Trojaner-Board - GVU Trojaner - Österreichische Version eingefangen

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - GVU Trojaner - Österreichische Version eingefangen (https://www.trojaner-board.de/123812-gvu-trojaner-osterreichische-version-eingefangen.html)

GVU Trojaner - Österreichische Version eingefangen

Hi

Meine Freundin hat sich heute den GVU Trojaner eingefangen (österreich version).

Hier die OTL Logs:
OTL.txt

Code:

OTL logfile created on: 09.09.2012 20:22:02 - Run 1

OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\admin_new\Desktop

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

1014,12 Mb Total Physical Memory | 367,48 Mb Available Physical Memory | 36,24% Memory free

1,99 Gb Paging File | 1,03 Gb Available in Paging File | 51,52% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 88,18 Gb Total Space | 13,06 Gb Free Space | 14,81% Space Free | Partition Type: NTFS

 

Computer Name: INTAN-PC | User Name: admin_new | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.09.09 20:15:35 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\admin_new\Desktop\OTL.exe

PRC - [2012.07.26 19:52:04 | 001,095,560 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe

PRC - [2012.07.26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe

PRC - [2012.03.22 16:13:16 | 000,086,016 | ---- | M] (alch) -- C:\Programme\ClamWin\bin\ClamTray.exe

PRC - [2011.10.11 11:43:27 | 001,700,784 | ---- | M] (iMesh, Inc) -- C:\Programme\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe

PRC - [2010.07.27 12:01:10 | 000,484,816 | ---- | M] () -- C:\Programme\3DataManager\3DataManager_Launcher.exe

PRC - [2010.07.08 14:18:30 | 000,333,264 | ---- | M] () -- C:\Programme\3DataManager\WTGService.exe

PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.08.30 04:58:45 | 000,442,392 | ---- | M] () -- C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll

MOD - [2012.08.30 04:58:44 | 012,237,336 | ---- | M] () -- C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll

MOD - [2012.08.30 04:58:42 | 003,997,720 | ---- | M] () -- C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll

MOD - [2012.08.30 04:57:27 | 000,526,872 | ---- | M] () -- C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\libglesv2.dll

MOD - [2012.08.30 04:57:26 | 000,104,984 | ---- | M] () -- C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\libegl.dll

MOD - [2012.08.30 04:57:15 | 000,144,424 | ---- | M] () -- C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll

MOD - [2012.08.30 04:57:13 | 000,266,792 | ---- | M] () -- C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll

MOD - [2012.08.30 04:57:12 | 002,480,680 | ---- | M] () -- C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll

MOD - [2010.07.27 12:01:10 | 000,484,816 | ---- | M] () -- C:\Programme\3DataManager\3DataManager_Launcher.exe

MOD - [2008.04.19 17:35:02 | 000,081,920 | ---- | M] () -- C:\Programme\ClamWin\bin\ExpShell.dll

MOD - [2005.02.08 17:23:10 | 000,979,005 | ---- | M] () -- C:\Programme\ClamWin\bin\python23.dll

MOD - [2004.11.20 03:27:54 | 000,106,496 | ---- | M] () -- C:\Programme\ClamWin\lib\shell.pyd

MOD - [2004.11.20 03:27:54 | 000,086,016 | ---- | M] () -- C:\Programme\ClamWin\lib\win32gui.pyd

MOD - [2004.11.20 03:27:54 | 000,077,824 | ---- | M] () -- C:\Programme\ClamWin\lib\win32file.pyd

MOD - [2004.11.20 03:27:54 | 000,069,632 | ---- | M] () -- C:\Programme\ClamWin\lib\win32api.pyd

MOD - [2004.11.20 03:27:54 | 000,065,536 | ---- | M] () -- C:\Programme\ClamWin\lib\win32security.pyd

MOD - [2004.11.20 03:27:54 | 000,036,864 | ---- | M] () -- C:\Programme\ClamWin\lib\win32process.pyd

MOD - [2004.11.20 03:27:54 | 000,024,576 | ---- | M] () -- C:\Programme\ClamWin\lib\win32pipe.pyd

MOD - [2004.11.20 03:27:54 | 000,024,576 | ---- | M] () -- C:\Programme\ClamWin\lib\win32event.pyd

MOD - [2004.10.11 20:22:18 | 000,315,392 | ---- | M] () -- C:\Programme\ClamWin\lib\pythoncom23.dll

MOD - [2004.10.11 20:21:26 | 000,094,208 | ---- | M] () -- C:\Programme\ClamWin\lib\pywintypes23.dll

MOD - [2004.05.25 21:20:30 | 000,036,864 | ---- | M] () -- C:\Programme\ClamWin\lib\_winreg.pyd

MOD - [2004.05.25 21:19:32 | 000,045,117 | ---- | M] () -- C:\Programme\ClamWin\lib\datetime.pyd

MOD - [2004.05.25 21:18:42 | 000,495,616 | ---- | M] () -- C:\Programme\ClamWin\lib\_ssl.pyd

MOD - [2004.05.25 21:18:28 | 000,057,401 | ---- | M] () -- C:\Programme\ClamWin\lib\_sre.pyd

MOD - [2004.05.25 21:18:20 | 000,049,212 | ---- | M] () -- C:\Programme\ClamWin\lib\_socket.pyd

MOD - [2004.05.25 21:17:14 | 000,622,651 | ---- | M] () -- C:\Programme\ClamWin\lib\_bsddb.pyd

MOD - [2004.01.15 14:45:22 | 000,061,440 | ---- | M] () -- C:\Programme\ClamWin\lib\_ctypes.pyd

MOD - [2003.10.01 13:40:00 | 002,240,512 | ---- | M] () -- C:\Programme\ClamWin\lib\wxc.pyd

MOD - [2003.10.01 11:43:02 | 003,239,936 | ---- | M] () -- C:\Programme\ClamWin\lib\wxmsw24h.dll

MOD - [2003.08.10 09:14:40 | 000,061,440 | ---- | M] () -- C:\Programme\ClamWin\lib\mxDateTime.pyd

 

 
 ========== Services (SafeList) ==========

 

SRV - [2012.07.26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2010.11.08 23:30:55 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010.07.08 14:18:30 | 000,333,264 | ---- | M] () [Auto | Running] -- C:\Programme\3DataManager\WTGService.exe -- (WTGService)

SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2010.11.21 16:04:35 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2010.11.21 16:04:35 | 000,101,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)

DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)

DRV - [2009.07.14 00:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2006.02.16 11:55:16 | 000,074,624 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)

DRV - [2006.02.16 11:55:12 | 000,060,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)

IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFA_deAT433

IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\admin_new\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\admin_new\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

 

 

 
 ========== Chrome  ==========

 

CHR - homepage: 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: 

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

 

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()

O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (SearchCore for Browsers) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (SearchCore for Browsers)

O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()

O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()

O3 - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)

O4 - HKLM..\Run: [DATAMNGR] C:\Programme\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (iMesh, Inc)

O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\intan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25C95914-444D-4E31-890D-44E5A30FD570}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D501AC8D-78A1-400B-820A-E2A340D41B84}: NameServer = 213.94.78.17 213.94.78.16

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (iMesh, Inc)

O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (iMesh, Inc)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.09.09 20:14:47 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\admin_new\Desktop\OTL.exe

[2012.09.09 20:11:23 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012.09.09 20:09:45 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2012.09.09 20:09:45 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2012.09.09 20:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater

[2012.09.09 20:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot

[2012.09.09 20:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar

[2012.09.09 20:06:53 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Macromedia

