GVU Trojaner mit webcam

maranko · 23.07.2012, 12:45

Hallo Ihr Lieben

nach dem Virenscan habe ich einen verdächtigen Fund entsprechend der Empfehlung von Avira in die Quarantäne verschoben - dachte alles wäre wieder OK. Nach dem Neustart mußte ich jedoch feststellen, dass mein PC gar nicht mehr reagiert: er wurde durch diesen neuen GVU Trojaner komplett gesperrt und kann somit nicht mehr benutzt werden.
Auf meiner Recherche bin ich auf Eure Internetseite aufmerksam geworden, habe bereits einige Themen durchgelesen und wollte Euch auch um Hilfe bitten - allerdings weiß ich nicht, wie ich den PC überhaupt zum Laufen wieder bringen kann, so dass ich Euch den Scanprotokoll zur Prüfung zuschicken soll. Es ist nämlich keine Anmeldung möglich.
Wie soll ich jetzt vorgehen

Vielen Dank vorab schon für eure Unterstützung

t'john · 23.07.2012, 18:36

Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.

Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.

maranko · 24.07.2012, 06:48

DANKE t´john für die schnelle Rückmeldung ;o)

Ich muss mir zuerst einen zweiten PC besorgen...
wenn ich soweit bin, werde ich Euch die Scanergebnisse weiterleiten.

Viele Grüße
maranko

maranko · 30.07.2012, 21:03

hallo t`john

da bin ich wieder...
ich habe endlich meinen PC "durchleuchtet" - zuerst mit MALWARE, es kam lediglich das daraus :

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.03.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
anko :: ANKO-PC [Administrator]

Schutz: Aktiviert

29.07.2012 19:23:07
mbam-log-2012-07-29 (19-23-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 420179
Laufzeit: 2 Stunde(n), 34 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\fcn (Rogue.Residue) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

da ich aber weiß, dass mein PC definitiv diesen "GVU-Trojaner" drauf hat - habe ich einen weiteren Scan mit Emsisoft-Emergency Kit durchgeführt - oder besser gesagt, habe ich es versucht ... leider habe ich bei allen vier Versuchen, nie geschafft, den Scan zu Ende durch zu bekommen ;o( Im Abstand von ein paar Minuten kam nämlich andauernd die Fehlermeldung :

Windows Hostprozess Rundll32 funktioniert nicht mehr

das kam so oft vor, bis irgendwann der PC komplett gesperrt war und ich wirklich nur noch den Stecker ziehen konnte

heute habe ich nochmals versucht und auch diesmal kam diese Fehlermeldung sehr oft vor - so dass ich nach ungefähr einer Stunde Wartezeit (der Scan ging gar nicht mehr voran) abgebrochen habe...

Hier kommt der Bericht nach dem Teil-Scanvorgang :

Emsisoft Emergency Kit - Version 2.0
Letztes Update: N/A

Scan Einstellungen:

Scan Methode: Smart Scan
Objekte: Rootkits, Speicher, Traces, C:\Windows\, C:\Program Files\
Archiv Scan: Aus
ADS Scan: An

Scan Beginn: 30.07.2012 17:09:04

c:\users\anko\appdata\local\temp\rool0_pk.exe gefunden: Trojan.Dropper.Win32.Injector.fkqc.AMN!E1
c:\users\anko\appdata\roaming\microsoft\windows\start menu\programs\startup\ctfmon.lnk gefunden: Trace.File.screenlocker!E1
Value: hkey_current_user\software\k++ --> applicationname gefunden: Trace.Registry.kazaa lite resurrection!E1
Value: hkey_current_user\software\k++ --> kazaastartpage gefunden: Trace.Registry.kazaa lite resurrection!E1

Gescannt 542991
Gefunden 4

Scan Ende: 30.07.2012 20:34:22
Scan Zeit: 3:25:18

und hier das Protokoll aus dem Emsisoft-Ordner Quarantäne

Emergency Kit v. 2.0.0.9
(C) 2003-2012 Emsisoft - www.emsisoft.com

ID Object
0 c:\users\anko\appdata\local\temp\rool0_pk.exe Trojan.Dropper.Win32.Injector.fkqc.AMN!E1
1 c:\users\anko\appdata\roaming\microsoft\windows\start menu\programs\startup\ctfmon.lnk Trace.File.screenlocker!E1
2 c:\users\anko\appdata\local\temp\rool0_pk.exe Trojan.Dropper.Win32.Injector.fkqc.AMN!E1
3 c:\users\anko\appdata\local\temp\rool0_pk.exe Trojan.Dropper.Win32.Injector.fkqc.AMN!E1

nun bin ich fix und fertig - und mein PC vermutlich genauso

ich hoffe sehr, dass Du ein paar Minuten findest, um dich damit auseinander zu setzen und mir zu helfen

für deine Unterstützung und lieben Gruß
maranko

t'john · 30.07.2012, 21:19

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

maranko · 31.07.2012, 18:59

hallo zurück...

