Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Spam-Mail vom eigenen Account verschickt worden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.12.2012, 17:38   #1
Stella_2012
 
Spam-Mail vom eigenen Account verschickt worden - Standard

Spam-Mail vom eigenen Account verschickt worden



Hallo liebes Team,

ich hab heut Morgen leider erfahren, dass meine Kontakte von meinem Emailaccount eine Nachricht ohne Betreff mit folgendem Link erhalten

haben:hxxp://tujmada.com/wp-content/plugins/akismet/google.html

Wie kann das sein?
Ich habe sofort mein Passwort geändert und allen, die die Mail offensichtlich bekommen haben, bescheid gesagt, dass ich das nicht war und die nicht auf den Link klicken sollen.
Ich habe folgendes über "jüngste Anmeldungsaktivitäten" bei Yahoo herausbekommen:

2:47 AM Browser Mail-Zugriff Japan
2:47 AM Yahoo! Mobile Angemeldet Japan

Mein Virenscan bei Spybot hat nichts Neues ergeben.
Allerdings habe ich seit langer Zeit immer das selbe Problem, wenn ich darüber einen Virenscan mache. Eine Datei mit dem Namen "jZip.toolbar" lässt sich nie löschen.
Ist das ein Virus?
Ich mache habe gerade auch einen von euch empfohlenen Malwarebytes Anti-Malware Scan gemacht.
Hier der Inhalt der Log-Datei:

Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org
Datenbank Version: v2012.12.13.08
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Stella :: LUNGE-PC [Administrator]
Schutz: Aktiviert
13.12.2012 17:13:35
mbam-log-2012-12-13 (17-34-49).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 231391
Laufzeit: 10 Minute(n), 32 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 2
HKCU\SOFTWARE\XML (Trojan.FakeAlert) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Keine Aktion durchgeführt.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 1
C:\Users\Lunge\AppData\Roaming\igfxtray.dat (Malware.Trace) -> Keine Aktion durchgeführt.
(Ende)

Gelöscht habe ich noch nix...
Was mache ich denn nun?

Danke schon mal für eure Mühe!!

Gruß, Stella

Hallo,
sorry, hier ist das Ergebnis zu dem OLT Scan Text:

Anhang 47470

Und hier vom Extras Text:

Anhang 47471

Hier die Log Gmer:

Anhang 47475

Ich hoffe, nun ist alles komplett.
Viele Grüße,
Stella

Geändert von Stella_2012 (13.12.2012 um 17:53 Uhr)

Alt 14.12.2012, 10:43   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spam-Mail vom eigenen Account verschickt worden - Standard

Spam-Mail vom eigenen Account verschickt worden



Hallo und

Hast du noch weitere Logs von Malwarebytes oder anderen Virenscannern? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 14.12.2012, 15:10   #3
Stella_2012
 
Spam-Mail vom eigenen Account verschickt worden - Standard

Spam-Mail vom eigenen Account verschickt worden



Hey,

oh, sorry. Ich bin ziemlich unerfaren damit. Hatte nicht herausgefunden, wie man das macht. Also hier die Daten von dem Malwarebytes Scan:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org
Datenbank Version: v2012.12.13.08
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Stella :: LUNGE-PC [Administrator]
Schutz: Aktiviert
14.12.2012 07:47:10
mbam-log-2012-12-14 (14-42-24).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 567410
Laufzeit: 3 Stunde(n), 20 Minute(n), 10 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 2
HKCU\SOFTWARE\XML (Trojan.FakeAlert) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Keine Aktion durchgeführt.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 1
C:\Users\Lunge\AppData\Roaming\igfxtray.dat (Malware.Trace) -> Keine Aktion durchgeführt.
(Ende)
         
Ich habe noch ein paar weitere Scans (dfogger, olt und gmer) durchgeführt, allerdings ohne dann etwas zu löschen. Kann ich in den Text-Dateien der Scans sehen, ob dort etwas gefunden wurde?
So erkenne ich irgendwie nichts... Das waren auf jeden Fall die angehängten Dateien aus der letzten Nachricht von mir.

