GVU Trojaner Befall, Windows 7. Vermutlich nach Installation von infizierter Software

Allbande · 14.08.2012, 16:11

Ok,
also hier mal der Befall-Werdegang.

Infektion durch: Installierte Software
Wahrscheinlich das Desktop Geodreieck (falls genaue Bezeichnung wichtig, recherchier ich das nochmal)

Danach sperrte der Trojaner den Zugriff auf die Oberfläche.
Entsperrt mit Kaspersky Windows Unlocker [Kaspersky_Windows_Unlocker_log.txt].

Bevor der Trojaner sein häßliches Gesicht zeigte [Screenshots_Gvu_Trojaner.zip], habe ich mit Avira das System gescanned. Avira hat ne Menge gefunden, konnte den Virus scheinbar trotzdem nicht unschädlich machen. Hier sind die Detailinfos der Malware aus Avira [quarantaene.txt].

Hier ist der OTL Log:

Code:

ATTFilter

OTL logfile created on: 14.08.2012 16:33:07 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Alexander\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 67,87% Memory free
8,00 Gb Paging File | 6,63 Gb Available in Paging File | 82,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,21 Gb Total Space | 15,87 Gb Free Space | 8,52% Space Free | Partition Type: NTFS
Drive D: | 264,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ALEXANDER-PC | User Name: Alexander | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Alexander\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Lingoes\Translator2\Lingoes.exe (Lingoes Project)
PRC - C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe (SteelSeries)
PRC - C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMTray2.exe (SteelSeries)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Program Files (x86)\Timerle\Timerle.exe (JFSoftware)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Lingoes\Translator2\opentext22.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (TabletServiceWacom) -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (SearchAnonymizer) -- C:\Users\Alexander\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (DRHMSR64) -- C:\Windows\SysNative\drivers\DRHMSR64.sys ()
DRV:64bit: - (DRHARD64) -- C:\Windows\SysNative\drivers\DRHARD64.sys (Licensed for Gebhard Software)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SSMO3v2Filter) -- C:\Windows\SysNative\drivers\MO3v2Driver.sys (Sagatek Co. Ltd.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouKE) -- C:\Windows\SysNative\drivers\LMouKE.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (L8042mou) -- C:\Windows\SysNative\drivers\L8042mou.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation)
DRV:64bit: - (s0016unic) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation)
DRV:64bit: - (s0016mgmt) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation)
DRV:64bit: - (s0016nd5) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation)
DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0016bus) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation)
DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation)
DRV:64bit: - (UsbFltr) -- C:\Windows\SysNative\drivers\UsbFltr.sys (Waytech Development, Inc.)
DRV - (DRHMSR64) -- C:\Windows\SysWOW64\drivers\DRHMSR64.sys ()
DRV - (DRHARD64) -- C:\Windows\SysWOW64\drivers\DRHARD64.sys (Licensed for Gebhard Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 8C 66 6D BE 6F CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com.anonymize-me.de/?anonymto=687474703A2F2F73746172742E666163656D6F6F64732E636F6D2F3F613D64647226733D7B7365617263685465726D737D26663D34&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{62405F7F-AA9E-48D1-B5A3-81E97DC29562}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{7335A2E9-0889-4C97-852A-2DD5527B7B74}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{7F66A6CF-C178-4B87-9E18-447FF81AF0CA}: "URL" = hxxp://www.google.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E64652F7365617263683F713D7B7365617263685465726D737D&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{972A7DD6-D21D-4AA3-99F1-B6907ADB10B5}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{9F424BF0-E932-43D5-8B91-9BC7F7C542D5}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{D63F4B23-2084-4C0E-A541-B26AABDD955C}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{DC60E062-FF95-4F4D-9F63-53E8B30D4A5E}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Scroogle (SSL)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.5
FF - prefs.js..extensions.enabledItems: grwatcher@ajnasz.hu:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: dictlookup@arnhold.com:0.0.4
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.87
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {6BFD307A-C040-11DA-9749-FB1C850B47DF}:2.5.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: tiletabs@DW-dev:4.10
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..extensions.enabledItems: yyginstantplay@yoyogames.com:1.1.0.24
FF - prefs.js..extensions.ybookmarks@yahoo.original.keyword.conflicts.warn: false
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\ALEXAN~1\\AppData\\Local\\Temp\\proxtube.pac"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 20:38:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.30 11:41:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.03.29 18:34:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\inlinetranslate@inlinetranslate.com: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\inlinetranslate@inlinetranslate.com [2012.08.04 15:14:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\extension@preispilot.com
 
