Moin,

hab mir heute den o.g. Sperrtrojaner eingefangen.
Neu gestartet wurde seitdem nur in den abgesicherten Modus um Virenscanns laufen zu lassen:
FSecure Easy Clean, McAfee Stinger, Dr.Web Cure It! und Kaspersky TDSSKiller haben nichts verdächtiges gefunden.
Deshalb hab ich noch Malwarebytes' Anti-Malware und OTL scannen lassen mit diesen Ergebnissen:

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.22.07

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Frost :: FLX [Administrator]

22.07.2012 17:16:58
mbam-log-2012-07-22 (17-16-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 306036
Laufzeit: 4 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Frost\DoctorWeb\Quarantine\kg.exe (RiskWare.Tool.HCK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 22.07.2012 17:24:01 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Download\#AntiVirus
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
29,98 Gb Total Physical Memory | 26,98 Gb Available Physical Memory | 90,01% Memory free
29,98 Gb Paging File | 27,07 Gb Available in Paging File | 90,32% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,47 Gb Total Space | 116,30 Gb Free Space | 52,04% Space Free | Partition Type: NTFS
 
Computer Name: FLX | User Name: Frost | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Download\#AntiVirus\OTL.exe (OldTimer Tools)
PRC - C:\FirefoxPortable\App\Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\FirefoxPortable\FirefoxPortable.exe (PortableApps.com)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Temp\nsf3515.tmp\registry.dll ()
MOD - C:\Temp\nsf3515.tmp\System.dll ()
MOD - C:\Temp\nsf3515.tmp\newadvsplash.dll ()
MOD - C:\FirefoxPortable\App\Firefox\mozjs.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (ArchiCrypt Ultimate RAM-Disk 3) -- C:\Windows\SysNative\ACRAMDiskHandlerService64RD3.exe (Softwareentwicklung Remus - ArchiCrypt)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMwareHostd) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe ()
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (VRMService) -- C:\Programme\Focusrite\VRM Box\VRMService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (fsbts) -- C:\Windows\SysNative\drivers\fsbts.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (GsRamDsk) -- C:\Windows\SysNative\drivers\GsRamDsk.sys ()
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (hdsp) -- C:\Windows\SysNative\drivers\hdsp_64.sys (RME)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (e1cexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\79F.tmp (Sophos Plc)
DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology)
DRV:64bit: - (ffSaffireLE_avs) -- C:\Windows\SysNative\drivers\ffSaffireLE_avs_x64.sys (Archwave AG)
DRV:64bit: - (ffSaffireLE_1394) -- C:\Windows\SysNative\drivers\ffSaffireLE_1394_x64.sys (Archwave AG)
DRV:64bit: - (vrm) -- C:\Windows\SysNative\drivers\vrm.sys (Focusrite Audio Engineering Ltd.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (cpuz134) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (rxvstor) -- C:\Windows\SysNative\drivers\rxvstor.sys (Romex Software)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (rxvbus) -- C:\Windows\SysNative\drivers\rxvbus.sys (Romex Software)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (cdrblock) -- C:\Windows\SysNative\drivers\cdrblock.sys (Canopus Co,. Ltd.)
DRV:64bit: - (Protec) -- C:\Windows\SysNative\drivers\Protec64.sys (TerraTec Electronic GmbH)
DRV - (RTCore64) -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC 28 07 BE E6 C0 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.06 22:25:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.07.22 17:14:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frost\AppData\Roaming\mozilla\Extensions
[2012.05.22 19:39:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frost\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable
 
