Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Browser öffnet falsche Seiten bzw. garnichts, div. Trojaner, BackdoorBots, Malwares

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.11.2010, 19:02   #1
HerrLehmann
 
Browser öffnet falsche Seiten bzw. garnichts, div. Trojaner, BackdoorBots, Malwares - Standard

Browser öffnet falsche Seiten bzw. garnichts, div. Trojaner, BackdoorBots, Malwares



Hallo Trojaner,

mein Laptop (Intel Pentium Dual CPU 2.00GHz, Vista Home Premium, AntivirPersonal, Windows Firewall) spinnt ein wenig herum, und ich glaube, ich habe mir da etwas eingefangen.

Ich habe mich nach bestem Gewissen bemüht, den umfangreichen Boardregeln mit meinen eingeschränkten Kenntnissen Folge zu leisten, und freue mich über jede Hilfe...

Also:

HiJackThis wirft folgenden Log aus
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:08:26, on 12.11.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\ale\AppData\Roaming\Microsoft\Windows\shell.exe
C:\Windows\system32\taskeng.exe
C:\Users\ale\AppData\Roaming\Microsoft\svchost.exe
C:\Users\ale\AppData\Local\Temp\dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Users\ale\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Users\ale\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.packardbell.com/?id=9283
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F3 - REG:win.ini: load=C:\Users\ale\AppData\Local\Temp\dwm.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe" /preinstalled
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\ale\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [svchost] C:\Users\ale\AppData\Roaming\Microsoft\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Dropbox.lnk = ale\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Quicken 2010 Zahlungserinnerung.lnk = C:\Program Files\Lexware\Quicken\2010\billmind.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Free YouTube Download - C:\Users\ale\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O13 - Gopher Prefix: 
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - hxxp://lahnfenster.rp-giessen.de/VatDec.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9d6f5749b5bc0) (gupdate1c9d6f5749b5bc0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 12063 bytes
         
Da ich nicht alle negativen Auswertungen den Eintragungen im Logfile zuordnen konnte, habe ich keine Fixes mit HJT vorgenommen.

Ich habe aber noch einen Malwarebytes Scan gemacht und die entsprechenden Funde gefixt. Logfile:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5100

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

12.11.2010 18:29:50
mbam-log-2010-11-12 (18-29-50).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 206859
Laufzeit: 7 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 3
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
C:\Users\ale\AppData\Roaming\Microsoft\svchost.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\Users\ale\AppData\Roaming\Microsoft\Windows\shell.exe (Trojan.Shell) -> Unloaded process successfully.
C:\Users\ale\AppData\Local\Temp\dwm.exe (Trojan.Agent) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Data: c:\users\ale\appdata\local\temp\dwm.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Users\ale\AppData\Roaming\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\ale\AppData\Roaming\Microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\ale\AppData\Roaming\Microsoft\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\ale\AppData\Roaming\Microsoft\Windows\shell.exe (Trojan.Shell) -> Quarantined and deleted successfully.
C:\Users\ale\AppData\Local\Temp\dwm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
         
Mein OTL-Logfile sieht wie folgt aus:
Code:
ATTFilter
OTL logfile created on: 12.11.2010 18:40:47 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\ale\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,88 Gb Total Space | 51,80 Gb Free Space | 23,45% Space Free | Partition Type: NTFS
 
Computer Name: LICHERBIER | User Name: ale | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\ale\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Users\ale\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Users\ale\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
PRC - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\ale\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (ManyCam) -- C:\Windows\System32\DRIVERS\ManyCam.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (BrSerIf) -- C:\Windows\System32\drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (BrUsbSer) -- C:\Windows\System32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.packardbell.com/?id=9283
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.01 15:56:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.01 15:56:08 | 000,000,000 | ---D | M]
 
