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.10.30 23:51:58 | 000,199,320 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.10.30 23:51:56 | 000,106,560 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.10.30 23:51:56 | 000,020,624 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
 
========== Files Created - No Company Name ==========
 
[2012.11.18 22:07:57 | 000,000,915 | ---- | C] () -- C:\Users\oh\Desktop\XMind.lnk
[2012.11.18 21:41:21 | 000,001,096 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2012.11.18 21:31:15 | 000,002,227 | ---- | C] () -- C:\Users\oh\Desktop\Google Chrome.lnk
[2012.11.18 21:30:29 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.18 21:30:28 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.18 21:25:47 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.18 21:25:47 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.18 21:21:35 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2012.11.18 21:17:35 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.11.18 20:47:30 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012.11.18 20:35:18 | 000,707,378 | ---- | C] () -- C:\Windows\System32\oem1.inf
[2012.11.18 20:34:56 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2012.11.18 20:31:47 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.11.18 20:29:11 | 000,001,409 | ---- | C] () -- C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.11.18 20:23:36 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.11.18 20:23:25 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.11.18 20:20:33 | 1853,149,184 | -HS- | C] () -- C:\hiberfil.sys
[2012.11.18 19:52:04 | 000,020,757 | ---- | C] () -- C:\Windows\System32\nvdisp_IH.nvu
[2012.11.18 19:52:00 | 001,921,265 | ---- | C] () -- C:\Windows\System32\iglhxa32.cpa
[2012.11.18 19:52:00 | 000,874,048 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012.11.18 19:52:00 | 000,060,254 | ---- | C] () -- C:\Windows\System32\iglhxg32.vp
[2012.11.18 19:52:00 | 000,060,226 | ---- | C] () -- C:\Windows\System32\iglhxc32.vp
[2012.11.18 19:52:00 | 000,060,015 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp
[2012.11.18 19:52:00 | 000,051,632 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2012.11.18 19:52:00 | 000,001,090 | ---- | C] () -- C:\Windows\System32\iglhxa32.vp
[2012.11.18 19:51:59 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012.11.18 19:51:59 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.11.18 19:51:58 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012.11.18 19:51:57 | 000,189,494 | ---- | C] () -- C:\Windows\System32\Gfxres.th-TH.resources
[2012.11.18 19:51:57 | 000,165,337 | ---- | C] () -- C:\Windows\System32\Gfxres.ru-RU.resources
[2012.11.18 19:51:57 | 000,136,343 | ---- | C] () -- C:\Windows\System32\Gfxres.ja-JP.resources
[2012.11.18 19:51:57 | 000,125,500 | ---- | C] () -- C:\Windows\System32\Gfxres.it-IT.resources
[2012.11.18 19:51:57 | 000,123,172 | ---- | C] () -- C:\Windows\System32\Gfxres.ko-KR.resources
[2012.11.18 19:51:57 | 000,121,115 | ---- | C] () -- C:\Windows\System32\Gfxres.tr-TR.resources
[2012.11.18 19:51:57 | 000,120,308 | ---- | C] () -- C:\Windows\System32\Gfxres.pt-BR.resources
[2012.11.18 19:51:57 | 000,119,558 | ---- | C] () -- C:\Windows\System32\Gfxres.hu-HU.resources
[2012.11.18 19:51:57 | 000,119,528 | ---- | C] () -- C:\Windows\System32\Gfxres.nl-NL.resources
[2012.11.18 19:51:57 | 000,119,302 | ---- | C] () -- C:\Windows\System32\Gfxres.sv-SE.resources
[2012.11.18 19:51:57 | 000,119,009 | ---- | C] () -- C:\Windows\System32\Gfxres.pt-PT.resources
[2012.11.18 19:51:57 | 000,118,351 | ---- | C] () -- C:\Windows\System32\Gfxres.pl-PL.resources
[2012.11.18 19:51:57 | 000,118,000 | ---- | C] () -- C:\Windows\System32\Gfxres.sk-SK.resources
[2012.11.18 19:51:57 | 000,114,794 | ---- | C] () -- C:\Windows\System32\Gfxres.nb-NO.resources
[2012.11.18 19:51:57 | 000,114,314 | ---- | C] () -- C:\Windows\System32\Gfxres.sl-SI.resources
[2012.11.18 19:51:57 | 000,103,986 | ---- | C] () -- C:\Windows\System32\Gfxres.zh-TW.resources
[2012.11.18 19:51:57 | 000,102,825 | ---- | C] () -- C:\Windows\System32\Gfxres.zh-CN.resources
[2012.11.18 19:51:57 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.11.18 19:51:56 | 000,178,349 | ---- | C] () -- C:\Windows\System32\Gfxres.el-GR.resources
[2012.11.18 19:51:56 | 000,139,851 | ---- | C] () -- C:\Windows\System32\Gfxres.ar-SA.resources
[2012.11.18 19:51:56 | 000,133,688 | ---- | C] () -- C:\Windows\System32\Gfxres.he-IL.resources
[2012.11.18 19:51:56 | 000,122,869 | ---- | C] () -- C:\Windows\System32\Gfxres.es-ES.resources
[2012.11.18 19:51:56 | 000,122,651 | ---- | C] () -- C:\Windows\System32\Gfxres.de-DE.resources
[2012.11.18 19:51:56 | 000,120,742 | ---- | C] () -- C:\Windows\System32\Gfxres.fr-FR.resources
[2012.11.18 19:51:56 | 000,118,687 | ---- | C] () -- C:\Windows\System32\Gfxres.cs-CZ.resources
[2012.11.18 19:51:56 | 000,118,639 | ---- | C] () -- C:\Windows\System32\Gfxres.fi-FI.resources
[2012.11.18 19:51:56 | 000,114,203 | ---- | C] () -- C:\Windows\System32\Gfxres.da-DK.resources
[2012.11.18 19:51:56 | 000,110,156 | ---- | C] () -- C:\Windows\System32\Gfxres.en-US.resources
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.11.18 21:53:06 | 000,000,000 | ---D | M] -- C:\Users\oh\AppData\Roaming\Liteon
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Extras
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 18.11.2012 22:11:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\oh\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,30 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 50,75% Memory free
4,60 Gb Paging File | 3,43 Gb Available in Paging File | 74,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 83,46 Gb Free Space | 85,46% Space Free | Partition Type: NTFS
Drive D: | 187,33 Gb Total Space | 187,01 Gb Free Space | 99,83% Space Free | Partition Type: NTFS
Drive F: | 15,05 Gb Total Space | 1,71 Gb Free Space | 11,37% Space Free | Partition Type: FAT32
Drive G: | 644,12 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 930,86 Gb Total Space | 4,06 Gb Free Space | 0,44% Space Free | Partition Type: NTFS
 
