Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Virus bProtectorForWindows (https://www.trojaner-board.de/127430-virus-bprotectorforwindows.html)

Gery64 23.11.2012 12:55
Virus bProtectorForWindows
 
Hallo zusammen,

ich habe auch das Problem mit dem bProtectorForWindows.

Das Anti-Malwarehabe ich ohne Meldung laufen lassen und das OTL-Programm hat folgende Meldung gebracht.

Hier ist der OTL.Txt:OTL Logfile:
Code:
OTL logfile created on: 23.11.2012 11:44:52 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\***\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 42,74% Memory free
3,74 Gb Paging File | 1,48 Gb Available in Paging File | 39,43% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,43 Gb Total Space | 250,25 Gb Free Space | 54,95% Space Free | Partition Type: NTFS
Drive D: | 457,58 Gb Total Space | 457,47 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\bProtectorForWindows\2.2.453.59\bProtect.exe (bProtector)
PRC - C:\Program Files (x86)\SilverCrest SOML 807 A1 Driver\MouClient_FD2_9063RL.exe (Siliten)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Windows\SysWOW64\schtasks.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll ()
MOD - c:\ProgramData\bProtectorForWindows\2.2.453.59\protector.dll ()
MOD - C:\Program Files (x86)\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll ()
MOD - C:\Program Files (x86)\SilverCrest SOML 807 A1 Driver\UniFunc.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (vToolbarUpdater13.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (bProtector) -- C:\ProgramData\bProtectorForWindows\2.2.453.59\bProtect.exe (bProtector)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Netzmanager Service) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\DRIVERS\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\DRIVERS\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MouFilter_Mou_FlexDef4) -- C:\Windows\SysNative\DRIVERS\MouFilter_FlexDef4.sys (Siliten)
DRV:64bit: - (InputFilter_Hid_FlexDef2b) -- C:\Windows\SysNative\DRIVERS\InputFilter_FlexDef2b.sys (Siliten)
DRV:64bit: - (acedrv05) -- C:\Windows\SysNative\drivers\acedrv05.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys (Egis Incorporated)
DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys (Egis Incorporated)
DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ITEIO.SYS) -- C:\Windows\SysNative\drivers\ITEIO.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (TelekomNM6) -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
DRV - (WSVD) -- C:\Programme\Acer\Empowering Technology\eRecovery\wsvd.sys (CyberLink)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x1700
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x1700
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x1700
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x1700
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.t-online.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x1700
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=101587&babsrc=SP_ss&mntrId=860a142b000000000000002197c5015b
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE325DE325
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={1E17F8EE-7593-403A-BF0E-E0D4926779CF}&mid=caa1cc12972147d0a2ebd168d121e8a8-65ab580baca4a89fc488d73b56bdd1ebc785d1c2&lang=de&ds=AVG&pr=fr&d=2012-11-21 22:34:48&v=13.2.0.4&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.07.13 17:57:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012.11.22 22:13:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.2.453.59\FirefoxExtension [2012.06.24 20:10:41 | 000,000,000 | ---D | M]
 