O1 HOSTS File: ([2012.01.04 05:39:49 | 000,006,762 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Programme\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Programme\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Programme\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [secproc_ssp] C:\Users\Frost\AppData\Local\Microsoft\Windows\187\secproc_ssp.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI\Catalyst 11.12\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [RemovalTool] C:\Download\#AntiVirus\fseasyclean.exe (F-Secure Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Programme\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Programme\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0EAF3BD-AB3F-4124-90CA-F4D423D498DC}: NameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7a3022ed-b78d-11e1-a6cf-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{7a3022ed-b78d-11e1-a6cf-005056c00008}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.22 16:13:42 | 000,000,000 | ---D | C] -- C:\Users\Frost\AppData\Roaming\Malwarebytes
[2012.07.22 16:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.22 16:13:37 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.22 16:13:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.22 16:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.22 16:03:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2012.07.22 15:42:02 | 000,000,000 | ---D | C] -- C:\Users\Frost\AppData\Roaming\hellomoto
[2012.07.22 04:23:57 | 000,000,000 | ---D | C] -- C:\Users\Frost\AppData\Roaming\U3
[2012.07.21 13:40:30 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.07.21 13:39:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.21 13:39:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.21 13:39:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.21 13:39:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.21 13:39:21 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.21 13:39:21 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.21 13:39:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.21 13:39:21 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.21 13:39:21 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.21 13:39:21 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.21 13:39:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.21 13:39:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.21 13:39:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.21 13:37:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.21 13:37:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.21 13:37:30 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.07.21 13:37:30 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.07.21 13:37:23 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.21 13:37:20 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.21 13:37:20 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.21 13:25:05 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.07.21 13:25:05 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.07.21 13:25:05 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.07.21 13:25:02 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.07.21 13:25:02 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.07.21 13:25:02 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.07.21 13:25:01 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.07.21 13:25:01 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.22 17:19:55 | 001,588,746 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.22 17:19:55 | 000,690,328 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.22 17:19:55 | 000,639,118 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.22 17:19:55 | 000,144,624 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.22 17:19:55 | 000,119,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.22 17:13:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.22 17:12:59 | 2666,495,995 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.22 15:53:26 | 002,232,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.22 15:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.22 03:22:06 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 03:22:06 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.21 13:39:12 | 001,565,704 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.22 15:53:22 | 002,232,824 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.02.14 21:59:49 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.02.14 21:59:25 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.02.14 14:35:33 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.02.02 19:08:37 | 000,005,120 | ---- | C] () -- C:\Users\Frost\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.07 00:07:35 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2011.12.26 03:52:06 | 000,007,611 | ---- | C] () -- C:\Users\Frost\AppData\Local\Resmon.ResmonCfg
[2011.12.24 06:32:06 | 000,000,080 | ---- | C] () -- C:\Users\Frost\AppData\Local\CrystalDiskMark30.ini
[2011.12.23 02:10:24 | 000,001,043 | ---- | C] () -- C:\Users\Frost\AppData\Roaming\coreavc.ini
[2011.12.23 01:11:16 | 000,000,324 | ---- | C] () -- C:\Users\Frost\AppData\Roaming\com.focusrite.SaffireLEDefault.sfle
[2011.12.22 22:34:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.22 22:10:10 | 001,565,704 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.22 21:57:23 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.12.22 21:57:17 | 000,032,004 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.11.10 04:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.11.10 04:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.08.05 19:06:28 | 000,679,936 | ---- | C] () -- C:\Windows\SysWow64\pavedius6db.dat

< End of report >
         

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 22.07.2012 17:24:01 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Download\#AntiVirus
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
29,98 Gb Total Physical Memory | 26,98 Gb Available Physical Memory | 90,01% Memory free
29,98 Gb Paging File | 27,07 Gb Available in Paging File | 90,32% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,47 Gb Total Space | 116,30 Gb Free Space | 52,04% Space Free | Partition Type: NTFS
 