hier kommt das Ergebnis
DANKE schon mal für die Auswertung
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 31.07.2012 19:26:00 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\anko\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1021,76 Mb Total Physical Memory | 380,04 Mb Available Physical Memory | 37,19% Memory free
2,25 Gb Paging File | 1,20 Gb Available in Paging File | 53,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141,04 Gb Total Space | 54,95 Gb Free Space | 38,96% Space Free | Partition Type: NTFS
 
Computer Name: ANKO-PC | User Name: anko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.31 19:13:56 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\anko\Desktop\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.05.08 19:42:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 19:42:17 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 19:42:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 19:42:17 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.21 15:23:42 | 000,391,760 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingBar.exe
PRC - [2011.10.21 15:23:42 | 000,259,664 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingApp.exe
PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.04.11 08:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.09.11 15:50:28 | 000,804,144 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!DSL\StCenter.exe
PRC - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
PRC - [2006.11.20 22:08:50 | 000,228,088 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006.11.20 22:08:46 | 000,017,656 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006.11.09 11:57:52 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.11.02 21:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.29 18:04:41 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012.07.29 18:02:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.07.29 17:34:32 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.07.29 17:26:10 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.07.29 17:25:44 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.07.20 23:17:41 | 000,196,008 | ---- | M] () -- C:\Users\anko\AppData\Local\Temp\rool0_pk.exe
MOD - [2009.06.16 14:03:58 | 000,053,248 | ---- | M] () -- C:\Windows\System32\dossec.dll
MOD - [2009.03.30 06:42:13 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.06.16 17:18:20 | 000,032,768 | ---- | M] () -- C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\AmvTransform.dll
MOD - [2006.11.20 21:33:28 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2012.07.10 20:26:30 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.08 19:42:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 19:42:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.07 20:45:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.08.07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2006.11.02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Unknown] -- C:\Windows\system32\drivers\usbzphp0.sys -- (usbzphp0)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.07.29 22:22:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.07.23 06:55:18 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Users\anko\Desktop\Run\a2ddax86.sys -- (A2DDA)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.08 19:42:18 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 19:42:18 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.12.15 12:19:08 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2011.12.15 12:19:02 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2011.12.15 12:19:02 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2010.07.10 06:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.09.22 04:20:42 | 000,043,520 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6v.sys -- (FETND6V)
DRV - [2006.11.01 22:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
IE - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage
IE - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\..\SearchScopes\{0E502294-DDB1-4970-BF85-BB9EAF3AE211}: "URL" = hxxp://go.gmx.net/suchbox/ie_amazon/?keywords={searchTerms}
IE - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.gmx.net/br/ie9_search_pic/?su={searchTerms}
IE - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.gmx.net/br/ie9_search_produkte/?su={searchTerms}