[2012.06.24 20:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\849qqog6.default\extensions
[2012.09.07 18:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\849qqog6.default\extensions\ffxtlbr@babylon.com
[2011.09.17 19:43:00 | 000,001,456 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober50957227.xml
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (no name) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No CLSID value found.
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found
O4:64bit: - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE /F "C:\Windows\TEMP\E_S312C.tmp" /EF "HKLM" File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BkupTray] C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe"  /DoAction File not found
O4 - HKLM..\Run: [Launch SilverCrest SOML 807 A1] C:\Program Files (x86)\SilverCrest SOML 807 A1 Driver\MouClient_FD2_9063RL.exe (Siliten)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe ()
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: starstable.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: TidyCOM https://www.landwirtschaft-bw.info/webedit/TidyCOM.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{704C8E0A-41A1-4A81-AF04-2400B5A73888}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\bprote~1\22453~1.59\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.2.453.59\protector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\Pictures\Bilder 2010\edgar\IMG_7405.JPG
O24 - Desktop BackupWallPaper: C:\Users\***\Pictures\Bilder 2010\edgar\IMG_7405.JPG
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0fb2da75-0fc1-11e2-8944-002197c5015b}\Shell - "" = AutoRun
O33 - MountPoints2\{0fb2da75-0fc1-11e2-8944-002197c5015b}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{23c17f31-d428-11e1-817f-002197c5015b}\Shell - "" = AutoRun
O33 - MountPoints2\{23c17f31-d428-11e1-817f-002197c5015b}\Shell\AutoRun\command - "" = J:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.23 10:29:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.11.23 07:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.23 07:58:05 | 010,669,952 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.65.1.1000.exe
[2012.11.22 20:28:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.22 20:12:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\searchplugins
[2012.11.22 20:12:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\bProtectorForWindows
[2012.11.21 22:58:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\AVG2013
[2012.11.21 22:34:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\AVG Secure Search
[2012.11.21 22:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.11.21 22:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012.11.21 22:34:45 | 000,030,568 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012.11.21 22:34:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012.11.21 22:34:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012.11.21 22:33:45 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012.11.21 22:33:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012.11.21 22:32:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012.11.21 22:29:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MFAData
[2012.11.21 22:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.11.21 22:29:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Avg2013
[2012.11.21 22:23:23 | 000,000,000 | ---D | C] -- C:\Users\***\bProtectorForWindows
[2012.11.17 03:01:44 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.17 03:01:44 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.17 03:01:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.17 03:01:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.17 03:01:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.17 03:01:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.17 03:01:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.17 03:01:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.17 03:01:38 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.17 03:01:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.17 03:01:37 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.17 03:01:37 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.17 03:01:34 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.17 03:01:33 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.17 03:01:33 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.16 04:47:28 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.16 04:47:28 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.10.25 13:46:06 | 000,000,000 | ---D | C] -- C:\Users\***\searchplugins
[2012.10.25 13:36:33 | 000,000,000 | ---D | C] -- C:\Windows\searchplugins
[2012.10.25 13:36:33 | 000,000,000 | ---D | C] -- C:\Windows\bProtectorForWindows
[2010.12.02 19:33:21 | 008,402,944 | ---- | C] (Mozilla) -- C:\Users\***\Firefox Setup 3.6.12.exe
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.23 11:45:00 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8B82E291-DF0A-4B23-87CD-23A20BB4C4C7}.job
