GVU Trojaner bin leider auch betroffen

xQuattrox · 20.07.2012, 20:21

Hallo,

wie es oben schon steht habe ich ihn mir auch eingefangen wäre echt klasse wenn mir da jemand helfen könnte

hier die OTL Logs

Code:

ATTFilter

OTL logfile created on: 19.07.2012 20:46:50 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 85,56% Memory free
6,07 Gb Paging File | 5,85 Gb Available in Paging File | 96,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,09 Gb Total Space | 7,33 Gb Free Space | 12,40% Space Free | Partition Type: NTFS
Drive D: | 226,00 Gb Total Space | 73,41 Gb Free Space | 32,48% Space Free | Partition Type: NTFS
Drive H: | 3,75 Gb Total Space | 3,75 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: SAMSUNG | User Name: **** | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.19 20:31:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.18 20:33:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.12.18 22:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011.11.03 16:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2011.10.26 08:07:03 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.08.17 17:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- D:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.06.29 09:31:04 | 000,012,800 | ---- | M] (Deutsche Telekom AG) [Auto | Stopped] -- D:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe -- (MCSWASVR)
SRV - [2011.01.26 10:48:12 | 000,240,640 | ---- | M] (Volkswagen AG) [Auto | Stopped] -- D:\ElsaWin\bin\LcSvrAdm.exe -- (LcSvrAdm)
SRV - [2011.01.26 10:45:56 | 000,335,360 | ---- | M] (Volkswagen AG) [Auto | Stopped] -- D:\ElsaWin\bin\LcSvrHis.exe -- (LcSvrHis)
SRV - [2011.01.26 10:45:12 | 000,373,248 | ---- | M] (Volkswagen AG) [Auto | Stopped] -- D:\ElsaWin\bin\LcSvrSaz.exe -- (LcSvrSaz)
SRV - [2011.01.26 10:43:48 | 001,321,472 | ---- | M] (Volkswagen AG) [On_Demand | Stopped] -- D:\ElsaWin\bin\LcSvrAuf.exe -- (LcSvrAuf)
SRV - [2011.01.26 10:40:06 | 000,477,696 | ---- | M] (Volkswagen AG) [Auto | Stopped] -- D:\ElsaWin\bin\LcSvrPas.exe -- (LcSvrPAS)
SRV - [2011.01.26 10:38:56 | 000,392,704 | ---- | M] (Volkswagen AG) [Auto | Stopped] -- D:\ElsaWin\bin\LcSvrDba.exe -- (LcSvrDba)
SRV - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva385.sys -- (XDva385)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ai-port.sys -- (FTSER2K)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\****\AppData\Local\Temp\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.03.19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.02.24 11:14:42 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2012.02.24 11:14:42 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2012.02.22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.12.23 16:29:38 | 000,058,288 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ai-usb.sys -- (FTDIBUS)
DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011.11.03 16:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011.10.06 10:53:14 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011.08.31 18:25:20 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.06.30 13:41:54 | 000,008,152 | ---- | M] (TDi GmbH TechnoData - Interware) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\IWPORT.SYS -- (IWPORT)
DRV - [2011.05.07 18:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010.12.18 13:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010.05.15 15:55:14 | 000,265,800 | ---- | M] (EldoS Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3)
DRV - [2010.04.09 16:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.03.25 11:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.03.20 12:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.03.20 11:28:12 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010.02.05 06:16:10 | 000,028,048 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009.05.04 16:35:00 | 000,163,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.04.22 11:27:12 | 001,129,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.11.23 10:23:06 | 000,097,792 | ---- | M] (T0r0 2008) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\NSHE.SYS -- (NSHE)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006.11.14 02:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2270810218-2394552768-2579885175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-2270810218-2394552768-2579885175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2270810218-2394552768-2579885175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2270810218-2394552768-2579885175-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-2270810218-2394552768-2579885175-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2270810218-2394552768-2579885175-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2270810218-2394552768-2579885175-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKU\S-1-5-21-2270810218-2394552768-2579885175-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2270810218-2394552768-2579885175-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKU\S-1-5-21-2270810218-2394552768-2579885175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2270810218-2394552768-2579885175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.07.17 08:22:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.20 18:36:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012.03.09 20:51:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.02 19:40:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 20:33:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 20:24:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.27 18:19:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.04.13 20:24:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files\AVG\AVG2012\Thunderbird\ [2012.01.29 21:53:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 20:33:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 20:24:38 | 000,000,000 | ---D | M]
 