IE - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\..\SearchScopes\{B547DBD8-D4C3-47D5-B407-B88013C5206E}: "URL" = hxxp://wa.ui-portal.de/gmx/gmx/s?produkte.browser.link.ebaysuche&s_brand=gmx&t_link=ebaysuche&ns_type=clickin&ns_url=hxxp://rover.ebay.com/rover/1/707-52222-30040-7/4?mpre=hxxp://shop.ebay.de/?_sacat=See-All-Categories&_nkw={searchTerms}
IE - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.gmx.net/br/ie9_search_maps/?su={searchTerms}
IE - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;127.0.0.1:9421;
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2011.08.02 17:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anko\AppData\Roaming\mozilla\Firefox\Profiles\hpb5uy2a.default\extensions
[2008.12.22 10:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008.12.09 23:04:23 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O3 - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TaskTray]  File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002..\Run: [AdobeBridge]  File not found
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://navigram.com/engine/v1026/Navigram.cab (Navigram Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55E82194-6A37-4B48-A712-E50A70C9CF74}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1DCDC55F-224C-D5A8-E206-7F3544C3A9F6} - Microsoft Windows Media Player 11.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9A99125F-1340-B2EE-86C1-6FC9B6D36CB1} - Microsoft Windows Media Player 11.0
ActiveX: {A38B334A-A0A2-436D-BAA0-34FE5E517E44} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{C2703F05-CFFE-42D2-B663-C1DF703116F4} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.31 19:23:03 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\anko\Desktop\OTL.exe
[2012.07.30 16:34:07 | 000,000,000 | ---D | C] -- C:\207e89681b67faf817
[2012.07.29 22:54:56 | 000,000,000 | ---D | C] -- C:\Users\anko\Desktop\Languages
[2012.07.29 22:53:40 | 000,000,000 | ---D | C] -- C:\Users\anko\Desktop\Run
[2012.07.29 22:22:14 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.29 19:21:30 | 000,000,000 | ---D | C] -- C:\Users\anko\AppData\Roaming\Malwarebytes
[2012.07.29 19:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.29 19:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.29 19:20:56 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.29 19:20:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.23 06:55:16 | 001,587,624 | ---- | C] (Emsi Software GmbH) -- C:\Users\anko\Desktop\start.exe
[2012.07.19 19:47:49 | 000,000,000 | ---D | C] -- C:\a12f234ff80ade6ac65b
[2012.07.04 22:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Navigram
[2010.03.19 18:11:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\anko\AppData\Roaming\pcouffin.sys
[2007.12.07 23:25:06 | 001,325,568 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\anko\No23Recorder.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\anko\Desktop\*.tmp files -> C:\Users\anko\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.31 19:34:20 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.31 19:32:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.31 19:30:02 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie.job
[2012.07.31 19:30:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator.job
[2012.07.31 19:28:35 | 000,644,274 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.31 19:28:35 | 000,609,118 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.31 19:28:35 | 000,132,724 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.31 19:28:35 | 000,109,498 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.31 19:21:44 | 000,000,272 | ---- | M] () -- C:\Users\anko\Desktop\OTL - Verknüpfung.lnk
[2012.07.31 19:13:56 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\anko\Desktop\OTL.exe
[2012.07.31 19:11:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 19:11:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 19:04:35 | 000,000,299 | ---- | M] () -- C:\Users\anko\Desktop\OTLPENet - Verknüpfung.lnk
[2012.07.31 17:12:29 | 000,036,821 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.07.31 17:11:15 | 000,036,821 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.07.31 17:10:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.30 20:39:02 | 000,001,721 | ---- | M] () -- C:\Users\anko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.30 20:00:00 | 000,000,594 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security Online - Systemprüfung ausführen - anko.job
[2012.07.29 22:53:06 | 000,000,333 | ---- | M] () -- C:\Users\anko\Desktop\EmsisoftEmergencyKit2009 - Verknüpfung.lnk