[2010.10.09 17:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Extensions
[2012.08.05 14:06:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions
[2011.06.28 13:40:44 | 000,000,000 | ---D | M] (Delicious Extension) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com
[2010.10.18 16:25:37 | 000,000,000 | ---D | M] (Dictionary (EN/DE)) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\dictlookup@arnhold.com
[2012.05.17 21:24:58 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\ich@maltegoetz.de
[2012.08.04 15:14:59 | 000,000,000 | ---D | M] (Translator) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\inlinetranslate@inlinetranslate.com
[2012.07.30 17:34:15 | 000,000,000 | ---D | M] (Print pages to PDF) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\printPages2Pdf@reinhold.ripper
[2012.08.04 15:15:05 | 000,001,819 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\searchplugins\scroogle-ssl-german-search.xml
[2012.08.04 15:15:05 | 000,001,382 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\searchplugins\scroogle-ssl.xml
[2012.08.04 15:15:05 | 000,001,870 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\searchplugins\{1A560199-E6AE-4E89-922C-D036DF3081CB}.xml
[2012.08.04 15:15:05 | 000,002,188 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\searchplugins\{34E64A6B-8666-4EE3-A859-767AA69D948E}.xml
[2012.08.04 15:15:05 | 000,002,077 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\searchplugins\{F226A978-CB94-4980-A382-1E0F65502212}.xml
[2012.06.17 19:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.03.17 14:09:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.03 18:46:18 | 000,140,964 | ---- | M] () (No name found) -- C:\USERS\ALEXANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CWP55AV2.DEFAULT\EXTENSIONS\FIREGESTURES@XULDEV.ORG.XPI
[2012.08.01 01:48:46 | 000,214,920 | ---- | M] () (No name found) -- C:\USERS\ALEXANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CWP55AV2.DEFAULT\EXTENSIONS\GMAILWATCHER@SONTHAKIT.XPI
[2012.02.14 13:35:18 | 000,029,003 | ---- | M] () (No name found) -- C:\USERS\ALEXANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CWP55AV2.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI
[2012.07.18 20:38:13 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.29 19:09:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.08.04 15:15:05 | 000,001,684 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.04 15:15:05 | 000,001,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.04 15:15:05 | 000,001,271 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.04 15:15:05 | 000,001,611 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2012.08.04 15:15:05 | 000,007,051 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.04 15:15:05 | 000,001,278 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.04 15:15:05 | 000,001,170 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.10.29 17:38:18 | 000,000,881 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 tictactoe.localhost
O1 - Hosts: 127.0.0.1 jquery.localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SteelSeries World of Warcraft Cataclysm MMO Gaming Mouse] C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe (SteelSeries)
O4 - HKCU..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe File not found
O4 - HKCU..\Run: [Lingoes] C:\Program Files (x86)\Lingoes\Translator2\Lingoes.exe (Lingoes Project)
O4 - HKCU..\Run: [Timerle] C:\Program Files (x86)\Timerle\Timerle.exe (JFSoftware)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Alexander\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Alexander\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E886633-3C63-4DB1-8DC6-E9BD28CCE249}: NameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{59b68bf2-daef-11e1-94df-0019663167d0}\Shell - "" = AutoRun
O33 - MountPoints2\{59b68bf2-daef-11e1-94df-0019663167d0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.14 18:07:26 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.08.14 16:31:45 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
[2012.08.10 13:21:37 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012.08.08 21:31:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MB-Ruler
[2012.08.05 21:46:14 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\kock
[2012.08.04 16:00:23 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Lingoes
[2012.08.04 16:00:23 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Lingoes
[2012.08.04 16:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lingoes
[2012.08.04 16:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Lingoes
[2012.08.04 16:00:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lingoes
[2012.08.04 15:30:54 | 000,218,624 | ---- | C] (Nar Dictionary) -- C:\Windows\SysWow64\WCapture.dll
[2012.08.04 15:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nar Dictionary
[2012.08.04 15:15:05 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Opera
[2012.08.04 15:15:00 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll
[2012.08.04 15:14:58 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\OCS
[2012.08.01 14:15:42 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\CAD-KAS
[2012.08.01 14:15:34 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Editor 3.3
[2012.08.01 14:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Editor 3.3
[2012.08.01 14:15:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Editor 3
[2012.07.31 20:35:32 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\WinRAR
[2012.07.31 11:17:01 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2012.07.31 11:16:35 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Canneverbe Limited
[2012.07.31 11:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012.07.31 11:16:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2012.07.24 22:27:38 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\Games for Windows - LIVE Demos
[2012.07.24 17:00:11 | 000,000,000 | ---D | C] -- C:\Users\Alexander\.m2
[2012.07.24 13:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\android-sdk
[2012.07.24 13:39:00 | 000,000,000 | ---D | C] -- C:\Users\Alexander\.android
[2012.07.24 13:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.07.24 13:01:51 | 000,955,800 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.07.24 13:01:51 | 000,268,680 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.07.24 13:01:45 | 000,189,424 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.07.24 13:01:45 | 000,188,912 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.07.24 12:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\android-sdk-windows
[2012.07.21 00:08:34 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\Square Enix
[2012.07.19 01:50:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012.07.17 18:26:23 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2012.07.17 18:26:23 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2012.07.17 18:26:23 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2012.07.15 18:59:22 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2012.07.15 18:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.07.15 18:59:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.07.15 18:58:58 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\LogMeIn Hamachi
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.14 16:34:52 | 000,021,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.14 16:34:52 | 000,021,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.14 16:31:45 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
[2012.08.14 16:26:53 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.14 16:26:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.14 16:25:54 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.10 13:21:39 | 000,000,045 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\msconfig.ini
[2012.08.10 13:09:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.10 12:50:08 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.05 17:18:18 | 000,007,638 | ---- | M] () -- C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg
[2012.08.04 18:50:17 | 000,320,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.04 15:58:47 | 000,000,067 | ---- | M] () -- C:\ProgramData\claude.ini
[2012.08.03 17:09:23 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.03 17:09:23 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.01 14:15:33 | 000,075,776 | ---- | M] () -- C:\Windows\cadkasdeinst01e.exe
[2012.07.31 11:17:50 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.31 11:17:50 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.31 11:17:50 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.24 18:23:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_androidusb_01009.Wdf
[2012.07.24 13:01:41 | 000,189,424 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.07.24 13:01:41 | 000,188,912 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.10 13:17:00 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\800000cb.@
[2012.08.10 13:17:00 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\80000000.@
[2012.08.10 13:16:55 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\00000001.@
[2012.08.10 10:18:59 | 000,000,045 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\msconfig.ini
[2012.08.04 16:00:23 | 000,002,053 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lingoes.lnk
[2012.08.04 15:45:32 | 000,000,067 | ---- | C] () -- C:\ProgramData\claude.ini
[2012.08.04 15:15:00 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.08.01 14:15:33 | 000,075,776 | ---- | C] () -- C:\Windows\cadkasdeinst01e.exe
[2012.07.31 11:16:20 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.07.24 18:23:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_androidusb_01009.Wdf
[2012.07.13 15:24:46 | 000,764,774 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.23 14:16:37 | 000,000,616 | ---- | C] () -- C:\Users\Alexander\.xmaximarc
[2012.02.06 20:35:49 | 000,001,536 | ---- | C] () -- C:\Users\Alexander\.recently-used.xbel
[2012.01.15 14:39:15 | 000,180,224 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\msconfig.dat
[2012.01.15 14:39:15 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\@
[2012.01.15 14:39:15 | 000,002,048 | -HS- | C] () -- C:\Users\Alexander\AppData\Local\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\@
[2012.01.15 03:43:40 | 000,000,037 | -HS- | C] () -- C:\Users\Alexander\AppData\Local\1754111884ee9ab5277ca00.95260103
[2011.12.26 15:40:13 | 000,014,760 | ---- | C] () -- C:\Windows\SysWow64\drivers\DRHMSR64.sys
[2011.12.17 02:00:42 | 000,000,000 | ---- | C] () -- C:\Users\Alexander\AppData\Local\{4E64938B-E563-4B7E-ABB8-779D385288CE}
[2011.12.07 01:01:39 | 000,017,408 | ---- | C] () -- C:\Users\Alexander\AppData\Local\WebpageIcons.db
[2011.11.25 22:05:52 | 000,000,036 | ---- | C] () -- C:\Users\Alexander\.org.eclipse.epp.usagedata.recording.userId
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.06.15 18:48:40 | 000,004,608 | ---- | C] () -- C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.29 00:21:45 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2011.05.15 16:03:57 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010.12.27 18:50:24 | 000,000,760 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\setup_ldm.iss
[2010.10.27 00:36:29 | 000,007,638 | ---- | C] () -- C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg
[2010.10.18 22:33:26 | 000,000,600 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\winscp.rnd
[2010.10.14 21:57:02 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.10.09 18:59:15 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010.10.09 18:02:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

< End of report >

Im Anhang befindet sich noch die Extras.txt.