[2011.05.20 20:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2011.05.20 20:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.02 21:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\wi3ydtaw.default\extensions
[2012.03.18 08:33:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.07.18 20:33:22 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.28 07:41:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.15 15:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2270810218-2394552768-2579885175-1000..\Run: [HP Photosmart 7510 series (NET)] C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-2270810218-2394552768-2579885175-1000..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-2270810218-2394552768-2579885175-1000..\Run: [QuickNote] D:\Program Files\AN QuickNote\QuickNote.exe (AN-Soft)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ross-Tech VCDS DRV Updater.lnk = C:\VCDS-Dt\VCDS.exe (Ross-Tech, LLC)
O8 - Extra context menu item: &Download by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD775AA9-6CA8-46A6-854A-9568B8EAF484}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7126855-9BB3-4492-9373-105E0C664B65}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - D:\ElsaWin\bin\wiprot.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O24 - Desktop WallPaper: D:\Downloads\27727.jpg
O24 - Desktop BackupWallPaper: D:\Downloads\27727.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0e07a883-1fce-11e1-87c8-001e101f8924}\Shell - "" = AutoRun
O33 - MountPoints2\{0e07a883-1fce-11e1-87c8-001e101f8924}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{23e00e3e-3610-11e1-961f-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{23e00e3e-3610-11e1-961f-001e101fabdd}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{44ab725b-f486-11e0-a5b3-002454203aaf}\Shell - "" = AutoRun
O33 - MountPoints2\{44ab725b-f486-11e0-a5b3-002454203aaf}\Shell\AutoRun\command - "" = G:\Start.exe
O33 - MountPoints2\{a4320818-09c3-11e1-aae9-002454203aaf}\Shell - "" = AutoRun
O33 - MountPoints2\{a4320818-09c3-11e1-aae9-002454203aaf}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a82e30d8-360c-11e1-84c6-878450557872}\Shell - "" = AutoRun
O33 - MountPoints2\{a82e30d8-360c-11e1-84c6-878450557872}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a82e30e2-360c-11e1-84c6-878450557872}\Shell - "" = AutoRun
O33 - MountPoints2\{a82e30e2-360c-11e1-84c6-878450557872}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{da500852-0a18-11e1-987d-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{da500852-0a18-11e1-987d-001e101fb45e}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{f9853c27-4fbe-11e1-920c-001e101f7fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{f9853c27-4fbe-11e1-920c-001e101f7fb6}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{fe069640-d388-11e0-b89a-002454203aaf}\Shell - "" = AutoRun
O33 - MountPoints2\{fe069640-d388-11e0-b89a-002454203aaf}\Shell\AutoRun\command - "" = F:\Install.cmd
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.19 20:46:20 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2012.07.18 07:27:56 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Summitsoft
[2012.07.18 07:26:26 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\My Logo Design Studio Projects
[2012.07.18 07:25:26 | 000,000,000 | ---D | C] -- C:\Windows\Logo Design Studio Trial
[2012.07.17 20:13:23 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{D43C5E4C-3FD2-408C-B513-68453B3C62AF}
[2012.07.17 20:13:11 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{47BD34E6-EC70-40F7-97E4-F59198613BEA}
[2012.07.17 08:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.07.15 21:34:21 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{D078B49D-91FF-46F4-9830-505B6711FEB1}
[2012.07.15 21:34:07 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{A4C40AE2-94BF-4E33-8F61-81126BC10F1F}
[2012.07.13 20:34:53 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{9C6E179E-CA2A-4C6A-BA65-1D250A36023D}
[2012.07.13 20:34:41 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{55F3E372-E35A-4DBD-889E-1AEDDA8BB868}
[2012.07.12 20:24:01 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{65050464-91F7-420D-897F-A42E82BB4E33}
[2012.07.12 20:23:50 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{8288A759-7FED-4133-B91B-844F58907F7F}
[2012.07.12 19:55:03 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.12 19:51:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.12 19:51:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.12 19:51:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.12 19:51:34 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.12 19:51:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.12 19:51:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.12 19:51:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.11 07:23:06 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.10 22:07:55 | 000,000,000 | R--D | C] -- C:\Users\****\Documents\HP Photo Creations
[2012.07.10 21:05:58 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{0D16A5E9-4FB4-4A5D-B11A-7BBB2F23F502}
[2012.07.10 21:05:46 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{D9708686-8F4E-4E2F-AD27-542A323AA0B6}
[2012.07.09 20:44:12 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{B4F52A3D-B8D1-4337-9882-03594778ADF5}
[2012.07.09 20:43:59 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{DC9BBFA6-FE59-4379-A62B-EEB8F48B0298}
[2012.07.08 21:14:09 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{FA18C8E4-E552-4F1D-B6A3-187FA80F4FAC}
[2012.07.08 21:13:57 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{72712D30-75CC-495B-B1AD-572CCB6778FD}
[2012.07.05 21:28:26 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{C12F5683-2A1B-484D-9B73-06070A52B971}
[2012.07.05 21:28:13 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{0201AA51-5584-4099-8F1F-E2CBCCF9CD3F}
[2012.07.03 21:11:04 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{9516AF50-F852-4AD6-9040-9B61AA37E367}
[2012.07.03 21:10:52 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{BC1BBDE2-C3CB-4FDA-ABA7-43C38E06F993}
[2012.07.02 20:05:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{169E3A84-A83B-479A-A960-3B5D9DEE4066}
[2012.07.02 20:05:19 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{BD05FACF-FA45-4D3C-AA22-3DA17C4DFED3}
[2012.07.01 21:26:43 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{BAB4A1E9-A93E-4335-B305-2E315B4F0140}
[2012.07.01 21:26:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{168DB1C5-AA5A-42F1-B7B8-BA2042A86A17}
[2012.06.29 21:31:41 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{877EC50F-DE34-46FA-977F-C4B90D71EA2A}
[2012.06.29 21:31:28 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{9952A136-00B2-496B-993F-82A426A1D0CC}
[2012.06.28 21:00:50 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{4B2DCA63-9A96-466D-BA5B-0708168D434C}
[2012.06.28 21:00:44 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Messenger Plus
[2012.06.28 21:00:37 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{904D4065-04D8-472F-AD91-B6C9C373E998}
[2012.06.28 21:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2012.06.28 20:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\Yuna Software
[2012.06.26 20:44:03 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{520FBE6A-AD1E-435A-AE6E-D85C39B9D9ED}
[2012.06.26 20:43:51 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{C393CD09-BC2C-41E6-93A1-7A9DA0AFC56C}
[2012.06.25 21:14:22 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{93B582D8-2DB8-43AF-9FE8-D5B3C42ECF14}
[2012.06.25 21:14:20 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{A4B5B7CB-026E-4E07-8DF4-7B729364E6CE}
[2012.06.25 21:12:38 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.06.25 21:06:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{EA73E983-576D-4676-8D53-5025BACD5401}
[2012.06.25 21:06:37 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{D5CC3876-4C9B-4758-AC80-98DED6A79C70}
[2012.06.25 20:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.06.25 20:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.06.24 22:57:09 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{8D887FD2-F2EE-4F36-ABDB-D8CD5DB0D59B}
[2012.06.24 22:56:55 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{5B9C4701-7FB3-4598-BB3A-088D76AB48C6}
[2012.06.24 09:32:22 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.24 09:32:22 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.24 09:31:51 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.24 09:31:51 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.24 09:31:51 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.24 09:31:39 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.24 09:31:39 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.22 20:44:00 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Macromedia
[2012.06.19 22:13:45 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\libimobiledevice
[2012.06.19 22:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.06.19 22:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.06.19 22:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
 
