Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Polizei-Trojaner (mal wieder)... (https://www.trojaner-board.de/127010-polizei-trojaner-mal.html)

BliZZ2k3 14.11.2012 19:20
Polizei-Trojaner (mal wieder)...
 
Hallo zusammen,
ich habe mir mal wieder den Polizei-Trojaner gefangen. Könnt ihr mir bitte nochmal helfen?
Anbei die Log-Files von OTL.

Code:
OTL logfile created on: 14.11.2012 19:12:32 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Dede\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 59,19% Memory free
5,99 Gb Paging File | 4,66 Gb Available in Paging File | 77,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 13,14 Gb Free Space | 13,47% Space Free | Partition Type: NTFS
Drive D: | 126,22 Gb Total Space | 60,47 Gb Free Space | 47,91% Space Free | Partition Type: NTFS
Drive E: | 8,91 Gb Total Space | 1,64 Gb Free Space | 18,39% Space Free | Partition Type: NTFS
 
Computer Name: DEVID-PC | User Name: Dede | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dede\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe (Adobe Systems, Inc.)
PRC - C:\Programme\LORENZupdate\LORENZtray\x86\LORENZtray.exe (LORENZ-Montagesysteme GmbH)
PRC - C:\Programme\LORENZupdate\LORENZupdateService\x86\LORENZupdateService.exe (LORENZ-Montagesysteme GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Devid\AppData\LocalLow\alotservice\alotservice.exe (Vertro Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe (Teleca)
PRC - C:\Programme\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe ()
PRC - C:\Programme\Common Files\Teleca Shared\Generic.exe (Teleca AB)
PRC - C:\Programme\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
PRC - C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe (Teleca Sweden AB)
PRC - C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe (Teleca Sweden AB)
PRC - C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe (TODO: <Company name>)
PRC - C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe (Teleca AB)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\Common Files\Teleca Shared\logger.exe (Popwire AB)
PRC - C:\Programme\Common Files\Teleca Shared\CapabilityManager.exe (Teleca Sweden AB)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe (Andrea Electronics Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\88ae87c0af91d679bbeaaeeb1c4ab9c8\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\ae2ff153463bc98124e93c33296ec79c\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\8531f40353107a46871aace28f057ec2\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\ae2ff153463bc98124e93c33296ec79c\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9261a08aed6aa953fe0a4b90787657f1\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c409feb9182d01c80872f2031d68053e\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a8319839729e0e30785fcb36fb13b440\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c87e56bad0d9eae13b89a0e2bb0efc1f\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\586e41e15e1d44fe197b9d1cc5575f8c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\985109f2568f3251333dad29bc889421\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\982a5b70d861cb34f85e041075d5112c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4356fe490600dd3d31969f31f59a6892\System.Numerics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll ()
MOD - C:\Programme\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll ()
MOD - C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Common Files\Teleca Shared\boost_log-vc80-mt-1_33.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (LORENZupdateService) -- C:\Programme\LORENZupdate\LORENZupdateService\x86\LORENZupdateService.exe (LORENZ-Montagesysteme GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AlotService) -- C:\Users\Devid\AppData\LocalLow\alotservice\alotservice.exe (Vertro Inc.)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$LORENZSQL) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (mitsijm2011) -- C:\Programme\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe ()
SRV - (OpenVPNService) -- C:\Programme\RWTH OpenVPN Client\bin\openvpnserv.exe ()
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe (SiSoftware)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe (IDT, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (a27t02jj) --  File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x86\sandra.sys (SiSoftware)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (ss_bus) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3896408011-3558441589-2688514459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vshare.toolbarhome.com/?hp=df
IE - HKU\S-1-5-21-3896408011-3558441589-2688514459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3896408011-3558441589-2688514459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3896408011-3558441589-2688514459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 FE 15 9E BC F2 CA 01  [binary data]
IE - HKU\S-1-5-21-3896408011-3558441589-2688514459-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3896408011-3558441589-2688514459-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3896408011-3558441589-2688514459-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.19 21:19:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.21 11:39:26 | 000,000,000 | ---D | M]
 