Computer Name: FLX | User Name: Frost | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\FirefoxPortable\App\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SuperFinder] -- "C:\Program Files (x86)\SuperFinder XT\SuperFinder.exe" "%1" (FSL)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SuperFinder] -- "C:\Program Files (x86)\SuperFinder XT\SuperFinder.exe" "%1" (FSL)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1EEF5C7E-C371-431D-A507-8C5B46EED7B4}" = Classic Shell
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
"{4FF5C7C9-86CC-41ED-B93B-0B51AB4FED24}" = VmciSockets
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{94B97E1C-9B67-4012-A126-6319E211A298}_is1" = VSuite Ramdisk (Server Edition) 4.5.7219.1638
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A6FE29A0-622B-2763-88AA-D1E084F77CD9}" = AMD Media Foundation Decoders
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"ffdshow64_is1" = ffdshow x64 v1.1.4174 [2011-12-19]
"Focusrite USB Audio Driver_is1" = Focusrite USB Audio Driver 1.9
"HDSP" = RME Hammerfall DSP (WDM)
"Logitech Unifying" = Logitech Unifying-Software 2.00
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PROSet" = Intel(R) Network Connections Drivers
"Saffire LE_is1" = Saffire LE 1.6
"VRM Box_is1" = VRM Box 1.1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.2
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C515CC-489B-4c02-898E-FE5B790E52FF}" = Canopus Codec Option 6.01
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{347151C4-7F16-B275-8865-CC6B64056D3F}" = Catalyst Control Center Graphics Previews Common
"{38468127-9E6F-4FC9-B5F7-42D4AD437D96}" = Unigine Heaven Benchmark v2.1
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{42223788-172F-491E-B5F6-91136414AEFD}" = SSDlife Pro
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B311F5C-CDDE-47D8-A20B-558E40EF971C}" = Stereoscopic Player
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{62AEBBB6-8314-7902-B3DA-1690F97DFA74}" = CCC Help English
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77033683-0816-4D7D-8BF1-3949B4E9823D}" = Battlefield 3™
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}" = Intel(R) Rapid Storage Technology enterprise
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B91A1230-C199-421e-8F63-7235731D925E}" = EDIUS 6.01
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D93B7092-FEE0-45B6-A08E-5CD3CFE3454F}" = TS22 PCI ControlPanel
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{EFE4AB7D-4E94-441B-9A86-98E69E37567B}" = Nero Burning ROM 11
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F3E41C2A-3A29-476D-9685-3F8055AF696A}" = Adobe Creative Suite 5.5 Production Premium
"{F865B0B5-0D43-2704-0B22-35C5F721374B}" = Catalyst Control Center
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"38DFB2FF-77AD-4074-8C1A-AA51C538B68D" = HWBOT Unigine Heaven Benchmark Application
"Adobe AIR" = Adobe AIR
"Afterburner" = MSI Afterburner 2.1.0
"Battlelog Web Plugins" = Battlelog Web Plugins
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Bino 1.2.1" = Bino 1.2.1
"Cinergy HTC USB XS" = Cinergy HTC USB XS V5.09.1202.00
"ClearProg" = ClearProg 1.6.1 Beta 4
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.1.4
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"ESN Sonar-0.70.4" = ESN Sonar
"foobar2000" = foobar2000 v1.1.10
"HaaliMkx" = Haali Media Splitter
"HandBrake" = HandBrake 0.9.6
"Hard Disk Low Level Format Tool_is1" = Hard Disk Low Level Format Tool 2.36 build 1181
"HD Tune_is1" = HD Tune 2.55
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5
"Native Instruments Service Center" = Native Instruments Service Center
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Soulseek2" = SoulSeek 157 NS 13e
"SSD Fresh_is1" = SSD Fresh
"Super Finder XT_is1" = Super Finder XT 1.6.3.2
"TrueCrypt" = TrueCrypt
"VirtualCloneDrive" = VirtualCloneDrive
"VMware_Workstation" = VMware Workstation
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.06.2012 18:20:27 | Computer Name = FLX | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.06.2012 07:24:24 | Computer Name = FLX | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 15.06.2012 07:24:24 | Computer Name = FLX | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Handbrake.exe, Version: 0.9.6.4466,
 Zeitstempel: 0x4f4d2772  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000007ff001428af
ID
 des fehlerhaften Prozesses: 0xb10  Startzeit der fehlerhaften Anwendung: 0x01cd4ae9682afb24
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Handbrake\Handbrake.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: a8c5bfe9-b6dc-11e1-9f80-005056c00008
 
Error - 16.06.2012 04:31:54 | Computer Name = FLX | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.07.2012 07:23:41 | Computer Name = FLX | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.07.2012 21:16:38 | Computer Name = FLX | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.07.2012 09:06:19 | Computer Name = FLX | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Photoshop.exe, Version: 12.1.0.0,
 Zeitstempel: 0x4d90d339  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c92c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000105acb
ID
 des fehlerhaften Prozesses: 0xfc8  Startzeit der fehlerhaften Anwendung: 0x01cd67dd9569ed4c
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe Photoshop CS5.1 (64 Bit)\Photoshop.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\ole32.dll  Berichtskennung: 06bb71f0-d3fe-11e1-8210-005056c00008
 
Error - 22.07.2012 09:55:06 | Computer Name = FLX | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.07.2012 10:09:50 | Computer Name = FLX | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.07.2012 11:14:43 | Computer Name = FLX | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 22.07.2012 10:08:16 | Computer Name = FLX | Source = DCOM | ID = 10005
Description = 
 
Error - 22.07.2012 10:08:18 | Computer Name = FLX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 22.07.2012 10:10:25 | Computer Name = FLX | Source = DCOM | ID = 10005
Description = 
 
Error - 22.07.2012 11:13:00 | Computer Name = FLX | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   ACMoFlex64RD3  discache  ElbyCDIO  iaStorV  rxvstor  spldr  truecrypt  Wanarpv6
 
Error - 22.07.2012 11:13:01 | Computer Name = FLX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.07.2012 11:13:01 | Computer Name = FLX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.07.2012 11:13:01 | Computer Name = FLX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.07.2012 11:13:16 | Computer Name = FLX | Source = DCOM | ID = 10005
Description = 
 
Error - 22.07.2012 11:13:21 | Computer Name = FLX | Source = DCOM | ID = 10005
Description = 
 
Error - 22.07.2012 11:13:23 | Computer Name = FLX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
 
< End of report >
         

Jetzt hoff ich natürlich das jemand weiß welche Dateien ich löschen muss um das Sperrfenster loszuwerden.