[2008.12.28 18:09:29 | 000,000,000 | ---D | M] -- C:\Users\ale\AppData\Roaming\mozilla\Extensions
[2008.12.28 18:09:29 | 000,000,000 | ---D | M] -- C:\Users\ale\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.11.11 20:03:24 | 000,000,000 | ---D | M] -- C:\Users\ale\AppData\Roaming\mozilla\Firefox\Profiles\2m6acugt.default\extensions
[2010.06.27 08:39:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ale\AppData\Roaming\mozilla\Firefox\Profiles\2m6acugt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.09 01:40:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ale\AppData\Roaming\mozilla\Firefox\Profiles\2m6acugt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.11.09 00:07:51 | 000,000,000 | ---D | M] -- C:\Users\ale\AppData\Roaming\mozilla\Firefox\Profiles\2m6acugt.default\extensions\moveplayer@movenetworks.com
[2010.06.12 18:08:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.12 18:08:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.08.01 11:51:29 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.01 11:51:30 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.01 11:51:30 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.01 11:51:30 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.01 11:51:30 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\ale\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\ale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ale\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\ale\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} hxxp://lahnfenster.rp-giessen.de/VatDec.cab (VatCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\ale\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\ale\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{87cd1e7e-d242-11dd-8167-001e68e0d9ab}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{bb3f7c18-97cf-11df-b7b4-001e68e0d9ab}\Shell\AutoRun\command - "" = E:\Toshiba\more4you.exe -- File not found
O33 - MountPoints2\{c53bc00b-4632-11de-8438-001e68e0d9ab}\Shell - "" = AutoRun
O33 - MountPoints2\{c53bc00b-4632-11de-8438-001e68e0d9ab}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{c53bc02b-4632-11de-8438-001e68e0d9ab}\Shell - "" = AutoRun
O33 - MountPoints2\{c53bc02b-4632-11de-8438-001e68e0d9ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{c53bc131-4632-11de-8438-001e68e0d9ab}\Shell - "" = AutoRun
O33 - MountPoints2\{c53bc131-4632-11de-8438-001e68e0d9ab}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{c53bc133-4632-11de-8438-001e68e0d9ab}\Shell - "" = AutoRun
O33 - MountPoints2\{c53bc133-4632-11de-8438-001e68e0d9ab}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{c8306ede-6a1d-11df-a4c9-001e68e0d9ab}\Shell - "" = AutoRun
O33 - MountPoints2\{c8306ede-6a1d-11df-a4c9-001e68e0d9ab}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{c8306ef5-6a1d-11df-a4c9-001e68e0d9ab}\Shell - "" = AutoRun
O33 - MountPoints2\{c8306ef5-6a1d-11df-a4c9-001e68e0d9ab}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{c8306f10-6a1d-11df-a4c9-001e68e0d9ab}\Shell - "" = AutoRun
O33 - MountPoints2\{c8306f10-6a1d-11df-a4c9-001e68e0d9ab}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.12 17:24:33 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\ale\Desktop\OTL.exe
[2010.11.12 17:24:23 | 000,000,000 | ---D | C] -- C:\Users\ale\AppData\Roaming\Malwarebytes
[2010.11.12 17:22:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.12 17:22:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.12 17:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.12 17:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.11.12 17:21:55 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\ale\Desktop\mbam-setup.exe