[2012.11.23 11:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.23 11:10:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.23 10:29:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.11.23 10:28:59 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.11.23 10:28:21 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.11.23 10:21:51 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2012.11.23 10:18:43 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2012.11.23 10:18:41 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.11.23 10:18:33 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.23 10:18:23 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.23 10:18:23 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.23 10:18:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.23 10:15:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.11.23 07:59:23 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.23 07:58:05 | 010,669,952 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.65.1.1000.exe
[2012.11.22 07:47:46 | 433,288,796 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.11.21 22:34:57 | 000,000,892 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012.11.21 22:34:34 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012.11.21 08:58:12 | 001,445,546 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.21 08:58:12 | 000,628,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.21 08:58:12 | 000,596,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.21 08:58:12 | 000,126,486 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.21 08:58:12 | 000,104,110 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.17 09:58:25 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.11.17 09:58:25 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.11.17 03:43:49 | 000,308,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.15 15:09:20 | 000,218,112 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.09 22:35:41 | 000,175,953 | ---- | M] () -- C:\Users\***\ESt2011_***_Gerhard_und_Iris.elfo
[2012.11.06 19:39:18 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.11.01 11:43:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.10.30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.23 10:28:59 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.11.23 10:28:12 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.11.23 07:59:23 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.21 22:34:57 | 000,000,892 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012.11.17 09:31:00 | 433,288,796 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.09.07 18:07:47 | 000,000,024 | -H-- | C] () -- C:\Users\***\AppData\Roaming\xpy.ini
[2012.02.19 15:48:22 | 000,175,953 | ---- | C] () -- C:\Users\***\ESt2011_***_Gerhard_und_Iris.elfo
[2012.01.28 15:27:19 | 000,163,405 | ---- | C] () -- C:\Users\***\ESt2010_***_Gerhard_und_Iris.elfo
[2011.05.19 10:19:00 | 000,397,312 | ---- | C] () -- C:\Windows\iwexec.exe
[2011.05.19 10:18:59 | 002,437,120 | ---- | C] () -- C:\Users\***\HLDplus.EXE
[2011.05.19 10:18:59 | 000,639,940 | ---- | C] () -- C:\Users\***\HLDPFORM.DTA
[2011.05.19 10:18:59 | 000,037,300 | ---- | C] () -- C:\Users\***\HLDpKOMB.DTA
[2011.05.19 10:18:59 | 000,030,208 | ---- | C] () -- C:\Users\***\STAMPIT-TESTBEISPIEL ADRESSDATENBANK.HLW
[2011.05.19 10:18:59 | 000,008,464 | ---- | C] () -- C:\Users\***\Hinweise.pdf
[2011.05.19 10:18:59 | 000,000,604 | ---- | C] () -- C:\Users\***\HLDpWAHL.DTA
[2011.05.19 10:18:58 | 000,992,638 | ---- | C] () -- C:\Users\***\Handbuch.pdf
[2011.05.19 10:18:58 | 000,032,768 | ---- | C] () -- C:\Users\***\STAMPIT-Testbeispiel.HLW
[2011.05.19 10:18:58 | 000,022,016 | ---- | C] () -- C:\Users\***\BEISPIEL.hlw
[2011.01.02 19:08:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.12.30 00:03:03 | 000,000,004 | ---- | C] () -- C:\Windows\1411263.dat
[2010.12.02 19:34:41 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.11.14 21:32:06 | 000,006,798 | ---- | C] () -- C:\Users\***\AppData\Roaming\PrimoPDFSet.xml
[2010.11.03 08:11:46 | 000,018,417 | ---- | C] () -- C:\Users\***\2009.elfo
[2010.09.19 18:39:11 | 007,494,132 | ---- | C] () -- C:\Users\***\cbr600rr_2009.pdf
[2010.09.05 12:47:56 | 000,000,732 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps64.dat
[2009.11.01 23:23:55 | 000,004,639 | ---- | C] () -- C:\Users\***\Gerhard***_Lucky_elster_2048.pfx
[2009.09.05 15:28:59 | 000,143,813 | ---- | C] () -- C:\Users\***\watch.html
[2009.07.14 05:56:17 | 000,000,307 | ---- | C] () -- C:\Users\***\Jessy - Verknüpfung.lnk
[2009.07.10 14:34:43 | 000,027,895 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2009.06.08 11:50:09 | 000,004,213 | ---- | C] () -- C:\Users\***\images.jpg
[2009.05.18 21:08:00 | 000,000,680 | RHS- | C] () -- C:\Users\***\ntuser.pol
[2009.05.02 19:37:17 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2009.04.29 21:31:10 | 000,218,112 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:4CF61E54