[2012.09.09 20:06:34 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2012.09.09 20:06:34 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2012.09.09 20:05:16 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Adobe

[2012.09.09 20:03:50 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Google

[2012.09.09 20:03:48 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\Google

[2012.09.09 20:01:46 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\.clamwin

[2012.09.09 20:01:32 | 000,000,000 | R--D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2012.09.09 20:01:32 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Searches

[2012.09.09 20:01:32 | 000,000,000 | R--D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2012.09.09 20:01:22 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Identities

[2012.09.09 20:01:20 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Contacts

[2012.09.09 20:01:15 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\VirtualStore

[2012.09.09 20:01:13 | 000,000,000 | --SD | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft

[2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Videos

[2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Saved Games

[2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Pictures

[2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Music

[2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Links

[2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Favorites

[2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Downloads

[2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Documents

[2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Desktop

[2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Vorlagen

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\AppData\Local\Verlauf

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\AppData\Local\Temporary Internet Files

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Startmenü

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\SendTo

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Recent

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Netzwerkumgebung

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Lokale Einstellungen

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Documents\Eigene Videos

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Documents\Eigene Musik

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Eigene Dateien

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Documents\Eigene Bilder

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Druckumgebung

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Cookies

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\AppData\Local\Anwendungsdaten

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Anwendungsdaten

[2012.09.09 20:01:13 | 000,000,000 | -H-D | C] -- C:\Users\admin_new\AppData

[2012.09.09 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\Temp

[2012.09.09 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\Microsoft Help

[2012.09.09 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\Microsoft

[2012.09.09 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Media Center Programs

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.09.09 20:20:57 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.09.09 20:20:57 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.09.09 20:19:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.09.09 20:16:13 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1428027426-2215384228-2540435377-1003Core.job

[2012.09.09 20:16:09 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1428027426-2215384228-2540435377-1003UA.job

[2012.09.09 20:15:35 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\admin_new\Desktop\OTL.exe

[2012.09.09 20:11:39 | 000,002,380 | ---- | M] () -- C:\Users\admin_new\Desktop\Google Chrome.lnk

[2012.09.09 20:09:17 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.09.09 20:09:17 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.09.09 20:09:17 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.09.09 20:09:17 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.09.09 20:01:16 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.09.09 20:00:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.09.09 20:00:54 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys

 
 ========== Files Created - No Company Name ==========

 

[2012.09.09 20:11:39 | 000,002,380 | ---- | C] () -- C:\Users\admin_new\Desktop\Google Chrome.lnk

[2012.09.09 20:09:08 | 000,001,136 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1428027426-2215384228-2540435377-1003UA.job

[2012.09.09 20:08:55 | 000,001,084 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1428027426-2215384228-2540435377-1003Core.job

[2012.09.09 20:01:35 | 000,001,413 | ---- | C] () -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2010.11.18 10:10:30 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

 
 ========== LOP Check ==========

 

[2012.05.05 18:52:58 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\3DataManager

[2011.01.09 22:48:58 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\AUTOSICH

[2012.09.09 19:56:13 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\BitTorrent

[2012.05.05 18:54:53 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\fifa

[2012.05.01 18:22:20 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\jggwhyzbjyxzzl

[2011.10.27 13:33:41 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\MusicNet

[2012.05.02 18:51:36 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\ryxjsxxujtoya

[2012.04.13 18:58:21 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

extras.txt

Code:

OTL Extras logfile created on: 09.09.2012 20:22:02 - Run 1

OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\admin_new\Desktop

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

1014,12 Mb Total Physical Memory | 367,48 Mb Available Physical Memory | 36,24% Memory free

1,99 Gb Paging File | 1,03 Gb Available in Paging File | 51,52% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 88,18 Gb Total Space | 13,06 Gb Free Space | 14,81% Space Free | Partition Type: NTFS

 

Computer Name: INTAN-PC | User Name: admin_new | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0FB25D0B-5214-4DA5-A923-5954FBDFCFDC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{295325D3-B8E4-4AC8-AFF5-75D9B5C8A308}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{308DE554-B30C-435E-BDA4-7689678F115B}" = rport=137 | protocol=17 | dir=out | app=system | 

"{4A0697C0-9497-4106-A2A2-4BA184901DA5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{594A0524-0141-402B-AF13-A717E2D8B483}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 

"{6C559D6F-29A0-4964-9252-FD7EB7F71BEB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{7682232A-066C-4AAB-B60B-CBBFFB4ADFF8}" = rport=139 | protocol=6 | dir=out | app=system | 

"{79EB7DFB-D221-4E8C-8F8C-BC5A3429B3D9}" = lport=138 | protocol=17 | dir=in | app=system | 

"{8222189C-F67C-4B58-9249-7254E0F234DF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{89373BCB-68BE-481A-B26A-4F9C2FCF860C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{99E0AD96-3175-42AE-83BB-33E46957E834}" = lport=445 | protocol=6 | dir=in | app=system | 

"{A9B6476F-D8D1-41EC-B4E7-E662F93F57A0}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{AC4EC281-7679-49A3-8052-98AFC73748AA}" = rport=138 | protocol=17 | dir=out | app=system | 

"{C514419D-94C6-4332-8D86-037B952CE38A}" = lport=139 | protocol=6 | dir=in | app=system | 

"{D3C35FE7-3E2B-4FFD-89C4-F93D01DC2C85}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{D44B8122-B079-4019-B4BC-C341A29C531F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{E5F742B1-1097-4CD0-8162-E99E144F85FC}" = rport=445 | protocol=6 | dir=out | app=system | 

"{EFB1D7A0-522E-43C5-BF91-E9F08B92490B}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{F4041AB0-F5B3-407C-8725-121CE57F076A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{F7C61AF3-3DC8-4E86-85B9-B5223BAEDECD}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{FB326887-711E-489F-BDAC-9808A57ADE1E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{FE10CF7F-175E-4EB4-9A52-1D18C97AB9BC}" = lport=137 | protocol=17 | dir=in | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{023B2DD2-18ED-4D70-BB9C-7AE971B3CFE2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{09E5A8A8-DF95-4264-85CF-621C444BA42A}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 

"{0C024F1B-03EE-48C5-B64D-B7D86498D07A}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 

"{0EA2F762-4B0D-4A6A-BDC1-556963453C18}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{2504F4EB-2402-4C9F-BF69-F4F32CF493AA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{2A38EC1B-E004-4871-BC7A-4596A72811ED}" = protocol=17 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe | 

"{3A9EF295-D73F-4774-8E23-A25E24C794D5}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 

"{3BF0B568-D8DE-48F7-9405-ACAF72CAFE7B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{406EAEB8-00F3-4AD9-A75B-F4721AE646B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{5AAF40E3-0190-4ABA-98E2-AA3706D514D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{5DF16B35-F394-4294-AB51-D84C3EF7195F}" = protocol=6 | dir=out | app=system | 

"{6C6158BF-C6FD-4C6F-B7BB-77487AF259CD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{6F293C4F-DD2D-471B-923B-405FDA15EB47}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 

"{78C8BF52-C28C-4432-8912-B0B13D6565EE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{83B74C1F-421A-4FB5-AC69-163229621FE1}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 

"{84C28921-CD32-4DB8-8251-1E937389E31A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{95F90B5A-73E5-4DDF-ACBB-632D46AA1420}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{A68CE2F9-35F5-4414-A723-964AB9388729}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{AD82CE63-542C-48C1-AFA8-006D5C01C2B4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{C307D11F-0148-4983-AE72-17B83342DE6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{D24334F5-F7B0-42C3-B8F4-E9BC840FC7D7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{D75818FD-9D3C-449E-B55E-6EF93BC4E5AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{F7727796-A549-4EB2-89F6-1003B0A92105}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 