[2012.07.29 22:22:40 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.29 22:22:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.29 17:46:56 | 000,027,136 | ---- | M] () -- C:\Users\anko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.29 17:23:03 | 002,439,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.23 06:55:18 | 000,000,112 | ---- | M] () -- C:\Users\anko\Desktop\autorun.inf
[2012.07.23 06:55:16 | 001,587,624 | ---- | M] (Emsi Software GmbH) -- C:\Users\anko\Desktop\start.exe
[2012.07.23 06:55:06 | 000,000,060 | ---- | M] () -- C:\Users\anko\Desktop\CommandlineScanner.bat
[2012.07.23 06:55:06 | 000,000,056 | ---- | M] () -- C:\Users\anko\Desktop\EmergencyKitScanner.bat
[2012.07.20 23:51:50 | 004,503,728 | ---- | M] () -- C:\ProgramData\kp_0loor.pad
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\anko\Desktop\*.tmp files -> C:\Users\anko\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.31 19:21:44 | 000,000,272 | ---- | C] () -- C:\Users\anko\Desktop\OTL - Verknüpfung.lnk
[2012.07.31 19:04:35 | 000,000,299 | ---- | C] () -- C:\Users\anko\Desktop\OTLPENet - Verknüpfung.lnk
[2012.07.29 22:53:06 | 000,000,333 | ---- | C] () -- C:\Users\anko\Desktop\EmsisoftEmergencyKit2009 - Verknüpfung.lnk
[2012.07.29 19:21:02 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.23 06:55:18 | 000,000,112 | ---- | C] () -- C:\Users\anko\Desktop\autorun.inf
[2012.07.23 06:55:06 | 000,000,060 | ---- | C] () -- C:\Users\anko\Desktop\CommandlineScanner.bat
[2012.07.23 06:55:06 | 000,000,056 | ---- | C] () -- C:\Users\anko\Desktop\EmergencyKitScanner.bat
[2012.07.20 23:17:47 | 000,001,721 | ---- | C] () -- C:\Users\anko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.20 23:17:46 | 004,503,728 | ---- | C] () -- C:\ProgramData\kp_0loor.pad
[2011.05.26 23:29:03 | 000,132,492 | ---- | C] () -- C:\Users\anko\HTT_2011_428_20110526_Eil
[2010.06.12 20:03:44 | 000,000,092 | ---- | C] () -- C:\Users\anko\AppData\Local\fusioncache.dat
[2010.06.05 10:29:31 | 000,002,432 | ---- | C] () -- C:\Users\anko\AppData\Local\TempbP4008.html
[2010.06.05 10:29:31 | 000,002,089 | ---- | C] () -- C:\Users\anko\AppData\Local\TempNV4008.html
[2010.06.04 23:18:42 | 000,002,432 | ---- | C] () -- C:\Users\anko\AppData\Local\TempLC5204.html
[2010.06.04 23:18:42 | 000,002,089 | ---- | C] () -- C:\Users\anko\AppData\Local\TempuM5204.html
[2010.06.04 21:01:39 | 000,002,432 | ---- | C] () -- C:\Users\anko\AppData\Local\TemplKn840.html
[2010.06.04 21:01:39 | 000,002,089 | ---- | C] () -- C:\Users\anko\AppData\Local\Tempzzc840.html
[2010.06.04 18:48:34 | 000,002,432 | ---- | C] () -- C:\Users\anko\AppData\Local\TemplA5712.html
[2010.06.04 18:48:34 | 000,002,089 | ---- | C] () -- C:\Users\anko\AppData\Local\TempZK5712.html
[2010.06.03 17:53:55 | 000,002,432 | ---- | C] () -- C:\Users\anko\AppData\Local\Tempbg4956.html
[2010.06.03 17:53:55 | 000,002,089 | ---- | C] () -- C:\Users\anko\AppData\Local\TempnA4956.html
[2010.06.03 10:00:42 | 000,002,432 | ---- | C] () -- C:\Users\anko\AppData\Local\TempLw5420.html
[2010.06.03 10:00:42 | 000,002,089 | ---- | C] () -- C:\Users\anko\AppData\Local\TempMu5420.html
[2010.06.02 21:02:20 | 000,002,432 | ---- | C] () -- C:\Users\anko\AppData\Local\TempIn2280.html
[2010.06.02 21:02:20 | 000,002,089 | ---- | C] () -- C:\Users\anko\AppData\Local\TempRt2280.html
[2010.06.02 21:01:29 | 000,002,432 | ---- | C] () -- C:\Users\anko\AppData\Local\TempDu2280.html
[2010.03.19 18:14:36 | 000,001,057 | ---- | C] () -- C:\Users\anko\AppData\Roaming\vso_ts_preview.xml
[2010.03.19 18:11:28 | 000,087,608 | ---- | C] () -- C:\Users\anko\AppData\Roaming\inst.exe
[2010.03.19 18:11:28 | 000,007,887 | ---- | C] () -- C:\Users\anko\AppData\Roaming\pcouffin.cat
[2010.03.19 18:11:27 | 000,001,144 | ---- | C] () -- C:\Users\anko\AppData\Roaming\pcouffin.inf
[2010.03.03 23:57:40 | 001,136,208 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
[2010.01.10 16:09:15 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.01.10 16:09:15 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.03.12 20:50:04 | 000,288,627 | ---- | C] () -- C:\Users\anko\AppData\Local\aqwwi_nav.dat
[2009.03.12 20:50:04 | 000,003,606 | ---- | C] () -- C:\Users\anko\AppData\Local\aqwwi.dat
[2009.03.12 20:50:04 | 000,000,322 | ---- | C] () -- C:\Users\anko\AppData\Local\aqwwi_navps.dat
[2009.01.20 20:30:53 | 000,000,087 | ---- | C] () -- C:\Users\anko\AppData\Local\soigmgk.bat
[2007.11.13 23:40:19 | 000,027,136 | ---- | C] () -- C:\Users\anko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.03.12 18:59:00 | 000,299,008 | ---- | C] () -- C:\Program Files\navigram_register.exe
 