Könnt ihr mir helfen?

Was kann ich noch machen?

Gruss,
Alexander

t'john · 14.08.2012, 16:27

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
SRV - (SearchAnonymizer) -- C:\Users\Alexander\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () 
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll () 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&k=0 
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com.anonymize-me.de/?anonymto=687474703A2F2F73746172742E666163656D6F6F64732E636F6D2F3F613D64647226733D7B7365617263685465726D737D26663D34&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&k=0 
IE - HKCU\..\SearchScopes\{62405F7F-AA9E-48D1-B5A3-81E97DC29562}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0 
IE - HKCU\..\SearchScopes\{7335A2E9-0889-4C97-852A-2DD5527B7B74}: "URL" = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0 
IE - HKCU\..\SearchScopes\{7F66A6CF-C178-4B87-9E18-447FF81AF0CA}: "URL" = http://www.google.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E64652F7365617263683F713D7B7365617263685465726D737D&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&k=0 
IE - HKCU\..\SearchScopes\{972A7DD6-D21D-4AA3-99F1-B6907ADB10B5}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0 
IE - HKCU\..\SearchScopes\{9F424BF0-E932-43D5-8B91-9BC7F7C542D5}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0 
IE - HKCU\..\SearchScopes\{D63F4B23-2084-4C0E-A541-B26AABDD955C}: "URL" = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0 
IE - HKCU\..\SearchScopes\{DC60E062-FF95-4F4D-9F63-53E8B30D4A5E}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.selectedEngine: "Scroogle (SSL)" 
FF - prefs.js..browser.search.update: false 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "www.google.de" 

FF - prefs.js..extensions.enabledItems: yyginstantplay@yoyogames.com:1.1.0.24 
FF - prefs.js..extensions.ybookmarks@yahoo.original.keyword.conflicts.warn: false 
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" 
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\ALEXAN~1\\AppData\\Local\\Temp\\proxtube.pac" 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll File not found 
[2011.06.28 13:40:44 | 000,000,000 | ---D | M] (Delicious Extension) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com 
O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found 
O4 - HKCU..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) 
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{59b68bf2-daef-11e1-94df-0019663167d0}\Shell - "" = AutoRun 
O33 - MountPoints2\{59b68bf2-daef-11e1-94df-0019663167d0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a 
O33 - MountPoints2\F\Shell - "" = AutoRun 
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a 


[2012.08.05 21:46:14 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\kock 

[2012.08.14 16:26:53 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.08.10 13:09:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.08.10 12:50:08 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.08.10 13:17:00 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\800000cb.@ 
[2012.08.10 13:17:00 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\80000000.@ 
[2012.08.10 13:16:55 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\00000001.@ 
[2012.01.15 14:39:15 | 000,180,224 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\msconfig.dat 
[2012.01.15 14:39:15 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\@ 
[2012.01.15 14:39:15 | 000,002,048 | -HS- | C] () -- C:\Users\Alexander\AppData\Local\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\@ 
:Files
[2012.08.01 14:15:33 | 000,075,776 | ---- | M] () -- C:\Windows\cadkasdeinst01e.exe 


ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Allbande · 14.08.2012, 16:28

Ok,
hab den Fix mit diesem Script durchgeführt. Dieser Log kam dabei raus:

Code:

ATTFilter

Error: Unable to interpret <OTL Logfile:

	Code: 