"{F9DF0070-255B-46F6-9C4C-EECC142550EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{FA0136EE-8DA2-41F1-92AB-EF2592347847}" = protocol=6 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe | 

"{FD5B92A8-203F-47EB-AEE3-D92EFD527CE6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"TCP Query User{9AE6EF02-1226-4891-A202-1BF55B603750}C:\program files\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 

"UDP Query User{5C7D3225-8288-47B0-9D38-18DB0B6A9114}C:\program files\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2511D82C-2688-41C2-ABF8-AF237795989B}" = pdfforge Toolbar v6.2

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007

"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007

"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007

"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch

"3DataManager" = 3DataManager

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"BitTorrent" = BitTorrent

"BittorrentBar_DE Toolbar" = BittorrentBar_DE Toolbar

"CCleaner" = CCleaner

"ClamWin Free Antivirus_is1" = ClamWin Free Antivirus 0.97.4

"conduitEngine" = Conduit Engine

"ENTERPRISE" = Microsoft Office Enterprise 2007

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"iMesh" = iMesh

"iMesh 1 MediaBar" = MediaBar

"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch

"SearchCore for Browsers" = SearchCore for Browsers

"vShare" = vShare Plugin

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1428027426-2215384228-2540435377-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 23.04.2012 06:15:32 | Computer Name = intan-PC | Source = Application Hang | ID = 1002

Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: f9c    Startzeit: 01cd213965438124    Endzeit: 780    Anwendungspfad:

 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 3f6c3d51-8d2d-11e1-b5dc-0016d44d1c31
 

 

Error - 23.04.2012 06:15:42 | Computer Name = intan-PC | Source = Application Hang | ID = 1002

Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: d64    Startzeit: 01cd21359d5bfe7c    Endzeit: 110    Anwendungspfad:

 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   

 

Error - 23.04.2012 06:49:53 | Computer Name = intan-PC | Source = Application Hang | ID = 1002

Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: cf8    Startzeit: 01cd213d30747f2d    Endzeit: 187    Anwendungspfad:

 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 0c38892e-8d32-11e1-b5dc-0016d44d1c31
 

 

Error - 23.04.2012 13:45:06 | Computer Name = intan-PC | Source = Application Hang | ID = 1002

Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: df0    Startzeit: 01cd2177a8846032    Endzeit: 234    Anwendungspfad:

 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 0a247dde-8d6c-11e1-bf97-0016d44d1c31
 

 

Error - 26.04.2012 08:06:46 | Computer Name = intan-PC | Source = Application Hang | ID = 1002

Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: d5c    Startzeit: 01cd23a4e3671c8f    Endzeit: 390    Anwendungspfad:

 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 486bb23f-8f98-11e1-b4d5-0016d44d1c31
 

 

Error - 26.04.2012 08:41:15 | Computer Name = intan-PC | Source = Application Hang | ID = 1002

Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: 5a4    Startzeit: 01cd23a8fad1d4fb    Endzeit: 327    Anwendungspfad:

 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 1a32005a-8f9d-11e1-b4d5-0016d44d1c31
 

 

Error - 27.04.2012 11:49:34 | Computer Name = intan-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722,

 Zeitstempel: 0x4d0c2f29  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,

 Zeitstempel: 0x4cc7ab44  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00028ab2  ID des fehlerhaften

 Prozesses: 0xf08  Startzeit der fehlerhaften Anwendung: 0x01cd2488b0c2e3c5  Pfad der

 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des

 fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 957a820c-9080-11e1-815c-0016d44d1c31

 

Error - 27.04.2012 13:15:01 | Computer Name = intan-PC | Source = Application Hang | ID = 1002

Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: 474    Startzeit: 01cd2488ac1f151c    Endzeit: 1279    Anwendungspfad:

 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 7916045f-908c-11e1-815c-0016d44d1c31
 

 

Error - 05.05.2012 04:32:24 | Computer Name = intan-PC | Source = Application Hang | ID = 1002

Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: f54    Startzeit: 01cd2a98c6ab6e40    Endzeit: 63    Anwendungspfad: 

C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: d3e0f663-968c-11e1-8a7d-0016d44d1c31
 

 

Error - 09.09.2012 14:17:18 | Computer Name = intan-PC | Source = Windows Activation Technologies | ID = 14

Description = Fehler bei der Echtheitsprüfung:    hr = 0x800706BA

 

[ System Events ]

Error - 09.09.2012 13:57:56 | Computer Name = intan-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 09.09.2012 13:57:57 | Computer Name = intan-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 09.09.2012 13:57:58 | Computer Name = intan-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 09.09.2012 13:57:58 | Computer Name = intan-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 09.09.2012 13:57:58 | Computer Name = intan-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 09.09.2012 13:57:58 | Computer Name = intan-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 09.09.2012 13:57:58 | Computer Name = intan-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 09.09.2012 13:57:58 | Computer Name = intan-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 09.09.2012 13:58:33 | Computer Name = intan-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 09.09.2012 13:58:44 | Computer Name = intan-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

 

< End of report >

hoffe ihr könnt mir helfen.

Mfg

:hallo:

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

hi
Scanvorgang hat 7 objekte gefunden und wurden gelöscht bzw in quarantäne gestellt.

Hier der Adwcleaner suchlog:

Code:

# AdwCleaner v2.001 - Datei am 09/10/2012 um 10:08:12 erstellt

# Aktualisiert am 09/09/2012 von Xplode

# Betriebssystem : Windows 7 Ultimate  (32 bits)

# Benutzer : admin_new - INTAN-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\admin_new\Desktop\adwcleaner.exe

# Option [Suche]
 
 

**** [Dienste] ****
 

Gefunden : Application Updater
 

***** [Dateien / Ordner] *****
 

Ordner Gefunden : C:\Program Files\Application Updater

Ordner Gefunden : C:\Program Files\Common Files\spigot

Ordner Gefunden : C:\Program Files\Conduit

Ordner Gefunden : C:\Program Files\ConduitEngine

Ordner Gefunden : C:\Program Files\pdfforge Toolbar

Ordner Gefunden : C:\Program Files\vShare

Ordner Gefunden : C:\Users\admin_new\AppData\LocalLow\BittorrentBar_DE

Ordner Gefunden : C:\Users\admin_new\AppData\LocalLow\Conduit

Ordner Gefunden : C:\Users\admin_new\AppData\LocalLow\ConduitEngine

Ordner Gefunden : C:\Users\admin_new\AppData\LocalLow\imeshbandmltbpi

Ordner Gefunden : C:\Users\admin_new\AppData\LocalLow\mediabarim

Ordner Gefunden : C:\Users\admin_new\AppData\LocalLow\pdfforge

Ordner Gefunden : C:\Users\admin_new\AppData\LocalLow\Search Settings

Ordner Gefunden : C:\Users\admin_new\AppData\LocalLow\vShare

Ordner Gefunden : C:\Users\intan\AppData\LocalLow\BittorrentBar_DE

Ordner Gefunden : C:\Users\intan\AppData\LocalLow\Conduit

Ordner Gefunden : C:\Users\intan\AppData\LocalLow\ConduitEngine

Ordner Gefunden : C:\Users\intan\AppData\LocalLow\imeshbandmltbpi

Ordner Gefunden : C:\Users\intan\AppData\LocalLow\mediabarim

Ordner Gefunden : C:\Users\intan\AppData\LocalLow\pdfforge

Ordner Gefunden : C:\Users\intan\AppData\LocalLow\PriceGong

Ordner Gefunden : C:\Users\intan\AppData\LocalLow\Search Settings

Ordner Gefunden : C:\Users\intan\AppData\LocalLow\vShare
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\BittorrentBar_DE