Danke!
Grüße, Stella
__________________

Alt 14.12.2012, 15:52   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spam-Mail vom eigenen Account verschickt worden - Standard

Spam-Mail vom eigenen Account verschickt worden



Deine Anhänge im ersten Posting funktionieren nicht.
Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.12.2012, 16:20   #5
Stella_2012
 
Spam-Mail vom eigenen Account verschickt worden - Standard

Spam-Mail vom eigenen Account verschickt worden



Entschuldigung:

Code:
ATTFilter
OTL logfile created on: 13.12.2012 22:40:42 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lunge\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 0,68 Gb Available Physical Memory | 39,15% Memory free
3,50 Gb Paging File | 2,29 Gb Available in Paging File | 65,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,05 Gb Total Space | 2,51 Gb Free Space | 3,64% Space Free | Partition Type: NTFS
Drive D: | 70,00 Gb Total Space | 26,56 Gb Free Space | 37,94% Space Free | Partition Type: NTFS
Drive G: | 22,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: LUNGE-PC | User Name: Stella | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.12.13 22:40:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lunge\Downloads\OTL.exe
PRC - [2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.06 16:54:52 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.12.29 00:57:30 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2011.11.02 11:07:18 | 001,694,096 | ---- | M] (Bandoo Media, inc) -- C:\Programme\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2011.10.18 20:05:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.28 18:00:49 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.04 22:00:46 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.04 19:13:56 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010.07.04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.01.14 20:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.03.24 16:10:08 | 000,114,688 | ---- | M] () -- C:\Programme\Mobile Partner\Mobile Partner.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.06.12 01:25:18 | 000,037,232 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2008.06.11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2006.11.22 06:20:00 | 003,768,320 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Programme\WIBUKEY\Server\WkSvMgr.exe
PRC - [2006.10.26 23:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
========== Modules (No Company Name) ==========
MOD - [2012.08.06 16:54:52 | 001,952,696 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.21 15:54:34 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2009.05.20 09:21:14 | 000,139,264 | ---- | M] () -- C:\Programme\Mobile Partner\LocaleMgrPlugin.dll
MOD - [2009.05.20 09:20:28 | 000,159,744 | ---- | M] () -- C:\Programme\Mobile Partner\SMSPlugin.dll
MOD - [2009.05.20 09:19:32 | 000,032,768 | ---- | M] () -- C:\Programme\Mobile Partner\NotifyServicePlugin.dll
MOD - [2009.05.20 09:17:08 | 000,057,344 | ---- | M] () -- C:\Programme\Mobile Partner\ConfigFilePlugin.dll
MOD - [2009.05.20 09:15:42 | 000,098,304 | ---- | M] () -- C:\Programme\Mobile Partner\DeviceMgrPlugin.dll
MOD - [2009.05.20 09:13:14 | 000,139,264 | ---- | M] () -- C:\Programme\Mobile Partner\NetInfoPlugin.dll
MOD - [2009.05.20 09:10:26 | 000,090,112 | ---- | M] () -- C:\Programme\Mobile Partner\DialUpPlugin.dll
MOD - [2009.05.20 09:09:12 | 000,176,128 | ---- | M] () -- C:\Programme\Mobile Partner\DeviceMgrUIPlugin.dll
MOD - [2009.05.20 08:53:38 | 000,860,160 | ---- | M] () -- C:\Programme\Mobile Partner\NDISAPI.dll
MOD - [2009.03.24 16:10:08 | 000,114,688 | ---- | M] () -- C:\Programme\Mobile Partner\Mobile Partner.exe
MOD - [2009.03.10 19:06:04 | 000,061,440 | R--- | M] () -- C:\Programme\Mobile Partner\XCodec.dll
MOD - [2009.03.10 19:06:02 | 000,061,440 | R--- | M] () -- C:\Programme\Mobile Partner\DeviceOperate.dll
MOD - [2009.03.10 19:06:00 | 000,155,648 | R--- | M] () -- C:\Programme\Mobile Partner\DetectDev.dll
MOD - [2009.03.10 19:05:58 | 000,561,152 | R--- | M] () -- C:\Programme\Mobile Partner\atcomm.dll
MOD - [2007.08.23 15:39:30 | 000,014,848 | R--- | M] () -- C:\Programme\Mobile Partner\isaputrace.dll
MOD - [2007.07.31 14:50:04 | 000,090,112 | R--- | M] () -- C:\Programme\Mobile Partner\FileManager.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012.12.13 16:23:33 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.05 21:56:00 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.06 16:54:52 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.01.06 19:39:12 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2011.12.29 00:57:30 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011.10.18 20:05:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 18:00:49 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.07.13 09:50:49 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Programme\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010.07.04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 23:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 18:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.29 00:57:28 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2011.12.29 00:57:26 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011.10.18 20:05:52 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.18 20:05:52 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.27 12:56:41 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.02.11 02:42:38 | 001,027,328 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vm331avs.sys -- (vm331avs)