========== Files - Modified Within 30 Days ==========
 
[2070.01.02 08:15:00 | 000,398,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System\VBRUN300.DLL
[2012.07.19 20:46:28 | 000,670,660 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.19 20:46:28 | 000,631,726 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.19 20:46:28 | 000,144,198 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.19 20:46:28 | 000,118,352 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.19 20:38:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.19 20:33:05 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 20:33:05 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 20:32:48 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.19 20:31:59 | 004,503,728 | ---- | M] () -- C:\ProgramData\pmt_0piot.pad
[2012.07.19 20:31:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2012.07.19 20:27:48 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012.07.19 20:10:04 | 101,724,594 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.07.19 08:28:26 | 000,001,722 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.18 20:23:52 | 003,751,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.15 10:03:39 | 000,146,944 | ---- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.03 19:50:19 | 000,171,786 | ---- | M] () -- C:\Users\****\Documents\INV0182_qt4.ods.pdf
[2012.06.25 20:24:02 | 000,151,845 | ---- | M] () -- C:\Users\****\Documents\2012_07rechnung_4970028958.pdf
[2012.06.24 18:11:14 | 000,385,171 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012.06.22 20:39:07 | 000,122,202 | ---- | M] () -- C:\Users\****\Documents\3000181292.pdf
[2012.06.22 20:37:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.22 20:37:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.19 22:05:20 | 000,001,498 | ---- | M] () -- C:\Users\Public\Desktop\iTunes iPad.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.19 08:28:26 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad
[2012.07.19 08:28:26 | 000,001,722 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.03 19:50:18 | 000,171,786 | ---- | C] () -- C:\Users\****\Documents\INV0182_qt4.ods.pdf
[2012.06.25 20:24:01 | 000,151,845 | ---- | C] () -- C:\Users\****\Documents\2012_07rechnung_4970028958.pdf
[2012.06.22 20:39:06 | 000,122,202 | ---- | C] () -- C:\Users\****\Documents\3000181292.pdf
[2012.06.19 22:05:20 | 000,001,498 | ---- | C] () -- C:\Users\Public\Desktop\iTunes iPad.lnk
[2012.03.28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.03.28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.03.28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.03.28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.03.28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.03.17 22:02:08 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012.03.09 20:45:09 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.02.19 15:09:17 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2012.02.04 11:07:37 | 000,000,137 | -H-- | C] () -- C:\Windows\System32\crkmo.dll
[2011.10.26 08:08:48 | 000,000,147 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.10.11 15:59:17 | 000,000,021 | ---- | C] () -- C:\Users\****\AppData\Local\mc.pixel.data
[2011.10.07 12:14:40 | 000,000,037 | ---- | C] () -- C:\Windows\System32\conmansrv.ini
[2011.10.07 12:13:10 | 000,000,047 | ---- | C] () -- C:\Windows\NETEDIC.INI
[2011.10.07 12:13:10 | 000,000,047 | ---- | C] () -- C:\Windows\HWEDIC.INI
[2011.10.05 10:55:33 | 000,039,424 | ---- | C] () -- C:\Windows\System32\NMEVTRPT.dll
[2011.09.18 11:34:46 | 000,000,048 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.09.14 15:13:53 | 000,000,600 | ---- | C] () -- C:\Users\****\AppData\Roaming\winscp.rnd
[2011.09.07 15:07:22 | 000,001,456 | ---- | C] () -- C:\Users\****\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.09.06 10:32:05 | 000,000,132 | ---- | C] () -- C:\Users\****\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.08.31 18:34:15 | 000,002,788 | ---- | C] () -- C:\Windows\RbSystem.ini
[2011.08.31 18:33:00 | 000,040,960 | ---- | C] () -- C:\Windows\System32\xcd73532.dll
[2011.08.31 18:33:00 | 000,012,800 | ---- | C] () -- C:\Windows\System32\PWUtility.dll
[2011.08.31 18:33:00 | 000,007,168 | ---- | C] () -- C:\Windows\System32\dtctrace.dll
[2011.08.31 18:32:49 | 000,397,312 | ---- | C] () -- C:\Windows\esi_kl01.dat
[2011.08.31 18:32:45 | 000,655,360 | ---- | C] () -- C:\Windows\System32\dslang32.dll
[2011.08.31 18:32:45 | 000,327,680 | ---- | C] () -- C:\Windows\System32\ldf251.dll
[2011.08.31 18:27:28 | 000,000,487 | ---- | C] () -- C:\Windows\ESIDATA.ini
[2011.08.31 07:53:45 | 000,000,056 | ---- | C] () -- C:\Windows\Acroread.ini
[2011.08.27 16:11:42 | 000,000,556 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.08.23 19:14:05 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.08.06 11:53:35 | 000,134,140 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.07.30 07:07:16 | 000,000,132 | ---- | C] () -- C:\Users\****\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.07.28 07:41:12 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2011.07.28 07:41:12 | 000,028,672 | ---- | C] () -- C:\Windows\System32\hlduinst.exe
[2011.07.28 07:41:12 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2011.07.28 07:35:37 | 000,305,908 | ---- | C] () -- C:\Windows\ETOSU.EXE
[2011.07.28 07:32:23 | 000,000,133 | ---- | C] () -- C:\Windows\ETOSP.INI
[2011.06.22 18:11:31 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.05.21 20:54:09 | 000,146,944 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.21 10:14:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.05.21 10:14:02 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.05.20 20:07:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.02.11 12:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011.02.11 12:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011.02.11 12:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011.02.11 11:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.02.11 11:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
 
