Win32: Sirefef-AHF [Trj] und Win32: Malware-gen in C:\Windows\System32\services.exe Windows 7 64bit

EnBackOel · 23.08.2012, 23:19

Hallo liebe User

Seit zwei Tagen poppt mein avast! Virenmelder auf und zeigt mir folgendes:

Verschiedene Scans mit Avast, Malwarebytes Anti-Malware , Spybot Search and Destroy (im abgesicherten Modus oder nicht - hab beides probiert) brachten immer die gleichen Ergebnisse: Es wurden die infizierten Daten gefunden, jedoch konnten sie von keinem der Programme gelöscht werden.

Ich kann den Fehler nicht beheben und suche daher hier Hilfe.

Hier ist der Log von Malwarebytes Anti-Malware:

Zitat:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.21.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514

23.08.2012 21:59:13
mbam-log-2012-08-23 (23-38-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 557878
Laufzeit: 1 Stunde(n), 39 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\Installer\{3c89fd90-a438-6635-af2f-36e132e1456f}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Keine Aktion durchgeführt.

(Ende)

Hier die OTL-Log
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 23.08.2012 21:39:29 - Run 1
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\Stephie\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 58,92% Memory free
7,73 Gb Paging File | 6,15 Gb Available in Paging File | 79,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 14,14 Gb Free Space | 14,49% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 67,51 Gb Free Space | 18,34% Space Free | Partition Type: NTFS
 