========== LOP Check ==========
 
[2010.03.19 00:32:58 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\AnvSoft
[2008.08.29 19:14:55 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\Babylon
[2011.12.11 21:56:08 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\elsterformular
[2010.03.18 22:25:20 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\FreeAudioPack
[2008.06.04 22:07:18 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\FRITZ!
[2010.05.08 14:57:35 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\MAGIX
[2011.05.08 21:20:48 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\mresreg
[2009.12.07 22:34:29 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\MusicMP3Get
[2007.12.05 20:39:27 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\Packard Bell
[2009.12.18 23:56:11 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\streamripper
[2007.10.27 18:23:16 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\tunebite
[2010.06.12 23:01:52 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\UseNeXT
[2010.03.19 22:13:51 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\Vso
[2012.07.31 19:30:02 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\Erweiterte Garantie.job
[2012.07.31 19:30:00 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\Recovery DVD Creator.job
[2012.07.30 20:58:53 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.05.27 21:56:05 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\Adobe
[2010.03.19 00:32:58 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\AnvSoft
[2010.01.28 20:51:12 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\Apple Computer
[2012.02.09 00:18:42 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\Avira
[2009.12.17 23:25:37 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\AVS4YOU
[2008.08.29 19:14:55 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\Babylon
[2008.03.13 18:54:22 | 000,000,000 | R--D | M] -- C:\Users\anko\AppData\Roaming\Brother
[2010.04.21 20:29:13 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\Corel
[2010.06.13 15:49:04 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\DivX
[2010.03.19 22:10:30 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\dvdcss
[2011.12.11 21:56:08 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\elsterformular
[2010.03.18 22:25:20 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\FreeAudioPack
[2008.06.04 22:07:18 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\FRITZ!
[2007.10.27 14:57:57 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\Google
[2007.10.26 21:07:20 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\Identities
[2007.10.27 09:34:25 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\Macromedia
[2010.05.08 14:57:35 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\MAGIX
[2012.07.29 19:21:30 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\Malwarebytes
[2011.05.27 21:56:05 | 000,000,000 | --SD | M] -- C:\Users\anko\AppData\Roaming\Microsoft
[2008.12.09 23:12:39 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\Mozilla
[2011.05.08 21:20:48 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\mresreg
[2009.12.07 22:34:29 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\MusicMP3Get
[2007.12.05 20:39:27 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\Packard Bell
[2009.12.09 21:32:22 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\Real
[2007.12.21 22:21:31 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\Roxio
[2011.03.15 23:49:35 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\Skype
[2010.11.10 19:06:43 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\skypePM
[2009.12.18 23:56:11 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\streamripper
[2008.02.13 16:40:19 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\Symantec
[2007.10.27 18:23:16 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\tunebite
[2010.06.12 23:01:52 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\UseNeXT
[2010.06.12 20:13:54 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\vlc
[2010.03.19 22:13:51 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\Vso
[2011.07.22 20:08:27 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\Winamp
 
< %APPDATA%\*.exe /s >
[2010.03.19 18:11:28 | 000,087,608 | ---- | M] () -- C:\Users\anko\AppData\Roaming\inst.exe
[2010.01.11 20:07:14 | 000,003,584 | R--- | M] () -- C:\Users\anko\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
[2010.01.11 23:06:16 | 000,010,134 | R--- | M] () -- C:\Users\anko\AppData\Roaming\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_0BE142F207011DCE1557E8.exe
[2010.01.11 23:06:16 | 000,001,518 | R--- | M] () -- C:\Users\anko\AppData\Roaming\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_0D3558C4434A1C598D6FAA.exe
[2010.01.11 23:06:16 | 000,001,078 | R--- | M] () -- C:\Users\anko\AppData\Roaming\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_12C4F2192E2964FB6B5B2C.exe
[2010.01.11 23:06:16 | 000,000,766 | R--- | M] () -- C:\Users\anko\AppData\Roaming\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_6FEFF9B68218417F98F549.exe
[2010.01.11 23:06:16 | 000,002,550 | R--- | M] () -- C:\Users\anko\AppData\Roaming\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_BEBC7E9B550B807D255107.exe
[2010.01.11 23:06:16 | 000,001,078 | R--- | M] () -- C:\Users\anko\AppData\Roaming\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_C86848DD3D088397791DA0.exe
[2009.12.05 20:12:41 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\anko\AppData\Roaming\Real\Update\setup3.09\setup.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.15 18:31:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.15 18:31:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.15 18:31:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.10.26 21:23:18 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.10.26 21:23:18 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.06.16 14:03:58 | 000,053,248 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\dossec.dll
[2009.06.16 14:03:56 | 000,126,976 | ---- | M] ( ) Unable to obtain MD5 -- C:\Windows\system32\Interop.SHDocVw.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\anko\Documents\MFC-240C:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anko\Documents\Magix Photos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anko\Documents\eigene dateien:Roxio EMC Stream
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:FB1B13D8