Des weiteren wäre interessant zu wissen wie es dazu kommen konnte und wie man eine weitere Infektion mit dem Teil verhindert. Windows/Browser/Java/Flash updaten ist klar aber sonst...?


Danke schonmal und servus

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

• Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
• Starte die OTL.exe.
  Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
• Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code: Alles auswählenAufklappen

ATTFilter

:OTL
MOD - C:\Temp\nsf3515.tmp\registry.dll () 
MOD - C:\Temp\nsf3515.tmp\System.dll () 
MOD - C:\Temp\nsf3515.tmp\newadvsplash.dll () 
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\79F.tmp (Sophos Plc) 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll () 
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found 
O4:64bit: - HKLM..\Run: [secproc_ssp] C:\Users\Frost\AppData\Local\Microsoft\Windows\187\secproc_ssp.exe () 
O4 - HKCU..\Run: [AdobeBridge] File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{7a3022ed-b78d-11e1-a6cf-005056c00008}\Shell - "" = AutoRun 
O33 - MountPoints2\{7a3022ed-b78d-11e1-a6cf-005056c00008}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a 

[11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] 

[2012.07.22 15:42:02 | 000,000,000 | ---D | C] -- C:\Users\Frost\AppData\Roaming\hellomoto 
[2012.07.22 15:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 

[2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe 
 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         

• Schließe alle Programme.
• Klicke auf den Fix Button.
• Wenn OTL einen Neustart verlangt, bitte zulassen.
• Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
  Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

m'Kay, danke, der Sperrscreen ist weg

Und nach dem OTL Fix sowie ADWCleaner sehen die Logs (aus dem nicht-abges. Modus Account heraus gescannt) so aus:

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.22.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Frost :: FLX [Administrator]

22.07.2012 22:52:13
mbam-log-2012-07-22 (22-52-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 307102
Laufzeit: 4 Minute(n), 

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v1.703 - Logfile created 07/22/2012 at 22:59:52
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Frost - FLX
# Running from : C:\Download\#AntiVirus\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default 
File : C:\Users\Frost\AppData\Roaming\Mozilla\Firefox\Profiles\mxojo6vz.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1397 octets] - [22/07/2012 18:09:45]
AdwCleaner[R2].txt - [1457 octets] - [22/07/2012 19:06:25]
AdwCleaner[S1].txt - [1441 octets] - [22/07/2012 19:06:32]
AdwCleaner[R3].txt - [888 octets] - [22/07/2012 22:59:52]

########## EOF - C:\AdwCleaner[R3].txt - [1015 octets] ##########
         

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 22.07.2012 22:55:22 - Run 2
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Download\#AntiVirus
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
29,98 Gb Total Physical Memory | 26,48 Gb Available Physical Memory | 88,33% Memory free
29,98 Gb Paging File | 26,25 Gb Available in Paging File | 87,57% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,47 Gb Total Space | 116,32 Gb Free Space | 52,05% Space Free | Partition Type: NTFS
 
Computer Name: FLX | User Name: Frost | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Download\#AntiVirus\OTL.exe (OldTimer Tools)
PRC - C:\FirefoxPortable\App\Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\FirefoxPortable\FirefoxPortable.exe (PortableApps.com)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
PRC - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Temp\nslA5A3.tmp\registry.dll ()
MOD - C:\Temp\nslA5A3.tmp\System.dll ()
MOD - C:\Temp\nslA5A3.tmp\newadvsplash.dll ()
MOD - C:\FirefoxPortable\App\Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\07d7fed9555bdffe2d464439562e5a20\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvcInt#\2ae2afc1e1feaa1e0c5395e281e8b90b\IAStorDataMgrSvcInterfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\53b7f5c8ca205ee2f7d6b2110e1862a2\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTMUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTHAL.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTCore.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTFC.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe ()
MOD - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTMUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTFC.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTTSH.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTTSH.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (ArchiCrypt Ultimate RAM-Disk 3) -- C:\Windows\SysNative\ACRAMDiskHandlerService64RD3.exe (Softwareentwicklung Remus - ArchiCrypt)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMwareHostd) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe ()
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (VRMService) -- C:\Programme\Focusrite\VRM Box\VRMService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (GsRamDsk) -- C:\Windows\SysNative\drivers\GsRamDsk.sys ()
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (hdsp) -- C:\Windows\SysNative\drivers\hdsp_64.sys (RME)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (e1cexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology)
DRV:64bit: - (ffSaffireLE_avs) -- C:\Windows\SysNative\drivers\ffSaffireLE_avs_x64.sys (Archwave AG)
DRV:64bit: - (ffSaffireLE_1394) -- C:\Windows\SysNative\drivers\ffSaffireLE_1394_x64.sys (Archwave AG)
DRV:64bit: - (vrm) -- C:\Windows\SysNative\drivers\vrm.sys (Focusrite Audio Engineering Ltd.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (cpuz134) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (rxvstor) -- C:\Windows\SysNative\drivers\rxvstor.sys (Romex Software)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (rxvbus) -- C:\Windows\SysNative\drivers\rxvbus.sys (Romex Software)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (cdrblock) -- C:\Windows\SysNative\drivers\cdrblock.sys (Canopus Co,. Ltd.)
DRV:64bit: - (Protec) -- C:\Windows\SysNative\drivers\Protec64.sys (TerraTec Electronic GmbH)
DRV - (RTCore64) -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC 28 07 BE E6 C0 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.06 22:25:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.07.22 22:50:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frost\AppData\Roaming\mozilla\Extensions
[2012.05.22 19:39:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frost\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable
 