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\pdfforge

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Search Settings

Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}

Schlüssel Gefunden : HKCU\Software\pdfforge

Schlüssel Gefunden : HKCU\Software\Search Settings

Schlüssel Gefunden : HKLM\Software\BittorrentBar_DE

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B6C3F0AA-F0BA-4778-BC0B-B05B83FECFD3}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\imweb.imwebcontrol

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2849855

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\vShare.PugiObj

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\vShare.PugiObj.1

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1

Schlüssel Gefunden : HKLM\Software\Conduit

Schlüssel Gefunden : HKLM\Software\conduitEngine

Schlüssel Gefunden : HKLM\Software\conduitEngine

Schlüssel Gefunden : HKLM\Software\DataMngr

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1BAD33D7-EAB8-4A10-8041-AFF5F6C04919}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E37ADDCB-6C65-4576-A4C2-5B33BCB86A66}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6C3F0AA-F0BA-4778-BC0B-B05B83FECFD3}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BittorrentBar_DE Toolbar

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iMesh 1 MediaBar

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare

Schlüssel Gefunden : HKLM\Software\pdfforge

Schlüssel Gefunden : HKLM\Software\Search Settings

Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]

Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}]

Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]

Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]

Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]

Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]

Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]

Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}]

Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]

Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}]

Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v8.0.7600.16385
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Google Chrome v21.0.1180.89
 

Datei : C:\Users\admin_new\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [13749 octets] - [09/09/2012 22:39:23]

AdwCleaner[R2].txt - [13810 octets] - [09/09/2012 22:41:33]

AdwCleaner[R3].txt - [13740 octets] - [10/09/2012 10:08:12]
 

########## EOF - C:\AdwCleaner[R3].txt - [13801 octets] ##########

Soll ich das Löschen auch durchführen`?

Mfg

Bitte das Malwarebytes Logfile posten!
(Reiter Logberichte)

hier der mbam log

Code:

Malwarebytes Anti-Malware (Test) 1.62.0.1300

www.malwarebytes.org
 

Datenbank Version: v2012.09.09.06
 

Windows 7 x86 NTFS

Internet Explorer 8.0.7600.16385

admin_new :: INTAN-PC [Administrator]
 

Schutz: Aktiviert
 

10.09.2012 09:32:40

mbam-log-2012-09-10 (09-32-40).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 263301

Laufzeit: 29 Minute(n), 6 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 7

C:\ProgramData\Windows\wsse.dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Romano.Bin\9A0B33B1FB4.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\intan\AppData\Local\Temp\ms0cfg32.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\intan\AppData\Local\Temp\~!#EF6D.tmp (Spyware.Password) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\aaa0ea1-6ed80b82 (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\25298928-4b748da9 (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\intan\Desktop\sname (Spyware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.*

%APPDATA%\*AcroIEH*.*

%APPDATA%\*.exe

%APPDATA%\*.tmp

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

hi
hier der OTL log mit dem custom scan

Code:

OTL logfile created on: 12.09.2012 19:24:52 - Run 2

OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\admin_new\Desktop

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

1014,12 Mb Total Physical Memory | 355,48 Mb Available Physical Memory | 35,05% Memory free

1,99 Gb Paging File | 1,29 Gb Available in Paging File | 64,87% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 88,18 Gb Total Space | 12,08 Gb Free Space | 13,70% Space Free | Partition Type: NTFS

 

Computer Name: INTAN-PC | User Name: admin_new | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.09.09 20:15:35 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\admin_new\Desktop\OTL.exe

PRC - [2012.07.26 19:52:04 | 001,095,560 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe

PRC - [2012.07.26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe

PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.03.22 16:13:16 | 000,086,016 | ---- | M] (alch) -- C:\Programme\ClamWin\bin\ClamTray.exe

PRC - [2011.10.11 11:43:27 | 001,700,784 | ---- | M] (iMesh, Inc) -- C:\Programme\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe

PRC - [2010.07.27 12:01:10 | 000,484,816 | ---- | M] () -- C:\Programme\3DataManager\3DataManager_Launcher.exe

PRC - [2010.07.08 14:18:30 | 000,333,264 | ---- | M] () -- C:\Programme\3DataManager\WTGService.exe

PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2010.07.27 12:01:10 | 000,484,816 | ---- | M] () -- C:\Programme\3DataManager\3DataManager_Launcher.exe

MOD - [2008.04.19 17:35:02 | 000,081,920 | ---- | M] () -- C:\Programme\ClamWin\bin\ExpShell.dll

MOD - [2005.02.08 17:23:10 | 000,979,005 | ---- | M] () -- C:\Programme\ClamWin\bin\python23.dll

MOD - [2004.11.20 03:27:54 | 000,106,496 | ---- | M] () -- C:\Programme\ClamWin\lib\shell.pyd

MOD - [2004.11.20 03:27:54 | 000,086,016 | ---- | M] () -- C:\Programme\ClamWin\lib\win32gui.pyd

MOD - [2004.11.20 03:27:54 | 000,077,824 | ---- | M] () -- C:\Programme\ClamWin\lib\win32file.pyd

MOD - [2004.11.20 03:27:54 | 000,069,632 | ---- | M] () -- C:\Programme\ClamWin\lib\win32api.pyd

MOD - [2004.11.20 03:27:54 | 000,065,536 | ---- | M] () -- C:\Programme\ClamWin\lib\win32security.pyd

MOD - [2004.11.20 03:27:54 | 000,036,864 | ---- | M] () -- C:\Programme\ClamWin\lib\win32process.pyd

MOD - [2004.11.20 03:27:54 | 000,024,576 | ---- | M] () -- C:\Programme\ClamWin\lib\win32pipe.pyd

MOD - [2004.11.20 03:27:54 | 000,024,576 | ---- | M] () -- C:\Programme\ClamWin\lib\win32event.pyd

MOD - [2004.10.11 20:22:18 | 000,315,392 | ---- | M] () -- C:\Programme\ClamWin\lib\pythoncom23.dll

MOD - [2004.10.11 20:21:26 | 000,094,208 | ---- | M] () -- C:\Programme\ClamWin\lib\pywintypes23.dll

MOD - [2004.05.25 21:20:30 | 000,036,864 | ---- | M] () -- C:\Programme\ClamWin\lib\_winreg.pyd

MOD - [2004.05.25 21:19:32 | 000,045,117 | ---- | M] () -- C:\Programme\ClamWin\lib\datetime.pyd

MOD - [2004.05.25 21:18:42 | 000,495,616 | ---- | M] () -- C:\Programme\ClamWin\lib\_ssl.pyd

MOD - [2004.05.25 21:18:28 | 000,057,401 | ---- | M] () -- C:\Programme\ClamWin\lib\_sre.pyd

MOD - [2004.05.25 21:18:20 | 000,049,212 | ---- | M] () -- C:\Programme\ClamWin\lib\_socket.pyd

MOD - [2004.05.25 21:17:14 | 000,622,651 | ---- | M] () -- C:\Programme\ClamWin\lib\_bsddb.pyd

MOD - [2004.01.15 14:45:22 | 000,061,440 | ---- | M] () -- C:\Programme\ClamWin\lib\_ctypes.pyd

MOD - [2003.10.01 13:40:00 | 002,240,512 | ---- | M] () -- C:\Programme\ClamWin\lib\wxc.pyd

MOD - [2003.10.01 11:43:02 | 003,239,936 | ---- | M] () -- C:\Programme\ClamWin\lib\wxmsw24h.dll