 ATTFilter

  
	OTL logfile created on: 14.08.2012 16:33:07 - Run 1> in the current context!
Error: Unable to interpret <OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Alexander\Desktop> in the current context!
Error: Unable to interpret <64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation> in the current context!
Error: Unable to interpret <Internet Explorer (Version = 9.0.8112.16421)> in the current context!
Error: Unable to interpret <Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <4,00 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 67,87% Memory free> in the current context!
Error: Unable to interpret <8,00 Gb Paging File | 6,63 Gb Available in Paging File | 82,88% Paging File free> in the current context!
Error: Unable to interpret <Paging file location(s): ?:\pagefile.sys [binary data]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)> in the current context!
Error: Unable to interpret <Drive C: | 186,21 Gb Total Space | 15,87 Gb Free Space | 8,52% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive D: | 264,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Computer Name: ALEXANDER-PC | User Name: Alexander | Logged in as Administrator.> in the current context!
Error: Unable to interpret <Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans> in the current context!
Error: Unable to interpret <Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Processes (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <PRC - C:\Users\Alexander\Desktop\OTL.exe (OldTimer Tools)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe (Avira Operations GmbH & Co. KG)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Lingoes\Translator2\Lingoes.exe (Lingoes Project)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe (SteelSeries)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMTray2.exe (SteelSeries)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Timerle\Timerle.exe (JFSoftware)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Modules (No Company Name) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Program Files (x86)\Lingoes\Translator2\opentext22.dll ()> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Win32 Services (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <SRV:64bit: - (TabletServiceWacom) -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.)> in the current context!
Error: Unable to interpret <SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (SearchAnonymizer) -- C:\Users\Alexander\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()> in the current context!
Error: Unable to interpret <SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)> in the current context!
Error: Unable to interpret <SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)> in the current context!
Error: Unable to interpret <SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll ()> in the current context!
Error: Unable to interpret <SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)> in the current context!
Error: Unable to interpret <SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)> in the current context!
Error: Unable to interpret <SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)> in the current context!
Error: Unable to interpret <SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)> in the current context!
Error: Unable to interpret <SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)> in the current context!
Error: Unable to interpret <SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)> in the current context!
Error: Unable to interpret <SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)> in the current context!
Error: Unable to interpret <SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()> in the current context!
Error: Unable to interpret <SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Driver Services (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)> in the current context!
Error: Unable to interpret <DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)> in the current context!
Error: Unable to interpret <DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)> in the current context!
Error: Unable to interpret <DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV:64bit: - (DRHMSR64) -- C:\Windows\SysNative\drivers\DRHMSR64.sys ()> in the current context!
Error: Unable to interpret <DRV:64bit: - (DRHARD64) -- C:\Windows\SysNative\drivers\DRHARD64.sys (Licensed for Gebhard Software)> in the current context!
Error: Unable to interpret <DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)> in the current context!
Error: Unable to interpret <DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()> in the current context!
Error: Unable to interpret <DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()> in the current context!
Error: Unable to interpret <DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)> in the current context!
Error: Unable to interpret <DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)> in the current context!
Error: Unable to interpret <DRV:64bit: - (SSMO3v2Filter) -- C:\Windows\SysNative\drivers\MO3v2Driver.sys (Sagatek Co. Ltd.)> in the current context!
Error: Unable to interpret <DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)> in the current context!
Error: Unable to interpret <DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)> in the current context!
Error: Unable to interpret <DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)> in the current context!
Error: Unable to interpret <DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)> in the current context!
Error: Unable to interpret <DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)> in the current context!
Error: Unable to interpret <DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)> in the current context!
Error: Unable to interpret <DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)> in the current context!
Error: Unable to interpret <DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)> in the current context!
Error: Unable to interpret <DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)> in the current context!
Error: Unable to interpret <DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)> in the current context!
Error: Unable to interpret <DRV:64bit: - (LMouKE) -- C:\Windows\SysNative\drivers\LMouKE.Sys (Logitech, Inc.)> in the current context!
Error: Unable to interpret <DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)> in the current context!
Error: Unable to interpret <DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)> in the current context!
Error: Unable to interpret <DRV:64bit: - (L8042mou) -- C:\Windows\SysNative\drivers\L8042mou.Sys (Logitech, Inc.)> in the current context!
Error: Unable to interpret <DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.)> in the current context!
Error: Unable to interpret <DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)> in the current context!
Error: Unable to interpret <DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)> in the current context!
Error: Unable to interpret <DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)> in the current context!
Error: Unable to interpret <DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)> in the current context!
Error: Unable to interpret <DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)> in the current context!
Error: Unable to interpret <DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )> in the current context!
Error: Unable to interpret <DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation)> in the current context!
Error: Unable to interpret <DRV:64bit: - (s0016unic) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation)> in the current context!
Error: Unable to interpret <DRV:64bit: - (s0016mgmt) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation)> in the current context!
Error: Unable to interpret <DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation)> in the current context!
Error: Unable to interpret <DRV:64bit: - (s0016nd5) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation)> in the current context!
Error: Unable to interpret <DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation)> in the current context!
Error: Unable to interpret <DRV:64bit: - (s0016bus) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation)> in the current context!
Error: Unable to interpret <DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV:64bit: - (UsbFltr) -- C:\Windows\SysNative\drivers\UsbFltr.sys (Waytech Development, Inc.)> in the current context!
Error: Unable to interpret <DRV - (DRHMSR64) -- C:\Windows\SysWOW64\drivers\DRHMSR64.sys ()> in the current context!
Error: Unable to interpret <DRV - (DRHARD64) -- C:\Windows\SysWOW64\drivers\DRHARD64.sys (Licensed for Gebhard Software)> in the current context!
Error: Unable to interpret <DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Standard Registry (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Internet Explorer ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC> in the current context!
Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm> in the current context!
Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/> in the current context!
Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp> in the current context!
Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de> in the current context!
Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 8C 66 6D BE 6F CB 01  [binary data]> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&k=0> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com.anonymize-me.de/?anonymto=687474703A2F2F73746172742E666163656D6F6F64732E636F6D2F3F613D64647226733D7B7365617263685465726D737D26663D34&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&k=0> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{62405F7F-AA9E-48D1-B5A3-81E97DC29562}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{7335A2E9-0889-4C97-852A-2DD5527B7B74}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{7F66A6CF-C178-4B87-9E18-447FF81AF0CA}: "URL" = hxxp://www.google.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E64652F7365617263683F713D7B7365617263685465726D737D&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&k=0> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{972A7DD6-D21D-4AA3-99F1-B6907ADB10B5}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{9F424BF0-E932-43D5-8B91-9BC7F7C542D5}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{D63F4B23-2084-4C0E-A541-B26AABDD955C}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{DC60E062-FF95-4F4D-9F63-53E8B30D4A5E}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=43e3f9ae-e059-4716-a00b-a8524fb4023e&pid=freewarede&mode=bounce&k=0> in the current context!
Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== FireFox ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.selectedEngine: "Scroogle (SSL)"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.update: false> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.useDBForOrder: true> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.startup.homepage: "www.google.de"> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.5> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: grwatcher@ajnasz.hu:1.5.1> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: dictlookup@arnhold.com:0.0.4> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.87> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {6BFD307A-C040-11DA-9749-FB1C850B47DF}:2.5.0.2> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: tiletabs@DW-dev:4.10> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: yyginstantplay@yoyogames.com:1.1.0.24> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.ybookmarks@yahoo.original.keyword.conflicts.warn: false> in the current context!