[2012.08.19 08:38:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dede\AppData\Roaming\mozilla\Extensions
[2012.11.14 14:02:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dede\AppData\Roaming\mozilla\Firefox\Profiles\p9jhmt6s.default\extensions
[2012.03.19 21:19:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.25 10:48:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.03.19 21:19:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[1999.12.31 16:00:00 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.02.08 18:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.08 18:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.08 18:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.08 18:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.08 18:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.08 18:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Programme\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro, Inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Programme\alotappbar\bin\alothelper.dll (Vertro, Inc)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [LORENZtray] C:\Programme\LORENZupdate\LORENZtray\x86\LORENZtray.exe (LORENZ-Montagesysteme GmbH)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-3896408011-3558441589-2688514459-1000..\Run: [xzhlfvjuojeaeth] C:\ProgramData\xzhlfvju.exe ()
O4 - Startup: C:\Users\Devid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6182A805-F794-4806-B040-9D643CC817EF}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88573BFE-B6A5-434C-B529-59905DC06F0F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.01.02 00:38:33 | 000,000,000 | ---D | M] - D:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.14 19:03:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dede\Desktop\OTL.exe
[2012.11.14 17:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.14 17:05:02 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.14 17:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.14 14:13:34 | 000,000,000 | ---D | C] -- C:\Users\Dede\AppData\Roaming\Malwarebytes
[2012.11.14 13:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ouvntkbioexltda
[2012.11.14 10:33:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.14 09:45:29 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.14 09:45:28 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.10.28 12:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012.10.28 12:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular
[2012.10.24 23:52:13 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inloader.dll
[2012.10.24 23:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\PCFriendly
[2012.10.24 23:52:01 | 000,298,496 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[2012.10.21 11:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.10.21 11:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.10.21 11:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.10.18 07:30:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.18 07:29:35 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.18 07:29:35 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.14 18:59:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dede\Desktop\OTL.exe
[2012.11.14 18:47:53 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.14 18:47:53 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.14 18:42:19 | 000,122,311 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.11.14 18:42:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.14 18:40:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.14 18:40:17 | 2413,719,552 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.14 18:20:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.14 17:05:33 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.14 13:57:13 | 000,076,348 | ---- | M] () -- C:\ProgramData\pgfoizjnonucicm
[2012.11.14 13:57:09 | 000,064,512 | ---- | M] () -- C:\ProgramData\xzhlfvju.exe
[2012.11.14 12:33:39 | 000,747,718 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.14 12:33:39 | 000,702,390 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.14 12:33:39 | 000,167,356 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.14 12:33:39 | 000,140,136 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.14 12:27:12 | 000,516,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.28 12:32:02 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.10.18 18:59:05 | 002,345,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.14 17:05:03 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.14 13:57:12 | 000,064,512 | ---- | C] () -- C:\ProgramData\xzhlfvju.exe
[2012.11.14 13:57:10 | 000,076,348 | ---- | C] () -- C:\ProgramData\pgfoizjnonucicm
[2012.10.28 12:32:02 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.10.21 11:39:26 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.08.26 12:15:21 | 002,282,557 | ---- | C] () -- C:\Users\Dede\Hannah+Ramönchen.jpg
[2012.08.09 17:44:42 | 000,122,311 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012.07.31 16:59:31 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI
[2011.05.25 23:09:48 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.02.19 15:33:19 | 000,000,797 | ---- | C] () -- C:\Windows\wiso.ini
[2010.10.22 19:04:56 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.10.16 17:59:49 | 000,122,311 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.05.13 19:46:39 | 012,427,264 | ---- | C] () -- C:\ProgramData\sandra.mda
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
Code:
OTL Extras logfile created on: 14.11.2012 19:12:32 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Dede\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 59,19% Memory free
5,99 Gb Paging File | 4,66 Gb Available in Paging File | 77,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 13,14 Gb Free Space | 13,47% Space Free | Partition Type: NTFS
Drive D: | 126,22 Gb Total Space | 60,47 Gb Free Space | 47,91% Space Free | Partition Type: NTFS
Drive E: | 8,91 Gb Total Space | 1,64 Gb Free Space | 18,39% Space Free | Partition Type: NTFS
 