DRV - [2009.10.14 20:41:42 | 000,185,048 | ---- | M] (Pismo Technic Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\pfmfs_359.sys -- (pfmfs_359)
DRV - [2009.09.21 16:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.07.13 23:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009.07.13 23:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009.06.22 18:38:22 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.06.22 18:26:04 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.05.11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.12.01 21:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2006.11.22 06:20:00 | 000,072,704 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\WibuKey.sys -- (WIBUKEY)
DRV - [2006.11.14 16:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Programme\AF-HSS\prxtbAF-0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2765711
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.hotspotshield.com/g/?c=h
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B7 65 39 8B D3 DC CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Programme\AF-HSS\prxtbAF-0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2765711
IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Hotspot Shield Private Search"
FF - prefs.js..browser.search.defaultthis.engineName: "AF-HSS Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2765711&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.71
FF - prefs.js..keyword.URL: "hxxp://search.hotspotshield.com/g/results.php?c=s&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.14 20:14:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.24 22:36:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.24 22:36:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.14 20:14:26 | 000,000,000 | ---D | M]
[2012.02.20 18:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lunge\AppData\Roaming\mozilla\Extensions
[2010.06.04 10:49:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lunge\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.12.13 15:39:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lunge\AppData\Roaming\mozilla\Firefox\Profiles\gds1rjjk.default\extensions
[2012.11.23 12:45:15 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Lunge\AppData\Roaming\mozilla\firefox\profiles\gds1rjjk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.01.18 19:47:36 | 000,000,915 | ---- | M] () -- C:\Users\Lunge\AppData\Roaming\mozilla\firefox\profiles\gds1rjjk.default\searchplugins\conduit.xml
[2011.11.08 21:06:50 | 000,002,519 | ---- | M] () -- C:\Users\Lunge\AppData\Roaming\mozilla\firefox\profiles\gds1rjjk.default\searchplugins\SearchResults.xml
[2012.01.21 15:18:41 | 000,002,515 | ---- | M] () -- C:\Users\Lunge\AppData\Roaming\mozilla\firefox\profiles\gds1rjjk.default\searchplugins\Search_Results.xml
[2012.08.06 21:10:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.29 00:13:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.19 15:02:39 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2012.08.06 16:54:53 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.08.06 16:54:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.06 16:54:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.06 16:54:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.06 16:54:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.29 00:57:34 | 000,001,847 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\privatesearch.xml
[2011.11.08 21:06:50 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012.01.21 15:18:41 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012.08.06 16:54:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.06 16:54:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.04.15 20:38:58 | 000,001,304 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AF-HSS Toolbar) - {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Programme\AF-HSS\prxtbAF-0.dll (Conduit Ltd.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (AF-HSS Toolbar) - {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Programme\AF-HSS\prxtbAF-0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F1F6D65-20D6-4D2F-8D84-F972EC5B149A}: NameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3F00315-28C4-44BA-BDE5-08BD9BA07440}: DhcpNameServer = 130.75.1.32 130.75.1.40
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll) - C:\Programme\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll) - C:\Programme\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.11.05 19:42:13 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.01.21 02:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007.11.18 00:41:52 | 000,000,047 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1dd9a4b2-c4dc-11df-9203-00137736d597}\Shell - "" = AutoRun
O33 - MountPoints2\{1dd9a4b2-c4dc-11df-9203-00137736d597}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.01.21 02:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{1dd9a4ce-c4dc-11df-9203-00137736d597}\Shell - "" = AutoRun
O33 - MountPoints2\{1dd9a4ce-c4dc-11df-9203-00137736d597}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.01.21 02:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{1dd9a4db-c4dc-11df-9203-00137736d597}\Shell - "" = AutoRun