[2010.10.19 17:15:01 | 000,000,000 | ---D | C] -- C:\Users\ale\Desktop\ebay versand
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.12 18:39:59 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1C1B473A-E50F-4ABE-8F22-BF865C410FC5}.job
[2010.11.12 18:39:28 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.12 18:39:28 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.12 18:39:28 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.12 18:39:28 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.12 18:34:24 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.12 18:33:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.12 18:33:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.12 18:33:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.12 18:33:30 | 3146,670,080 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.12 18:30:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator-ale.job
[2010.11.12 18:30:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie-ale.job
[2010.11.12 18:13:03 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.12 17:45:11 | 000,106,657 | ---- | M] () -- C:\Users\ale\Desktop\mwb.jpg
[2010.11.12 17:22:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ale\Desktop\OTL.exe
[2010.11.12 17:20:12 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\ale\Desktop\mbam-setup.exe
[2010.11.09 18:06:46 | 000,040,690 | ---- | M] () -- C:\Users\ale\Documents\sauereiabrechnungIII.pdf
[2010.11.09 18:06:07 | 000,013,239 | ---- | M] () -- C:\Users\ale\Documents\sauereiabrechnung.xlsx
[2010.11.02 20:34:34 | 000,023,552 | ---- | M] () -- C:\Users\ale\AppData\Local\WebpageIcons.db
[2010.11.01 20:07:36 | 000,083,047 | ---- | M] () -- C:\Users\ale\Desktop\crazyheart-g.jpg
[2010.11.01 18:41:33 | 000,097,923 | ---- | M] () -- C:\Users\ale\Desktop\capuno.jpg
[2010.10.17 14:03:44 | 000,031,232 | ---- | M] () -- C:\Users\ale\Documents\victoria.doc
[2010.10.16 04:30:54 | 000,010,728 | ---- | M] () -- C:\Users\ale\Documents\*******.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.12 17:45:11 | 000,106,657 | ---- | C] () -- C:\Users\ale\Desktop\mwb.jpg
[2010.11.09 18:06:44 | 000,040,690 | ---- | C] () -- C:\Users\ale\Documents\sauereiabrechnungIII.pdf
[2010.11.01 19:59:53 | 000,083,047 | ---- | C] () -- C:\Users\ale\Desktop\crazyheart-g.jpg
[2010.11.01 18:41:33 | 000,097,923 | ---- | C] () -- C:\Users\ale\Desktop\capuno.jpg
[2010.10.17 14:03:43 | 000,031,232 | ---- | C] () -- C:\Users\ale\Documents\victoria.doc
[2010.10.16 04:30:53 | 000,010,728 | ---- | C] () -- C:\Users\ale\Documents\*******.jpg
[2010.05.09 00:36:49 | 000,004,831 | ---- | C] () -- C:\Users\ale\AppData\Roaming\BBMS_EXCEPTION.txt
[2010.03.14 20:04:23 | 000,023,552 | ---- | C] () -- C:\Users\ale\AppData\Local\WebpageIcons.db
[2010.01.01 14:05:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.02 00:48:39 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.08.31 13:02:00 | 000,000,051 | ---- | C] () -- C:\Users\ale\AppData\Roaming\AVSMediaPlayer.m3u
[2009.08.31 12:55:16 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.08.31 12:55:16 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.07.26 15:01:21 | 000,038,967 | ---- | C] () -- C:\Users\ale\AppData\Roaming\Microsoft Excel.ADR