Computer Name: DEVID-PC | User Name: Dede | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3896408011-3558441589-2688514459-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-3896408011-3558441589-2688514459-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0865670C-FF11-4570-8B6C-9C34CEC5AFF6}" = rport=137 | protocol=17 | dir=out | app=system |
"{15CF704B-798D-4D05-9B2E-828A8F8FB677}" = lport=2869 | protocol=6 | dir=in | app=system |
"{17DBED6F-AD91-424C-84B5-2FD62BB4251C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2997847A-DAAC-4B7C-B249-7B6EC3591E0C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{347284EE-49A5-43F4-9122-C6B1D32DB103}" = rport=139 | protocol=6 | dir=out | app=system |
"{39785D6C-30DA-48AB-927F-8FCD3423CEBA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3D041228-7CB3-48A3-9A16-6E04BCDD668E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4E6A6022-3A8F-4078-8246-5288DA17EEE1}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010c\wnt500x86\rpcsandrasrv.exe |
"{585FEA99-9A53-4A9B-B22A-455368BC0B77}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010c\wnt500x86\rpcsandrasrv.exe |
"{5BA00F54-A62F-41B3-BFEF-870B1323A314}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010c\rpcagentsrv.exe |
"{608C8C45-BE8E-4C4A-AFEC-ED34E4BE09A2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6140F8BA-E1B9-4F39-A5DB-D73312668D1E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{67EA0482-A547-43BA-9EF0-A39F2CB1B994}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{81AB4DDE-FB06-4914-B02D-7DFB775A09C9}" = rport=445 | protocol=6 | dir=out | app=system |
"{9652183A-952E-43E2-9353-603F94FDC95D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9705C8EE-BCC1-40BC-90A5-2A353162687E}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 |
"{9A5EB610-891C-4DC1-BDCE-C3ABD97025BA}" = lport=139 | protocol=6 | dir=in | app=system |
"{9F9970CF-1A07-4F4B-9C11-075C3FD4319D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A182C33E-DBAE-4F70-8318-53DE95608E9A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BC76E099-A592-46CD-8B0B-ECBB01438B3B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4324CB3-3128-4238-99D1-D34F977D01FF}" = rport=138 | protocol=17 | dir=out | app=system |
"{D153D75C-7D77-4CB5-B82F-99E02160DC2F}" = lport=138 | protocol=17 | dir=in | app=system |
"{D26E5D23-27AB-4FA9-AE96-6E37BDE5C7C3}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 |
"{DC9120F4-5761-483A-9119-BB319BA5B2CD}" = lport=445 | protocol=6 | dir=in | app=system |
"{EC7D09DD-727F-46FF-885A-9502C5FB49A4}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 |
"{F4578238-E348-45B4-9668-22590F48864E}" = lport=137 | protocol=17 | dir=in | app=system |
"{F6D46886-D415-4ED7-BE94-3E2067C945F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FA1F28BF-CE94-4143-B388-D2CA719BE5C6}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 |
"{FC6760F5-D28D-45B0-883D-A61C11A19FDD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C22A31-F905-454E-BC12-1B258AB90938}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{062E6C78-F026-48FF-BF28-493DDD8A6919}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0EE9A70A-2282-4CE5-910C-C632A3137CC2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1E02C104-D09C-410C-B131-0E205A211AC2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2C49576B-A741-4864-8A99-590FCE9793C2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3461CF7B-BBF3-4F16-8725-5ACD865615BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C818305-C4BE-49FC-9F3D-3829E13F6788}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{50F1F1A3-D475-4D66-993D-F1860D479831}" = protocol=6 | dir=in | app=c:\users\devid\appdata\roaming\dropbox\bin\dropbox.exe |
"{52CAEAA6-14DF-4D2B-B1F7-1F400742CB4F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{54306C27-8D25-4329-81E4-E8A4941135E2}" = protocol=6 | dir=in | app=c:\program files\ultravnc\winvnc.exe |