< End of report >

--- --- ---

t'john · 31.07.2012, 19:04

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
MOD - [2012.07.20 23:17:41 | 000,196,008 | ---- | M] () -- C:\Users\anko\AppData\Local\Temp\rool0_pk.exe 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) 
SRV - [2012.07.10 20:26:30 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai) 
DRV - File not found [Kernel | System | Unknown] -- C:\Windows\system32\drivers\usbzphp0.sys -- (usbzphp0) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) 
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) 
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 
IE - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) 
IE - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\..\SearchScopes\{0E502294-DDB1-4970-BF85-BB9EAF3AE211}: "URL" = http://go.gmx.net/suchbox/ie_amazon/?keywords={searchTerms} 
IE - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = http://go.gmx.net/br/ie9_search_pic/?su={searchTerms} 
IE - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de 
IE - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = http://go.gmx.net/br/ie9_search_produkte/?su={searchTerms} 
IE - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\..\SearchScopes\{B547DBD8-D4C3-47D5-B407-B88013C5206E}: "URL" = http://wa.ui-portal.de/gmx/gmx/s?produkte.browser.link.ebaysuche&s_brand=gmx&t_link=ebaysuche&ns_type=clickin&ns_url=http://rover.ebay.com/rover/1/707-52222-30040-7/4?mpre=http://shop.ebay.de/?_sacat=See-All-Categories&_nkw={searchTerms} 
IE - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = http://go.gmx.net/br/ie9_search_maps/?su={searchTerms} 
IE - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;127.0.0.1:9421; 
FF - prefs.js..browser.search.defaultenginename: "Google" 
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" 
FF - prefs.js..browser.search.selectedEngine: "Google" 
FF - user.js - File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - No CLSID value found. 
O3 - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. 
O3 - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found. 
O3 - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. 
O4 - HKLM..\Run: [TaskTray] File not found 
O4 - HKU\S-1-5-21-1842106849-2115837362-4146903835-1002..\Run: [AdobeBridge] File not found 
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found 
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) 
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found 
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () 
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) 
MsConfig - State: "startup" - 2 
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error. 

[2012.07.30 20:39:02 | 000,001,721 | ---- | M] () -- C:\Users\anko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 

[2012.07.20 23:51:50 | 004,503,728 | ---- | M] () -- C:\ProgramData\kp_0loor.pad 

@Alternate Data Stream - 76 bytes -> C:\Users\anko\Documents\MFC-240C:Roxio EMC Stream 
@Alternate Data Stream - 76 bytes -> C:\Users\anko\Documents\Magix Photos:Roxio EMC Stream 
@Alternate Data Stream - 76 bytes -> C:\Users\anko\Documents\eigene dateien:Roxio EMC Stream 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:FB1B13D8 

[2012.07.23 06:55:06 | 000,000,060 | ---- | M] () -- C:\Users\anko\Desktop\CommandlineScanner.bat 
[2012.07.23 06:55:06 | 000,000,056 | ---- | M] () -- C:\Users\anko\Desktop\EmergencyKitScanner.bat 
[2012.07.31 19:34:20 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.07.31 19:32:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.07.31 19:30:02 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie.job 
[2012.07.31 19:30:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator.job 
[2012.07.30 20:00:00 | 000,000,594 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security Online - Systemprüfung ausführen - anko.job 
[2008.08.29 19:14:55 | 000,000,000 | ---D | M] -- C:\Users\anko\AppData\Roaming\Babylon 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

maranko · 31.07.2012, 20:15

HILFE t`john !!!

jetzt hängt der PC komplett ;o(
ich habe dein Skript eingefügt und auf Fix geklickt, dann ging es höchstens zwei Minuten gut und seit längerer Zeit geht es leider nicht weiter ;o(
das einzige, was ich noch erkennen kann, ist folgende Mitteilung:
Processing SafeBootMin NTDS - File not found
ActiveX - RegError : Value Error
außerdem ist das Bild viel heller geworden, so wie Wasserzeichen
und oben - neben den Namen OTL steht ganz Zeit - keine Rückmeldung

was nun ?

Danke und LG
maranko

t'john · 31.07.2012, 22:25

Hab den Fix agepasst.
Neustarten.
Nochmal versuchen.

maranko · 01.08.2012, 20:12

hi ;o)

jetzt hat´s funktioniert... DANKE !!!
hier das Ergebnis :