[2009.03.05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.02.02 20:10:14 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2009.02.02 20:08:36 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2009.02.02 20:08:22 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2009.02.02 00:22:19 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.01.11 01:15:52 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.01.11 01:14:21 | 000,000,980 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009.01.11 01:14:21 | 000,000,158 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009.01.11 01:12:18 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2009.01.11 01:11:24 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009.01.11 01:11:23 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009.01.11 01:07:50 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2008.12.14 18:43:16 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2008.11.19 21:08:10 | 000,000,680 | ---- | C] () -- C:\Users\ale\AppData\Local\d3d9caps.dat
[2008.11.09 14:10:31 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.11.08 10:43:15 | 000,117,760 | ---- | C] () -- C:\Users\ale\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.04 07:06:24 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.03.04 07:05:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.03.03 22:54:04 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008.03.03 22:45:47 | 000,000,011 | ---- | C] () -- C:\Windows\System32\IsConfig.ini
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2008.12.25 14:21:35 | 000,000,000 | ---D | M] -- C:\Users\ale\AppData\Roaming\Betfair
[2010.01.02 13:39:21 | 000,000,000 | ---D | M] -- C:\Users\ale\AppData\Roaming\DataDesign
[2010.11.12 18:37:12 | 000,000,000 | ---D | M] -- C:\Users\ale\AppData\Roaming\Dropbox
[2010.05.09 01:40:34 | 000,000,000 | ---D | M] -- C:\Users\ale\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.02.18 01:28:12 | 000,000,000 | ---D | M] -- C:\Users\ale\AppData\Roaming\elsterformular
[2009.04.14 10:32:04 | 000,000,000 | ---D | M] -- C:\Users\ale\AppData\Roaming\FileZilla
[2010.05.09 01:15:11 | 000,000,000 | ---D | M] -- C:\Users\ale\AppData\Roaming\GetRightToGo
[2010.01.02 13:27:41 | 000,000,000 | ---D | M] -- C:\Users\ale\AppData\Roaming\Lexware
[2010.05.09 01:33:56 | 000,000,000 | ---D | M] -- C:\Users\ale\AppData\Roaming\ManyCam
[2008.11.10 00:49:14 | 000,000,000 | ---D | M] -- C:\Users\ale\AppData\Roaming\MGS
[2009.07.19 20:24:38 | 000,000,000 | ---D | M] -- C:\Users\ale\AppData\Roaming\Miranda
[2008.11.09 03:41:22 | 000,000,000 | ---D | M] -- C:\Users\ale\AppData\Roaming\NCH Swift Sound
[2010.01.19 21:33:45 | 000,000,000 | ---D | M] -- C:\Users\ale\AppData\Roaming\Octoshape
[2010.01.01 11:42:08 | 000,000,000 | ---D | M] -- C:\Users\ale\AppData\Roaming\Packard Bell
[2009.01.11 15:56:39 | 000,000,000 | ---D | M] -- C:\Users\ale\AppData\Roaming\PC-FAX TX
[2010.05.10 06:26:11 | 000,000,000 | ---D | M] -- C:\Users\ale\AppData\Roaming\Research In Motion
[2009.01.11 03:40:29 | 000,000,000 | ---D | M] -- C:\Users\ale\AppData\Roaming\ScanSoft
[2010.06.07 14:14:32 | 000,000,000 | ---D | M] -- C:\Users\ale\AppData\Roaming\secret
[2009.04.18 14:30:23 | 000,000,000 | ---D | M] -- C:\Users\ale\AppData\Roaming\TeamViewer
[2008.12.28 18:09:28 | 000,000,000 | ---D | M] -- C:\Users\ale\AppData\Roaming\TomTom
[2010.04.05 22:17:03 | 000,000,000 | ---D | M] -- C:\Users\ale\AppData\Roaming\TrueCrypt
[2009.12.26 16:47:04 | 000,000,000 | ---D | M] -- C:\Users\ale\AppData\Roaming\uTorrent
[2010.11.12 18:30:00 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\Erweiterte Garantie-ale.job
[2010.11.12 18:30:00 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\Recovery DVD Creator-ale.job
[2010.11.12 18:32:11 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.11.12 18:39:59 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1C1B473A-E50F-4ABE-8F22-BF865C410FC5}.job
 