Computer Name: XMV | User Name: oh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{BC15023B-48DB-4F71-9C25-CFE1A8BB7202}" = Alcor Micro USB Card Reader
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"avast" = avast! Internet Security
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Google Chrome" = Google Chrome
"InstallShield_{BC15023B-48DB-4F71-9C25-CFE1A8BB7202}" = Alcor Micro USB Card Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"XMind" = XMind
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.11.2012 16:51:39 | Computer Name = xmv | Source = VSS | ID = 8194
Description = 
 
Error - 18.11.2012 17:02:32 | Computer Name = xmv | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ePowerSvc.exe, Version: 5.0.3009.0,
 Zeitstempel: 0x4d241b0f  Name des fehlerhaften Moduls: ePowerSvc.exe, Version: 5.0.3009.0,
 Zeitstempel: 0x4d241b0f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000097fb  ID des fehlerhaften
 Prozesses: 0xeac  Startzeit der fehlerhaften Anwendung: 0x01cdc5cf0b1b5897  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
Berichtskennung:
 44e77285-31c3-11e2-8ace-83bdd0ba5d92
 
[ System Events ]
Error - 18.11.2012 15:50:36 | Computer Name = xmv | Source = DCOM | ID = 10010
Description = 
 
Error - 18.11.2012 16:00:42 | Computer Name = xmv | Source = DCOM | ID = 10010
Description = 
 
Error - 18.11.2012 17:02:34 | Computer Name = xmv | Source = Service Control Manager | ID = 7034
Description = Dienst "Acer ePower Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
 
< End of report >

--- --- ---

t'john · 19.11.2012, 05:56

Wieso hast du, ob wohl du neuaufgestzt hast, eine veraltete Software installiert?