Error: Unable to interpret <FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\ALEXAN~1\\AppData\\Local\\Temp\\proxtube.pac"> in the current context!
Error: Unable to interpret <FF - user.js - File not found> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found> in the current context!
Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll File not found> in the current context!
Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 20:38:13 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.30 11:41:24 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.03.29 18:34:27 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins> in the current context!
Error: Unable to interpret <FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\inlinetranslate@inlinetranslate.com: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\inlinetranslate@inlinetranslate.com [2012.08.04 15:14:59 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\extension@preispilot.com> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2010.10.09 17:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Extensions> in the current context!
Error: Unable to interpret <[2012.08.05 14:06:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions> in the current context!
Error: Unable to interpret <[2011.06.28 13:40:44 | 000,000,000 | ---D | M] (Delicious Extension) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com> in the current context!
Error: Unable to interpret <[2010.10.18 16:25:37 | 000,000,000 | ---D | M] (Dictionary (EN/DE)) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\dictlookup@arnhold.com> in the current context!
Error: Unable to interpret <[2012.05.17 21:24:58 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\ich@maltegoetz.de> in the current context!
Error: Unable to interpret <[2012.08.04 15:14:59 | 000,000,000 | ---D | M] (Translator) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\inlinetranslate@inlinetranslate.com> in the current context!
Error: Unable to interpret <[2012.07.30 17:34:15 | 000,000,000 | ---D | M] (Print pages to PDF) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\printPages2Pdf@reinhold.ripper> in the current context!
Error: Unable to interpret <[2012.08.04 15:15:05 | 000,001,819 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\searchplugins\scroogle-ssl-german-search.xml> in the current context!
Error: Unable to interpret <[2012.08.04 15:15:05 | 000,001,382 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\searchplugins\scroogle-ssl.xml> in the current context!
Error: Unable to interpret <[2012.08.04 15:15:05 | 000,001,870 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\searchplugins\{1A560199-E6AE-4E89-922C-D036DF3081CB}.xml> in the current context!
Error: Unable to interpret <[2012.08.04 15:15:05 | 000,002,188 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\searchplugins\{34E64A6B-8666-4EE3-A859-767AA69D948E}.xml> in the current context!
Error: Unable to interpret <[2012.08.04 15:15:05 | 000,002,077 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\searchplugins\{F226A978-CB94-4980-A382-1E0F65502212}.xml> in the current context!
Error: Unable to interpret <[2012.06.17 19:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions> in the current context!
Error: Unable to interpret <[2012.03.17 14:09:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}> in the current context!
Error: Unable to interpret <[2012.04.03 18:46:18 | 000,140,964 | ---- | M] () (No name found) -- C:\USERS\ALEXANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CWP55AV2.DEFAULT\EXTENSIONS\FIREGESTURES@XULDEV.ORG.XPI> in the current context!
Error: Unable to interpret <[2012.08.01 01:48:46 | 000,214,920 | ---- | M] () (No name found) -- C:\USERS\ALEXANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CWP55AV2.DEFAULT\EXTENSIONS\GMAILWATCHER@SONTHAKIT.XPI> in the current context!
Error: Unable to interpret <[2012.02.14 13:35:18 | 000,029,003 | ---- | M] () (No name found) -- C:\USERS\ALEXANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CWP55AV2.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI> in the current context!
Error: Unable to interpret <[2012.07.18 20:38:13 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll> in the current context!
Error: Unable to interpret <[2012.04.29 19:09:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll> in the current context!
Error: Unable to interpret <[2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll> in the current context!
Error: Unable to interpret <[2012.08.04 15:15:05 | 000,001,684 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml> in the current context!
Error: Unable to interpret <[2012.08.04 15:15:05 | 000,001,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml> in the current context!
Error: Unable to interpret <[2012.08.04 15:15:05 | 000,001,271 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml> in the current context!
Error: Unable to interpret <[2012.08.04 15:15:05 | 000,001,611 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml> in the current context!
Error: Unable to interpret <[2012.08.04 15:15:05 | 000,007,051 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml> in the current context!
Error: Unable to interpret <[2012.08.04 15:15:05 | 000,001,278 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml> in the current context!
Error: Unable to interpret <[2012.08.04 15:15:05 | 000,001,170 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <O1 HOSTS File: ([2010.10.29 17:38:18 | 000,000,881 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts> in the current context!
Error: Unable to interpret <O1 - Hosts: 127.0.0.1 tictactoe.localhost> in the current context!
Error: Unable to interpret <O1 - Hosts: 127.0.0.1 jquery.localhost> in the current context!
Error: Unable to interpret <O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)> in the current context!
Error: Unable to interpret <O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)> in the current context!
Error: Unable to interpret <O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)> in the current context!
Error: Unable to interpret <O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SteelSeries World of Warcraft Cataclysm MMO Gaming Mouse] C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe (SteelSeries)> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe File not found> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [Lingoes] C:\Program Files (x86)\Lingoes\Translator2\Lingoes.exe (Lingoes Project)> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [Timerle] C:\Program Files (x86)\Timerle\Timerle.exe (JFSoftware)> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0> in the current context!
Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0> in the current context!
Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Alexander\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: Free YouTube Download - C:\Users\Alexander\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()> in the current context!
Error: Unable to interpret <O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context!
Error: Unable to interpret <O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context!
Error: Unable to interpret <O1364bit: - gopher Prefix: missing> in the current context!
Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E886633-3C63-4DB1-8DC6-E9BD28CCE249}: NameServer = 192.168.178.1> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\skype4com - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context!
Error: Unable to interpret <O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found> in the current context!
Error: Unable to interpret <O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{59b68bf2-daef-11e1-94df-0019663167d0}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{59b68bf2-daef-11e1-94df-0019663167d0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a> in the current context!
Error: Unable to interpret <O33 - MountPoints2\F\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *)> in the current context!
Error: Unable to interpret <O35:64bit: - HKLM\..comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35:64bit: - HKLM\..exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35 - HKLM\..comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35 - HKLM\..exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...com [@ = comfile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context!
Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)> in the current context!
Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)> in the current context!
Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files/Folders - Created Within 30 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012.08.14 18:07:26 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0> in the current context!
Error: Unable to interpret <[2012.08.14 16:31:45 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe> in the current context!
Error: Unable to interpret <[2012.08.10 13:21:37 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%> in the current context!
Error: Unable to interpret <[2012.08.08 21:31:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MB-Ruler> in the current context!
Error: Unable to interpret <[2012.08.05 21:46:14 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\kock> in the current context!
Error: Unable to interpret <[2012.08.04 16:00:23 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Lingoes> in the current context!
Error: Unable to interpret <[2012.08.04 16:00:23 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Lingoes> in the current context!
Error: Unable to interpret <[2012.08.04 16:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lingoes> in the current context!
Error: Unable to interpret <[2012.08.04 16:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Lingoes> in the current context!
Error: Unable to interpret <[2012.08.04 16:00:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lingoes> in the current context!
Error: Unable to interpret <[2012.08.04 15:30:54 | 000,218,624 | ---- | C] (Nar Dictionary) -- C:\Windows\SysWow64\WCapture.dll> in the current context!
Error: Unable to interpret <[2012.08.04 15:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nar Dictionary> in the current context!
Error: Unable to interpret <[2012.08.04 15:15:05 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Opera> in the current context!
Error: Unable to interpret <[2012.08.04 15:15:00 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll> in the current context!
Error: Unable to interpret <[2012.08.04 15:14:58 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\OCS> in the current context!
Error: Unable to interpret <[2012.08.01 14:15:42 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\CAD-KAS> in the current context!