========== Purity Check ==========
 
 

< End of report >
         
Die extras.txt von OTL sieht so aus:
Code:
ATTFilter
OTL Extras logfile created on: 12.11.2010 18:40:47 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\ale\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,88 Gb Total Space | 51,80 Gb Free Space | 23,45% Space Free | Partition Type: NTFS
 
Computer Name: LICHERBIER | User Name: ale | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{084A7E8F-D709-456C-8411-5E267008A529}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{152D0393-45F2-43EE-9347-F034B6D2DFC3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{297C1D40-32A7-42BE-9416-47DDDDC96920}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2F3FD3E4-90F7-410F-8E05-2D51BADFAB48}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{31EF3588-A6AF-41AA-91AB-04E22E2AF231}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{337730A6-DDF3-4B9A-A7AB-72A718FC34E3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{379F2778-B11E-4FE8-9558-9FD6F74E999D}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{38EE81A4-7488-4481-9B62-69EDB68ED524}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3A3DD4F9-5569-4502-AA80-6941AB8082D2}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{3BBD86F6-DF99-4C1F-8166-710A63C0C283}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{4145A05B-1562-4D9F-9975-7A2FCE34F0E5}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{44376469-09DC-47E3-885F-68E20BB1D7A5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{44C7D68D-377E-4DBC-8B96-5B30D7512E2D}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{48B78146-201C-4146-9F58-3D25B1FAA3DC}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4A87F9BA-F020-4C06-A4A7-B4102897CCA7}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{534EC3DF-C724-4CF9-A500-EB27F75A631E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{58747B84-F90B-4AD0-8B58-5F86F2EBBBBE}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{58E67011-E443-4DEB-9DB5-D174E017ADEC}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5F318D2A-497E-4784-AB1D-0C575D1D98D2}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{616AFA0A-2E69-405F-92B2-47FFFBB82EF1}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{66C20D9F-4328-4252-974B-D65FD12C779B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6BBF44BD-6CD3-489C-8793-9FB49B0ADCB7}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6E084E9D-6410-4F12-97F9-3CF18C251ADE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7BC5B7CB-9126-4B22-B4C4-E9CA083099D2}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{7C927123-1698-44D9-B356-1ED7C799C2AA}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{7F68EEBA-3814-4E00-B411-3B45A2CB46C4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{862533A9-1A32-4066-88E6-12DDB44C8DFE}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{892D7A5E-741C-4D53-A245-9DF0369A008C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8B276AD9-C640-4E85-B784-0CC4BF72EA5A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{987B6692-1D78-4B3C-807C-4CFCAFBE772C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A0B9564D-6048-41CE-80CB-8D7905C40589}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{A4E2AC56-6CE7-41A6-A578-498A198527D9}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{B06D797E-8C7D-4F29-BEE4-95514E6CD92B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B66FA4BC-A359-40D9-9BE0-52189C536CC8}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{B9E6E35A-ADD4-4E93-8EB6-048EAEB9DF35}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B9F7EDC0-BE37-49AC-877C-50D6FB69450E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C0EE6F8E-AEAC-4270-8CAB-161E11A4505E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{C71057CD-2818-465B-9393-F4A8BAAD44C6}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{CA1A57B4-B502-4DBF-84AB-10FDE58E63FF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D3AEBF18-BAF5-4757-B6DE-F3C5467ACBEB}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{D9A0D21A-B66F-4562-BACA-AA1A316D3E5F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E44C716E-212D-4379-BB45-2FCF3C5465BC}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{EC3206AE-7CC9-4D77-8119-3360BDA0774A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{ED897D7F-8A56-46F8-BB5F-37E6F7D69501}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{FFFAD69C-43CF-4E73-BC12-561F6AFEFFD2}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EB2C9A6-4C5F-40A3-815A-F467C6F77306}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{14E604A8-C664-455F-847F-5A0EDBD53D53}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{18D9535F-1335-406A-8839-D150896D59BC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1CD98F75-C2D0-49B8-B83C-4DBBC6C5477E}" = protocol=17 | dir=in | app=c:\program files\linkesoft\secret! desktop\secret.exe | 