< End of report >
--- --- ---

und hier der Extras.Txt:OTL Logfile:
Code:
OTL Extras logfile created on: 23.11.2012 11:44:52 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\***\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 42,74% Memory free
3,74 Gb Paging File | 1,48 Gb Available in Paging File | 39,43% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,43 Gb Total Space | 250,25 Gb Free Space | 54,95% Space Free | Partition Type: NTFS
Drive D: | 457,58 Gb Total Space | 457,47 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 7A 1B CE 3D 45 65 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ABF0553-0A4E-4DA2-88ED-4916F7471E4A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0FA68057-1E77-4C6B-AE19-C7A9694CFECC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{13CC9878-8BA4-464F-9E77-BCC0988528CB}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{1D73254E-C758-4DD9-8174-C47227A8A3FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{23F0D2AC-4DD4-4C76-8A99-63DBB32AFCAD}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{310CB5E5-D084-47B8-91F2-52E44F678B8E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{363DD7AE-753D-4B05-B468-B67E006BC896}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3DCC6E15-CA96-44D0-BCDD-B93E029BF677}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{40E9A2CA-5FF4-4FCC-B6B2-0601025777D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{41327236-CC76-4585-86E3-03D986F1E197}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{498D3472-73A7-4ED6-BD23-2B1AF661074B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4CA1E86D-685A-43BE-ADDE-6B7087E9C420}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4D1D12CD-E067-425E-B81E-4B2B7B8E0D30}" = lport=10243 | protocol=6 | dir=in | app=system |
"{534F0B3D-46D1-4928-939E-CF2662AF1804}" = rport=139 | protocol=6 | dir=out | app=system |
"{5F9C4143-F1B4-4AA4-B61C-D88EDA53B5E6}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{60B60204-B210-45E1-86A4-A5B01052029D}" = rport=137 | protocol=17 | dir=out | app=system |
"{67A0027D-8A5D-4DC5-A445-3BBEEA398082}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{68D18129-53EA-43EB-A1E9-9939FDA0EF87}" = rport=445 | protocol=6 | dir=out | app=system |
"{6B21ED56-5C5F-4718-815E-1CF5272A73CD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{75C566D9-1EB8-497E-9388-74D09203B0DA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7DCAB9D5-A2B2-45BC-83E0-640CEAF03FED}" = lport=137 | protocol=17 | dir=in | app=system |
"{824FB9B3-84F7-41A0-A7E3-079B753889A4}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{8445A8BD-2D6B-4250-AB2C-323AA47EB256}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{876C1C94-606B-4764-B8B4-FA9078D25B16}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8FF21FF8-A996-4DC5-AAFC-476D0279459F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{907BDFB6-58E7-4B97-9A87-55413E0EA26D}" = lport=138 | protocol=17 | dir=in | app=system |
"{90A00AE3-BE8B-4812-9412-3D443D0F700F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{97AEA68D-23FA-4464-B3EC-7A898CDCE059}" = lport=139 | protocol=6 | dir=in | app=system |
"{A0F21DE5-FE47-4F12-864C-9916BAEF0BD3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A883415D-7C54-41E4-9CCE-C2154C5F01BE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC4C2909-3073-43CF-8F90-3B31A3E0F9E2}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{C91B46BE-E61B-4E44-98C4-534943548780}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CDEE455D-8065-4D99-A229-3785F2DEA0DF}" = lport=445 | protocol=6 | dir=in | app=system |
"{DA13F7CD-0CCE-4B74-BFC3-A1F68073CC6F}" = rport=138 | protocol=17 | dir=out | app=system |
"{DBFA10AE-B4B2-4298-AB26-B6ABAD935DAF}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DD9D1BBE-D669-48A9-ADCD-45E999C66F33}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{DDA11329-42F0-4CE8-9217-4B15EDC6E00A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EB496AF3-C434-4B5C-8449-10A4DAB30B49}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{ED6D0A6A-66FD-4BC2-B635-B912E4EBAB46}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6F7BCC0-9D73-4B1A-BFDD-D575E8A37A20}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{FFCE2D25-8022-40FB-A2A7-1B74468A2823}" = rport=10243 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0760101C-583F-45E3-9FFC-0BCBF37178CB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0EDF0C56-89F1-4D60-9E51-00A40B3C9E34}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{146CE679-E55D-4213-83AD-8AF981050028}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1984CCF8-CC79-4457-8F9B-67BCBFDD4D71}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{1E69682F-E236-4A62-92DC-698085F86D36}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{22F22A1B-8593-4FD6-A82E-3652CC8F6BFB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{23D852BF-1B67-478B-9A83-669F4F2E1BB1}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{245C60BF-9348-4B42-A5FD-4C457FB5646C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{24E6A217-A759-4CB0-96EF-AA219F131A84}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{251BF04E-E5A7-4F2E-A1AE-6F096B87D1AA}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe |
"{2BF219B6-3E62-4B67-A063-CFE101625915}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{362A493D-8664-4C0E-BD15-5A483E117D84}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{391B842A-01A1-4841-BC2E-30164639917A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{456738B4-3BB4-4908-B2BB-61D7B15A2D86}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{45C07EA1-3BA6-43DB-8296-21CA6873D8CE}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{4A590966-07C3-4DBC-A664-385270D176A1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5090FD8D-754A-4310-A93E-6E3406DB76D3}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{564E3E74-322B-4429-AAF9-E0BA13E73ADD}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{57914576-D299-4B94-9D4D-9810B84A072E}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{604799C7-A6CC-4925-9534-183E1CEEAAE0}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{644FD653-A4F3-439F-A6DD-AA0FFEFFE5EC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{669BAC8A-063B-42C4-AA3F-043DFBDBEDE9}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{6B449EE6-3846-4218-97A4-2AFDB7FD9396}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{6BD7A57F-533D-4D62-B6E9-DF840D3F9D36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E6F02C4-B7E0-43A2-9670-B9F2E1DCE045}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{71796725-A38C-4462-91A7-13A8D543753E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{7208212D-4A3F-4B11-BF61-4111D50C35A5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{741D804C-FA5F-4A10-A769-D2DCA4787F14}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{74655922-682E-4930-8341-C5E8589AB905}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{74F38D60-6E01-4F3A-8D62-B1086A97ABA8}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{750E5518-21CC-45F6-99B7-8C0EE26F7AC9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{765B5AA7-69E0-4F79-83C7-9DE8615EF3D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7B823A59-AE9D-4080-BA25-E0E1B120AA55}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{7D731C8C-D94F-4082-BAEF-D8E33D980FCB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{85E2F505-FB0D-4F9D-9B30-D95B4EF62693}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{890C6F57-092C-499F-B23F-747B290A50D5}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{96DD28C2-E202-4B19-9FDC-5ADE4E60CAE0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9BBDBEB3-4ABC-4D1F-99E2-E439242CEFFD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{9C29A479-8733-4D82-83A8-C1B7DE30B1EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A12BA412-D2F6-4BBC-A84A-0FAD0B6FAA34}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A2597AFA-7CA2-4139-B124-6FEDC8C25B93}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A8D2DC61-D74C-4A92-B0A0-FDA862E31161}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{B19004A6-5764-4C4E-B93A-848FF1604A2A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B32263AA-EBEB-4CC4-9FD8-09608FD31B0F}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe |
"{B59FAFDC-11B2-4F93-99BA-AA1FC1BFD2A7}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{C401F617-9E90-41BE-9A87-BBA05EA65796}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{C8A3CD3A-5E86-402F-B3DB-045728C28C57}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C90AEF83-8235-41F4-BC6A-D0AF178AD51A}" = dir=in | app=c:\program files (x86)\finalmediaplayer\fmpcheckforupdates.exe |
"{CDDB7AF6-87C0-43E7-9A7D-A0E2694708A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CE186DBF-0F5E-4B73-A410-85FBEDF49E5C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CF5EFB55-0242-491A-B10F-CAB66762AD39}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{E06FBCE3-3A84-4651-B3D6-11086927268B}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{E2DB4635-FAFC-472C-A63B-82449B6D7A14}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{E4AA1109-23EF-46A7-A23C-10A6CCF4DA8F}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe |
"{E4DDD228-1B05-4EAD-88D3-67EF36ED61E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E6A68281-5859-42FB-B454-04AF8E268417}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{E86A2A6D-7343-4EC0-9BB4-6C821074E81F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F1EB70C8-A7C5-4618-A324-5CA39BB597BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F43A2FBD-787E-4257-8EC6-46C8B20D80E5}" = protocol=6 | dir=out | app=system |
"{F49B581F-F7B0-462E-8533-690A3052A735}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{F8409211-9F70-4EC3-96B7-00E454950D2C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"TCP Query User{0CD24737-2400-4741-8334-F90478DBDE73}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{3BA73A11-E770-4131-8504-6941351E99D5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{4C7F3FBD-08B3-475F-B06D-ADE11E8800F5}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{730B0EA2-5CA7-47DF-9D53-7EEBB597A040}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{F2581561-FEA6-44EB-AE83-294763469D9A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{0647E41B-6E42-47E7-9A98-D0842A07154D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{21BAB0B3-EA0A-4FC5-851B-1F4C6AF8935B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{294F7380-3504-439B-9412-544AFDFEF132}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{9059A7AE-C655-4458-B343-E0A183D01220}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{95610886-9966-45CF-AC30-D1C1894D9670}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2FEB0360-525D-C76A-DA39-51CEA1D00290}" = ATI Catalyst Install Manager
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{9B305FB9-297D-4F86-BC8B-740E7A1EF200}" = AVG 2013
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BB0CAB96-2EDE-4DDF-B6F3-AEE02C0F1CA4}" = AVG 2013