Computer Name: STEIN | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.23 21:37:53 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Stephie\Downloads\OTL.exe
PRC - [2012.08.23 16:27:51 | 001,240,848 | ---- | M] (Simply Super Software) -- C:\Program Files (x86)\Trojan Remover\Trjscan.exe
PRC - [2012.08.03 03:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2012.08.03 03:12:18 | 000,387,440 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2012.08.03 03:10:40 | 000,476,016 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2012.07.10 04:57:46 | 001,240,944 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012.06.27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.06.04 17:04:01 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Stephie\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.10.04 19:28:28 | 001,088,280 | ---- | M] (Mischel Internet Security) -- C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe
PRC - [2011.07.19 15:44:25 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009.01.26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.03 03:19:06 | 000,009,584 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll
MOD - [2012.07.10 04:57:46 | 001,240,944 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
MOD - [2012.06.04 17:04:01 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
MOD - [2010.11.20 14:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.08.18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.08.23 17:01:26 | 000,115,184 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.03 03:20:24 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2012.08.03 03:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2012.08.03 03:12:18 | 000,387,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012.08.03 03:10:40 | 000,476,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.06.04 17:04:01 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru)
SRV - [2011.12.15 21:03:32 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.07.19 15:44:25 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009.09.21 17:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009.09.21 17:03:06 | 000,315,664 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2009.09.21 17:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2002.12.17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002.12.17 18:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.10 04:48:18 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.04.06 20:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.15 14:32:10 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.05.10 23:42:45 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.05.10 23:42:44 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.05.09 21:30:07 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.04.12 11:45:50 | 000,018,432 | ---- | M] (TPMX Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HPub4DE3.sys -- (HPub4DE3)
DRV:64bit: - [2011.03.21 13:22:06 | 000,452,200 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.09 10:44:44 | 000,025,088 | ---- | M] (TPMX Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HPMo4DE3.sys -- (HPMo4DE3)
DRV:64bit: - [2011.03.04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.10.22 03:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2010.10.22 03:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.09.15 13:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.08.18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2011.03.02 18:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002.07.17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {95289393-33EA-4F8D-B952-483415B9C955}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = hxxp://search.qip.ru/?query={searchTerms}
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 87 C1 2B FB AF CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = hxxp://search.qip.ru/?query={searchTerms}
IE - HKCU\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.wetter.com/deutschland/saarbruecken/malstatt/DE0009173037.html"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.14.1
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.1.0
FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 16.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2012.08.23 17:01:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 16.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.01.24 16:16:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.01.24 16:16:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.08.21 12:43:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.08.30 21:17:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.11 15:48:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.09 16:07:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.02.27 23:12:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephie\AppData\Roaming\mozilla\Extensions
[2011.02.27 23:12:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephie\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012.08.03 19:45:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephie\AppData\Roaming\mozilla\Firefox\Profiles\mtcnqs2u.default\extensions
[2011.10.31 00:20:40 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Stephie\AppData\Roaming\mozilla\Firefox\Profiles\mtcnqs2u.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2012.08.02 14:10:49 | 000,000,000 | ---D | M] (Youtube High Definition) -- C:\Users\Stephie\AppData\Roaming\mozilla\Firefox\Profiles\mtcnqs2u.default\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}
[2011.03.12 13:43:59 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Stephie\AppData\Roaming\mozilla\Firefox\Profiles\mtcnqs2u.default\extensions\personas@christopher.beard
[2012.08.03 19:45:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephie\AppData\Roaming\mozilla\Firefox\Profiles\mtcnqs2u.default\extensions\trash
[2012.06.14 00:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.12.13 16:43:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.19 16:02:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.07.04 08:23:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.31 22:18:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.06.14 00:08:22 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2011.04.15 20:29:36 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
[2012.08.21 12:43:12 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2012.07.09 16:15:58 | 000,276,091 | ---- | M] () (No name found) -- C:\USERS\STEPHIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MTCNQS2U.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
[2012.05.20 18:42:03 | 000,042,737 | ---- | M] () (No name found) -- C:\USERS\STEPHIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MTCNQS2U.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI
[2012.07.21 10:26:11 | 000,702,524 | ---- | M] () (No name found) -- C:\USERS\STEPHIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MTCNQS2U.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012.05.20 18:38:10 | 000,004,404 | ---- | M] () (No name found) -- C:\USERS\STEPHIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MTCNQS2U.DEFAULT\EXTENSIONS\YOUTUBEUNBLOCKER@UNBLOCKER.YT.XPI
[2011.08.30 21:17:55 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.30 12:02:12 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [THGuard] C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe (Mischel Internet Security)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Stephie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Stephie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Stephie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\foobar2000.lnk = C:\Program Files (x86)\foobar2000\foobar2000.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9829E590-51E3-42AC-9290-8CB9DE81633E}: NameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8C26338-0E24-4996-9BA3-47F670C4BA58}: NameServer = 10.91.104.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5A628F4-7A7B-45E0-B24E-4A4863A728A2}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0e18b279-0867-11e0-9cb4-a94d0f350a97}\Shell - "" = AutoRun
O33 - MountPoints2\{0e18b279-0867-11e0-9cb4-a94d0f350a97}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{1ae927b8-1a56-11e0-91a7-0026b92531f6}\Shell - "" = AutoRun
O33 - MountPoints2\{1ae927b8-1a56-11e0-91a7-0026b92531f6}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.23 17:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aurora
[2012.08.23 16:35:28 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\TrojanHunter
[2012.08.23 16:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter
[2012.08.23 16:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TrojanHunter
[2012.08.23 16:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrojanHunter 5.5
[2012.08.23 16:27:18 | 000,000,000 | ---D | C] -- C:\Users\Stephie\Documents\Simply Super Software
[2012.08.23 16:27:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.08.23 16:27:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012.08.23 16:27:13 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Simply Super Software
[2012.08.23 16:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.08.23 11:54:33 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012.08.23 11:54:33 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012.08.23 11:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.08.21 20:30:05 | 000,000,000 | ---D | C] -- C:\Users\Stephie\temp
[2012.08.21 19:53:21 | 000,000,000 | ---D | C] -- C:\Users\Stephie\Desktop\breeze
[2012.08.21 14:22:00 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Malwarebytes
[2012.08.21 14:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.21 14:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.21 14:21:49 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.21 14:21:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.20 22:56:19 | 000,000,000 | RHSD | C] -- C:\Users\Stephie\M-10-6897-8685-3464
[2012.08.20 00:50:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Hotspot Shield
[2012.07.24 22:47:17 | 000,000,000 | ---D | C] -- C:\Users\Stephie\Desktop\Into the Wild[2007]DvDrip[Eng]-FXG
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.23 21:42:45 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.23 21:42:45 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.23 21:34:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.23 21:32:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.23 21:31:53 | 3111,534,592 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.23 21:31:01 | 000,000,384 | ---- | M] () -- C:\Users\Stephie\defogger_reenable
[2012.08.23 21:00:06 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.23 16:27:54 | 000,059,392 | R--- | M] () -- C:\Windows\SysWow64\streamhlp.dll
[2012.08.23 16:27:53 | 000,000,969 | ---- | M] () -- C:\Users\Stephie\Desktop\TrojanHunter.lnk
[2012.08.23 12:59:49 | 000,129,024 | ---- | M] () -- C:\Windows\RegBootClean64.exe
[2012.08.23 12:59:22 | 000,834,916 | ---- | M] () -- C:\Users\Stephie\AppData\Local\census.cache
[2012.08.23 12:59:10 | 000,000,000 | ---- | M] () -- C:\Users\Stephie\AppData\Local\ars.cache
[2012.08.23 12:48:45 | 000,000,036 | ---- | M] () -- C:\Users\Stephie\AppData\Local\housecall.guid.cache
[2012.08.23 12:26:58 | 000,000,000 | ---- | M] () -- C:\Users\Stephie\pslist
[2012.08.23 11:54:34 | 000,002,262 | ---- | M] () -- C:\Users\Stephie\Desktop\SpyHunter.lnk
[2012.08.22 17:52:01 | 000,039,861 | ---- | M] () -- C:\Users\Stephie\Desktop\kackding.png
[2012.08.22 15:51:52 | 000,002,304 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.08.21 14:21:51 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.21 12:43:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.08.21 09:54:25 | 000,000,000 | -H-- | M] () -- C:\Users\Stephie\AppData\Roaming\winbras.sys
[2012.08.20 11:14:51 | 010,632,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.12 22:10:59 | 001,829,116 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.12 22:10:59 | 000,781,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.12 22:10:59 | 000,724,586 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.12 22:10:59 | 000,178,262 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.12 22:10:59 | 000,146,528 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.23 21:31:01 | 000,000,384 | ---- | C] () -- C:\Users\Stephie\defogger_reenable
[2012.08.23 16:27:53 | 000,000,969 | ---- | C] () -- C:\Users\Stephie\Desktop\TrojanHunter.lnk
[2012.08.23 16:27:45 | 000,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll
[2012.08.23 16:27:15 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2012.08.23 16:27:15 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2012.08.23 16:14:59 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{3c89fd90-a438-6635-af2f-36e132e1456f}\U\80000064.@
[2012.08.23 15:32:03 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{3c89fd90-a438-6635-af2f-36e132e1456f}\U\00000008.@
[2012.08.23 12:59:49 | 000,129,024 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2012.08.23 12:54:13 | 000,834,916 | ---- | C] () -- C:\Users\Stephie\AppData\Local\census.cache
[2012.08.23 12:54:13 | 000,000,000 | ---- | C] () -- C:\Users\Stephie\AppData\Local\ars.cache
[2012.08.23 12:48:45 | 000,000,036 | ---- | C] () -- C:\Users\Stephie\AppData\Local\housecall.guid.cache
[2012.08.23 12:26:58 | 000,000,000 | ---- | C] () -- C:\Users\Stephie\pslist
[2012.08.23 11:54:34 | 000,002,262 | ---- | C] () -- C:\Users\Stephie\Desktop\SpyHunter.lnk