"{2016C992-E707-4652-BCDF-39D909B1FA17}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2E1C15AF-F769-480F-A7F7-0FD009696926}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{3866C5A4-6B01-4635-B799-7BF1377DF8DE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{49C479E1-9FA3-484F-AC14-FEEF6AA3D82A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4F040E52-7D17-4CDA-8D95-7031A3E3C95D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{51892305-61F4-49BD-B23F-3D6AB97AF145}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{568719F7-0C77-4DC6-A444-089C0D59AC87}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{5C553562-FB01-4781-99D8-5130FF9D106B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{61ECFC73-FE86-4929-9776-402AAA709CC0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6C16743D-2C6E-4A1F-9B5E-8CC9F9A10942}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7054D177-C79D-41A3-9D80-247051AC0F96}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7A585D57-DD9D-4E9C-B10C-53E04A11EF0E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7BF43DA7-A6D4-43CA-8ACC-A8FFF15D3650}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7E1CBFA0-6D00-4A31-A7E4-7FB9DB29B8E8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7E4B97B5-13E3-40F0-AD2E-3ACC7469A1B5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{7FA1B943-B5EC-4BEC-B80D-9617F7E49696}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8E634072-1D40-4C86-8F2E-72F59C606218}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8E986F3B-3D39-4111-B928-9DE4EE349D26}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{91D51045-985F-4285-8B2D-9ECA6AB77248}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{943A9CF4-9ECB-4EC1-8A06-47C03DE2F3E5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{9C5CA91A-8AD4-4E67-9F99-ED855368F5F7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A0BBF09A-9066-4D02-9286-E2B11BB377B3}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{A123059B-3545-4451-BE83-64612ADAE34D}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{A227F248-5332-4508-9605-38D9395AC5E0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A3D13337-3332-40C7-B1D8-B7505AD10BCF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A48BD34B-F98C-4E9F-AFF7-93FAC7A1F3EC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A66A7B42-BAE3-4A9F-B083-34821E92228C}" = protocol=6 | dir=in | app=c:\program files\linkesoft\secret! desktop\secret.exe | 
"{A72259A9-2539-4DCE-976A-A50FA3780271}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{AF332B68-D1F7-4D9E-A031-B24996E47C67}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{B4BB8D6A-206E-4919-93F9-FB8838A40442}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BA76ED3E-D008-4496-A02E-EE08842A2A0A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BF900789-06E8-413F-9E37-5EC73B20FBF8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{C0A29CD9-6A61-4AF8-BF07-E031DC9B8E24}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C3CCD2AF-2612-4218-9515-FFB9414B58AD}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C6D877D9-EC0A-4296-A45D-5ADD588F2F2E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C7CEBC0C-3E36-4D0E-805A-A551BC271D17}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CDDEF0E3-28E3-4AC0-9DFF-76F72F0E75E9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D39ADB91-9ACD-4CF9-8CF9-E3885550D124}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DA8E1CDB-0AD2-45E6-B357-EA4F30928269}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EB167359-8F91-41C0-ADD6-32107BD9A53C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EF467F3B-2AA7-45E7-B7BF-01DAC20037E4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EF629B45-9AD0-4885-A354-B4D40195A332}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F05B0FAB-FF67-441A-903F-554F729BF82D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F8F3E96F-426B-4C5F-A407-45FB31399182}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{0165530E-EDF2-4B84-806C-585D23238CFB}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"TCP Query User{021BAB74-6CDB-44B8-8CA6-B9CC7E01BC51}C:\users\ale\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\ale\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"TCP Query User{211A4D8E-C041-4BDD-ABCA-33B398221853}C:\users\ale\documents\desktopdata\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\users\ale\documents\desktopdata\miranda im\miranda32.exe | 
"TCP Query User{40E6826A-75D8-400E-A44E-1EF70C956600}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"TCP Query User{4D4BFEC6-A896-438D-A3A5-191E9DB30512}C:\users\ale\appdata\local\temp\rar$ex00.288\miranda32.exe" = protocol=6 | dir=in | app=c:\users\ale\appdata\local\temp\rar$ex00.288\miranda32.exe | 
"TCP Query User{5408C09E-4AFD-4A42-9E20-73B5767D9C3F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{6EE17A45-D4F5-46FB-AC27-90271368DF2B}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"TCP Query User{A1DF3BC5-D8A1-4089-A3F8-C64F939F79AB}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe | 
"TCP Query User{A6564F1A-FE5B-4740-929B-296016493534}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{AC3F7A8B-06B5-427D-9E20-85D68EB9C62B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{AE4B8C32-EBC1-4714-9A72-1B6683D9AEFD}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{B9A52CD4-6985-46A4-A0F9-130EDB2126C7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{C1B16F58-32F2-48BC-BE7D-E3C70AB3F30A}C:\users\ale\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\ale\temp\teamviewer\version4\teamviewer.exe | 
"TCP Query User{C9FC64B0-6D30-421A-8BC2-12D1D93507C5}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{E6F350CD-92A6-46CF-8465-B3DD37C2858D}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{F78A2ADC-3D98-402A-9E00-F4D84F4206CB}C:\program files\safari\safari.exe" = protocol=6 | dir=in | app=c:\program files\safari\safari.exe | 