"{C0AD3BF1-8CBC-49BE-6AC0-0F56B226975B}" = ccc-utility64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8B2C435-8737-431E-8784-24CD13B0B821}" = PE585QAEncoder-64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0235AB73-63DD-5544-4744-FBDEC2E4FDCB}" = Catalyst Control Center Graphics Previews Vista
"{044197D0-BA1C-4567-A8E3-A6491A6DC4EE}" = ArcSoft MediaImpression 2
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{0B8DA815-22E5-4622-91F9-787A2D83F9A6}" = Application Suite
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{15886D4F-CBFC-7943-217A-D035561C4E4B}" = CCC Help Spanish
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = VideoPerformer manager
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C596F4C-2771-9EF6-4755-B8EFAE48D7D2}" = Catalyst Control Center Localization Danish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F4714C3-2FEE-A1D5-BC30-3C42540D0D96}" = Catalyst Control Center Graphics Full Existing
"{2FEFABB1-C318-B3C0-FE93-1C9CA101ED6D}" = CCC Help Finnish
"{32C0A3EA-E824-1FBD-09A9-34E17BF1D85F}" = CCC Help Norwegian
"{3315E5D3-A2A7-7B09-5209-1B473747949C}" = CCC Help German
"{3594EE90-B157-4519-9E82-8B6F4711A0A1}" = Catalyst Control Center - Branding
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{42CA6365-0777-FA79-1BD5-5FB967E0A708}" = Catalyst Control Center Localization Norwegian
"{43AA03F5-785D-E4EA-A807-716CD4690734}" = Catalyst Control Center Localization French
"{45D1C008-BC8C-BB47-34AD-BE4AB0791E76}" = Catalyst Control Center Localization German
"{4960E719-9264-9E83-5F26-3CB7CB2554B6}" = Catalyst Control Center InstallProxy
"{49B6F667-76EB-4E9D-ACD2-84B7437901C0}" = LG PC Suite II
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E1D4EE7-EBD0-E04B-DA43-BF94ADA36618}" = Catalyst Control Center Localization Swedish
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52D3199D-2858-4216-AA1D-B2A9BB9FA31B}" = Sprite Backup HTC
"{65F4830E-3098-7764-B551-8F077FB799E9}" = CCC Help English
"{675B3ECA-1C5E-4885-BE75-742A8FED7510}" = Application Suite
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7DA64485-2CEE-4F7B-84AB-B287236703B6}" = HERMA Label Designer plus 1.1
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{8A8C135A-F9ED-5EC6-C7D5-CE5923583654}" = Catalyst Control Center Core Implementation
"{8D96012C-6DCC-92AE-E428-615651B63D2C}" = CCC Help Danish
"{8E732D82-FBFB-0D08-5A00-506AB54EADC7}" = Catalyst Control Center Graphics Full New
"{8F18881C-AEA8-820B-D723-EE62FAE55BA3}" = Catalyst Control Center Localization Finnish
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{93078533-C867-D67B-5AD9-E68B8FC119B1}" = CCC Help Swedish
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.0 beta 1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CE2FAE0-D562-2FF2-8856-8A1B57997F1F}" = CCC Help Italian
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A6011F20-8EAA-E783-5C7A-BF6D8DC694C4}" = Skins
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9B5DBA2-5480-E883-5FA7-DAF5927247DA}" = Catalyst Control Center Localization Italian
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B58D3D06-1C79-48EF-AF7E-79D8629D16E0}" = phase6_197
"{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C47AFB4C-9581-7BF7-351C-886ED95E2AC9}" = Catalyst Control Center Graphics Light
"{C51FF8A2-D1A3-2A14-B088-26C861DA642D}" = CCC Help Japanese
"{C786FE11-22AF-4B6C-B122-9C4A6D012E67}" = SilverCrest SOML 807 A1 Driver
"{C90C99AC-6F1E-7F55-F91B-D81A12F4540B}" = Catalyst Control Center Localization Dutch
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D47F9C63-D544-09FC-E03E-09405C0215C8}" = CCC Help French
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix
"{E1C3A1AD-7254-CFCA-135E-7B1390267659}" = Catalyst Control Center Localization Japanese
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8A2C0F7-A196-5A59-C6EF-B2D6698D0999}" = ccc-core-static
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F028F7CF-BFAF-C420-1E75-429D9C354C89}" = CCC Help Dutch
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF88B174-8326-29B5-3B2E-3850523AD94F}" = Catalyst Control Center Localization Spanish
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon MG5100 series Benutzerregistrierung" = Canon MG5100 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Cortona® VRML Client" = Cortona® VRML Client
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ElsterFormular 11.5.1.4843" = ElsterFormular-Upgrade
"ElsterFormular 12.4.0.7094p" = ElsterFormular
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"ExpressBurn" = Express Burn
"FarmingSimulator2009DE_is1" = Landwirtschafts-Simulator 2009
"FinalMediaPlayer_is1" = Final Media Player 2011
"FreeFotoWorks_is1" = FreeFotoWorks
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix
"InstallShield_{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Netzmanager" = Netzmanager
"Office8.0" = Microsoft Office 97, Professional Edition
"Pferdebande 2_is1" = Pferdebande 2 deinstallieren
"phase-6" = phase-6 2.1.1
"phase-6 Feeding Tool" = phase-6 Feeding Tool 1.1.4
"Picasa 3" = Picasa 3
"PrimoPDF4.1.0.9" = PrimoPDF
"Product_Name" = Digital Camera Manager
"Quick Search Box" = Google-Schnellsuchfeld
"STV0680 Camera v112 Installation Files" = STV0680 Camera v112 Installation Files
"Trusted Software Assistant_is1" = File Type Assistant
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Updater Service" = Updater Service
"Windows Mobile Device Handbook" = Windows Mobile Resources
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.08.2011 09:03:21 | Computer Name = ***-PC | Source = VSS | ID = 8193
Description =
 