========== LOP Check ==========
 
[2011.06.21 19:53:29 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\.minecraft
[2012.07.15 07:35:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Autodesk
[2012.01.29 21:52:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\AVG2012
[2011.08.24 11:09:08 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\BOM
[2011.06.11 15:06:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited
[2011.09.01 12:29:05 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canon
[2011.09.18 08:27:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.08.23 18:46:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\CheckPoint
[2011.09.05 17:13:38 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2012.01.23 07:51:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2012.05.13 11:55:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft
[2011.06.07 18:00:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.13 07:36:00 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla
[2011.06.03 07:59:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Giub
[2011.05.21 19:21:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\GrabPro
[2012.07.18 22:07:50 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ
[2012.03.25 12:54:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\loadtbs
[2011.09.05 12:17:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nvu
[2011.07.18 12:23:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenOffice.org
[2012.07.18 20:30:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Orbit
[2011.07.02 16:30:24 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Outerspace Software
[2012.02.26 09:38:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\picpick
[2011.05.21 19:13:50 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ProgSense
[2012.05.29 07:18:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\QuickNote
[2012.05.13 08:35:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Samsung
[2011.09.18 11:43:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SlySoft
[2012.07.18 07:27:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Summitsoft
[2011.05.20 20:07:05 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird
[2011.06.03 08:07:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Ubny
[2011.11.11 16:53:50 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Unity
[2012.03.18 17:21:00 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Visan
[2012.07.19 20:32:52 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:C68DE4A3