O1 HOSTS File: ([2012.01.04 05:39:49 | 000,006,762 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Programme\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Programme\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Programme\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI\Catalyst 11.12\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Programme\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Programme\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0EAF3BD-AB3F-4124-90CA-F4D423D498DC}: NameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7a3022ed-b78d-11e1-a6cf-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{7a3022ed-b78d-11e1-a6cf-005056c00008}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.22 20:10:17 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.07.22 20:10:16 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.07.22 20:10:14 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012.07.22 20:10:14 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012.07.22 20:10:14 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012.07.22 20:10:14 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012.07.22 19:56:29 | 000,000,000 | ---D | C] -- C:\Users\Frost\AppData\Local\Macromedia
[2012.07.22 19:56:25 | 000,955,888 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.07.22 16:13:42 | 000,000,000 | ---D | C] -- C:\Users\Frost\AppData\Roaming\Malwarebytes
[2012.07.22 16:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.22 16:13:37 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.22 16:13:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.22 16:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.22 16:03:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2012.07.22 15:42:02 | 000,000,000 | ---D | C] -- C:\Users\Frost\AppData\Roaming\hellomoto
[2012.07.22 04:23:57 | 000,000,000 | ---D | C] -- C:\Users\Frost\AppData\Roaming\U3
[2012.07.21 13:40:30 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.07.21 13:39:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.21 13:39:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.21 13:39:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.21 13:39:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.21 13:39:21 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.21 13:39:21 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.21 13:39:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.21 13:39:21 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.21 13:39:21 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.21 13:39:21 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.21 13:39:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.21 13:39:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.21 13:39:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.21 13:37:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.21 13:37:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.21 13:37:30 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.07.21 13:37:30 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.07.21 13:37:23 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.21 13:37:20 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.21 13:37:20 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.21 13:25:05 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.07.21 13:25:05 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.07.21 13:25:05 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.07.21 13:25:02 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.07.21 13:25:02 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.07.21 13:25:02 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.07.21 13:25:01 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.07.21 13:25:01 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.22 22:55:39 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 22:55:38 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 22:54:27 | 001,588,746 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.22 22:54:27 | 000,690,328 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.22 22:54:27 | 000,639,118 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.22 22:54:27 | 000,144,624 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.22 22:54:27 | 000,119,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.22 22:48:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.22 22:48:30 | 2666,495,995 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.22 20:14:04 | 000,005,632 | ---- | M] () -- C:\Users\Frost\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.22 19:56:23 | 000,955,888 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.07.22 19:56:23 | 000,839,152 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.07.22 19:56:23 | 000,268,784 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.07.22 19:56:23 | 000,189,424 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.07.22 19:56:23 | 000,188,912 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.07.22 19:56:13 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.22 19:56:13 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.21 13:39:12 | 001,565,704 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.02.14 21:59:49 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.02.14 21:59:25 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.02.14 14:35:33 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.02.02 19:08:37 | 000,005,632 | ---- | C] () -- C:\Users\Frost\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.07 00:07:35 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2011.12.26 03:52:06 | 000,007,611 | ---- | C] () -- C:\Users\Frost\AppData\Local\Resmon.ResmonCfg
[2011.12.24 06:32:06 | 000,000,080 | ---- | C] () -- C:\Users\Frost\AppData\Local\CrystalDiskMark30.ini
[2011.12.23 02:10:24 | 000,001,043 | ---- | C] () -- C:\Users\Frost\AppData\Roaming\coreavc.ini
[2011.12.23 01:11:16 | 000,000,324 | ---- | C] () -- C:\Users\Frost\AppData\Roaming\com.focusrite.SaffireLEDefault.sfle
[2011.12.22 22:34:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.22 22:10:10 | 001,565,704 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.22 21:57:23 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
         