"{5A4E5AA1-5FC0-49F7-BBA5-6C94ADB8D946}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5C595F2F-58B2-45A0-9F1C-50D275312E08}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010c\rpcagentsrv.exe |
"{638C6CB4-48C5-4554-AAAF-3D391FF077CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{66DC4E59-10C3-4054-AB4A-3564E3990E63}" = protocol=17 | dir=in | app=c:\users\devid\appdata\roaming\dropbox\bin\dropbox.exe |
"{6AC874F8-8E41-46B9-8281-14F69BC12DB5}" = protocol=17 | dir=in | app=c:\program files\ultravnc\winvnc.exe |
"{7706EF81-9056-4B22-A212-6223B509E4B6}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{81708A55-1534-42D6-A419-4996C48EA13F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{850F8BFB-48BC-441A-8D42-A88CC31E71B4}" = protocol=17 | dir=in | app=c:\users\devid\downloads\audioconvertersetup.exe |
"{8E00BA53-F6D2-4BC4-835F-7AAA6D689337}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{96F48033-B300-46C5-AE7B-35CDC4D60A23}" = protocol=6 | dir=in | app=c:\users\devid\appdata\local\akamai\netsession_win.exe |
"{9A0AA94E-91E4-4CA2-92C5-7CA9F0AEF0FA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9A138884-0A74-480C-8E32-581C0D289465}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010c\wnt500x86\rpcsandrasrv.exe |
"{A1096D2D-6C02-46C4-83DB-C101E94C2FA4}" = protocol=6 | dir=out | app=system |
"{A1A09658-8715-4294-B218-A0AB68557231}" = protocol=6 | dir=in | app=c:\program files\ultravnc\winvnc.exe |
"{AEEFC469-59A5-42E7-998D-30570CD4EF60}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B0322B8C-6107-41D6-9DBA-075305F285FD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B09197E6-292B-4E96-B42A-4B4DC6EFDA0E}" = protocol=6 | dir=in | app=c:\users\devid\downloads\audioconvertersetup.exe |
"{B41ABC6B-F51B-4240-8DE5-F16802F7502F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B83AC2D7-1ABA-4F5A-9B3D-F969793449CC}" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"{C13A5D24-2E8D-4D9D-B82A-8054663A0CBF}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{C1FD0CCB-455C-43FA-ADF2-B25B20D3E4D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CB6B18E8-F194-407B-A2BB-B6D7417A3D68}" = protocol=17 | dir=in | app=c:\program files\ultravnc\winvnc.exe |
"{CD1FA335-AC80-4D1A-82AE-800B4527C1CF}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010c\wnt500x86\rpcsandrasrv.exe |
"{D33ADAE4-D6DC-4422-A69A-D7B24583FE95}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{D82D0447-2BC6-4D1C-BDE7-2F2DDF04813D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DDB55C51-769D-454E-95E0-0992E06C126D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DF507252-E662-4F03-85E2-9C5A04F9009F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E1DB1658-855E-4FA5-AFAE-CE736F642CE1}" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"{E9D00751-DDF4-4217-99A7-26285ED7E5E3}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{EE1754A8-831D-4C52-9984-38AC23A29923}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FEDEAC4D-82CF-429D-935F-8D9D9BA79E97}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FF52841C-9AC0-4607-8491-823B71762309}" = protocol=17 | dir=in | app=c:\users\devid\appdata\local\akamai\netsession_win.exe |
"TCP Query User{04533712-504E-4AD5-A6DB-50B508B7A2F2}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{52670D95-1062-47F8-82A2-3926A092D93C}C:\users\devid\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\devid\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{5BECE216-A238-4B8A-B213-0AF1037BC67B}C:\program files\sma\sunny explorer\sunnyexplorer.exe" = protocol=6 | dir=in | app=c:\program files\sma\sunny explorer\sunnyexplorer.exe |
"TCP Query User{AA0B40E4-5A56-48BA-B169-4E5214C80D1D}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{F57AFEAE-6E0B-455E-B29D-E7DAB1470445}C:\users\devid\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\devid\appdata\local\akamai\netsession_win.exe |