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 19.07.2012 20:46:50 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 85,56% Memory free
6,07 Gb Paging File | 5,85 Gb Available in Paging File | 96,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,09 Gb Total Space | 7,33 Gb Free Space | 12,40% Space Free | Partition Type: NTFS
Drive D: | 226,00 Gb Total Space | 73,41 Gb Free Space | 32,48% Space Free | Partition Type: NTFS
Drive H: | 3,75 Gb Total Space | 3,75 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: SAMSUNG | User Name: ***** | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2270810218-2394552768-2579885175-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\Orbitdownloader\orbitdm.exe" = D:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Program Files\Orbitdownloader\orbitnet.exe" = D:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14E1B2BA-4D0D-48F2-B85D-5AD2AAA03EF3}" = lport=2799 | protocol=6 | dir=in | name=altova license metering port (tcp) | 
"{208A00FA-10A6-4584-BDF6-B84153B8D04B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{20D028DC-E2FF-4AA2-BAE6-D57BEA8198C4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3CB755DE-C26B-478F-B93F-8B76E786987F}" = lport=2799 | protocol=17 | dir=in | name=altova license metering port (udp) | 
"{4E36276B-377B-4AE8-BDB9-2D4968309054}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{56BBB4AF-1C79-49AD-BA89-69A78E1BA809}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5827B32A-D4D5-4A32-B9DE-0922199E086A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{60F82C58-B1F5-430D-B939-695ADBE7913D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7825D50A-BC25-4214-9FF6-5F5DA05758BC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{78A0BE29-B16C-4D3C-8DFD-617697596852}" = rport=139 | protocol=6 | dir=out | app=system | 
"{83C4E23B-E6B4-48FF-B3AB-F3B8C078A9DA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B5A334D3-744D-4556-9DE4-ED2280B3527D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C5D50928-0BDF-4E0D-A9C9-78DC6296097D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EDA4BBDD-1E33-4B4C-83ED-256B45259F11}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0116A668-DC41-4EB1-BFBA-5E03AB4AA8CD}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{07AB1545-55A9-46B7-B19C-10393B8AE2A0}" = protocol=17 | dir=in | app=d:\program files\icq7.5\icq.exe | 
"{0D246472-438A-43B3-91AF-99E9A770B7AB}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{283D0BF2-930A-46DC-86E0-8A63CDF24319}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"{3248F8AC-B83B-4A41-A8D7-ACB17025AA5C}" = protocol=6 | dir=in | app=d:\program files\icq7.5\icq.exe | 
"{346A2E15-B393-4292-8529-6A9D50B1B4FD}" = dir=in | app=d:\program files\skype\phone\skype.exe | 
"{431619C1-81ED-4303-B9AB-981E536E67B5}" = dir=in | app=d:\program files\itunes\itunes.exe | 
"{453280DF-A5FC-4F7A-9662-290409A52B60}" = protocol=6 | dir=in | app=d:\program files\icq7.5\icq.exe | 
"{4AC9CE74-C5CC-476F-96DE-F07662F9301B}" = dir=in | app=c:\program files\hp\hp photosmart 7510 series\bin\devicesetup.exe | 
"{4D8D76BF-27D6-465D-8409-135BF49512C0}" = dir=in | app=c:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicator.exe | 
"{52F53646-9F30-44C3-9471-702EF72C9966}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{5A721190-AF02-4F9C-BFE0-4BA4C969A297}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5CACD83E-3A37-46A7-8FA7-BFC23E48D763}" = protocol=17 | dir=in | app=d:\program files\icq7.5\icq.exe | 
"{5CFF3385-059E-4998-B695-A728B65AFCDF}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{5D81B13D-5200-4181-82C0-1450A7FF8798}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{6E3C90D4-9768-44CA-9FD5-2C8F48F47510}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"{786768D3-AD4D-4997-B6AB-93637958FDDF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"{8827AF14-989F-414A-BB3B-DE1FFC28085F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{97A8FEFD-B9D5-43C2-808F-756B20DFB204}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
"{9B4FAF45-F301-4EB6-9DE1-F6295DBA383C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9BE008D8-1982-47D0-8852-AEE26D2D7EFC}" = protocol=17 | dir=in | app=d:\program files\icq7.5\icq.exe | 
"{A4700756-B20D-418B-9E50-53546A7F74BC}" = protocol=6 | dir=in | app=d:\program files\teamviewer\version6\teamviewer.exe | 
"{B86B662B-8A70-4D07-A5E6-8D81F9B4A165}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
"{C06062E2-0AA5-4C9B-A05C-5A16891AA011}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"{C150B2F2-312D-4D8E-9714-444727F9DA61}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{C8F35BCB-AB01-48E8-B4F4-733F907C5A3A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{CF7B0942-1268-45BB-B806-ABA620A6D8AD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D2619C63-C40B-4334-BB30-2CC3977C5A1C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{D7BF40C3-794D-4C32-AA03-79EE4C4F83CE}" = protocol=17 | dir=in | app=d:\program files\teamviewer\version6\teamviewer.exe | 
"{DBEDF4EE-730F-4ED4-8E48-25BE529FCB73}" = protocol=17 | dir=in | app=d:\program files\teamviewer\version6\teamviewer_service.exe | 
"{DE3745E5-82C2-4422-AFBD-240F286B9E05}" = protocol=6 | dir=in | app=d:\program files\teamviewer\version6\teamviewer_service.exe | 
"{ECDEFAB5-03CF-445D-9D7C-B040211812AF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{EFDACB0B-2FE4-4875-AA53-557377174955}" = protocol=6 | dir=in | app=d:\program files\icq7.5\icq.exe | 
"{F02DD740-DA01-4495-8F1A-AAAFEB89B72C}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{F619090B-946A-453A-989F-D821D70C4C00}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F6962748-4CE5-4FC6-8292-1CC2FC7F76AD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FD390A9B-ED8B-4A01-AEE5-FDB60AF8CDAF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"TCP Query User{0F0BBFA9-4267-49A6-BFD0-A8B339FF6958}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | 
"TCP Query User{57178CFF-C4E7-4D88-A8F0-E77559D28101}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{83EE3334-FAEE-462D-A83D-803CEE6BE973}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{93300620-E9D0-40E9-8728-38E831FDBC25}D:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=d:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{BDE4A14D-B117-4725-8C32-A2F22FB0C6C5}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{03AB84E9-2EE4-418D-83B8-CC51C2F1AA12}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{25652DC7-30E8-4539-A9A0-5B0A8EC0D2E6}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | 
"UDP Query User{5FA20667-CCD1-49B9-B185-A1F2F1900F16}D:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=d:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{D132CA3D-B4F2-4BBF-BCB1-9F030EA6B7FA}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{EE56E851-9568-4821-92FD-3C73CD8AEE8A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24E01F02-4261-42B8-9BD9-80E5E6D64952}" = HP Photosmart 7510 series Hilfe
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3832FA99-2EDD-41E0-94AD-FBF9FABAFEF9}" = Atheros WLAN Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{5928359F-BF46-4646-BF19-B64E55171EB5}" = FILSHtray
"{5928359F-BF46-4646-BF19-B64E55171EB5}_is1" = FILSHtray Version 0.10
"{5AB36A6C-27A8-4CB1-89A1-9D05F3F16625}" = Mobile Mouse Server
"{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer
"{5D6C26B9-D9E7-4E77-A4DE-0C2B242E85FA}" = ZoneAlarm Firewall
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68CAE442-579C-4D84-AA5F-253852522ED5}" = PCTroubleshooting
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7F321B-5BFD-4367-92B7-D8FDF01CC13E}" = HP Photosmart 7510 series - Grundlegende Software für das Gerät
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BCD7AE7-F713-4D50-BAB9-7839B9386870}" = ImageShack Uploader 2.2.0
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B65F83E3-0B02-42AF-AAAE-539C349A4D9E}" = Studie zur Verbesserung von HP Photosmart 7510 series Produkten
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4AC672B-C8A2-4EAC-845A-35D0392E5BC2}" = VAS-PC Car Diagnostic System
"{C4BC01F3-B7E6-49FA-8FBE-6B62FDF9CED0}" = ZoneAlarm Security
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEE4D866-5145-4AF9-B38A-A25AD3F69FFD}" = ScanTool
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E84C3D56-7B4A-4853-BB4D-DA1B25A1E3FD}" = AltovaXML 2006
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"1484503C23C0826E0CCB836028153036C40FB2BB" = Windows-Treiberpaket - Auto-Intern Virtueller COM-Port-Treiber (03/30/2010 2.06.02)
"1489-3350-5074-6281" = JDownloader 0.9
"7F56849458D215BF0D380991975D272EC75696C9" = Windows-Treiberpaket - Auto-Intern USB-Treiber (03/30/2010 2.06.02)
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AN QuickNote_is1" = AN QuickNote Version 5
"AVG" = AVG 2012
"B4DFFB06B716298277125094C48185BFE8B5A7E1" = Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02)
"BluffTitler" = BluffTitler
"Bosch Viewer" = Bosch Viewer
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CloneDVDmobile" = CloneDVDmobile
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"D-PDU API V1.10.033 D-PDU API for VOLKSWAGEN" = D-PDU API V1.10.033 D-PDU API for VOLKSWAGEN
"DTS V7.71.095" = DTS V7.71.095
"eLearn 1.2.1_is1" = eLearn CDROM 1.0
"ElsaWin" = ElsaWin
"ESI Prüfwerte" = ESI Prüfwerte
"ESI[tronic]" = ESI[tronic]
"ETKA7.3_Germany_2011" = ETKA 7.3 Germany 2011
"Fraps" = Fraps (remove only)
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.11.508
"Free Audio Converter_is1" = Free Audio Converter version 2.2.19.602
"Free Video to Android Converter_is1" = Free Video to Android Converter version 5.0.11.508
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.40.602
"Hardlock Device Drivers" = Hardlock Device Drivers
"Hardlock Gerätetreiber" = Hardlock Gerätetreiber
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IsoBuster_is1" = IsoBuster 2.8.5
"loadtbs-2.1" = loadtbs-2.1
"Mediencenter Software" = Mediencenter Assistent
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mobile Partner" = Mobile Partner
"moDiag_is1" = moDiag 2.8.600
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Nero8Lite_is1" = Nero 8 Micro 8.3.6.0
"Nvu_is1" = Nvu 1.0
"Orbit_is1" = Orbit Downloader
"PicPick" = PicPick
"PS3Splitter_is1" = PS3Splitter version 1.1.5.1
"SmartCheck" = NuMega SmartCheck
"SpeedFan" = SpeedFan (remove only)
"Steuergeräte-Diagnose_is1" = Steuergeräte-Diagnose SD-SW-Setup:2010/1_1_13 KTS500-V:2009-09-
"Sweet Home 3D_is1" = Sweet Home 3D version 3.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 6" = TeamViewer 6
"VAS505x-2 v9.10.003 Application" = VAS505x-2 v9.10.003 Application
"VAS-PC-2 BaseSystem" = VAS-PC-2 Diagnostic Base System
"VCDS AIB" = VCDS AIB 11.11
"VLC media player" = VLC media player 1.1.11
"Webasto Thermo Test" = Webasto Thermo Test 2.13
"WinHex" = WinHex
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"winscp3_is1" = WinSCP 4.3.4
"YASA VOB to MP4 Converter v3.9 (build 0059)" = YASA VOB to MP4 Converter v3.9 (build 0059)
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2270810218-2394552768-2579885175-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.07.2012 01:16:29 | Computer Name = Samsung | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.07.2012 15:07:38 | Computer Name = Samsung | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.07.2012 13:46:02 | Computer Name = Samsung | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.07.2012 13:51:16 | Computer Name = Samsung | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = 
 