"UDP Query User{07A1B329-43A6-4B78-860E-61A06430720B}C:\users\ale\appdata\local\temp\rar$ex00.288\miranda32.exe" = protocol=17 | dir=in | app=c:\users\ale\appdata\local\temp\rar$ex00.288\miranda32.exe | 
"UDP Query User{2332D6FF-93F2-4F80-8147-C2593A64C87C}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{38D61E37-D455-42CF-8A06-B7217407AFE6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{5D4A612E-527F-4AE1-8CB7-8C679F928324}C:\program files\safari\safari.exe" = protocol=17 | dir=in | app=c:\program files\safari\safari.exe | 
"UDP Query User{6F0B1781-2FC4-4138-B95B-B02681E17CCC}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{7147DB6B-D75B-4DDA-BA47-54519803BF64}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{72F22DB5-2E70-4F40-86A5-CBF3F6587945}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{7E96E83B-0D7D-4481-84A8-C09909C2CF2F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{92F1CE17-5D6A-4959-89D0-CCB7A1845646}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{AC90D2A9-8C2B-4E74-928A-68AC405B6CE9}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{AEA72BA8-7F2A-4BDC-AE8C-A0352205CE1D}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{D19DB20B-7301-4A9D-8180-8C58EDE8FECC}C:\users\ale\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\ale\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"UDP Query User{D41FB45E-7C9A-4400-9485-4EB80AFC582A}C:\users\ale\documents\desktopdata\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\users\ale\documents\desktopdata\miranda im\miranda32.exe | 
"UDP Query User{EA362D96-6D64-45BE-89EA-0000A0F480A1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{F74EF48A-8A47-44CE-B588-AAD9E6D08EC0}C:\users\ale\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\ale\temp\teamviewer\version4\teamviewer.exe | 
"UDP Query User{F9696F91-EF5E-434B-874D-AB03A0743996}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{38EE230F-F631-451F-8800-E29F5E5C9E7D}" = iTunes Library Updater
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C9E7EA5-9A3F-4C54-9038-EBB4CF25C29D}" = Quicken 2010 - Servicepack 5
"{4F8AFA74-1562-4980-8B87-8C07E8DE8FAF}" = Quicken 2010
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5BA43E5C-66FD-48D2-AB40-B807D457EF83}" = ElsterFormular 2007/2008
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C35CAC7-27C9-4CB0-BBB8-CBF9994215DA}" = Lexware online banking
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DA9F24A-CEC3-426E-BFFA-ADB94D922463}" = Quicken Import Export Server 2010
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{35355EBA-4636-40B2-A995-FEB4CDBD92B3}" = 
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{980B9958-1239-4FC5-8C88-AC5650321031}" = Nero 8 Essentials
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FC83F04-9C3F-429B-92DE-1252235765E4}" = DDBAC
"{A1A2073C-33FC-4890-86E2-FE7D2B8AFE0F}" = Betfair Poker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.7 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D359B12F-9B1A-46FD-B70C-F507B5B11590}" = HDRegDE
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdobePE6" = Adobe Photoshop Elements 6
"AdobeReader" = Adobe Reader 8
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Media Player_is1" = AVS Media Player 3.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"Carbonite" = Carbonite
"Carbonite Setup Lite" = Sichern Sie Ihre Daten
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ElsterFormular 11.1.3.3887" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.2.0
"Free AVI to iPod Converter_is1" = Free AVI to iPod Converter v2.0
"Free YouTube Download_is1" = Free YouTube Download 2.4
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HomeScreen PlusPlus UI (Chi-Tai Dang)" = HomeScreen PlusPlus UI (Chi-Tai Dang)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImageWriter" = Packard Bell ImageWriter
"Infocentre" = Infocentre Rev. 2.0.0.1
"InstallShield_{4F8AFA74-1562-4980-8B87-8C07E8DE8FAF}" = Quicken 2010
"LCDTest" = Packard Bell LCD Test
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miranda IM" = Miranda IM 0.8.2
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"myCodes-lite" = myCodes-lite 1.3
"Nero8" = Nero 8 Essentials
"PartyPoker" = PartyPoker
"Picasa 3" = Picasa 3
"PSPad editor_is1" = PSPad editor
"RocketDock_is1" = RocketDock 1.3.5
"Scr2_is1" = Secret! Desktop 6.3
"SETUPMYPC_DE" = SetUp My PC
"ShotOnline" = ShotOnline
"SKYPE" = Skype 3.6.2.248
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"Stamp" = Stamp ID3 Tag Editor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TCPMP" = TCPMP
"TomTom HOME" = TomTom HOME 2.7.1.1812
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"Updator" = Packard Bell Updator
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 0.9.8a
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"WinXMedia AVI/MPEG iPod Converter" = WinXMedia AVI/MPEG iPod Converter 3.15
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Octoshape Streaming Services" = Octoshape Streaming Services
"uTorrent" = µTorrent
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
Nach dem malwarebytes-Durchlauf ist auch laut HijackThis alles soweit o.k.,
aber mein Firefox gitb die Fehlermeldung
"Firefox wurde konfiguriert, einen Proxyserver zu benutzen, der die Verbindung zurückweist"