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 22.07.2012 22:55:22 - Run 2
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Download\#AntiVirus
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
29,98 Gb Total Physical Memory | 26,48 Gb Available Physical Memory | 88,33% Memory free
29,98 Gb Paging File | 26,25 Gb Available in Paging File | 87,57% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,47 Gb Total Space | 116,32 Gb Free Space | 52,05% Space Free | Partition Type: NTFS
 
Computer Name: FLX | User Name: Frost | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\FirefoxPortable\App\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SuperFinder] -- "C:\Program Files (x86)\SuperFinder XT\SuperFinder.exe" "%1" (FSL)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SuperFinder] -- "C:\Program Files (x86)\SuperFinder XT\SuperFinder.exe" "%1" (FSL)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1EEF5C7E-C371-431D-A507-8C5B46EED7B4}" = Classic Shell
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
"{4FF5C7C9-86CC-41ED-B93B-0B51AB4FED24}" = VmciSockets
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{94B97E1C-9B67-4012-A126-6319E211A298}_is1" = VSuite Ramdisk (Server Edition) 4.5.7219.1638
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A6FE29A0-622B-2763-88AA-D1E084F77CD9}" = AMD Media Foundation Decoders
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"ffdshow64_is1" = ffdshow x64 v1.1.4174 [2011-12-19]
"Focusrite USB Audio Driver_is1" = Focusrite USB Audio Driver 1.9
"HDSP" = RME Hammerfall DSP (WDM)
"Logitech Unifying" = Logitech Unifying-Software 2.00
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PROSet" = Intel(R) Network Connections Drivers
"Saffire LE_is1" = Saffire LE 1.6
"VRM Box_is1" = VRM Box 1.1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.2
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C515CC-489B-4c02-898E-FE5B790E52FF}" = Canopus Codec Option 6.01
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{347151C4-7F16-B275-8865-CC6B64056D3F}" = Catalyst Control Center Graphics Previews Common
"{38468127-9E6F-4FC9-B5F7-42D4AD437D96}" = Unigine Heaven Benchmark v2.1
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{42223788-172F-491E-B5F6-91136414AEFD}" = SSDlife Pro
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B311F5C-CDDE-47D8-A20B-558E40EF971C}" = Stereoscopic Player
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{62AEBBB6-8314-7902-B3DA-1690F97DFA74}" = CCC Help English
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77033683-0816-4D7D-8BF1-3949B4E9823D}" = Battlefield 3™
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}" = Intel(R) Rapid Storage Technology enterprise
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B91A1230-C199-421e-8F63-7235731D925E}" = EDIUS 6.01
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D93B7092-FEE0-45B6-A08E-5CD3CFE3454F}" = TS22 PCI ControlPanel
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{EFE4AB7D-4E94-441B-9A86-98E69E37567B}" = Nero Burning ROM 11
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F3E41C2A-3A29-476D-9685-3F8055AF696A}" = Adobe Creative Suite 5.5 Production Premium
"{F865B0B5-0D43-2704-0B22-35C5F721374B}" = Catalyst Control Center
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"38DFB2FF-77AD-4074-8C1A-AA51C538B68D" = HWBOT Unigine Heaven Benchmark Application
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.1.0
"Battlelog Web Plugins" = Battlelog Web Plugins
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Bino 1.2.1" = Bino 1.2.1
"Cinergy HTC USB XS" = Cinergy HTC USB XS V5.09.1202.00
"ClearProg" = ClearProg 1.6.1 Beta 4
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.1.4
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"ESN Sonar-0.70.4" = ESN Sonar
"foobar2000" = foobar2000 v1.1.10
"HaaliMkx" = Haali Media Splitter
"HandBrake" = HandBrake 0.9.6
"Hard Disk Low Level Format Tool_is1" = Hard Disk Low Level Format Tool 2.36 build 1181
"HD Tune_is1" = HD Tune 2.55
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5
"Native Instruments Service Center" = Native Instruments Service Center
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Soulseek2" = SoulSeek 157 NS 13e
"SSD Fresh_is1" = SSD Fresh
"Super Finder XT_is1" = Super Finder XT 1.6.3.2
"TrueCrypt" = TrueCrypt
"VirtualCloneDrive" = VirtualCloneDrive
"VMware_Workstation" = VMware Workstation
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.07.2012 09:06:19 | Computer Name = FLX | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Photoshop.exe, Version: 12.1.0.0,
 Zeitstempel: 0x4d90d339  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c92c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000105acb
ID
 des fehlerhaften Prozesses: 0xfc8  Startzeit der fehlerhaften Anwendung: 0x01cd67dd9569ed4c
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe Photoshop CS5.1 (64 Bit)\Photoshop.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\ole32.dll  Berichtskennung: 06bb71f0-d3fe-11e1-8210-005056c00008
 