O33 - MountPoints2\{1dd9a4db-c4dc-11df-9203-00137736d597}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.01.21 02:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2315b836-51f4-11df-8973-00137736d597}\Shell - "" = AutoRun
O33 - MountPoints2\{2315b836-51f4-11df-8973-00137736d597}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{e4b33ab3-19cd-11e0-8f4f-00137736d597}\Shell - "" = AutoRun
O33 - MountPoints2\{e4b33ab3-19cd-11e0-8f4f-00137736d597}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.01.21 02:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.01.21 02:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.12.13 16:42:37 | 000,000,000 | ---D | C] -- C:\Users\Lunge\AppData\Roaming\Malwarebytes
[2012.12.13 16:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.13 16:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.13 16:42:24 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.13 16:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.11 21:41:27 | 000,000,000 | ---D | C] -- C:\Users\Lunge\AppData\Local\cache
========== Files - Modified Within 30 Days ==========
[2012.12.13 22:48:05 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.13 22:48:05 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.13 22:37:40 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.13 22:37:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.13 22:37:18 | 1407,848,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.13 22:32:30 | 000,000,176 | ---- | M] () -- C:\Users\Lunge\defogger_reenable
[2012.12.13 22:22:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.13 17:10:04 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.13 16:42:29 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.13 15:53:41 | 002,469,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.11 21:30:38 | 000,707,566 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.11 21:30:38 | 000,661,144 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.11 21:30:38 | 000,153,126 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.11 21:30:38 | 000,125,334 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.04 06:39:49 | 000,324,701 | ---- | M] () -- C:\Users\Lunge\Desktop\Winterwald.jpg
[2012.12.03 11:26:19 | 000,069,128 | ---- | M] () -- C:\Users\Lunge\Desktop\Riders Room.jpg
[2012.11.26 18:18:34 | 000,578,975 | ---- | M] () -- C:\Users\Lunge\Desktop\Gr_50_ad_0410.dwg
========== Files Created - No Company Name ==========
[2012.12.13 22:32:01 | 000,000,176 | ---- | C] () -- C:\Users\Lunge\defogger_reenable
[2012.12.13 16:42:29 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.03 22:19:33 | 000,324,701 | ---- | C] () -- C:\Users\Lunge\Desktop\Winterwald.jpg
[2012.12.03 11:26:19 | 000,069,128 | ---- | C] () -- C:\Users\Lunge\Desktop\Riders Room.jpg
[2012.11.26 18:19:26 | 000,578,975 | ---- | C] () -- C:\Users\Lunge\Desktop\Gr_50_ad_0410.dwg
[2012.11.15 07:24:13 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.15 07:23:34 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.05 21:57:02 | 000,000,147 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.10.24 22:38:15 | 000,057,552 | ---- | C] () -- C:\Windows\System32\WkDos.exe
[2012.10.24 22:37:31 | 000,203,264 | R--- | C] () -- C:\Windows\System32\WkWin32.dll
[2012.10.24 22:31:24 | 000,003,584 | ---- | C] () -- C:\Users\Lunge\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.21 15:18:38 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2012.01.21 14:38:57 | 000,000,093 | ---- | C] () -- C:\Users\Lunge\AppData\Local\fusioncache.dat
[2011.11.21 00:06:59 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.11.21 00:06:59 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.11.14 19:52:22 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2011.11.14 19:34:50 | 000,230,099 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011.10.19 19:06:17 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.10.14 22:59:42 | 093,829,256 | ---- | C] () -- C:\Users\Lunge\01_fun.rar
[2010.08.27 19:35:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.16 23:31:09 | 000,024,285 | ---- | C] () -- C:\Users\Lunge\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2009.07.14 00:11:12 | 000,104,138 | R-S- | C] () -- C:\Users\Lunge\AppData\Roaming\igfxtray.dat
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.01.20 17:26:09 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\Amazon
[2012.11.05 21:51:35 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\Autodesk
[2010.04.16 15:54:14 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.04.27 14:08:06 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\DAEMON Tools Lite
[2011.01.22 10:43:24 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\FileZilla
[2012.01.21 15:19:01 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\FreeAudioPack
[2012.01.21 15:22:25 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\FreeCDRipper
[2012.10.24 22:49:47 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\Graphisoft
[2010.09.07 22:41:59 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\ICQ
[2012.02.13 23:15:13 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\MicroST
[2010.04.16 22:59:36 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\Nokia
[2010.04.16 22:57:19 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\PC Suite
[2011.11.21 00:06:47 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\Samsung
[2010.08.17 12:04:39 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\TeamViewer 
========== Purity Check ==========
< End of report >
         