Meine beiden Fragen:

1. reicht es, den Firefox neu zu installieren, ist mein System nun clean?

2. was könnte es im blödesten Fall für mich bedeuten, dass ich ungefähr eine Stunde, bevor ich den Mist bemerkt habe, Onlinebanking gemacht habe...?

Nochmals Danke für jede Hilfe,
Gruß
Andreas

EDIT1:
Das deinstallieren und neuinstallieren des Firefox brachte keine Änderung an der Fehlermeldung,
MS IE gibt ebenfalls die Fehlermeldung, dass die (gültige) Adresse ungültig sei...

EDIT2:
nachdem ich die proxyeinstellungen verändert habe (kein proxyserver) gehen FF und IE wieder.
Verstehe ich das richtig, dass die Trojaner&Co die Proxyeinstellungen verändert haben,
und ich, wenn HJT und Malwarebytes nichts mehr anzeigen, ein cleanes System habe?
Würdet Ihr es als gefährlich einstufen, das ich mit den o.a. Trojanern Onlinebanking gemacht habe?

Geändert von HerrLehmann (12.11.2010 um 19:39 Uhr) Grund: aktualisierung2

Alt 14.11.2010, 21:19   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browser öffnet falsche Seiten bzw. garnichts, div. Trojaner, BackdoorBots, Malwares - Standard

Browser öffnet falsche Seiten bzw. garnichts, div. Trojaner, BackdoorBots, Malwares



Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________

Antwort

Themen zu Browser öffnet falsche Seiten bzw. garnichts, div. Trojaner, BackdoorBots, Malwares
antivir guard, avgntflt.sys, avira, bho, browser, corp./icp, desktop, dropbox, ebanking, error, excel, extras.txt, falsche seite, firefox, firefox neu, firefox.exe, flash player, frage, google, hijack.shell, home, home premium, iexplore.exe, install.exe, intranet, lexware, location, logfile, malware, microsoft office word, mozilla, nvstor.sys, oldtimer, otl logfile, otl.exe, packard bell, picasa, programdata, proxyeinstellungen, realtek, registry, saver, searchplugins, security, senden, service pack 1, shell32.dll, skype.exe, software, start menu, studio, system, trojaner, usb 2.0, vista, visual studio, vlc media player, windows



Ähnliche Themen: Browser öffnet falsche Seiten bzw. garnichts, div. Trojaner, BackdoorBots, Malwares


  1. Google öffnet falsche Seiten
    Plagegeister aller Art und deren Bekämpfung - 20.01.2013 (20)
  2. Google öffnet falsche Seiten
    Log-Analyse und Auswertung - 08.01.2013 (18)
  3. Google öffnet falsche Seiten.
    Plagegeister aller Art und deren Bekämpfung - 30.10.2012 (8)
  4. Browser öffnet falsche Seiten und ist unerträglich langsam
    Log-Analyse und Auswertung - 01.02.2012 (2)
  5. Google: Browser (Firefox & Opera) öffnet falsche Seiten
    Plagegeister aller Art und deren Bekämpfung - 08.06.2011 (1)
  6. Browser öffnet falsche Seiten, Windows update wird blockiert
    Plagegeister aller Art und deren Bekämpfung - 11.01.2011 (17)
  7. PC Langsam, Browser öffnet falsche Seiten
    Plagegeister aller Art und deren Bekämpfung - 12.10.2010 (2)
  8. IE8 öffnet falsche Seiten
    Log-Analyse und Auswertung - 09.01.2010 (8)
  9. Google öffnet falsche Seiten, Spybot öffnet sich nicht und PC geht immer wieder aus
    Plagegeister aller Art und deren Bekämpfung - 26.08.2009 (8)
  10. Google öffnet falsche Seiten
    Log-Analyse und Auswertung - 04.07.2009 (30)
  11. Firefox öffnet falsche Seiten
    Log-Analyse und Auswertung - 12.03.2009 (0)
  12. internet browser öffnet falsche seiten
    Log-Analyse und Auswertung - 27.01.2009 (0)
  13. Internet Browser öffnet falsche Seiten
    Log-Analyse und Auswertung - 16.01.2009 (2)
  14. IE7 öffnet falsche Seiten
    Log-Analyse und Auswertung - 26.12.2008 (0)
  15. Browser öffnet falsche Seiten & spybot deaktiviert
    Plagegeister aller Art und deren Bekämpfung - 19.12.2008 (0)
  16. Goole öffnet falsche Seiten
    Log-Analyse und Auswertung - 19.09.2008 (2)
  17. Trojaner leitet Browser auf falsche Seiten
    Plagegeister aller Art und deren Bekämpfung - 07.10.2003 (19)

Zum Thema Browser öffnet falsche Seiten bzw. garnichts, div. Trojaner, BackdoorBots, Malwares - Hallo Trojaner, mein Laptop (Intel Pentium Dual CPU 2.00GHz, Vista Home Premium, AntivirPersonal, Windows Firewall) spinnt ein wenig herum, und ich glaube, ich habe mir da etwas eingefangen. Ich habe - Browser öffnet falsche Seiten bzw. garnichts, div. Trojaner, BackdoorBots, Malwares...
Archiv
Du betrachtest: Browser öffnet falsche Seiten bzw. garnichts, div. Trojaner, BackdoorBots, Malwares auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.