Error - 22.07.2012 09:55:06 | Computer Name = FLX | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.07.2012 10:09:50 | Computer Name = FLX | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.07.2012 11:14:43 | Computer Name = FLX | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.07.2012 12:15:01 | Computer Name = FLX | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Download\#AntiVirus\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 22.07.2012 12:15:03 | Computer Name = FLX | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Download\#AntiVirus\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 22.07.2012 13:11:27 | Computer Name = FLX | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.07.2012 15:55:04 | Computer Name = FLX | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.07.2012 16:41:53 | Computer Name = FLX | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Download\#AntiVirus\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 22.07.2012 16:50:16 | Computer Name = FLX | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 22.07.2012 13:07:42 | Computer Name = FLX | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   ACMoFlex64RD3  iaStorV  rxvstor
 
Error - 22.07.2012 13:08:55 | Computer Name = FLX | Source = DCOM | ID = 10010
Description = 
 
Error - 22.07.2012 13:09:43 | Computer Name = FLX | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   ACMoFlex64RD3  iaStorV  rxvstor
 
Error - 22.07.2012 13:11:36 | Computer Name = FLX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 22.07.2012 15:53:22 | Computer Name = FLX | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   ACMoFlex64RD3  iaStorV  rxvstor
 
Error - 22.07.2012 15:53:46 | Computer Name = FLX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 22.07.2012 16:47:18 | Computer Name = FLX | Source = Ntfs | ID = 262281
Description = Auf dem Volume "D:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
Error - 22.07.2012 16:47:27 | Computer Name = FLX | Source = Service Control Manager | ID = 7034
Description = Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 22.07.2012 16:48:34 | Computer Name = FLX | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   ACMoFlex64RD3  iaStorV  rxvstor
 
Error - 22.07.2012 16:49:23 | Computer Name = FLX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
 
< End of report >
         

Kann man jetzt sagen die Kiste ist wieder clean?

Wo ist AdwCleaner[R1].txt?

Wo ist das Fix-Log von OTL?

Warum postest du sachen die nicht angefordert waren?

Diese beiden brauchst du?

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v1.703 - Logfile created 07/22/2012 at 18:09:45
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Frost - FLX
# Running from : C:\Download\#AntiVirus\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Frost\AppData\Roaming\pdfforge

***** [Registry] *****


***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default 
File : C:\Users\Frost\AppData\Roaming\Mozilla\Firefox\Profiles\mxojo6vz.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1272 octets] - [22/07/2012 18:09:45]

########## EOF - C:\AdwCleaner[R1].txt - [1400 octets] ##########
         

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
Error: Unable to interpret <MOD - C:\Temp\nsf3515.tmp\registry.dll () > in the current context!
Error: Unable to interpret <MOD - C:\Temp\nsf3515.tmp\System.dll () > in the current context!
Error: Unable to interpret <MOD - C:\Temp\nsf3515.tmp\newadvsplash.dll () > in the current context!
Error: Unable to interpret <DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\79F.tmp (Sophos Plc) > in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} > in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC > in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} > in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC > in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} > in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC > in the current context!
Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 > in the current context!
Error: Unable to interpret <FF - user.js - File not found > in the current context!
Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found > in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll () > in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found > in the current context!
Error: Unable to interpret <O4:64bit: - HKLM..\Run: [secproc_ssp] C:\Users\Frost\AppData\Local\Microsoft\Windows\187\secproc_ssp.exe () > in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [AdobeBridge] File not found > in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 > in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 > in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 > in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 > in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 > in the current context!
Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 > in the current context!
Error: Unable to interpret <O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found > in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found > in the current context!
Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1 > in the current context!
Error: Unable to interpret <O33 - MountPoints2\{7a3022ed-b78d-11e1-a6cf-005056c00008}\Shell - "" = AutoRun > in the current context!
Error: Unable to interpret <O33 - MountPoints2\{7a3022ed-b78d-11e1-a6cf-005056c00008}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a > in the current context!
Error: Unable to interpret <[11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] > in the current context!
Error: Unable to interpret <[2012.07.22 15:42:02 | 000,000,000 | ---D | C] -- C:\Users\Frost\AppData\Roaming\hellomoto > in the current context!
Error: Unable to interpret <[2012.07.22 15:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job > in the current context!
Error: Unable to interpret <[2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe > in the current context!
Error: Unable to interpret < > in the current context!
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Frost\Desktop\cmd.bat deleted successfully.
C:\Users\Frost\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Frost
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 11637563 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 67584 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
Session Manager Temp folder emptied: 0 bytes
Session Manager Tmp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 11,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Frost
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07222012_224727

Files\Folders moved on Reboot...
C:\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         

Ja, die brauche ich.

Du hast den Fix falsch oder nicht vollstaendig eingegeben.
Nochmal. Anleitung beachten.