All processes killed
========== OTL ==========
Error: No service named Automatisches LiveUpdate - Scheduler was found to stop!
Service\Driver key Automatisches LiveUpdate - Scheduler not found.
File C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe not found.
Error: No service named Akamai was found to stop!
Service\Driver key Akamai not found.
File c:\program files\common files\akamai/netsession_win_4f7fccd.dll not found.
Error: No service named usbzphp0 was found to stop!
Service\Driver key usbzphp0 not found.
File C:\Windows\system32\drivers\usbzphp0.sys not found.
Error: No service named SymIMMP was found to stop!
Service\Driver key SymIMMP not found.
File system32\DRIVERS\SymIM.sys not found.
Error: No service named NwlnkFwd was found to stop!
Service\Driver key NwlnkFwd not found.
File system32\DRIVERS\nwlnkfwd.sys not found.
Error: No service named NwlnkFlt was found to stop!
Service\Driver key NwlnkFlt not found.
File system32\DRIVERS\nwlnkflt.sys not found.
Error: No service named IpInIp was found to stop!
Service\Driver key IpInIp not found.
File system32\DRIVERS\ipinip.sys not found.
Error: No service named blbdrive was found to stop!
Service\Driver key blbdrive not found.
File C:\Windows\system32\drivers\blbdrive.sys not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\ not found.
File C:\Program Files\Winamp Toolbar\winamptb.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1842106849-2115837362-4146903835-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\ not found.
File C:\Program Files\Winamp Toolbar\winamptb.dll not found.
HKEY_USERS\S-1-5-21-1842106849-2115837362-4146903835-1002\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1842106849-2115837362-4146903835-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0E502294-DDB1-4970-BF85-BB9EAF3AE211}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E502294-DDB1-4970-BF85-BB9EAF3AE211}\ not found.
Registry key HKEY_USERS\S-1-5-21-1842106849-2115837362-4146903835-1002\Software\Microsoft\Internet Explorer\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40064957-18EB-412d-9146-3F57E8D92EEC}\ not found.
Registry key HKEY_USERS\S-1-5-21-1842106849-2115837362-4146903835-1002\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-1842106849-2115837362-4146903835-1002\Software\Microsoft\Internet Explorer\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D27B32E-89EE-460e-82D2-5FC354078EAD}\ not found.
Registry key HKEY_USERS\S-1-5-21-1842106849-2115837362-4146903835-1002\Software\Microsoft\Internet Explorer\SearchScopes\{B547DBD8-D4C3-47D5-B407-B88013C5206E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B547DBD8-D4C3-47D5-B407-B88013C5206E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1842106849-2115837362-4146903835-1002\Software\Microsoft\Internet Explorer\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}\ not found.
HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1842106849-2115837362-4146903835-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Google" removed from browser.search.defaultenginename
Prefs.js: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" removed from browser.search.defaulturl
Prefs.js: "Google" removed from browser.search.selectedEngine
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ not found.
File C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
File C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ not found.
Registry value HKEY_USERS\S-1-5-21-1842106849-2115837362-4146903835-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-1842106849-2115837362-4146903835-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found.
Registry value HKEY_USERS\S-1-5-21-1842106849-2115837362-4146903835-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TaskTray not found.
Registry value HKEY_USERS\S-1-5-21-1842106849-2115837362-4146903835-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Adobe ARM\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Adobe Reader Speed Launcher\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\DivXUpdate\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\WinampAgent\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
C:\Users\anko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
C:\ProgramData\kp_0loor.pad moved successfully.
ADS C:\Users\anko\Documents\MFC-240C:Roxio EMC Stream deleted successfully.
ADS C:\Users\anko\Documents\Magix Photos:Roxio EMC Stream deleted successfully.
ADS C:\Users\anko\Documents\eigene dateien:Roxio EMC Stream deleted successfully.
ADS C:\ProgramData\TEMP:FB1B13D8 deleted successfully.
C:\Users\anko\Desktop\CommandlineScanner.bat moved successfully.
C:\Users\anko\Desktop\EmergencyKitScanner.bat moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\Erweiterte Garantie.job moved successfully.
C:\Windows\Tasks\Recovery DVD Creator.job moved successfully.
C:\Windows\Tasks\Norton Internet Security Online - Systemprüfung ausführen - anko.job moved successfully.
C:\Users\anko\AppData\Roaming\Babylon folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\anko\Desktop\cmd.bat deleted successfully.
C:\Users\anko\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: anko
->Temp folder emptied: 3393171890 bytes
->Temporary Internet Files folder emptied: 1658966547 bytes
->Java cache emptied: 81156295 bytes
->FireFox cache emptied: 941045 bytes
->Google Chrome cache emptied: 22854866 bytes
->Apple Safari cache emptied: 14336 bytes
->Flash cache emptied: 194270 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 669660341 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5.557,00 mb

[EMPTYFLASH]

User: All Users

User: anko
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.55.0 log created on 08012012_205256

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP0000003F96F786B9E57F7F12 not found!

PendingFileRenameOperations files...
File C:\Windows\temp\TMP0000003F96F786B9E57F7F12 not found!

Registry entries deleted on Reboot...

t'john · 02.08.2012, 03:55

Sehr gut!