Zitat:

Java 6 Update 32

Aktuell ist Java 7 Update 9

Wie kann das sein?

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 9 ) herunter laden.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck

Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck

via75 · 20.11.2012, 11:41

Hi,
ich habe wie Du geschrieben hast, Java aktualisiert und im Nachgang aus Chrome und Firefox das Plugin deaktiviert.

Hier die copy & paste Infos, die Du wolltest.
Passt jetzt soweit alles oder muss ich noch auf etwas achten?

Ganz herzlichen Dank schon mal für die schnelle und grandiose Hilfestellung hier!

VG, Oliver

Zitat:

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck

Mit dem PluginCheck erhalte ich folgende Informationen:
PluginCheck
Firefox 16.0 ist aktuell
Flash (11,5,502,110) ist aktuell.
Java (1,7,0,9) ist aktuell.
Adobe Reader 11,0,0,379 ist aktuell.

Zitat:

Java deaktivieren
Aufgrund derezeitigen Sicherheitsluecke:
http://www.trojaner-board.de/122961-...ktivieren.html
Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck

Firefox 16.0 ist aktuell
Flash (11,5,502,110) ist aktuell.
Java (1,7,0,9) ist aktuell.
Adobe Reader 11,0,0,379 ist aktuell.

t'john · 21.11.2012, 04:24

Sehr gut!

damit bist Du sauber und entlassen!

Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?

via75 · 23.11.2012, 10:17

Hi,

ich hätte doch nochmal eine Frage.
Und zwar warnt mich mein Virenscanner avast tagtäglich bzgl. folgender Datei C:\Windows\System32\igfxpers.exe

Hier die Erklärung von avast:
hxxp://www.avast.com/de-de/lp-pr-virus-alert?p_ext=&utm_campaign=Virus_alert&utm_source=prg_ise_70_0&utm_medium=prg_systray&utm_content=.%2Fpaid%2Fde-de%2Fvirus-alert-default&p_vir=URL:Mal&p_prc=C:\Windows\System32\igfxpers.exe&p_obj=hxxp://hittachis.ru/d1yehX?ENYkjRnOHixPXf=XRvRpOIQNXhertwDc%26dqgfqtknwHMOH=PslRphXNINab%26RMnaBhcQPGJ=yGKhSFgrUOxKiH&p_var=.%2Fpaid%2Fde-de%2Fvirus-alert-default&p_pro=2&p_vep=7&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=312&p_lng=de&p_lid=de-de&p_elm=7&p_vbd=1474

Ist bei mir eventuell immer noch etwas im argen was ich ändern sollte?

Danke schon mal und beste Grüße,
Oliver

t'john · 23.11.2012, 21:50

Datei-Überprüfung

Folgende Datei/en (siehe Codebox) bei VirusTotal online überprüfen lassen. Dafür musst Du jede Datei einzeln über den Button "Durchsuchen" und "Send file" nach VirusTotal hochladen und prüfen lassen. Sollte die Datei bereits einmal geprüft sein, bitte auf Reanalyze klicken.

Beim Firefox mit installiertem NoScript bitte VirusTotal erlauben. Wenn VirusTotal die Datei empfangen hat, wird sie diese mit mehreren Anti-Virus-Scannern prüfen und die Ergebnisse anzeigen. Sollte VirusTotal melden, dass die Datei bereits überpüft wurde, lasse sie trotzdem über den Button "Reanalyse" erneut prüfen.

Wenn das Ergebnis vorliegt, kopiere mir den Ergebnis-Link (aus der Adresszeile des Browsers) hier in den Thread.

Auch wenn sich herausstellt, dass die Datei/en infiziert ist/sind, bitte nicht ohne Absprache löschen!

via75 · 23.11.2012, 22:27

Welche Code Box meinst Du?

Soeben wurde von Avast auch noch die Warnung für Explorer.EXE gemeldet

Das Ergebnis bei Virustotal war für folgende Dateien ohne Befund:
C:\Windows\Explorer.EXE
https://www.virustotal.com/file/9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad/analysis/1353706373/

C:\Windows\System32\igfxpers.exe
https://www.virustotal.com/file/1d91f0990ae8b1371a10f0fb50aae5946e7d4e6f5008fb9f6327a02478528179/analysis/1353705732/

hmmm... Habe ich vielleicht sonst wo noch irgend ein Sicherheitsloch?