Und hier:

Code:
ATTFilter
OTL Extras logfile created on: 13.12.2012 22:40:42 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lunge\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 0,68 Gb Available Physical Memory | 39,15% Memory free
3,50 Gb Paging File | 2,29 Gb Available in Paging File | 65,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,05 Gb Total Space | 2,51 Gb Free Space | 3,64% Space Free | Partition Type: NTFS
Drive D: | 70,00 Gb Total Space | 26,56 Gb Free Space | 37,94% Space Free | Partition Type: NTFS
Drive G: | 22,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: LUNGE-PC | User Name: Stella | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03421A31-65BB-4815-B644-03E1EB398929}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0B615D94-02FF-4FFF-9EAC-DF938977C91D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{10A6915F-D004-464C-AF86-2084B5D2ED3F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{11D0FC05-966A-4712-A83F-AF456C0A6134}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{21AE81D3-477F-46AC-9339-A9CB4E0400EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2368D46B-6924-4578-B963-54B600BA33F9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{23B89A4C-5437-4E71-9CB9-9F61633B0E5F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{3A769903-539D-4FB1-A0C4-DAA9BD494CDB}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{3C41DC97-A77F-47AC-BFB9-D3619DC317FC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{47BFE119-2BD9-4784-83F6-D5FD713FA6B7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5A354433-9B0E-4F12-B507-99875CA293A0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5F85FFCE-8C4D-4F62-A9CE-D8F13C871691}" = rport=137 | protocol=17 | dir=out | app=system | 
"{910DDFEF-0E66-48DC-AD75-6CA89255D796}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9C460B6C-5B8F-4B46-825D-FDE1FC4FF4CE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AAC2A8F5-317B-4D03-AFEF-1CD80F1A0345}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{AFC7C349-7D83-4283-A511-B4103D9082F0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C1FB5DDD-7471-4606-AA48-B8C6FCB5A42E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D22EA008-50A4-4804-B4D2-0874EC6711FA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D8771966-E13F-4CD1-8957-1B2B0EA545B3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DADEAFED-32D2-4613-9568-AE97F5F6C9D2}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{EAF2352F-C58A-44AF-AFB9-C754A6260E25}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EC9A4E11-2AC4-4B14-A006-FECF52AA5A3A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ECB319C9-0643-431C-8BB0-678D10FC2755}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F9811B70-B5EB-402D-81C9-B4F83580236E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{028C66D7-44D6-4041-813E-D50D1A528E07}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{08A02D18-6C9A-49FA-9D10-D39352FBE27E}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{09EE7E48-784B-411B-A31D-B9E42CDB8335}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{0C837674-5351-4FE8-8970-9AEE64B3F433}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0F3D6833-CE1E-4392-BC8A-4DC624CE36F8}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | 
"{1095AED7-8B1F-476A-853A-6731A968AE81}" = protocol=17 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{12FEAD9F-364C-41C7-8683-AA36A002C9A9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{18D6C2D6-D362-4DDE-8225-041717FB474A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{18DE5CC8-3E57-4906-A276-6BCA6A36ED0C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1BBA847D-3D3C-4829-B414-5F0BEAD67C91}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{2714370F-176D-4704-A0E0-7162A2E667D7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{28F8E9C8-5800-45AA-9EBD-5B192E8EE406}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{2F2854C3-4EFB-49FD-93B5-211435BB5FC0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{34819C29-A0EB-4241-8D72-CED1E0F88553}" = protocol=6 | dir=out | app=system | 
"{37ABEC94-161D-4995-A119-2F30F8C297C8}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{3E0F6570-A40A-489E-A738-1291D745C167}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{4DB6D64F-D44E-4305-B5FA-C0BF4EE05A2E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{545161FF-C52A-4514-BED0-E0620298BAA5}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{5524ABAA-9A09-4037-9611-10B2442C5AC8}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{5BE6584D-521A-42B9-8D08-FB3A8726C8DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{5CE55559-ACC4-4FE1-A3C6-9584962CB6CA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{67564CCA-7989-44EE-B1FE-AA81312AF026}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{7526D1E3-3745-43CF-A1A5-CB1440AA04EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{752A3371-F123-40E3-93D4-4D15271D900D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{75FD5010-AFD6-4688-9242-E6FD165AD159}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7D23121B-9138-4FD5-8EFD-EACE6CA8D64F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7F937B2B-161B-4300-959F-07CE2A7CE579}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{81CE7DB2-A3D4-49F4-8FDB-2BE51499A4E5}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{82D238AC-C076-4FAB-B58B-1C382399C39D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{84A7ADDE-78FE-47E3-AF35-FEEC80509872}" = dir=in | app=e:\setup\hpznui01.exe | 
"{850C4FA7-FFCE-459C-A8E1-7D48EF8D7425}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{89025163-00DB-4D44-B25A-D8A35264F856}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{919C8D5F-3B1E-4BA5-AB36-7F7203F7D6C3}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{95101CD8-5DCA-4757-9CCB-7E9231A0F5F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{98217C7A-C6AA-4BD3-BFD0-D30045A0771C}" = protocol=6 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{9AECB6B4-28E3-446C-B96D-186DB2BB65A2}" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 12\archicad.exe | 
"{9DD2EB74-A7D5-42E5-ACF7-6271D2E97ED8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A452D50C-F809-4494-879B-A2B57BE3CA9A}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{B3A217C2-8355-45D9-97EB-AE0D5EDF56B1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{B4B93E1D-517A-4B76-A0B2-587A16B2797A}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{BCF44347-BE32-4103-A621-A9D2A61747B4}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{BE3E3701-805D-4AF7-84D9-067B80FE0E08}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C6499BC5-5E2B-4D49-B799-B91ABD2E300A}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{C67346C1-B157-43E1-B92F-D31B5E3B5DBE}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{C76F0BE6-8C7B-451F-AFB2-CB5BD012313A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{C8A47D34-F36D-4951-86DA-676FE478FCF3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CEB2B3E3-4B12-46E9-B499-23555ACE5068}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | 