MOD - [2003.08.10 09:14:40 | 000,061,440 | ---- | M] () -- C:\Programme\ClamWin\lib\mxDateTime.pyd

 

 
 ========== Services (SafeList) ==========

 

SRV - [2012.07.26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010.11.08 23:30:55 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010.07.08 14:18:30 | 000,333,264 | ---- | M] () [Auto | Running] -- C:\Programme\3DataManager\WTGService.exe -- (WTGService)

SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010.11.21 16:04:35 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2010.11.21 16:04:35 | 000,101,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)

DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)

DRV - [2009.07.14 00:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2006.02.16 11:55:16 | 000,074,624 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)

DRV - [2006.02.16 11:55:12 | 000,060,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)

IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFA_deAT433

IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\admin_new\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\admin_new\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

 

 

 
 ========== Chrome  ==========

 

CHR - homepage: 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: 

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\admin_new\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

 

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()

O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (SearchCore for Browsers) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (SearchCore for Browsers)

O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()

O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()

O3 - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)

O4 - HKLM..\Run: [DATAMNGR] C:\Programme\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (iMesh, Inc)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\intan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25C95914-444D-4E31-890D-44E5A30FD570}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D501AC8D-78A1-400B-820A-E2A340D41B84}: NameServer = 213.94.78.17 213.94.78.16

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (iMesh, Inc)

O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (iMesh, Inc)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.09.09 22:40:05 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Desktop\mkhüo

[2012.09.09 20:37:33 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Malwarebytes

[2012.09.09 20:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.09.09 20:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.09.09 20:37:21 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.09.09 20:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.09.09 20:14:47 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\admin_new\Desktop\OTL.exe

[2012.09.09 20:11:23 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012.09.09 20:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater

[2012.09.09 20:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot

[2012.09.09 20:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar

[2012.09.09 20:06:53 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Macromedia

[2012.09.09 20:05:16 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Adobe

[2012.09.09 20:03:50 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Google

[2012.09.09 20:03:48 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\Google

[2012.09.09 20:01:46 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\.clamwin

[2012.09.09 20:01:32 | 000,000,000 | R--D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2012.09.09 20:01:32 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Searches

[2012.09.09 20:01:32 | 000,000,000 | R--D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2012.09.09 20:01:22 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Identities

[2012.09.09 20:01:20 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Contacts

[2012.09.09 20:01:15 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\VirtualStore

[2012.09.09 20:01:13 | 000,000,000 | --SD | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft

[2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Videos

[2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Saved Games

[2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Pictures

[2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Music

[2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Links

[2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Favorites

[2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Downloads

[2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Documents

[2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Desktop

[2012.09.09 20:01:13 | 000,000,000 | R--D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Vorlagen

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\AppData\Local\Verlauf

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\AppData\Local\Temporary Internet Files

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Startmenü

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\SendTo

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Recent

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Netzwerkumgebung

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Lokale Einstellungen

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Documents\Eigene Videos

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Documents\Eigene Musik

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Eigene Dateien

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Documents\Eigene Bilder

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Druckumgebung

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Cookies

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\AppData\Local\Anwendungsdaten

[2012.09.09 20:01:13 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Anwendungsdaten

[2012.09.09 20:01:13 | 000,000,000 | -H-D | C] -- C:\Users\admin_new\AppData

[2012.09.09 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\Temp

[2012.09.09 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\Microsoft Help

[2012.09.09 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\Microsoft

[2012.09.09 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Media Center Programs

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.09.12 19:30:43 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.09.12 19:30:43 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.09.12 19:30:43 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.09.12 19:30:43 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.09.12 19:29:30 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.09.12 19:29:29 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.09.12 19:22:13 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.09.12 19:22:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.09.12 19:21:58 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys

[2012.09.11 22:19:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.09.11 22:14:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1428027426-2215384228-2540435377-1003UA.job

[2012.09.11 20:13:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1428027426-2215384228-2540435377-1003Core.job

[2012.09.09 22:37:46 | 000,512,399 | ---- | M] () -- C:\Users\admin_new\Desktop\adwcleaner.exe

[2012.09.09 20:37:23 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.09 20:15:35 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\admin_new\Desktop\OTL.exe

[2012.09.09 20:11:39 | 000,002,380 | ---- | M] () -- C:\Users\admin_new\Desktop\Google Chrome.lnk

 
 ========== Files Created - No Company Name ==========

 

[2012.09.09 22:38:01 | 000,512,399 | ---- | C] () -- C:\Users\admin_new\Desktop\adwcleaner.exe

[2012.09.09 20:37:23 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.09 20:11:39 | 000,002,380 | ---- | C] () -- C:\Users\admin_new\Desktop\Google Chrome.lnk

[2012.09.09 20:09:08 | 000,001,136 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1428027426-2215384228-2540435377-1003UA.job

[2012.09.09 20:08:55 | 000,001,084 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1428027426-2215384228-2540435377-1003Core.job

[2012.09.09 20:01:35 | 000,001,413 | ---- | C] () -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2010.11.18 10:10:30 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

 
 ========== LOP Check ==========

 

[2012.05.05 18:52:58 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\3DataManager

[2011.01.09 22:48:58 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\AUTOSICH

[2012.09.09 19:56:13 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\BitTorrent

[2012.05.05 18:54:53 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\fifa

[2012.05.01 18:22:20 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\jggwhyzbjyxzzl

[2011.10.27 13:33:41 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\MusicNet

[2012.05.02 18:51:36 | 000,000,000 | ---D | M] -- C:\Users\intan\AppData\Roaming\ryxjsxxujtoya

[2012.04.13 18:58:21 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.09.09 20:01:46 | 000,000,000 | ---D | M] -- C:\Users\admin_new\AppData\Roaming\.clamwin

[2012.09.09 20:05:16 | 000,000,000 | ---D | M] -- C:\Users\admin_new\AppData\Roaming\Adobe

[2012.09.09 20:06:49 | 000,000,000 | ---D | M] -- C:\Users\admin_new\AppData\Roaming\Google

[2012.09.09 20:01:22 | 000,000,000 | ---D | M] -- C:\Users\admin_new\AppData\Roaming\Identities

[2012.09.09 20:06:53 | 000,000,000 | ---D | M] -- C:\Users\admin_new\AppData\Roaming\Macromedia

[2012.09.09 20:37:33 | 000,000,000 | ---D | M] -- C:\Users\admin_new\AppData\Roaming\Malwarebytes

[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\admin_new\AppData\Roaming\Media Center Programs

[2012.09.09 20:05:09 | 000,000,000 | --SD | M] -- C:\Users\admin_new\AppData\Roaming\Microsoft

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys

[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys

[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys

[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys

[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll

[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe

[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 < %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.* >

[2012.09.09 20:01:32 | 000,000,174 | -HS- | M] () -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

 
 < %APPDATA%\*AcroIEH*.* >

 
 < %APPDATA%\*.exe >

 
 < %APPDATA%\*.tmp >

 
 <           >
 

< End of report >

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Code:

:OTL

SRV - [2012.07.26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater) 

IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) 

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms} 

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 

IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.) 

IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 

IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 

IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFA_deAT433 

IE - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) 

O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) 

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.) 

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) 

O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) 

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.) 

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. 

O3 - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () 

O3 - HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) 

O4 - HKLM..\Run: [] File not found 

O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) 

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) 

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) 

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) 

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 

O32 - HKLM CDRom: AutoRun - 1 

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 

[2012.09.09 20:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater 

[2012.09.09 20:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot 

[2012.09.09 20:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar 
 
 

:Files

C:\ProgramData\*.exe

C:\ProgramData\TEMP

C:\Users\intan\*.tmp

C:\Users\intan\AppData\Local\{*}

C:\Users\intan\AppData\Local\Temp\*.exe

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk

ipconfig /flushdns /c

:Commands

[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Hier der OTL Log

Code:

All processes killed

========== OTL ==========

Service Application Updater stopped successfully!