Error - 12.07.2012 13:51:16 | Computer Name = Samsung | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = 
 
Error - 12.07.2012 22:26:40 | Computer Name = Samsung | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.07.2012 13:46:54 | Computer Name = Samsung | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.07.2012 17:02:11 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_3_300_262.exe, Version 
11.3.300.262, Zeitstempel 0x4fe20fae, fehlerhaftes Modul NPSWF32_11_3_300_262.dll,
 Version 11.3.300.262, Zeitstempel 0x4fe21212, Ausnahmecode 0xc0000005, Fehleroffset
 0x00490fb1,  Prozess-ID 0x9a8, Anwendungsstartzeit 01cd6120defcb3a5.
 
Error - 14.07.2012 07:24:36 | Computer Name = Samsung | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.07.2012 00:49:21 | Computer Name = Samsung | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.07.2012 01:30:23 | Computer Name = Samsung | Source = VSS | ID = 8194
Description = 
 
[ System Events ]
Error - 19.07.2012 14:39:38 | Computer Name = Samsung | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 19.07.2012 14:39:38 | Computer Name = Samsung | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 19.07.2012 14:39:38 | Computer Name = Samsung | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 19.07.2012 14:39:38 | Computer Name = Samsung | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 19.07.2012 14:39:38 | Computer Name = Samsung | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 19.07.2012 14:39:38 | Computer Name = Samsung | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 19.07.2012 14:39:38 | Computer Name = Samsung | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 19.07.2012 14:39:38 | Computer Name = Samsung | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 19.07.2012 14:39:38 | Computer Name = Samsung | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 19.07.2012 14:39:38 | Computer Name = Samsung | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >

t'john · 20.07.2012, 21:53

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Ersetze die *** Sternchen wieder in den Benutzernamen zurück!
Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-2270810218-2394552768-2579885175-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} 
IE - HKU\S-1-5-21-2270810218-2394552768-2579885175-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-2270810218-2394552768-2579885175-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd 
IE - HKU\S-1-5-21-2270810218-2394552768-2579885175-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN 
IE - HKU\S-1-5-21-2270810218-2394552768-2579885175-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKU\S-1-5-21-2270810218-2394552768-2579885175-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 
IE - HKU\S-1-5-21-2270810218-2394552768-2579885175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-2270810218-2394552768-2579885175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - user.js - File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () 
O4 - HKU\S-1-5-21-2270810218-2394552768-2579885175-1000..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{0e07a883-1fce-11e1-87c8-001e101f8924}\Shell - "" = AutoRun 
O33 - MountPoints2\{0e07a883-1fce-11e1-87c8-001e101f8924}\Shell\AutoRun\command - "" = H:\AutoRun.exe 
O33 - MountPoints2\{23e00e3e-3610-11e1-961f-001e101fabdd}\Shell - "" = AutoRun 
O33 - MountPoints2\{23e00e3e-3610-11e1-961f-001e101fabdd}\Shell\AutoRun\command - "" = I:\AutoRun.exe 
O33 - MountPoints2\{44ab725b-f486-11e0-a5b3-002454203aaf}\Shell - "" = AutoRun 
O33 - MountPoints2\{44ab725b-f486-11e0-a5b3-002454203aaf}\Shell\AutoRun\command - "" = G:\Start.exe 
O33 - MountPoints2\{a4320818-09c3-11e1-aae9-002454203aaf}\Shell - "" = AutoRun 
O33 - MountPoints2\{a4320818-09c3-11e1-aae9-002454203aaf}\Shell\AutoRun\command - "" = H:\AutoRun.exe 
O33 - MountPoints2\{a82e30d8-360c-11e1-84c6-878450557872}\Shell - "" = AutoRun 
O33 - MountPoints2\{a82e30d8-360c-11e1-84c6-878450557872}\Shell\AutoRun\command - "" = H:\AutoRun.exe 
O33 - MountPoints2\{a82e30e2-360c-11e1-84c6-878450557872}\Shell - "" = AutoRun 
O33 - MountPoints2\{a82e30e2-360c-11e1-84c6-878450557872}\Shell\AutoRun\command - "" = H:\AutoRun.exe 
O33 - MountPoints2\{da500852-0a18-11e1-987d-001e101fb45e}\Shell - "" = AutoRun 
O33 - MountPoints2\{da500852-0a18-11e1-987d-001e101fb45e}\Shell\AutoRun\command - "" = H:\AutoRun.exe 
O33 - MountPoints2\{f9853c27-4fbe-11e1-920c-001e101f7fb6}\Shell - "" = AutoRun 
O33 - MountPoints2\{f9853c27-4fbe-11e1-920c-001e101f7fb6}\Shell\AutoRun\command - "" = H:\AutoRun.exe 
O33 - MountPoints2\{fe069640-d388-11e0-b89a-002454203aaf}\Shell - "" = AutoRun 
O33 - MountPoints2\{fe069640-d388-11e0-b89a-002454203aaf}\Shell\AutoRun\command - "" = F:\Install.cmd 
O33 - MountPoints2\H\Shell - "" = AutoRun 
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe 
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:C68DE4A3 