"{D0EC17A4-94CF-4FBE-9182-7A2296017A31}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{D2067A49-3BE0-421B-BC86-3418CAC2D19F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D7BB0CF9-0794-45FC-B185-2A57A2A902AC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D8BAAD0B-6CE3-4DD9-AA43-B38E9091D3F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DB396363-011E-4119-A7AC-4795E3823B4B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{DEA82FE9-BF11-4B13-8B78-6E0E257B1C98}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{DFFCADBA-063A-4CF2-B20F-C2B8D38BC08A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E13A669B-7019-4C60-B4EE-9E1A9090C4E7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E28CC3E3-F6FE-448B-BF96-5BF2DC74007F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{E4AAB9B0-25B9-4D30-ABE1-472939F1918C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{E6A0D257-B246-4043-B4D3-95D553DEEEC0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{EA9D5489-8712-4D25-8B8F-FD278EF10FB3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{F45FC174-710D-4456-A9BE-33190A8E6983}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{F4777B1C-2955-41FB-AD90-E3BC1D40315D}" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 12\archicad.exe | 
"{F68E8901-BB2D-46B8-8D89-61A1432A836C}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{FD6966DD-782A-4AE1-84A3-8FB2BBF123E8}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{FF537667-0E1A-4ECA-8A39-3431A2A72F3B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{D72D29D3-4EAC-44EA-86A6-F04216AC25BA}C:\program files\graphisoft\archicad 12\archicad.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 12\archicad.exe | 
"TCP Query User{DEAE8EE1-3170-4BB7-B3C0-37635DD77787}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{0F364785-49D4-4677-83BB-220A7800CFF3}C:\program files\graphisoft\archicad 12\archicad.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 12\archicad.exe | 
"UDP Query User{B2CF45F9-A335-4CA3-94C5-937AFC5CFB17}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00060000-0000-1004-8002-0000C06B5161}" = WIBU-KEY Setup (WIBU-KEY Remove)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1CE8E6EB-3077-4E90-9C53-28B7015231D9}" = Google SketchUp Pro 8
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2376AAB2-F4D9-48D7-A42B-4E80B8967A8B}" = F4500
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5783F2D7-7004-0407-0002-0060B0CE6BBA}" = AutoCAD Architecture 2009 - Deutsch
"{5783F2D7-8004-0407-0002-0060B0CE6BBA}" = AutoCAD Architecture 2010 - Deutsch
"{5783F2D7-8004-0407-1002-0060B0CE6BBA}" = AutoCAD Architecture 2010 Language Pack - Deutsch
"{5783F2D7-A004-0407-0002-0060B0CE6BBA}" = AutoCAD Architecture 2012 - Deutsch
"{5783F2D7-A004-0407-1002-0060B0CE6BBA}" = AutoCAD Architecture 2012 Language Pack - Deutsch
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5E5E66D9-68DF-4818-A883-8787DC52EB7A}" = General Runtime Files for Nemetschek Allplan 2008
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7262D0C8-41CC-4F75-8383-A6C7C61D7FC6}" = Nemetschek SoftLock 2006
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83E222CC-223F-BE8C-0C77-0CEBDC2F9B57}" = Acrobat.com
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A88EFF90-6DA0-4468-85D4-62543AD92A83}" = Nemetschek Allplan 2008
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D8D8B308-B172-43DB-96F1-6A3F84851D61}" = iTunes Art Importer
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"001FFFFFFF12FF00FF0201F05F02F000-R1" = ArchiCAD 12 GER
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_697a06b96d8bcbe2d77b88e7d5448d0" = Adobe Creative Suite 4 Master Collection
"AF-HSS Toolbar" = AF-HSS Toolbar
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AutoCAD Architecture 2009 - Deutsch" = AutoCAD Architecture 2009 - Deutsch
"AutoCAD Architecture 2010 - Deutsch" = AutoCAD Architecture 2010 - Deutsch
"AutoCAD Architecture 2012 - Deutsch" = AutoCAD Architecture 2012 - Deutsch
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.3.5.1
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"HotspotShield" = Hotspot Shield 2.23
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"iLivid" = iLivid
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PismoFileMountAuditPackage" = Pismo File Mount Audit Package
"Shop for HP Supplies" = Shop for HP Supplies
"VLC media player" = VLC media player 1.0.5
"Windows Searchqu Toolbar" = Windows Searchqu Toolbar
"WinRAR archiver" = WinRAR archiver
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.01.2012 06:54:19 | Computer Name = Lunge-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 22.01.2012 06:54:19 | Computer Name = Lunge-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 22.01.2012 18:25:18 | Computer Name = Lunge-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 22.01.2012 18:25:18 | Computer Name = Lunge-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.01.2012 01:02:23 | Computer Name = Lunge-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.01.2012 01:02:23 | Computer Name = Lunge-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.01.2012 01:13:44 | Computer Name = Lunge-PC | Source = RasClient | ID = 20227
Description = 
Error - 23.01.2012 01:50:26 | Computer Name = Lunge-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
Error - 23.01.2012 02:21:25 | Computer Name = Lunge-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.01.2012 02:21:25 | Computer Name = Lunge-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 26.11.2012 06:59:18 | Computer Name = Lunge-PC | Source = bowser | ID = 8003
Description = 
Error - 26.11.2012 07:23:21 | Computer Name = Lunge-PC | Source = bowser | ID = 8003
Description = 
Error - 27.11.2012 08:40:28 | Computer Name = Lunge-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Autodesk Content Service erreicht.
Error - 27.11.2012 08:40:28 | Computer Name = Lunge-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Autodesk Content Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
Error - 01.12.2012 12:27:34 | Computer Name = Lunge-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 SBSD Security Center Service erreicht.
Error - 01.12.2012 12:27:34 | Computer Name = Lunge-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SBSD Security Center Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
Error - 03.12.2012 13:56:14 | Computer Name = Lunge-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error - 04.12.2012 01:34:06 | Computer Name = Lunge-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error - 05.12.2012 05:41:50 | Computer Name = Lunge-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error - 05.12.2012 18:43:00 | Computer Name = Lunge-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
< End of report >
         