Beste Grüße,
Oliver

P.S.:

Falls Du mit Code Box die OTL Logfiles meintest, habe ich die Dateien, die ich finden konnte darin einfach mal analysiert.
Hier das Ergebnis. An einer Stelle wurde was gefunden?!

C:\Programme\AmIcoSingLun\AmIcoSinglun.exe
https://www.virustotal.com/file/f8925ca0a2643a1f6bbf5a76185c9d2f8f2517bb349c17bd4e25bc995b856c99/analysis/1353706798/

C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
https://www.virustotal.com/file/7f556de5621dd00ed8ee4d3c0978a22a2c508d4a98764b3fd2d00b7aff882f11/analysis/1353706821/

**** >>> ByteHero Trojan.Exception.gen.101 <<< ****
C:\Programme\AVAST Software\Avast\AvastUI.exe
https://www.virustotal.com/file/570dbf28f6d77890476f7b6a9c57f77dcc3c51038a1780540032b5fd9cf72190/analysis/1353706845/
****************************************************

C:\Programme\AVAST Software\Avast\AvastSvc.exe
https://www.virustotal.com/file/d3f5ba7000ef311a0e4772b5bf9b0bffca721fa971d87dd76b7e8b9b06e9bbc3/analysis/1353706869/

C:\Programme\AVAST Software\Avast\afwServ.exe
https://www.virustotal.com/file/38e551ad9897b8bfc190bc5f3414ffae0e762e8d52f33ccb1173b678269505d4/analysis/1353706990/

C:\Programme\Mozilla Firefox\firefox.exe
https://www.virustotal.com/file/99f0e817981c10913dfbeee84b085121e65ad55217abe975ad4b8819212fd1f6/analysis/1353707021/

C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
https://www.virustotal.com/file/84ab101003797c35475340a66cf6fd21498a378ef0e7698d543ca957d75dd67d/analysis/1353707049/

C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
https://www.virustotal.com/file/639603e698fb99f0100fc30e6ecdff06ff33d4dcac16ba5c65499e9bd4d958da/analysis/1353707096/

C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
https://www.virustotal.com/file/8db25546b444ae86aaaa5f2d6b45e8d0ec033c721475baeec252c53134609289/analysis/1353707127/

C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe
https://www.virustotal.com/file/b8947015602a3bba5875d90098b6b13c0f2f1c9580ec9885852815e4d26ec886/analysis/1353707163/

C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe
https://www.virustotal.com/file/970ac652f2b8c8f1383fbdb3def292ba762d20ad6079088943b9c8c253aa9281/analysis/1353707206/

C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe
https://www.virustotal.com/file/50a51cbc68a8bf1ab95f3c8fb80afaddea82c49b39c9d5df110d5c1452972fd2/analysis/1353707285/

C:\Windows\System32\taskhost.exe
https://www.virustotal.com/file/65e3d8ce737896647065103fbb4d58e6a34171d0a48662a832cfdac3cf469701/analysis/1353707322/

C:\Windows\explorer.exe
https://www.virustotal.com/file/9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad/analysis/1353707356/

C:\Windows\System32\dinotify.exe
https://www.virustotal.com/file/987986934c96dbb64f0a336b72520077fcd556524643bc03f02d1aab4b491d3d/analysis/1353707420/

C:\Windows\System32\conhost.exe
https://www.virustotal.com/file/128f49a9e4f6073e53cbbafc999cdd34af9b0cef817673eac1946330bc7a95a8/analysis/1353707458/

----------------------------------

C:\Windows\System32\control.exe
https://www.virustotal.com/file/9678f973ddb06f3f77cddfe8c9f3152beb87aef5ef048b36966a2be787f5ad70/analysis/1353707506/

C:\Windows\winhlp32.exe
https://www.virustotal.com/file/8d39ac4c416cae32a6787326d2cae0b0cd075915b75229572fa5d90fbb3dfe52/analysis/1353707533/

C:\Program Files\Mozilla Firefox\firefox.exe
https://www.virustotal.com/file/99f0e817981c10913dfbeee84b085121e65ad55217abe975ad4b8819212fd1f6/analysis/1353707567/