"UDP Query User{237429FD-C42D-486A-86F0-1F5DC55794E4}C:\users\devid\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\devid\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{8FA64030-9388-4390-827E-FE02D269735C}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{BCBE57AE-559C-40E1-87C2-A14E4CD91B64}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{C7B59D7E-CD69-40EB-90D3-FCA2D73227B4}C:\users\devid\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\devid\appdata\local\akamai\netsession_win.exe |
"UDP Query User{F89669DB-A791-4F62-8D45-0D4D7D995C81}C:\program files\sma\sunny explorer\sunnyexplorer.exe" = protocol=17 | dir=in | app=c:\program files\sma\sunny explorer\sunnyexplorer.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer 2011
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0FAAA044-04CF-4766-84A2-A6A95CE196BD}" = Samsung PC Studio 3
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (LORENZSQL)
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{39FCD08F-E311-4959-84B9-1012023724B9}" = Sunny Explorer
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41EEF558-3585-4020-8DF2-B182A0CE2D69}" = Autodesk Vault 2011 (Client)
"{41EEF558-3585-4028-8DF2-B182A0CE2D69}" = Autodesk Vault 2011 (Client) German Language Pack
"{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1" = YouTube Song Downloader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{5783F2D7-9005-0407-0002-0060B0CE6BBA}" = AutoCAD Mechanical 2011
"{5783F2D7-9005-0407-1002-0060B0CE6BBA}" = AutoCAD Mechanical 2011 Language Pack - Deutsch
"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
"{5E2ABE05-B7AD-4D77-8A19-BDA0E4302190}" = Google SketchUp 8
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71F89FF7-C913-4A99-B4D9-C05BAA20790B}" = Autodesk Inventor Content Center Libraries 2011 (Desktop Content)
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F4DD591-1532-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2011
"{7F4DD591-1532-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2011 Language Pack - Deutsch
"{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{98B8052E-1E55-41D4-9A03-E2F718825D38}" = HTC Sync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA0FB0B5-D853-4F87-9261-A4BC7D503E0D}" = Microsoft Image Composite Editor
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010c
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C940B940-C72E-49E6-8831-E5E3528C8A66}" = Sunny Design 2.11
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"alotAppbar" = ALOT Appbar
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"AutoCAD Mechanical 2011" = AutoCAD Mechanical 2011
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Autodesk Inventor Professional 2011" = Autodesk Inventor Professional 2011 Deutsch
"Autodesk Vault 2011 (Client)" = Autodesk Vault 2011 (Client)
"Avira AntiVir Desktop" = Avira Free Antivirus
"bwin Poker_is1" = bwin Poker
"DWG TrueView 2011" = DWG TrueView 2011
"ElsterFormular" = ElsterFormular
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"Exsate DV Capture Live_is1" = Exsate DV Capture Live
"FLV Player" = FLV Player 2.0 (build 25)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"FreePDF_XP" = FreePDF (Remove only)
"FX - Audio Converter" = FoxTab Audio Converter (remove only)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"LORENZplaner" = LORENZ® Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MPE" = MyPhoneExplorer
"MULTIWEB FinMail Client" = MULTIWEB FinMail Client
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"PROPLUS" = Microsoft Office Professional Plus 2007
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Revo Uninstaller" = Revo Uninstaller 1.93
"RWTH OpenVPN Client" = RWTH OpenVPN Client 2.1_rc19c
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Ultravnc2_is1" = UltraVnc
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3896408011-3558441589-2688514459-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Helios" = Helios
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.07.2012 08:10:54 | Computer Name = Devid-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.07.2012 08:10:54 | Computer Name = Devid-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4196
 