Service Application Updater deleted successfully!

C:\Programme\Application Updater\ApplicationUpdater.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ deleted successfully.

C:\Programme\BittorrentBar_DE\tbBitt.dll moved successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-1428027426-2215384228-2540435377-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.

C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll moved successfully.

HKEY_USERS\S-1-5-21-1428027426-2215384228-2540435377-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-1428027426-2215384228-2540435377-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-1428027426-2215384228-2540435377-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

HKU\S-1-5-21-1428027426-2215384228-2540435377-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

C:\Programme\ConduitEngine\ConduitEngine.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ not found.

File C:\Programme\BittorrentBar_DE\tbBitt.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.

File C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

File C:\Programme\ConduitEngine\ConduitEngine.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ not found.

File C:\Programme\BittorrentBar_DE\tbBitt.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.

File C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1428027426-2215384228-2540435377-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.

C:\Programme\vShare\vshare_toolbar.dll moved successfully.

Registry value HKEY_USERS\S-1-5-21-1428027426-2215384228-2540435377-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}\ not found.

File C:\Programme\BittorrentBar_DE\tbBitt.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.

C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.

Starting removal of ActiveX control {67DABFBF-D0AB-41FA-9C46-CC0F21721616}

C:\Windows\Downloaded Program Files\DivXPlugin.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

C:\Windows\Downloaded Program Files\gp.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

C:\Program Files\Application Updater folder moved successfully.

C:\Program Files\Common Files\Spigot\Search Settings\Res folder moved successfully.

C:\Program Files\Common Files\Spigot\Search Settings\Lang folder moved successfully.

C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully.

C:\Program Files\Common Files\Spigot folder moved successfully.

C:\Program Files\pdfforge Toolbar\Res\Lang folder moved successfully.

C:\Program Files\pdfforge Toolbar\Res folder moved successfully.

C:\Program Files\pdfforge Toolbar\IE\6.2 folder moved successfully.

C:\Program Files\pdfforge Toolbar\IE folder moved successfully.

C:\Program Files\pdfforge Toolbar folder moved successfully.

========== FILES ==========

File\Folder C:\ProgramData\*.exe not found.

File\Folder C:\ProgramData\TEMP not found.

File\Folder C:\Users\intan\*.tmp not found.

File\Folder C:\Users\intan\AppData\Local\{*} not found.

File\Folder C:\Users\intan\AppData\Local\Temp\*.exe not found.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.

C:\Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.

File/Folder C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

C:\Users\admin_new\Desktop\cmd.bat deleted successfully.

C:\Users\admin_new\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: admin_new

->Temp folder emptied: 6320080 bytes

->Temporary Internet Files folder emptied: 5191603 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 7002149 bytes

->Flash cache emptied: 981 bytes

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: intan

->Temp folder emptied: 10235529 bytes

->Temporary Internet Files folder emptied: 170304159 bytes

->Flash cache emptied: 4103 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 7144409 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 197,00 mb

 

 

OTL by OldTimer - Version 3.2.61.3 log created on 09152012_162957
 

Files\Folders moved on Reboot...
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

Sehr gut! :daumenhoc

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

adwcleaner log

Code:

# AdwCleaner v2.001 - Datei am 09/16/2012 um 23:12:09 erstellt

# Aktualisiert am 09/09/2012 von Xplode

# Betriebssystem : Windows 7 Ultimate  (32 bits)

# Benutzer : admin_new - INTAN-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\admin_new\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Ordner Gelöscht : C:\Program Files\BittorrentBar_DE

Ordner Gelöscht : C:\Program Files\Conduit

Ordner Gelöscht : C:\Program Files\ConduitEngine

Ordner Gelöscht : C:\Program Files\vShare

Ordner Gelöscht : C:\Users\admin_new\AppData\LocalLow\BittorrentBar_DE

Ordner Gelöscht : C:\Users\admin_new\AppData\LocalLow\Conduit

Ordner Gelöscht : C:\Users\admin_new\AppData\LocalLow\ConduitEngine

Ordner Gelöscht : C:\Users\admin_new\AppData\LocalLow\imeshbandmltbpi

Ordner Gelöscht : C:\Users\admin_new\AppData\LocalLow\mediabarim

Ordner Gelöscht : C:\Users\admin_new\AppData\LocalLow\pdfforge

Ordner Gelöscht : C:\Users\admin_new\AppData\LocalLow\Search Settings

Ordner Gelöscht : C:\Users\admin_new\AppData\LocalLow\vShare

Ordner Gelöscht : C:\Users\intan\AppData\LocalLow\BittorrentBar_DE

Ordner Gelöscht : C:\Users\intan\AppData\LocalLow\Conduit

Ordner Gelöscht : C:\Users\intan\AppData\LocalLow\ConduitEngine

Ordner Gelöscht : C:\Users\intan\AppData\LocalLow\imeshbandmltbpi

Ordner Gelöscht : C:\Users\intan\AppData\LocalLow\mediabarim

Ordner Gelöscht : C:\Users\intan\AppData\LocalLow\pdfforge

Ordner Gelöscht : C:\Users\intan\AppData\LocalLow\PriceGong

Ordner Gelöscht : C:\Users\intan\AppData\LocalLow\Search Settings

Ordner Gelöscht : C:\Users\intan\AppData\LocalLow\vShare
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BittorrentBar_DE

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings

Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}

Schlüssel Gelöscht : HKCU\Software\pdfforge

Schlüssel Gelöscht : HKCU\Software\Search Settings

Schlüssel Gelöscht : HKLM\Software\BittorrentBar_DE

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B6C3F0AA-F0BA-4778-BC0B-B05B83FECFD3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\imweb.imwebcontrol

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2849855

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\vShare.PugiObj

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\vShare.PugiObj.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1

Schlüssel Gelöscht : HKLM\Software\Conduit

Schlüssel Gelöscht : HKLM\Software\conduitEngine

Schlüssel Gelöscht : HKLM\Software\DataMngr

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1BAD33D7-EAB8-4A10-8041-AFF5F6C04919}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E37ADDCB-6C65-4576-A4C2-5B33BCB86A66}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6C3F0AA-F0BA-4778-BC0B-B05B83FECFD3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BittorrentBar_DE Toolbar

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iMesh 1 MediaBar

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare

Schlüssel Gelöscht : HKLM\Software\pdfforge

Schlüssel Gelöscht : HKLM\Software\Search Settings

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v8.0.7600.16385
 

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
 

-\\ Google Chrome v21.0.1180.89
 

Datei : C:\Users\admin_new\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [13749 octets] - [09/09/2012 22:39:23]

AdwCleaner[R2].txt - [13810 octets] - [09/09/2012 22:41:33]

AdwCleaner[R3].txt - [13871 octets] - [10/09/2012 10:08:12]

AdwCleaner[S1].txt - [11377 octets] - [16/09/2012 23:12:09]
 

########## EOF - C:\AdwCleaner[S1].txt - [11438 octets] ##########

anti malware log:

Code:

Emsisoft Anti-Malware - Version 7.0

Letztes Update: 19.09.2012 21:04:12
 

Scan Einstellungen:
 