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
https://www.virustotal.com/file/0d2143b8a03c8db3963a6a32a144c55a18aabbf06c9e4b08e720e4c94d7b1143/analysis/1353707641/

t'john · 24.11.2012, 06:13

Es ist alles sauber.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

via75 · 25.11.2012, 12:25

Hallo t'john,

das hier ist das Logfile von ESET

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=12
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1b5ef3e3c756b940a72b72df5cf17b2d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-25 11:15:38
# local_time=2012-11-25 12:15:38 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 155348 105470046 0 0
# compatibility_mode=8192 67108863 100 0 3962 3962 0 0
# scanned=218547
# found=23
# cleaned=0
# scan_time=3283
C:\Windows\System32\hccutils.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\igd10umd32.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\igdumd32.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\igdumdx32.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\igfxdev.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\igfxdo.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\igfxpph.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\igfxress.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\igfxTMM.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\iglhcp32.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\iglhsip32.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\DriverStore\FileRepository\nvmvac.inf_x86_neutral_f1b2eb59748c91e8\hccutils.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\DriverStore\FileRepository\nvmvac.inf_x86_neutral_f1b2eb59748c91e8\igd10umd32.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\DriverStore\FileRepository\nvmvac.inf_x86_neutral_f1b2eb59748c91e8\igdumd32.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\DriverStore\FileRepository\nvmvac.inf_x86_neutral_f1b2eb59748c91e8\igdumdx32.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\DriverStore\FileRepository\nvmvac.inf_x86_neutral_f1b2eb59748c91e8\igfxdev.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\DriverStore\FileRepository\nvmvac.inf_x86_neutral_f1b2eb59748c91e8\igfxdo.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\DriverStore\FileRepository\nvmvac.inf_x86_neutral_f1b2eb59748c91e8\igfxpph.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\DriverStore\FileRepository\nvmvac.inf_x86_neutral_f1b2eb59748c91e8\igfxress.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\DriverStore\FileRepository\nvmvac.inf_x86_neutral_f1b2eb59748c91e8\igfxTMM.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\DriverStore\FileRepository\nvmvac.inf_x86_neutral_f1b2eb59748c91e8\iglhcp32.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\DriverStore\FileRepository\nvmvac.inf_x86_neutral_f1b2eb59748c91e8\iglhsip32.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I
${Memory} Win32/Goblin.E.Gen virus 00000000000000000000000000000000 I

Auf Grund des Viren-Ergebnisses habe ich mit Avira auch mal den Ordner C:\Windows\System32\ gescannt - aber Avira hat nichts gefunden.

t'john · 26.11.2012, 03:05

Wo hast du die Treiber den hergehabt?

via75 · 26.11.2012, 10:10

ich habe alle Treiber von der Herstellerseite meines Notebooks heruntergeladen bzw. die die ich noch auf dem Rechner hatte verwendet:
hxxp://www.acer.de/ac/de/DE/content/drivers

Notebook < TravelMate < TravelMate 8472TG

Was kann ich tun?

t'john · 27.11.2012, 12:58

Lade die Treiber neu runter, dann deinstalliere die Grafikkarte aus dem Geräte-Manager mit der Option Treiber löschen.

Dann Rechner neustarten und neue Treiber installieren.

via75 · 29.11.2012, 10:11

Ich habe mein System die letzten 2 Tage beobachtet und es scheint jetzt Ruhe im Karton zu sein! :-)
Ganz herzlichen Dank für Deine bzw. Eure Unterstützung!!!

Kann man bei Euch für Euren engagierten Service auch was Spenden oder so?

Beste Grüße,
Oliver

26.11.2012, 03:05	#12
t'john /// Helfer-Team	Trojaner Bundespolizei 2.07 (unter Window 7) Wo hast du die Treiber den hergehabt? __________________ Mfg, t'john Das TB unterstützen

27.11.2012, 12:58	#14
t'john /// Helfer-Team	Trojaner Bundespolizei 2.07 (unter Window 7) Lade die Treiber neu runter, dann deinstalliere die Grafikkarte aus dem Geräte-Manager mit der Option Treiber löschen. Dann Rechner neustarten und neue Treiber installieren. __________________ Mfg, t'john Das TB unterstützen

Trojaner Bundespolizei 2.07 (unter Window 7)

Log-Analyse und Auswertung: Trojaner Bundespolizei 2.07 (unter Window 7)