Und der letzte:

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-12-14 07:46:03
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHW2160BH_PL rev.0000001C
Running: eyw0sy48.exe; Driver: C:\Users\Lunge\AppData\Local\Temp\ugloapod.sys
---- System - GMER 1.0.15 ----
SSDT            8F2FC856                                                                                                            ZwCreateSection
SSDT            8F2FC85B                                                                                                            ZwSetContextThread
SSDT            8F2FC7F7                                                                                                            ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text           ntoskrnl.exe!ZwRollbackEnlistment + 1401                                                                            82C4B9C9 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                              82C6B4E2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntoskrnl.exe!KeRemoveQueueEx + 14BF                                                                                 82C7287C 4 Bytes  [56, C8, 2F, 8F]
.text           ntoskrnl.exe!KeRemoveQueueEx + 185F                                                                                 82C72C1C 4 Bytes  [5B, C8, 2F, 8F]
.text           ntoskrnl.exe!KeRemoveQueueEx + 1937                                                                                 82C72CF4 4 Bytes  CALL B28F247B 
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                            section is writeable [0x8FC24000, 0x23097E, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3672] ntdll.dll!NtClose                                                77A754C8 5 Bytes  JMP 73309DB0 C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3672] ntdll.dll!NtCreateFile                                           77A755C8 5 Bytes  JMP 73309BF0 C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3672] ntdll.dll!NtOpenFile                                             77A75CD8 5 Bytes  JMP 73309B70 C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3672] ntdll.dll!NtQueryInformationFile                                 77A76018 5 Bytes  JMP 73309E20 C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3672] ntdll.dll!NtReadFile                                             77A762B8 5 Bytes  JMP 73309C90 C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3672] ntdll.dll!NtSetInformationFile                                   77A76638 5 Bytes  JMP 73309EA0 C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3672] ntdll.dll!NtWriteFile                                            77A76A68 5 Bytes  JMP 73309D20 C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3672] ntdll.dll!LdrLoadDll                                             77A9223E 5 Bytes  JMP 6392C930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3672] kernel32.dll!MapViewOfFile                                       761E9423 5 Bytes  JMP 63B5E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3672] kernel32.dll!VirtualAlloc                                        761EC43A 5 Bytes  JMP 63B5E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3672] GDI32.dll!CreateDIBSection                                       77568850 4 Bytes  JMP 63B5E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Devices - GMER 1.0.15 ----
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device          \Driver\ACPI_HAL \Device\00000058                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread          SYSTEM [4:3236]                                                                                                     9B2E3F2E
---- Registry - GMER 1.0.15 ----
Reg             HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch                                                    6992
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x00 0x19 0xE5 0x89 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x75 0x4B 0x9F 0xED ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x44 0xBF 0x61 0x68 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x00 0x19 0xE5 0x89 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x75 0x4B 0x9F 0xED ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x44 0xBF 0x61 0x68 ...
---- EOF - GMER 1.0.15 ----
         