Scan Methode: Detail Scan

Objekte: Rootkits, Speicher, Traces, C:\
 

Riskware-Erkennung: Aus

Archiv Scan: An

ADS Scan: An

Dateitypen-Filter: Aus

Erweitertes Caching: An

Direkter Festplattenzugriff: Aus
 

Scan Beginn:        19.09.2012 21:05:57
 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\imesh         gefunden: Trace.File.IMesh (A)

C:\Program Files\iMesh Applications\iMesh         gefunden: Trace.File.iMesh (A)

C:\Program Files\iMesh Applications\iMesh\HTML         gefunden: Trace.File.iMesh (A)

C:\Program Files\iMesh Applications\iMesh\Skins         gefunden: Trace.File.iMesh (A)

C:\Program Files\iMesh Applications\iMesh\Skins\Images         gefunden: Trace.File.iMesh (A)

C:\Users\intan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk         gefunden: Trace.File.iMesh (A)

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\imesh\imesh.lnk         gefunden: Trace.File.IMesh (A)

C:\Program Files\iMesh Applications\iMesh\DiscoveryHelper.dll         gefunden: Trace.File.iMesh (A)

C:\Program Files\iMesh Applications\iMesh\HTML\error.html         gefunden: Trace.File.iMesh (A)

C:\Program Files\iMesh Applications\iMesh\HTML\loading.html         gefunden: Trace.File.iMesh (A)

C:\Program Files\iMesh Applications\iMesh\iMesh.exe         gefunden: Trace.File.iMesh (A)

C:\Program Files\iMesh Applications\iMesh\IMWebControl.dll         gefunden: Trace.File.iMesh (A)

C:\Program Files\iMesh Applications\iMesh\lame_enc.dll         gefunden: Trace.File.iMesh (A)

C:\Program Files\iMesh Applications\iMesh\license.txt         gefunden: Trace.File.iMesh (A)

C:\Program Files\iMesh Applications\iMesh\ResourcesLOC.dll         gefunden: Trace.File.iMesh (A)

C:\Program Files\iMesh Applications\iMesh\Shw32.dll         gefunden: Trace.File.iMesh (A)

C:\Program Files\iMesh Applications\iMesh\Skins\Default.skn         gefunden: Trace.File.iMesh (A)

C:\Program Files\iMesh Applications\iMesh\Skins\Default.xml         gefunden: Trace.File.iMesh (A)

C:\Program Files\iMesh Applications\iMesh\Skins\Images\DefArtwork.jpg         gefunden: Trace.File.iMesh (A)

C:\Program Files\iMesh Applications\iMesh\Skins\Images\TAFLogo.PNG         gefunden: Trace.File.iMesh (A)

C:\Program Files\iMesh Applications\iMesh\Skins\Images\ToGoLogo.PNG         gefunden: Trace.File.iMesh (A)

C:\Program Files\iMesh Applications\iMesh\Skins\Settings.xml         gefunden: Trace.File.iMesh (A)

C:\Program Files\iMesh Applications\iMesh\UpdateInst.exe         gefunden: Trace.File.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\player -> Volume         gefunden: Trace.Registry.iMesh MediaBar (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\portableplayers\0 -> AutoStart         gefunden: Trace.Registry.iMesh MediaBar (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\portableplayers\0 -> AutoSync         gefunden: Trace.Registry.iMesh MediaBar (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\portableplayers\0 -> NoRemove         gefunden: Trace.Registry.iMesh MediaBar (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\portableplayers\0 -> SerialNumber         gefunden: Trace.Registry.iMesh MediaBar (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\portableplayers\0 -> Usages         gefunden: Trace.Registry.iMesh MediaBar (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\portableplayers -> Devices         gefunden: Trace.Registry.iMesh MediaBar (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> AppData         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> DownloadDir         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> DownloadLimit         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> DSUniqueID         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> LimitTime         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> Login         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> MNEnabled         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> NetworkPaneShow         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> OKHashes         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> StatisticsFileName         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> AccessUploading         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> AntPort         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> ConnectIp         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> EnableLocalConnections         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> MaxConnForFile         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> MaxDownload         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> MaxDownloadSpeed         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> MaxUpload         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> MaxUploadSpeed         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> PreviewPort         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> ReassignSlowSources         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> SmartTraffic         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> StatusUploadPort         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> TimeLibraryReportSent         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> TimeUploadPort         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\proxy -> Password         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\proxy -> ServerAddress         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\proxy -> ServerPort         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\proxy -> Type         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\proxy -> UseAuthentication         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\proxy -> Username         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\filelist -> DeleteFromDisk         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\filelist -> MediaTypeFilter         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\iehomepage -> DontShowIEHomepageOffer         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\iehomepage -> DontShowIEHomepageOfferNever         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\iehomepage -> IEHomepage         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\iehomepage -> LastHomepageCheck         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\invite -> DownloadCount         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\invite -> InviteShowCount         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\invite -> PlayCount         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\search -> MaxResultsCount         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\search -> MediaTypeFilter         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\search -> PremiumEnabled         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\security -> DoNotShare         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> AUDeclineDate         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> AutoResetPlayCount         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> CopyFromRemovable         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IMHistoryFolderPath         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IMPictureFolderPath         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsAutoVolume         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsCrossfadeEnable         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsIMAlertContacts         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsIMAlertMessages         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsIMDontPlayWhenPlaying         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsIMEveryone         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsIMSpecialAlers         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsNeedUpdateHisory         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsNotPresentAnyVideo         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsNotShowNick         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsPlayDownloadSound         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsSearchAutoSuggest         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsSecurityLock         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsShowCRQDialog         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsShowDownloadTray         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsShowFTPDialog         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsShowLQDialog         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsShowToday         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> ReceiveLooking         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> RootLicenseDate         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> SendLooking         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> ShowNILWarning         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> SubsType         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> UpdaterLocation         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> UsedMNPortable         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> UsedPortable         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> VideoRegime         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> VisualEnabled         gefunden: Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> VisualRegime         gefunden: Trace.Registry.iMesh (A)

Key: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh         gefunden: Trace.Registry.IMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh -> LastOpenFileDir         gefunden: Trace.Registry.iMesh (A)

C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\44d54702-2fb49d1d -> json/Search.class         gefunden: Trojan.Java.Downloader.T (B)

C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\5ad21ab1-417f1f75 -> encode/ANSI.class         gefunden: Java.Trojan.Downloader.OpenConnection.AN (B)

C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\5ad21ab1-417f1f75 -> encode/KOI.class         gefunden: Java.Trojan.Downloader.OpenConnection.AN (B)

C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\5ad21ab1-417f1f75 -> encode/UTF.class         gefunden: Java.Trojan.Downloader.OpenConnection.AN (B)

C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\6838e2bd-3bfd8680 -> ta/tb.class         gefunden: Exploit.Java.CVE-2012-0507.N (B)

C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\6838e2bd-3bfd8680 -> ta/L.class         gefunden: Exploit.Java.CVE-2012-0507.N (B)

C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1845ff08-2e46415d -> mail/Cid.class         gefunden: Java.Exploit.CVE-2010-0840.J (B)

C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1845ff08-2e46415d -> mail/ClassId.class         gefunden: Java.Exploit.CVE-2010-0840.J (B)

C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1845ff08-2e46415d -> mail/MailAgent.class         gefunden: Java.Exploit.CVE-2010-0840.Y (B)

C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1845ff08-2e46415d -> mail/VirtualTable.class         gefunden: Java.Exploit.CVE-2010-0840.J (B)
 

Gescannt        395280

Gefunden        138
 

Scan Ende:        19.09.2012 22:08:18

Scan Zeit:        1:02:21
 

C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1845ff08-2e46415d -> mail/MailAgent.class        Quarantäne Java.Exploit.CVE-2010-0840.Y (B)