Error - 16.07.2012 08:10:54 | Computer Name = Devid-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4196
 
Error - 16.07.2012 08:10:55 | Computer Name = Devid-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.07.2012 08:10:55 | Computer Name = Devid-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5195
 
Error - 16.07.2012 08:10:55 | Computer Name = Devid-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5195
 
Error - 17.07.2012 16:17:30 | Computer Name = Devid-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17.07.2012 16:17:30 | Computer Name = Devid-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1201
 
Error - 17.07.2012 16:17:30 | Computer Name = Devid-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1201
 
Error - 17.07.2012 17:37:31 | Computer Name = Devid-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17514 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: a34    Startzeit: 01cd633389494447    Endzeit: 60000    Anwendungspfad:
 C:\Windows\Explorer.EXE    Berichts-ID: 6e96556b-d057-11e1-8200-001bdc0f2a14 
 
[ OSession Events ]
Error - 13.08.2011 13:22:44 | Computer Name = Devid-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 49
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 16.08.2011 04:24:22 | Computer Name = Devid-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 74447
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 01.12.2011 07:42:15 | Computer Name = Devid-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 65770
 seconds with 960 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 10.11.2012 17:11:32 | Computer Name = Devid-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden.
 
Error - 10.11.2012 17:28:44 | Computer Name = Devid-PC | Source = WMPNetworkSvc | ID = 866333
Description =
 
Error - 12.11.2012 15:02:54 | Computer Name = Devid-PC | Source = DCOM | ID = 10010
Description =
 
Error - 13.11.2012 14:55:57 | Computer Name = Devid-PC | Source = DCOM | ID = 10016
Description =
 
Error - 13.11.2012 17:04:53 | Computer Name = Devid-PC | Source = DCOM | ID = 10016
Description =
 
Error - 14.11.2012 04:39:13 | Computer Name = Devid-PC | Source = DCOM | ID = 10016
Description =
 
Error - 14.11.2012 07:28:49 | Computer Name = Devid-PC | Source = DCOM | ID = 10016
Description =
 
Error - 14.11.2012 09:12:38 | Computer Name = Devid-PC | Source = DCOM | ID = 10016
Description =
 
Error - 14.11.2012 11:52:05 | Computer Name = Devid-PC | Source = DCOM | ID = 10016
Description =
 
Error - 14.11.2012 13:41:28 | Computer Name = Devid-PC | Source = DCOM | ID = 10016
Description =
 
 
< End of report >

Danke und viele Grüße

markusg 14.11.2012 19:59
hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O4 - HKU\S-1-5-21-3896408011-3558441589-2688514459-1000..\Run: [xzhlfvjuojeaeth] C:\ProgramData\xzhlfvju.exe ()
[2012.11.14 13:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ouvntkbioexltda
 :Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)


poste alle malwarebytes logs mit funden + avira fundmeldungen:
http://www.trojaner-board.de/125889-...en-posten.html

BliZZ2k3 14.11.2012 21:02
Hier das Log-File nach dem Neustart:
Code:
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3896408011-3558441589-2688514459-1000\Software\Microsoft\Windows\CurrentVersion\Run\\xzhlfvjuojeaeth deleted successfully.
File C:\ProgramData\xzhlfvju.exe not found.
C:\ProgramData\ouvntkbioexltda folder moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: Administrator
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Dede
->Flash cache emptied: 3440 bytes
 
User: Default
 
User: Default User
 
User: Devid
->Flash cache emptied: 23602 bytes
 
User: Hugo
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Dede
->Temp folder emptied: 800645 bytes
->Temporary Internet Files folder emptied: 1280823 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 464351879 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Devid
->Temp folder emptied: 1042088246 bytes
->Temporary Internet Files folder emptied: 10673514 bytes
->Java cache emptied: 10613470 bytes
->FireFox cache emptied: 701559607 bytes
->Flash cache emptied: 0 bytes
 
User: Hugo
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 139406900 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 577264 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.262,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11142012_204802

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Der Upload hat funktioniert. Ich hab die movedfiles hochgeladen.

Vielen Dank schon mal.

markusg 14.11.2012 21:26
danke
poste noch die angeforderten logs

BliZZ2k3 14.11.2012 21:46
Antivir:
Code:

Avira Free Antivirus
Report file date: Mittwoch, 14. November 2012  20:46

Scanning for 4495080 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee        : Avira Free Antivirus
Serial number  : 0000149996-ADJIE-0000001
Platform        : Windows 7 Professional
Windows version : (Service Pack 1)  [6.1.7601]
Boot mode      : Normally booted
Username        : SYSTEM
Computer name  : DEVID-PC