Error - 04.08.2011 00:27:52 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 04.08.2011 00:27:52 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 04.08.2011 01:51:35 | Computer Name = ***-PC | Source = VSS | ID = 8193
Description =
 
Error - 04.08.2011 22:45:16 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 04.08.2011 22:45:16 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 05.08.2011 19:49:14 | Computer Name = ***-PC | Source = VSS | ID = 8193
Description =
 
Error - 06.08.2011 02:14:55 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 06.08.2011 02:14:55 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 06.08.2011 18:00:15 | Computer Name = ***-PC | Source = VSS | ID = 8193
Description =
 
Error - 07.08.2011 01:57:34 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 07.08.2011 01:57:35 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ System Events ]
Error - 22.11.2012 16:13:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 22.11.2012 16:13:51 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 22.11.2012 16:13:51 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 23.11.2012 05:15:08 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7006
Description =
 
Error - 23.11.2012 05:19:08 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7006
Description =
 
Error - 23.11.2012 05:19:08 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7006
Description =
 
Error - 23.11.2012 05:19:08 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 23.11.2012 05:19:08 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 23.11.2012 05:20:45 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 23.11.2012 05:20:45 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
 
 
< End of report >
--- --- ---
Was kann ich jetzt tun damit mein Rechner wieder clean wird?