Jetzt schaut das Log so aus:

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
Service MEMSWEEP2 stopped successfully!
Service MEMSWEEP2 deleted successfully!
File  C:\Windows\SysNative\79F.tmp  not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
File C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\secproc_ssp not found.
File C:\Users\Frost\AppData\Local\Microsoft\Windows\187\secproc_ssp.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a3022ed-b78d-11e1-a6cf-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a3022ed-b78d-11e1-a6cf-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a3022ed-b78d-11e1-a6cf-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a3022ed-b78d-11e1-a6cf-005056c00008}\ not found.
File F:\LaunchU3.exe -a not found.
File/Folder C:\Windows\SysNative\*.tmp not found.
C:\Users\Frost\AppData\Roaming\hellomoto folder moved successfully.
File C:\Windows\tasks\Adobe Flash Player Updater.job not found.
C:\Windows\MusiccityDownload.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Frost\Desktop\cmd.bat deleted successfully.
C:\Users\Frost\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Frost
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
Session Manager Temp folder emptied: 180736 bytes
Session Manager Tmp folder emptied: 65536 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 0,00 mb
         

Allerdings funktioniert Flash nicht mehr (obwohl noch in Systemsteuerung installiert) und die Windows Dateiausführungsverhinderung war auf "super nervig" gestellt... sollte das automatisch so sein nach dem Fix?

Ja, kannst sie wieder etwas runtersetzen.

Flash gibs hier:
Flash Player Download - Flash Player 11.3.300.257 (Non-IE) 64-bit
Flash Player Download - Flash Player 11.3.300.257 (IE) 64-bit


1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.22.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Frost :: FLX [Administrator]

23.07.2012 00:58:12
mbam-log-2012-07-23 (00-58-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 307168
Laufzeit: 3 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Kann man eigentlich definitiv sagen wie der Trojaner ins System gelangt ist? Als es passiert ist war ausschließlich Firefox offen und ich hab aus einer Googlesuche heraus ein paar Hintergrundtabs geöffnet.
Da kommen doch eigentlich nur Firefox/Flash/Java als Sicherheitslücke in betracht, oder?

Zitat:

Da kommen doch eigentlich nur Firefox/Flash/Java als Sicherheitslücke in betracht, oder?

Richtig. Spaeter mehr.

• Schließe alle offenen Programme und Browser.
• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Delete.
• Bestätige jeweils mit Ok.
• Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v1.703 - Logfile created 07/23/2012 at 01:37:31
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Frost - FLX
# Running from : C:\Download\#AntiVirus\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default 
File : C:\Users\Frost\AppData\Roaming\Mozilla\Firefox\Profiles\mxojo6vz.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [708 octets] - [23/07/2012 01:37:31]

########## EOF - C:\AdwCleaner[S2].txt - [835 octets] ##########
         

Code: Alles auswählenAufklappen

ATTFilter

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 23.07.2012 01:41:24

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	23.07.2012 01:41:59

C:\Users\Frost\DoctorWeb\Quarantine\2e002d9c-7f0b79c0 -> com\bitcoinplus\applet\MiningApplet.class 	gefunden: Java.Bitcoin!E2

Gescannt	565261
Gefunden	1

Scan Ende:	23.07.2012 01:46:11
Scan Zeit:	0:04:12
         

Aus dem Quarantäneverzeichniss kann man die Datei gefahrlos löschen, oder?

Ja, lass loeschen!



Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

• Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
• Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
• Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

• Lade und starte Eset Smartinstaller
• Haken setzen bei YES, I accept the Terms of Use.
• Klick auf Start.
• Haken setzen bei Remove found threads und Scan archives.
• Klick auf Start.
• Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Finish drücken.
• Browser schließen.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Puh, das hat ganz schön gedauert...

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e7a1e74b1cbad94fb70bd46a5a336ec2
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-23 12:40:06
# local_time=2012-07-23 02:40:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 0 94631754 0 0
# compatibility_mode=8192 67108863 100 0 11084 11084 0 0
# scanned=509785
# found=0
# cleaned=0
# scan_time=2122
         

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

• Downloade dir bitte die neueste Java-Version von hier
• Speichere die jxpiinstall.exe
• Schließe alle laufenden Programme. Speziell deinen Browser.
• Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
• Wenn die Installation beendet wurde
  Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
• Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

• Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
• Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
• Klicke auf Dateien löschen....
• Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
• Klicke erneut OK.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Könnte es ein Sicherheitsproblem darstellen wenn ich Java 7U5 sowohl in 32 als auch 64bit gleichzeitig drauf hab (wegen Firefox nötig)? Oder muss ich bloß beide aktuell halten um zukünftige Infektionen zu vermeiden?