Error: Unable to interpret <[2012.08.01 14:15:34 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Editor 3.3> in the current context!
Error: Unable to interpret <[2012.08.01 14:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Editor 3.3> in the current context!
Error: Unable to interpret <[2012.08.01 14:15:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Editor 3> in the current context!
Error: Unable to interpret <[2012.07.31 20:35:32 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\WinRAR> in the current context!
Error: Unable to interpret <[2012.07.31 11:17:01 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool> in the current context!
Error: Unable to interpret <[2012.07.31 11:16:35 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Canneverbe Limited> in the current context!
Error: Unable to interpret <[2012.07.31 11:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited> in the current context!
Error: Unable to interpret <[2012.07.31 11:16:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP> in the current context!
Error: Unable to interpret <[2012.07.24 22:27:38 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\Games for Windows - LIVE Demos> in the current context!
Error: Unable to interpret <[2012.07.24 17:00:11 | 000,000,000 | ---D | C] -- C:\Users\Alexander\.m2> in the current context!
Error: Unable to interpret <[2012.07.24 13:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\android-sdk> in the current context!
Error: Unable to interpret <[2012.07.24 13:39:00 | 000,000,000 | ---D | C] -- C:\Users\Alexander\.android> in the current context!
Error: Unable to interpret <[2012.07.24 13:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle> in the current context!
Error: Unable to interpret <[2012.07.24 13:01:51 | 000,955,800 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll> in the current context!
Error: Unable to interpret <[2012.07.24 13:01:51 | 000,268,680 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe> in the current context!
Error: Unable to interpret <[2012.07.24 13:01:45 | 000,189,424 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe> in the current context!
Error: Unable to interpret <[2012.07.24 13:01:45 | 000,188,912 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe> in the current context!
Error: Unable to interpret <[2012.07.24 12:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\android-sdk-windows> in the current context!
Error: Unable to interpret <[2012.07.21 00:08:34 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\Square Enix> in the current context!
Error: Unable to interpret <[2012.07.19 01:50:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx> in the current context!
Error: Unable to interpret <[2012.07.17 18:26:23 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll> in the current context!
Error: Unable to interpret <[2012.07.17 18:26:23 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll> in the current context!
Error: Unable to interpret <[2012.07.17 18:26:23 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll> in the current context!
Error: Unable to interpret <[2012.07.15 18:59:22 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys> in the current context!
Error: Unable to interpret <[2012.07.15 18:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi> in the current context!
Error: Unable to interpret <[2012.07.15 18:59:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi> in the current context!
Error: Unable to interpret <[2012.07.15 18:58:58 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\LogMeIn Hamachi> in the current context!
Error: Unable to interpret <[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files - Modified Within 30 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012.08.14 16:34:52 | 000,021,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0> in the current context!
Error: Unable to interpret <[2012.08.14 16:34:52 | 000,021,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0> in the current context!
Error: Unable to interpret <[2012.08.14 16:31:45 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe> in the current context!
Error: Unable to interpret <[2012.08.14 16:26:53 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job> in the current context!
Error: Unable to interpret <[2012.08.14 16:26:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat> in the current context!
Error: Unable to interpret <[2012.08.14 16:25:54 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys> in the current context!
Error: Unable to interpret <[2012.08.10 13:21:39 | 000,000,045 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\msconfig.ini> in the current context!
Error: Unable to interpret <[2012.08.10 13:09:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job> in the current context!
Error: Unable to interpret <[2012.08.10 12:50:08 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job> in the current context!
Error: Unable to interpret <[2012.08.05 17:18:18 | 000,007,638 | ---- | M] () -- C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg> in the current context!
Error: Unable to interpret <[2012.08.04 18:50:17 | 000,320,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT> in the current context!
Error: Unable to interpret <[2012.08.04 15:58:47 | 000,000,067 | ---- | M] () -- C:\ProgramData\claude.ini> in the current context!
Error: Unable to interpret <[2012.08.03 17:09:23 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe> in the current context!
Error: Unable to interpret <[2012.08.03 17:09:23 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl> in the current context!
Error: Unable to interpret <[2012.08.01 14:15:33 | 000,075,776 | ---- | M] () -- C:\Windows\cadkasdeinst01e.exe> in the current context!
Error: Unable to interpret <[2012.07.31 11:17:50 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI> in the current context!
Error: Unable to interpret <[2012.07.31 11:17:50 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat> in the current context!
Error: Unable to interpret <[2012.07.31 11:17:50 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat> in the current context!
Error: Unable to interpret <[2012.07.24 18:23:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_androidusb_01009.Wdf> in the current context!
Error: Unable to interpret <[2012.07.24 13:01:41 | 000,189,424 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe> in the current context!
Error: Unable to interpret <[2012.07.24 13:01:41 | 000,188,912 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe> in the current context!
Error: Unable to interpret <[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files Created - No Company Name ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012.08.10 13:17:00 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\800000cb.@> in the current context!
Error: Unable to interpret <[2012.08.10 13:17:00 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\80000000.@> in the current context!
Error: Unable to interpret <[2012.08.10 13:16:55 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\00000001.@> in the current context!
Error: Unable to interpret <[2012.08.10 10:18:59 | 000,000,045 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\msconfig.ini> in the current context!
Error: Unable to interpret <[2012.08.04 16:00:23 | 000,002,053 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lingoes.lnk> in the current context!
Error: Unable to interpret <[2012.08.04 15:45:32 | 000,000,067 | ---- | C] () -- C:\ProgramData\claude.ini> in the current context!
Error: Unable to interpret <[2012.08.04 15:15:00 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll> in the current context!
Error: Unable to interpret <[2012.08.01 14:15:33 | 000,075,776 | ---- | C] () -- C:\Windows\cadkasdeinst01e.exe> in the current context!
Error: Unable to interpret <[2012.07.31 11:16:20 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk> in the current context!
Error: Unable to interpret <[2012.07.24 18:23:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_androidusb_01009.Wdf> in the current context!
Error: Unable to interpret <[2012.07.13 15:24:46 | 000,764,774 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI> in the current context!
Error: Unable to interpret <[2012.02.23 14:16:37 | 000,000,616 | ---- | C] () -- C:\Users\Alexander\.xmaximarc> in the current context!
Error: Unable to interpret <[2012.02.06 20:35:49 | 000,001,536 | ---- | C] () -- C:\Users\Alexander\.recently-used.xbel> in the current context!
Error: Unable to interpret <[2012.01.15 14:39:15 | 000,180,224 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\msconfig.dat> in the current context!
Error: Unable to interpret <[2012.01.15 14:39:15 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\@> in the current context!
Error: Unable to interpret <[2012.01.15 14:39:15 | 000,002,048 | -HS- | C] () -- C:\Users\Alexander\AppData\Local\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\@> in the current context!
Error: Unable to interpret <[2012.01.15 03:43:40 | 000,000,037 | -HS- | C] () -- C:\Users\Alexander\AppData\Local\1754111884ee9ab5277ca00.95260103> in the current context!
Error: Unable to interpret <[2011.12.26 15:40:13 | 000,014,760 | ---- | C] () -- C:\Windows\SysWow64\drivers\DRHMSR64.sys> in the current context!
Error: Unable to interpret <[2011.12.17 02:00:42 | 000,000,000 | ---- | C] () -- C:\Users\Alexander\AppData\Local\{4E64938B-E563-4B7E-ABB8-779D385288CE}> in the current context!
Error: Unable to interpret <[2011.12.07 01:01:39 | 000,017,408 | ---- | C] () -- C:\Users\Alexander\AppData\Local\WebpageIcons.db> in the current context!
Error: Unable to interpret <[2011.11.25 22:05:52 | 000,000,036 | ---- | C] () -- C:\Users\Alexander\.org.eclipse.epp.usagedata.recording.userId> in the current context!
Error: Unable to interpret <[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat> in the current context!
Error: Unable to interpret <[2011.06.15 18:48:40 | 000,004,608 | ---- | C] () -- C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini> in the current context!
Error: Unable to interpret <[2011.05.29 00:21:45 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin> in the current context!
Error: Unable to interpret <[2011.05.15 16:03:57 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini> in the current context!
Error: Unable to interpret <[2010.12.27 18:50:24 | 000,000,760 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\setup_ldm.iss> in the current context!
Error: Unable to interpret <[2010.10.27 00:36:29 | 000,007,638 | ---- | C] () -- C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg> in the current context!
Error: Unable to interpret <[2010.10.18 22:33:26 | 000,000,600 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\winscp.rnd> in the current context!
Error: Unable to interpret <[2010.10.14 21:57:02 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll> in the current context!
Error: Unable to interpret <[2010.10.09 18:59:15 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll> in the current context!
Error: Unable to interpret <[2010.10.09 18:02:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat> in the current context!
Error: Unable to interpret << End of report >
         