Alt 14.12.2012, 16:28   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spam-Mail vom eigenen Account verschickt worden - Standard

Spam-Mail vom eigenen Account verschickt worden



Code:
ATTFilter
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
         
Hier ist leider Schluss, denn diese Einträge in der Hosts-Datei sind eindeutig ein Hinweis auf gecrackte Adobe-Software => CS4 in deinem Fall!

Wenn man gecrackte und damit hochriskante Software ausführt muss man sich auch nun wirklich nicht über sowas wie gekaperte Mailkonten mehr wundern

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________
--> Spam-Mail vom eigenen Account verschickt worden

Antwort

Themen zu Spam-Mail vom eigenen Account verschickt worden
administrator, anti-malware, appdata, autostart, datei, dateien, explorer, folge, handle, klicke, link, log-datei, malwarebytes, microsoft, namen, passwort, problem, roaming, scan, software, speicher, spybot, test, trojan.fakealert, virus, yahoo




Ähnliche Themen: Spam-Mail vom eigenen Account verschickt worden


  1. E-mail: SPAM Mails von web.de Account verschickt
    Log-Analyse und Auswertung - 18.10.2015 (6)
  2. Von Strato E-Mail-Account werden ungewollt Spam-Mails verschickt
    Plagegeister aller Art und deren Bekämpfung - 01.10.2015 (28)
  3. Spam Mail vom eigenen Yahoo Account erhalten - Account gehackt?
    Log-Analyse und Auswertung - 28.08.2015 (8)
  4. Yahoo-Mail Account verschickt Spam, hinterlässt keine Spuren im Verschickt-Ordner Win8
    Plagegeister aller Art und deren Bekämpfung - 16.07.2014 (11)
  5. Eigener E-Mail Account verschickt Spam
    Plagegeister aller Art und deren Bekämpfung - 15.06.2014 (7)
  6. Mail Account verschickt automatisch Spam Mails
    Plagegeister aller Art und deren Bekämpfung - 01.04.2014 (11)
  7. Aol-Mail Account verschickt Spam - Trojaner?
    Log-Analyse und Auswertung - 27.02.2014 (1)
  8. E-mail Account verschickt Spam Mail mit Viren Anhang an alle Kontakte
    Log-Analyse und Auswertung - 29.10.2013 (16)
  9. Yahoo Mail Account verschickt Spam Mails
    Log-Analyse und Auswertung - 16.12.2012 (29)
  10. Trojaner / Malware ? Mail Account hat Spam Mails verschickt
    Plagegeister aller Art und deren Bekämpfung - 06.07.2012 (30)
  11. E-Mail Account verschickt (SPAM) Mails
    Log-Analyse und Auswertung - 26.06.2012 (36)
  12. Yahoo Mail Account verschickt Spam mit Links. Bot?
    Log-Analyse und Auswertung - 18.06.2012 (3)
  13. Spam-Mails mit meinem E-Mail-Account verschickt.
    Plagegeister aller Art und deren Bekämpfung - 20.12.2011 (17)
  14. Spam-Nachrichten von meinem E-Mail-Account verschickt - Befürchtung, daß ich 'nen Virus hab...
    Log-Analyse und Auswertung - 25.11.2011 (12)
  15. Yahoo E-Mail Account verschickt Spam
    Plagegeister aller Art und deren Bekämpfung - 20.10.2011 (3)
  16. Windows Mail verschickt Spam-Mails über meinen Account
    Plagegeister aller Art und deren Bekämpfung - 19.10.2011 (26)
  17. Mail-Account verschickt Spam
    Plagegeister aller Art und deren Bekämpfung - 09.12.2010 (30)

Zum Thema Spam-Mail vom eigenen Account verschickt worden - Hallo liebes Team, ich hab heut Morgen leider erfahren, dass meine Kontakte von meinem Emailaccount eine Nachricht ohne Betreff mit folgendem Link erhalten haben:hxxp://tujmada.com/wp-content/plugins/akismet/google.html Wie kann das sein? Ich habe - Spam-Mail vom eigenen Account verschickt worden...
Archiv
Du betrachtest: Spam-Mail vom eigenen Account verschickt worden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.