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

maranko · 02.08.2012, 22:58

DANKE t´john ;o)
ich möchte Dir keine Konkurrenz machen - bis 4:55 bleibe ich bestimmt nicht auf...
aber ich kann´s kaum abwarten, dass mein PC wieder gesund wird...

hier kommen die Resultate des heutigen Scans :

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.03.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
anko :: ANKO-PC [Administrator]

Schutz: Deaktiviert

02.08.2012 18:01:00
mbam-log-2012-08-02 (18-01-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 396901
Laufzeit: 2 Stunde(n), 46 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

und dann noch ADWCLEANER :

# AdwCleaner v1.800 - Logfile created 08/02/2012 at 23:39:03
# Updated 01/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : anko - ANKO-PC
# Running from : K:\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Users\anko\AppData\LocalLow\SweetIM
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\SweetIM
Folder Found : C:\ProgramData\Viewpoint
Folder Found : C:\ProgramData\Winamp Toolbar
Folder Found : C:\Program Files\Viewpoint
Folder Found : C:\Program Files\Winamp Toolbar

***** [H. Navipromo] *****

File Found : C:\Users\anko\AppData\Local\aqwwi.dat
File Found : C:\Users\anko\AppData\Local\aqwwi_nav.dat
File Found : C:\Users\anko\AppData\Local\aqwwi_navps.dat

***** [Registry] *****

Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A
Key Found : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
Key Found : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Winamp Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Found : HKLM\SOFTWARE\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\SOFTWARE\Viewpoint
Key Found : HKLM\SOFTWARE\Winamp Toolbar

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Users\anko\AppData\Roaming\Mozilla\Firefox\Profiles\hpb5uy2a.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\anko\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6241 octets] - [02/08/2012 20:50:55]
AdwCleaner[R2].txt - [6172 octets] - [02/08/2012 23:39:03]

########## EOF - C:\AdwCleaner[R2].txt - [6300 octets] ##########

und was sagt jetzt der "CHEFARZT" dazu ???
LG und bis morgen

maranko

t'john · 03.08.2012, 13:02

Sehr gut!

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

maranko · 05.08.2012, 21:46

hallo t´john
da bin ich wieder...habe alles nach deiner Anweisung gemacht

zuerst adwcleaner :

# AdwCleaner v1.800 - Logfile created 08/05/2012 at 13:55:42
# Updated 01/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : anko - ANKO-PC
# Running from : K:\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\anko\AppData\LocalLow\SweetIM
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\ProgramData\Winamp Toolbar
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\Winamp Toolbar

***** [H. Navipromo] *****

File Deleted : C:\Users\anko\AppData\Local\aqwwi.dat
File Deleted : C:\Users\anko\AppData\Local\aqwwi_nav.dat
File Deleted : C:\Users\anko\AppData\Local\aqwwi_navps.dat

***** [Registry] *****

Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A
Key Deleted : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
Key Deleted : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Winamp Toolbar

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Users\anko\AppData\Roaming\Mozilla\Firefox\Profiles\hpb5uy2a.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\anko\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6241 octets] - [02/08/2012 20:50:55]
AdwCleaner[R2].txt - [6301 octets] - [02/08/2012 23:39:03]
AdwCleaner[S1].txt - [6372 octets] - [05/08/2012 13:55:42]

########## EOF - C:\AdwCleaner[S1].txt - [6500 octets] ##########

dann emsisoft :

Emsisoft Anti-Malware - Version 6.6
Letztes Update: N/A

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 05.08.2012 14:06:24

C:\_OTL\MovedFiles\07312012_205920\C_Users\anko\AppData\Local\Temp\rool0_pk.exe gefunden: Trojan.Dropper.Win32.Injector.fkqc.AMN!E1

Gescannt 636720
Gefunden 1

Scan Ende: 05.08.2012 18:03:06
Scan Zeit: 3:56:42

C:\_OTL\MovedFiles\07312012_205920\C_Users\anko\AppData\Local\Temp\rool0_pk.exe Quarantäne Trojan.Dropper.Win32.Injector.fkqc.AMN!E1

Quarantäne 1

hier wurde erneut die Trojaner-Meldung angezeigt und ich habe den Fund in die Quarantäne verschoben, danach habe ich erneut mit emsisoft den Scan gemacht und es kam der Bericht raus :

msisoft Anti-Malware - Version 6.6
Letztes Update: N/A

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 05.08.2012 18:27:26

Gescannt 637000
Gefunden 0

Scan Ende: 05.08.2012 21:57:20
Scan Zeit: 3:29:54

das sieht schon viel besser aus, oder was meinst Du ???

Ich hoffe, wir sind mit der "Behandlung" bald am Ende...

DANKE und LG
maranko

t'john · 06.08.2012, 02:35

Sehr gut!

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

31.07.2012, 22:25	#9
t'john /// Helfer-Team	GVU Trojaner mit webcam Hab den Fix agepasst. Neustarten. Nochmal versuchen. __________________ Mfg, t'john Das TB unterstützen

GVU Trojaner mit webcam

Log-Analyse und Auswertung: GVU Trojaner mit webcam