[2012.07.19 20:31:59 | 004,503,728 | ---- | M] () -- C:\ProgramData\pmt_0piot.pad 
[2012.07.19 08:28:26 | 000,001,722 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 
[2012.07.19 08:28:26 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad 
[2012.07.19 08:28:26 | 000,001,722 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 

:Files
ng\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
C:\ProgramData\ntuser.pol
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

xQuattrox · 22.07.2012, 06:29

Hallo,

sry das ich mich erst jetzt wieder damit befasst habe aber hab halt nur heute frei

so hier die Log File nach dem Fix

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-2270810218-2394552768-2579885175-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2270810218-2394552768-2579885175-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2270810218-2394552768-2579885175-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-2270810218-2394552768-2579885175-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_USERS\S-1-5-21-2270810218-2394552768-2579885175-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-2270810218-2394552768-2579885175-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-2270810218-2394552768-2579885175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-2270810218-2394552768-2579885175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2270810218-2394552768-2579885175-1000\Software\Microsoft\Windows\CurrentVersion\Run\\KiesPDLR deleted successfully.
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e07a883-1fce-11e1-87c8-001e101f8924}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e07a883-1fce-11e1-87c8-001e101f8924}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e07a883-1fce-11e1-87c8-001e101f8924}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e07a883-1fce-11e1-87c8-001e101f8924}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23e00e3e-3610-11e1-961f-001e101fabdd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23e00e3e-3610-11e1-961f-001e101fabdd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23e00e3e-3610-11e1-961f-001e101fabdd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23e00e3e-3610-11e1-961f-001e101fabdd}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44ab725b-f486-11e0-a5b3-002454203aaf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ab725b-f486-11e0-a5b3-002454203aaf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44ab725b-f486-11e0-a5b3-002454203aaf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ab725b-f486-11e0-a5b3-002454203aaf}\ not found.
File G:\Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4320818-09c3-11e1-aae9-002454203aaf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4320818-09c3-11e1-aae9-002454203aaf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4320818-09c3-11e1-aae9-002454203aaf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4320818-09c3-11e1-aae9-002454203aaf}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a82e30d8-360c-11e1-84c6-878450557872}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a82e30d8-360c-11e1-84c6-878450557872}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a82e30d8-360c-11e1-84c6-878450557872}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a82e30d8-360c-11e1-84c6-878450557872}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a82e30e2-360c-11e1-84c6-878450557872}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a82e30e2-360c-11e1-84c6-878450557872}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a82e30e2-360c-11e1-84c6-878450557872}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a82e30e2-360c-11e1-84c6-878450557872}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da500852-0a18-11e1-987d-001e101fb45e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da500852-0a18-11e1-987d-001e101fb45e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da500852-0a18-11e1-987d-001e101fb45e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da500852-0a18-11e1-987d-001e101fb45e}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9853c27-4fbe-11e1-920c-001e101f7fb6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9853c27-4fbe-11e1-920c-001e101f7fb6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9853c27-4fbe-11e1-920c-001e101f7fb6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9853c27-4fbe-11e1-920c-001e101f7fb6}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe069640-d388-11e0-b89a-002454203aaf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe069640-d388-11e0-b89a-002454203aaf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe069640-d388-11e0-b89a-002454203aaf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe069640-d388-11e0-b89a-002454203aaf}\ not found.
File F:\Install.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\AutoRun.exe not found.
ADS C:\ProgramData\Temp:C68DE4A3 deleted successfully.
C:\ProgramData\pmt_0piot.pad moved successfully.
C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
File C:\ProgramData\pmt_0piot.pad not found.
File C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
========== FILES ==========
File\Folder ng\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
C:\ProgramData\ntuser.pol moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache konnte nicht geleert werden: Beim Ausfhren der Funktion ist ein Fehler aufgetreten.
C:\Users\****\Desktop\cmd.bat deleted successfully.
C:\Users\****\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ****
->Temp folder emptied: 5231694745 bytes
->Temporary Internet Files folder emptied: 166089892 bytes
->Java cache emptied: 52960008 bytes
->FireFox cache emptied: 54918238 bytes
->Apple Safari cache emptied: 148881408 bytes
->Flash cache emptied: 190935 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 584057097 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 5.950,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: ****
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07222012_070027

Files\Folders moved on Reboot...
C:\Windows\temp\IswTmp\Logs\FFApi.swl.old moved successfully.
C:\Windows\temp\IswTmp\Logs\ISWDMP.swl.old moved successfully.
C:\Windows\temp\IswTmp\Logs\ISWFWMON.swl.old moved successfully.
C:\Windows\temp\IswTmp\Logs\ISWMENUS.swl.old moved successfully.
C:\Windows\temp\IswTmp\Logs\ISWSTATS.swl.old moved successfully.
C:\Windows\temp\IswTmp\Logs\ISWSVC.swl.old moved successfully.
C:\Windows\temp\IswTmp\Logs\ISWUILIB.swl.old moved successfully.
C:\Windows\temp\IswTmp\Logs\ISWUL.swl.old moved successfully.
C:\Windows\temp\IswTmp\Logs\ISWUPD.swl.old moved successfully.