C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\6838e2bd-3bfd8680 -> ta/tb.class        Quarantäne Exploit.Java.CVE-2012-0507.N (B)

C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\5ad21ab1-417f1f75 -> encode/ANSI.class        Quarantäne Java.Trojan.Downloader.OpenConnection.AN (B)

C:\_OTL\MovedFiles\09152012_162957\C_Users\intan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\44d54702-2fb49d1d -> json/Search.class        Quarantäne Trojan.Java.Downloader.T (B)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> AppData        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> DownloadDir        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> DownloadLimit        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> DSUniqueID        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> LimitTime        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> Login        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> MNEnabled        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> NetworkPaneShow        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> OKHashes        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\general -> StatisticsFileName        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> AccessUploading        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> AntPort        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> ConnectIp        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> EnableLocalConnections        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> MaxConnForFile        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> MaxDownload        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> MaxDownloadSpeed        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> MaxUpload        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> MaxUploadSpeed        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> PreviewPort        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> ReassignSlowSources        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> SmartTraffic        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> StatusUploadPort        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> TimeLibraryReportSent        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\im2net -> TimeUploadPort        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\proxy -> Password        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\proxy -> ServerAddress        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\proxy -> ServerPort        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\proxy -> Type        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\proxy -> UseAuthentication        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\network\proxy -> Username        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\filelist -> DeleteFromDisk        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\filelist -> MediaTypeFilter        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\iehomepage -> DontShowIEHomepageOffer        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\iehomepage -> DontShowIEHomepageOfferNever        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\iehomepage -> IEHomepage        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\iehomepage -> LastHomepageCheck        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\invite -> DownloadCount        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\invite -> InviteShowCount        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\invite -> PlayCount        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\search -> MaxResultsCount        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\search -> MediaTypeFilter        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\search -> PremiumEnabled        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\security -> DoNotShare        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> AUDeclineDate        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> AutoResetPlayCount        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> CopyFromRemovable        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IMHistoryFolderPath        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IMPictureFolderPath        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsAutoVolume        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsCrossfadeEnable        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsIMAlertContacts        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsIMAlertMessages        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsIMDontPlayWhenPlaying        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsIMEveryone        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsIMSpecialAlers        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsNeedUpdateHisory        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsNotPresentAnyVideo        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsNotShowNick        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsPlayDownloadSound        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsSearchAutoSuggest        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsSecurityLock        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsShowCRQDialog        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsShowDownloadTray        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsShowFTPDialog        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsShowLQDialog        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> IsShowToday        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> ReceiveLooking        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> RootLicenseDate        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> SendLooking        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> ShowNILWarning        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> SubsType        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> UpdaterLocation        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> UsedMNPortable        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> UsedPortable        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> VideoRegime        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> VisualEnabled        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences -> VisualRegime        Quarantäne Trace.Registry.iMesh (A)

Key: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh -> LastOpenFileDir        Quarantäne Trace.Registry.iMesh (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\player -> Volume        Quarantäne Trace.Registry.iMesh MediaBar (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\portableplayers\0 -> AutoStart        Quarantäne Trace.Registry.iMesh MediaBar (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\portableplayers\0 -> AutoSync        Quarantäne Trace.Registry.iMesh MediaBar (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\portableplayers\0 -> NoRemove        Quarantäne Trace.Registry.iMesh MediaBar (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\portableplayers\0 -> SerialNumber        Quarantäne Trace.Registry.iMesh MediaBar (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\portableplayers\0 -> Usages        Quarantäne Trace.Registry.iMesh MediaBar (A)

Value: hkey_users\s-1-5-21-1428027426-2215384228-2540435377-1000\software\imesh\preferences\portableplayers -> Devices        Quarantäne Trace.Registry.iMesh MediaBar (A)

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\imesh        Quarantäne Trace.File.IMesh (A)

C:\Program Files\iMesh Applications\iMesh        Quarantäne Trace.File.IMesh (A)

C:\Program Files\iMesh Applications\iMesh\HTML        Quarantäne Trace.File.IMesh (A)

C:\Program Files\iMesh Applications\iMesh\Skins        Quarantäne Trace.File.IMesh (A)

C:\Program Files\iMesh Applications\iMesh\Skins\Images        Quarantäne Trace.File.IMesh (A)

C:\Users\intan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk        Quarantäne Trace.File.IMesh (A)

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\imesh\imesh.lnk        Quarantäne Trace.File.IMesh (A)

C:\Program Files\iMesh Applications\iMesh\DiscoveryHelper.dll        Quarantäne Trace.File.IMesh (A)

C:\Program Files\iMesh Applications\iMesh\HTML\error.html        Quarantäne Trace.File.IMesh (A)

C:\Program Files\iMesh Applications\iMesh\HTML\loading.html        Quarantäne Trace.File.IMesh (A)

C:\Program Files\iMesh Applications\iMesh\iMesh.exe        Quarantäne Trace.File.IMesh (A)

C:\Program Files\iMesh Applications\iMesh\IMWebControl.dll        Quarantäne Trace.File.IMesh (A)

C:\Program Files\iMesh Applications\iMesh\lame_enc.dll        Quarantäne Trace.File.IMesh (A)

C:\Program Files\iMesh Applications\iMesh\license.txt        Quarantäne Trace.File.IMesh (A)

C:\Program Files\iMesh Applications\iMesh\ResourcesLOC.dll        Quarantäne Trace.File.IMesh (A)

C:\Program Files\iMesh Applications\iMesh\Shw32.dll        Quarantäne Trace.File.IMesh (A)

C:\Program Files\iMesh Applications\iMesh\Skins\Default.skn        Quarantäne Trace.File.IMesh (A)

C:\Program Files\iMesh Applications\iMesh\Skins\Default.xml        Quarantäne Trace.File.IMesh (A)

C:\Program Files\iMesh Applications\iMesh\Skins\Images\DefArtwork.jpg        Quarantäne Trace.File.IMesh (A)

C:\Program Files\iMesh Applications\iMesh\Skins\Images\TAFLogo.PNG        Quarantäne Trace.File.IMesh (A)

C:\Program Files\iMesh Applications\iMesh\Skins\Images\ToGoLogo.PNG        Quarantäne Trace.File.IMesh (A)

C:\Program Files\iMesh Applications\iMesh\Skins\Settings.xml        Quarantäne Trace.File.IMesh (A)

C:\Program Files\iMesh Applications\iMesh\UpdateInst.exe        Quarantäne Trace.File.IMesh (A)
 

Quarantäne        132

Sehr gut! :daumenhoc

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

ich habe den scan jetzt durchgeführt - 7 objekte hat er noch gefunden; nur leider war keine log.txt mehr vorhanden :/

ich habe den scan dann nochmals durchgeführt und siehe da - es war eine log.txt vorhanden - jedoch keine infizierten objekte mehr vorhanden da ESET sie ja gelöscht hat; wobei das hauptsächlich infizierte dateien in den quarantäne ordnern durch andere scanner.

hier die log beim 2. scan ohne gefundene objekte:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=75652a43dd92594cadb1aa2058cc79d2

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-09-24 10:10:11

# local_time=2012-09-25 12:10:11 (+0100, Mitteleuropäische Sommerzeit)

# country="Austria"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=2817 16777215 100 100 12097917 16615136 0 0

# compatibility_mode=5893 16776573 100 94 605797 100152733 0 0

# compatibility_mode=8192 67108863 100 0 173575 173575 0 0

# scanned=93960

# found=0

# cleaned=0

# scan_time=3069

Mfg

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 7 ) herunter laden.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck

Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.