 --- --- ---
> in the current context!
 
OTL by OldTimer - Version 3.2.57.0 log created on 08142012_173645

t'john · 14.08.2012, 16:39

Das war nicht der Fix, NOCHMAL!

Allbande · 14.08.2012, 16:57

Zitat:

Zitat von t'john

Das war nicht der Fix, NOCHMAL!

Jo, stimmt.
Jetzt aber:

Code:

ATTFilter

All processes killed
========== OTL ==========
Service SearchAnonymizer stopped successfully!
Service SearchAnonymizer deleted successfully!
C:\Users\Alexander\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe moved successfully.
Service Akamai stopped successfully!
Service Akamai deleted successfully!
c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{62405F7F-AA9E-48D1-B5A3-81E97DC29562}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62405F7F-AA9E-48D1-B5A3-81E97DC29562}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7335A2E9-0889-4C97-852A-2DD5527B7B74}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7335A2E9-0889-4C97-852A-2DD5527B7B74}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F66A6CF-C178-4B87-9E18-447FF81AF0CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F66A6CF-C178-4B87-9E18-447FF81AF0CA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{972A7DD6-D21D-4AA3-99F1-B6907ADB10B5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{972A7DD6-D21D-4AA3-99F1-B6907ADB10B5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9F424BF0-E932-43D5-8B91-9BC7F7C542D5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F424BF0-E932-43D5-8B91-9BC7F7C542D5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D63F4B23-2084-4C0E-A541-B26AABDD955C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63F4B23-2084-4C0E-A541-B26AABDD955C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC60E062-FF95-4F4D-9F63-53E8B30D4A5E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC60E062-FF95-4F4D-9F63-53E8B30D4A5E}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Scroogle (SSL)" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.update
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "www.google.de" removed from browser.startup.homepage
Prefs.js: yyginstantplay@yoyogames.com:1.1.0.24 removed from extensions.enabledItems
Prefs.js: false removed from extensions.ybookmarks@yahoo.original.keyword.conflicts.warn
Prefs.js: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" removed from keyword.URL
Prefs.js: "file:///C:\\Users\\ALEXAN~1\\AppData\\Local\\Temp\\proxtube.pac" removed from network.proxy.autoconfig_url
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1\ deleted successfully.
C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com\searchplugins folder moved successfully.
C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com\resource\modules folder moved successfully.
C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com\resource folder moved successfully.
C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com\defaults\preferences folder moved successfully.
C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com\defaults folder moved successfully.
C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com\components folder moved successfully.
C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com\chrome\skin folder moved successfully.
C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com\chrome\locale\en-US folder moved successfully.
C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com\chrome\locale folder moved successfully.
C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com\chrome\content folder moved successfully.
Folder move failed. C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com\chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avast5 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Badoo Desktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutorun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59b68bf2-daef-11e1-94df-0019663167d0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59b68bf2-daef-11e1-94df-0019663167d0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59b68bf2-daef-11e1-94df-0019663167d0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59b68bf2-daef-11e1-94df-0019663167d0}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe -a not found.
C:\Users\Alexander\AppData\Roaming\kock folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\800000cb.@ moved successfully.
C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\80000000.@ moved successfully.
C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\00000001.@ moved successfully.
C:\Users\Alexander\AppData\Roaming\msconfig.dat moved successfully.
C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\@ moved successfully.
C:\Users\Alexander\AppData\Local\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\@ moved successfully.
========== FILES ==========
File\Folder [2012.08.01 14:15:33 | 000,075,776 | ---- | M] () -- C:\Windows\cadkasdeinst01e.exe not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Alexander\Desktop\cmd.bat deleted successfully.
C:\Users\Alexander\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Alexander
->Temp folder emptied: 3059248933 bytes
->Temporary Internet Files folder emptied: 391268080 bytes
->Java cache emptied: 21743601 bytes
->FireFox cache emptied: 616308091 bytes
->Flash cache emptied: 237299 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 150445505 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 526050 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 755 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 20931796 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 641 bytes
RecycleBin emptied: 8275914502 bytes
 
Total Files Cleaned = 11.956,00 mb
 
 
OTL by OldTimer - Version 3.2.57.0 log created on 08142012_174115

Files\Folders moved on Reboot...
C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com\chrome folder moved successfully.
C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com folder moved successfully.
C:\Users\Alexander\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com\chrome not found!
File C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com not found!
File C:\Users\Alexander\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

t'john, ich danke Dir vielmals für die bisherige Hilfe!
Was ist den jetzt passiert? Ist der Trojaner komplett entfernt?
Was haben die Scripte noch bewirkt?
Kann ich das System jetzt bedenkenlos so wie es ist weiterbenutzen?

Mit freundlichem Gruss,
Alexander

t'john · 14.08.2012, 18:23

Sehr gut!

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Allbande · 14.08.2012, 19:26

Hi t'john,
seit der letzten Behandlung mit Deinen Scripts läuft er wieder unauffällig.