PendingFileRenameOperations files...
File C:\Windows\temp\IswTmp\Logs\FFApi.swl.old not found!
File C:\Windows\temp\IswTmp\Logs\ISWDMP.swl.old not found!
File C:\Windows\temp\IswTmp\Logs\ISWFWMON.swl.old not found!
File C:\Windows\temp\IswTmp\Logs\ISWMENUS.swl.old not found!
File C:\Windows\temp\IswTmp\Logs\ISWSTATS.swl.old not found!
File C:\Windows\temp\IswTmp\Logs\ISWSVC.swl.old not found!
File C:\Windows\temp\IswTmp\Logs\ISWUILIB.swl.old not found!
File C:\Windows\temp\IswTmp\Logs\ISWUL.swl.old not found!
File C:\Windows\temp\IswTmp\Logs\ISWUPD.swl.old not found!

Registry entries deleted on Reboot...

t'john · 22.07.2012, 09:34

Sehr gut!

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

xQuattrox · 22.07.2012, 14:23

Hi,

also bisher habe ich noch nicht viel versucht aber scheint stabil zu laufen

aber hier mal die logs

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.22.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Meier :: SAMSUNG [Administrator]

22.07.2012 11:35:57
mbam-log-2012-07-22 (11-35-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 759470
Laufzeit: 2 Stunde(n), 59 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

# AdwCleaner v1.703 - Logfile created 07/22/2012 at 15:16:36
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : **** - SAMSUNG
# Running from : C:\Users\****\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\****\AppData\Local\Conduit
Folder Found : C:\Users\****\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\****\AppData\LocalLow\Conduit
Folder Found : C:\Users\****\AppData\Roaming\loadtbs
Folder Found : C:\ProgramData\boost_interprocess

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Key Found : HKCU\Software\AppDataLow\Software\Toolbar
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\ASKInstaller
Key Found : HKLM\SOFTWARE\Cheat Engine\OpenCandy
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Wise Solutions

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\wi3ydtaw.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2222 octets] - [22/07/2012 15:16:36]

########## EOF - C:\AdwCleaner[R1].txt - [2350 octets] ##########

t'john · 22.07.2012, 18:26

Sehr gut!

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

xQuattrox · 23.07.2012, 06:02

Hier de beiden Logs

Code:

ATTFilter

# AdwCleaner v1.703 - Logfile created 07/22/2012 at 21:25:16
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : **** - SAMSUNG
# Running from : C:\Users\****\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\****\AppData\Local\Conduit
Folder Deleted : C:\Users\****\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\****\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\****\AppData\Roaming\loadtbs
Folder Deleted : C:\ProgramData\boost_interprocess

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\ASKInstaller
Key Deleted : HKLM\SOFTWARE\Cheat Engine\OpenCandy
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Wise Solutions

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\wi3ydtaw.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2351 octets] - [22/07/2012 15:16:36]
AdwCleaner[S1].txt - [2326 octets] - [22/07/2012 21:25:16]

########## EOF - C:\AdwCleaner[S1].txt - [2454 octets] ##########

Code:

ATTFilter

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 22.07.2012 21:39:30

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	22.07.2012 21:47:50


C:\Users\****\AppData\Roaming\Thunderbird\Profiles\obu2jpqa.default\ImapMail\secureimap.t-online.de\INBOX.sbd\Trash -> Aktuelle-Rechnung.exe 	gefunden: Win32.SuspectCrc!E2


Gescannt	1013068
Gefunden	1

Scan Ende:	23.07.2012 02:08:18
Scan Zeit:	4:20:28

t'john · 23.07.2012, 09:40

Sehr gut!

Lasse die Funde loeschen, dann:

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

xQuattrox · 24.07.2012, 18:36

so hier die Log

aber mal ne Frage is das normal das der um die 15 Stunden scannt ? ^^

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6be6ee3e6b997241b9c4751c9b22a539
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-24 08:24:42
# local_time=2012-07-24 10:24:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 14981136 14981136 0 0
# compatibility_mode=5892 16776574 100 100 37095339 180597129 0 0
# compatibility_mode=8192 67108863 100 0 178 178 0 0
# compatibility_mode=9217 16777214 75 4 15155423 15155423 0 0
# scanned=580923
# found=0
# cleaned=0
# scan_time=53881

t'john · 24.07.2012, 21:39

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

xQuattrox · 29.07.2012, 07:25

Hallo,

kam leider erst jetzt wieder dazu habe das Java Update wie beschrieben gemacht

t'john · 29.07.2012, 12:37

Sehr gut!

damit bist Du sauber und entlassen!

Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html

Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
temporäre Dateien löschen.

Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html

t'john · 14.08.2012, 05:07

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

xQuattrox · 14.08.2012, 06:33

Hallo,

ich kam leider noch nicht dazu alles weiter abzuarbeiten mache es sobald ich zeit finde

GVU Trojaner bin leider auch betroffen

Log-Analyse und Auswertung: GVU Trojaner bin leider auch betroffen