Version information:
BUILD.DAT      : 12.1.9.1236    40872 Bytes  11.10.2012 15:58:00
AVSCAN.EXE      : 12.3.0.48    468256 Bytes  14.11.2012 19:03:02
AVSCAN.DLL      : 12.3.0.15      54736 Bytes  18.07.2012 16:05:06
LUKE.DLL        : 12.3.0.15      68304 Bytes  18.07.2012 16:04:59
AVSCPLR.DLL    : 12.3.0.27      97064 Bytes  18.07.2012 16:04:51
AVREG.DLL      : 12.3.0.33    232232 Bytes  18.07.2012 16:04:51
VBASE000.VDF    : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF    : 7.11.0.0    13342208 Bytes  14.12.2010 23:23:21
VBASE002.VDF    : 7.11.19.170 14374912 Bytes  20.12.2011 23:32:24
VBASE003.VDF    : 7.11.21.238  4472832 Bytes  01.02.2012 09:58:50
VBASE004.VDF    : 7.11.26.44  4329472 Bytes  28.03.2012 22:38:13
VBASE005.VDF    : 7.11.34.116  4034048 Bytes  29.06.2012 16:05:05
VBASE006.VDF    : 7.11.41.250  4902400 Bytes  06.09.2012 19:41:53
VBASE007.VDF    : 7.11.45.207  2363904 Bytes  11.10.2012 05:21:12
VBASE008.VDF    : 7.11.45.208    2048 Bytes  11.10.2012 05:21:13
VBASE009.VDF    : 7.11.45.209    2048 Bytes  11.10.2012 05:21:13
VBASE010.VDF    : 7.11.45.210    2048 Bytes  11.10.2012 05:21:13
VBASE011.VDF    : 7.11.45.211    2048 Bytes  11.10.2012 05:21:13
VBASE012.VDF    : 7.11.45.212    2048 Bytes  11.10.2012 05:21:13
VBASE013.VDF    : 7.11.45.213    2048 Bytes  11.10.2012 05:21:14
VBASE014.VDF    : 7.11.46.65    220160 Bytes  16.10.2012 05:21:16
VBASE015.VDF    : 7.11.46.153  173568 Bytes  18.10.2012 06:47:49
VBASE016.VDF    : 7.11.46.223  162304 Bytes  19.10.2012 06:47:49
VBASE017.VDF    : 7.11.47.35    126464 Bytes  22.10.2012 19:10:09
VBASE018.VDF    : 7.11.47.95    175616 Bytes  24.10.2012 19:10:09
VBASE019.VDF    : 7.11.47.177  164352 Bytes  26.10.2012 07:30:09
VBASE020.VDF    : 7.11.47.229  143360 Bytes  28.10.2012 19:02:52
VBASE021.VDF    : 7.11.48.47    138240 Bytes  30.10.2012 07:37:49
VBASE022.VDF    : 7.11.48.135  122880 Bytes  01.11.2012 12:57:12
VBASE023.VDF    : 7.11.48.209  142848 Bytes  05.11.2012 14:40:25
VBASE024.VDF    : 7.11.48.243  119296 Bytes  05.11.2012 18:45:55
VBASE025.VDF    : 7.11.49.47    136704 Bytes  07.11.2012 20:27:40
VBASE026.VDF    : 7.11.49.135  194560 Bytes  09.11.2012 21:50:35
VBASE027.VDF    : 7.11.49.209  188416 Bytes  12.11.2012 19:02:15
VBASE028.VDF    : 7.11.49.210    2048 Bytes  12.11.2012 19:02:15
VBASE029.VDF    : 7.11.49.211    2048 Bytes  12.11.2012 19:02:15
VBASE030.VDF    : 7.11.49.212    2048 Bytes  12.11.2012 19:02:15
VBASE031.VDF    : 7.11.50.24    209408 Bytes  14.11.2012 19:03:01
Engine version  : 8.2.10.198
AEVDF.DLL      : 8.1.2.10      102772 Bytes  09.08.2012 17:13:48
AESCRIPT.DLL    : 8.1.4.66      463227 Bytes  13.11.2012 19:02:18
AESCN.DLL      : 8.1.9.2      131444 Bytes  26.09.2012 18:10:29
AESBX.DLL      : 8.2.5.12      606578 Bytes  18.07.2012 16:04:48
AERDL.DLL      : 8.2.0.74      643445 Bytes  07.11.2012 20:27:43
AEPACK.DLL      : 8.3.0.40      815479 Bytes  13.11.2012 19:02:17
AEOFFICE.DLL    : 8.1.2.50      201084 Bytes  05.11.2012 14:40:28
AEHEUR.DLL      : 8.1.4.132    5489016 Bytes  13.11.2012 19:02:17
AEHELP.DLL      : 8.1.25.2      258423 Bytes  18.10.2012 05:21:24
AEGEN.DLL      : 8.1.6.8      434548 Bytes  07.11.2012 20:27:41
AEEXP.DLL      : 8.2.0.10      119158 Bytes  05.11.2012 14:40:28
AEEMU.DLL      : 8.1.3.2      393587 Bytes  09.08.2012 17:13:40
AECORE.DLL      : 8.1.29.2      201079 Bytes  07.11.2012 20:27:40
AEBB.DLL        : 8.1.1.4        53619 Bytes  05.11.2012 14:40:26
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  18.07.2012 16:04:53
AVPREF.DLL      : 12.3.0.32      50720 Bytes  14.11.2012 19:03:01
AVREP.DLL      : 12.3.0.15    179208 Bytes  18.07.2012 16:04:51
AVARKT.DLL      : 12.3.0.33    209696 Bytes  14.11.2012 19:03:01
AVEVTLOG.DLL    : 12.3.0.15    169168 Bytes  18.07.2012 16:04:50
SQLITE3.DLL    : 3.7.0.1      398288 Bytes  18.07.2012 16:05:02
AVSMTP.DLL      : 12.3.0.32      63480 Bytes  18.07.2012 16:04:52
NETNT.DLL      : 12.3.0.15      17104 Bytes  18.07.2012 16:04:59
RCIMAGE.DLL    : 12.3.0.31    4445944 Bytes  18.07.2012 16:05:09
RCTEXT.DLL      : 12.3.0.32      97056 Bytes  14.11.2012 19:03:00

Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50a3eafc\guard_slideup.avp
Logging.............................: default
Primary action......................: Repair
Secondary action....................: Quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete

Start of the scan: Mittwoch, 14. November 2012  20:46

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'conhost.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wmplayer.exe' - '1' Module(s) have been scanned
Scan process 'OTL.exe' - '1' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_11_3_300_270.exe' - '1' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_11_3_300_270.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'LORENZupdateService.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'FsynSrvStarter.exe' - '1' Module(s) have been scanned
Scan process 'HTCVBTServer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'DbgOut.exe' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'ClientInitiatedStarter.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'logger.exe' - '1' Module(s) have been scanned
Scan process 'LightScribeControlPanel.exe' - '1' Module(s) have been scanned
Scan process 'LORENZtray.exe' - '1' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '1' Module(s) have been scanned
Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
Scan process 'fpassist.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'sttray.exe' - '1' Module(s) have been scanned
Scan process 'taskhost.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'Dwm.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'Com4QLBEx.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'mbamscheduler.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned
Scan process 'sqlbrowser.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'mitsijm.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'cvpnd.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'alotservice.exe' - '1' Module(s) have been scanned
Scan process 'aestsrv.exe' - '1' Module(s) have been scanned
Scan process 'armsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Hpservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'STacSV.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\ProgramData\xzhlfvju.exe'
C:\ProgramData\xzhlfvju.exe
  [DETECTION] Is the TR/Weelsof.C.240 Trojan
  [NOTE]      The registration entry <HKEY_USERS\S-1-5-21-3896408011-3558441589-2688514459-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xzhlfvjuojeaeth> was successfully repaired.
  [NOTE]      The file was moved to the quarantine directory under the name '576a59cc.qua'.


End of the scan: Mittwoch, 14. November 2012  20:46
Used time: 00:20 Minute(s)

The scan has been done completely.

      0 Scanned directories
    80 Files were scanned
      1 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      1 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
    79 Files not concerned
      0 Archives were scanned
      0 Warnings
      1 Notes
Malware:
Code:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.14.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Dede :: DEVID-PC [Administrator]

14.11.2012 14:15:20
mbam-log-2012-11-14 (14-15-20).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 278962
Laufzeit: 7 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Devid\0.9428203290826779.exe (Exploit.Drop.UR.2) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Malware findet jetzt wohl nichts mehr.

Bin ich fertig? :)

markusg 16.11.2012 13:37
Ihc hatte alle Avira und Malwarebytes Fundmeldungen angefordert, du hast einfach neue Logs erstellt.
Was ist mit älteren fundlogs, gibts welche?


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:25 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55