Hier das Log von AdwCleaner

Code:

ATTFilter

# AdwCleaner v1.801 - Logfile created 08/14/2012 at 20:22:43
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Alexander - ALEXANDER-PC
# Boot Mode : Normal
# Running from : C:\Users\Alexander\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Alexander\AppData\LocalLow\facemoods.com
File Found : C:\Users\Alexander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url

***** [Registry] *****

Key Found : HKCU\Software\Ask.com.tmp
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Found : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
[x64] Key Found : HKCU\Software\Ask.com.tmp
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
[x64] Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default 
File : C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\si9npmx2.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2848 octets] - [14/08/2012 20:22:43]

########## EOF - C:\AdwCleaner[R1].txt - [2976 octets] ##########

t'john · 14.08.2012, 20:31

Bitte das Malwarebytes Logfile posten!
(Reiter Logberichte)

Allbande · 14.08.2012, 23:42

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.14.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alexander :: ALEXANDER-PC [Administrator]

Schutz: Aktiviert

14.08.2012 21:43:52
mbam-log-2012-08-14 (21-43-52).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 571710
Laufzeit: 2 Stunde(n), 40 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Program Files (x86)\Trine 1.04\Trine1.04\Uninstall.exe (Malware.Packer.Krunchy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\08142012_174115\C_Users\Alexander\AppData\Roaming\msconfig.dat (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\08142012_174115\C_Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\00000001.@ (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Puh, das hat lang gedauert.
Ich hab noch ne externe Festplatte mit statischen Daten drauf. Die war zum Zeitpunkt des Befalls auch dran. Muss die auch gescannt werden?

t'john · 15.08.2012, 08:34

Dann wuerde es vielleicht nicht schaden?

Sehr gut!

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

Allbande · 15.08.2012, 11:56

AdwCleaner[S1].txt

Code:

ATTFilter

# AdwCleaner v1.801 - Logfile created 08/15/2012 at 10:34:21
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Alexander - ALEXANDER-PC
# Boot Mode : Normal
# Running from : C:\Users\Alexander\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Alexander\AppData\LocalLow\facemoods.com
File Deleted : C:\Users\Alexander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default 
File : C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\si9npmx2.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2955 octets] - [14/08/2012 20:22:43]
AdwCleaner[S1].txt - [2201 octets] - [15/08/2012 10:34:21]

########## EOF - C:\AdwCleaner[S1].txt - [2329 octets] ##########

Emsisoft Anti-Malware Log:

Code:

ATTFilter

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 15.08.2012 10:53:21

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	15.08.2012 10:54:25

C:\_OTL\MovedFiles\08142012_174115\C_Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\800000cb.@ 	gefunden: Trojan.Win64.Sirefef.AMN!E1
C:\_OTL\MovedFiles\08142012_174115\C_Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\80000000.@ 	gefunden: Backdoor.Win64.AMN!E1
C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\80000000.@ 	gefunden: Backdoor.Win64.AMN!E1
C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\800000cb.@ 	gefunden: Trojan.Win64.Sirefef.AMN!E1
C:\Users\Alexander\AppData\Roaming\Thunderbird\Profiles\ox1hsc4y.default\Mail\pop.gmx.net\Inbox -> FCI_Exchange_Report_7253671.zip 	gefunden: Trojan-Spy.Agent!E2
C:\Users\Alexander\AppData\Roaming\Thunderbird\Profiles\ox1hsc4y.default\Mail\pop.gmx.net\Inbox -> FCI_Exchange_Report_7253671.zip -> FCI Exchange Report.exe 	gefunden: Trojan-Spy.Agent!E2

Gescannt	829130
Gefunden	6

Scan Ende:	15.08.2012 12:50:34
Scan Zeit:	1:56:09

C:\Users\Alexander\AppData\Roaming\Thunderbird\Profiles\ox1hsc4y.default\Mail\pop.gmx.net\Inbox -> FCI_Exchange_Report_7253671.zip	Quarantäne Trojan-Spy.Agent!E2
C:\_OTL\MovedFiles\08142012_174115\C_Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\80000000.@	Quarantäne Backdoor.Win64.AMN!E1
C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\80000000.@	Quarantäne Backdoor.Win64.AMN!E1
C:\_OTL\MovedFiles\08142012_174115\C_Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\800000cb.@	Quarantäne Trojan.Win64.Sirefef.AMN!E1
C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\800000cb.@	Quarantäne Trojan.Win64.Sirefef.AMN!E1

Quarantäne	5

t'john · 15.08.2012, 12:57

Sehr gut!

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Allbande · 15.08.2012, 17:41

C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3f005118a2bef44dad447390c2b8a98f
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-15 04:06:30
# local_time=2012-08-15 06:06:30 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=768 16777215 100 0 35696369 35696369 0 0
# compatibility_mode=1792 16777215 100 0 6631119 6631119 0 0
# compatibility_mode=5893 16776574 66 94 46574221 96665245 0 0
# compatibility_mode=8192 67108863 100 0 101 101 0 0
# scanned=428392
# found=2
# cleaned=2
# scan_time=11395
C:\Users\Alexander\AppData\Local\Mozilla\Firefox\Profiles\si9npmx2.default\Cache\B\05\8F143d01	HTML/Iframe.B.Gen Virus (gelöscht - in Quarantäne kopiert)	00000000000000000000000000000000	C
G:\games\risen\rld-rsnf.7z	möglicherweise Variante von Win32/Obfuscated.ISZPTDH Trojaner (gelöscht - in Quarantäne kopiert)	00000000000000000000000000000000	C

t'john · 15.08.2012, 19:43

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 6 ) herunter laden.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck

Allbande · 16.08.2012, 19:13

Zitat:

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 14.0.1 ist aktuell

Flash (11,3,300,271) ist aktuell.

Java (1,7,0,5) ist aktuell.

Adobe Reader 10,1,4,38 ist aktuell.

Zurück

Hab den Adobe Reader dann auch gleich aktualisiert. Allerdings hatte ich bei der Java Konfiguration kein Update Fenster, mit dem ich den Turnus regelmäßiger Update Überprüfungen einstellen konnte.
Und: Ich habe zwei Java 7 Update 5 Versionen, eine 32- und eine 64-bit Version. Hab auch ein 64-bit System. Aber vllt braucht man die 32-er Version trotzdem...?!

14.08.2012, 16:39	#4
t'john /// Helfer-Team	GVU Trojaner Befall, Windows 7. Vermutlich nach Installation von infizierter Software Das war nicht der Fix, NOCHMAL! __________________ Mfg, t'john Das TB unterstützen

14.08.2012, 20:31	#8
t'john /// Helfer-Team	GVU Trojaner Befall, Windows 7. Vermutlich nach Installation von infizierter Software Bitte das Malwarebytes Logfile posten! (Reiter Logberichte) __________________ Mfg, t'john Das TB unterstützen

GVU Trojaner Befall, Windows 7. Vermutlich nach Installation von infizierter Software

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner Befall, Windows 7. Vermutlich nach Installation von infizierter Software