Vielen Dank für die Hilfe.

t'john 24.11.2012 06:42
:hallo:

Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Ersetze die *** Sternchen wieder in den Benutzernamen zurück!
Code:
:OTL

MOD - c:\ProgramData\bProtectorForWindows\2.2.453.59\protector.dll ()
SRV - (vToolbarUpdater13.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
SRV - (bProtector) -- C:\ProgramData\bProtectorForWindows\2.2.453.59\bProtect.exe (bProtector)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O20 - AppInit_DLLs: (c:\progra~3\bprote~1\22453~1.59\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.2.453.59\protector.dll ()
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:8AB6C1D7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:580E04D8
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:861A898F
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:2B99FE60
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:793F316E
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:4CF61E54
[2012.11.22 20:12:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\searchplugins
[2012.11.22 20:12:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\bProtectorForWindows
[2012.11.21 22:23:23 | 000,000,000 | ---D | C] -- C:\Users\***\bProtectorForWindows
[2012.10.25 13:46:06 | 000,000,000 | ---D | C] -- C:\Users\***\searchplugins
[2012.10.25 13:36:33 | 000,000,000 | ---D | C] -- C:\Windows\searchplugins
[2012.10.25 13:36:33 | 000,000,000 | ---D | C] -- C:\Windows\bProtectorForWindows
:Files
ipconfig /flushdns /c
:Commands
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Gery64 25.11.2012 12:31
XXXX

Hallo t'john,

erstmal vielen Dank für die Hilfe!!

Hier sind die zwei Meldungen die gekommen sind:

OTL hat folgendes gemeldet:

All processes killed
========== OTL ==========
Service vToolbarUpdater13.2.0 stopped successfully!
Service vToolbarUpdater13.2.0 deleted successfully!
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe moved successfully.
Service bProtector stopped successfully!
Service bProtector deleted successfully!
C:\ProgramData\bProtectorForWindows\2.2.453.59\bProtect.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\bprote~1\22453~1.59\protec~1.dll deleted successfully.
c:\ProgramData\bProtectorForWindows\2.2.453.59\protector.dll moved successfully.
ADS C:\ProgramData\Temp:8AB6C1D7 deleted successfully.
ADS C:\ProgramData\Temp:580E04D8 deleted successfully.
ADS C:\ProgramData\Temp:861A898F deleted successfully.
ADS C:\ProgramData\Temp:2B99FE60 deleted successfully.
ADS C:\ProgramData\Temp:793F316E deleted successfully.
ADS C:\ProgramData\Temp:B623B5B8 deleted successfully.
ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.
C:\Users\***\Desktop\searchplugins folder moved successfully.
Folder C:\Users\***\Desktop\bProtectorForWindows\ not found.
C:\Users\***\bProtectorForWindows\2.2.453.59 folder moved successfully.
C:\Users\***\bProtectorForWindows folder moved successfully.
C:\Users\***\searchplugins folder moved successfully.
C:\Windows\searchplugins folder moved successfully.
C:\Windows\bProtectorForWindows\2.2.453.59 folder moved successfully.
C:\Windows\bProtectorForWindows folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData


und die Anti-Malware:

Malwarebytes Anti-Malware (Test) 1.65.1.1000
Malwarebytes : Free anti-malware download

Datenbank Version: v2012.11.24.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

Schutz: Aktiviert

25.11.2012 12:50:59
mbam-log-2012-11-25 (12-50-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 646620
Laufzeit: 1 Stunde(n), 36 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Was muss ich jetzt noch machen?

Übrigens,OTL hat fast 45 min gebraucht und hat die ganze Zeit (keine Rückmeldung) gebracht.

Viele Grüße

Gery

t'john 26.11.2012 03:06
Wo ist Schritt 3?

Gery64 26.11.2012 07:19
Schritt 3 ergab keine Meldung und die Dateien sind noch auf dem Rechner.

Viele Grüße

Gery

t'john 27.11.2012 13:06
Bitte adwCleaner loeschen, neu laden und nochmal nach Anleitung laufen lassen.

t'john 19.01.2013 16:41
Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:02 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131