[2012.08.22 17:52:01 | 000,039,861 | ---- | C] () -- C:\Users\Stephie\Desktop\kackding.png
[2012.08.21 14:21:51 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.21 09:54:25 | 000,000,000 | -H-- | C] () -- C:\Users\Stephie\AppData\Roaming\winbras.sys
[2012.06.18 08:03:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012.06.10 15:54:34 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2012.01.11 15:28:52 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{3c89fd90-a438-6635-af2f-36e132e1456f}\@
[2012.01.11 15:28:52 | 000,002,048 | -HS- | C] () -- C:\Users\Stephie\AppData\Local\{3c89fd90-a438-6635-af2f-36e132e1456f}\@
[2012.01.06 21:41:48 | 000,000,830 | ---- | C] () -- C:\Windows\vampire.ini
[2012.01.06 01:36:19 | 000,000,252 | ---- | C] () -- C:\Windows\vtmb.ini
[2011.11.22 23:48:23 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011.11.22 23:48:23 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011.07.19 15:44:46 | 000,189,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.19 15:30:38 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.07.05 22:40:39 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011.06.06 12:35:49 | 000,000,722 | ---- | C] () -- C:\Windows\Thps3.INI
[2011.04.13 21:59:14 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.03.24 20:28:10 | 001,804,566 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.13 14:57:25 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.12.13 14:57:25 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.12.13 14:57:24 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.12.13 14:57:24 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.12.13 14:57:24 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.12.13 13:24:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2011.12.18 01:51:01 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\.minecraft
[2011.03.28 21:30:18 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Bioshock
[2011.05.29 20:31:24 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\CPUControl
[2012.04.06 19:42:31 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\DAEMON Tools Lite
[2012.04.05 19:37:36 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\DesktopIconForAmazon
[2012.08.23 21:35:37 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Dropbox
[2011.08.27 20:26:12 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\fltk.org
[2012.08.23 21:35:23 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\foobar2000
[2012.06.10 15:54:55 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\FreeAudioPack
[2012.08.23 21:39:01 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\ICQ
[2011.01.24 16:16:49 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Local
[2011.09.15 21:25:53 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\OGG To MP3
[2011.02.08 00:46:51 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\ooVoo Details
[2011.03.26 15:24:34 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\OpenCandy
[2011.05.21 00:12:00 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Opera
[2011.02.27 23:15:40 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Philips
[2011.02.27 23:12:12 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Philips-Songbird
[2012.02.03 01:30:05 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Publish Providers
[2011.01.14 15:15:59 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\QipGuard
[2011.11.28 18:30:16 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\redsn0w
[2011.09.30 04:09:31 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\ScummVM
[2011.03.24 02:32:27 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\SFBot
[2012.08.23 16:27:13 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Simply Super Software
[2012.02.12 03:59:30 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Sinvise Systems
[2012.02.03 01:29:53 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Sony
[2011.05.30 12:45:23 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.05.13 11:23:51 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Subversion
[2012.08.21 20:30:02 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\TeamViewer
[2012.07.09 16:08:21 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Thunderbird
[2011.03.31 09:20:37 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Tinn-R
[2012.08.23 16:35:28 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\TrojanHunter
[2011.03.26 15:25:58 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Uniblue
[2012.08.20 19:27:41 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 160 bytes -> C:\Users\Stephie\Desktop\VP 2.tiff:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 160 bytes -> C:\Users\Stephie\Desktop\VP 1.tiff:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 160 bytes -> C:\Users\Stephie\Desktop\Vertrag.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 160 bytes -> C:\Users\Stephie\Desktop\Vertrag No 2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 160 bytes -> C:\Users\Stephie\Desktop\Perso.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 160 bytes -> C:\Users\Stephie\Desktop\Perso 2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 160 bytes -> C:\Users\Stephie\Desktop\Passbild.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 160 bytes -> C:\Users\Stephie\Desktop\Kündigung.tiff:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 160 bytes -> C:\Users\Stephie\Desktop\fukken uber death party.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 160 bytes -> C:\Users\Stephie\Desktop\Bank 2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 160 bytes -> C:\Users\Stephie\Desktop\Bank 1.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >

--- --- ---
Und noch die OTL - Extra - Log:

Zitat:

[OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 23.08.2012 21:39:30 - Run 1
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\Stephie\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 58,92% Memory free
7,73 Gb Paging File | 6,15 Gb Available in Paging File | 79,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 14,14 Gb Free Space | 14,49% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 67,51 Gb Free Space | 18,34% Space Free | Partition Type: NTFS
 
Computer Name: STEIN | User Name: Stephie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Aurora\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B1BBEE3-C10D-44BE-A6BE-EEC867315F87}" = Shutdown Timer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E6D44B7E-1B1E-04A7-86E3-06AD74583FE9}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F896D026-9016-4122-B9BD-957FF092FFE9}" = SpyHunter
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ProInst" = Intel PROSet Wireless
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 29
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E9B398A-8F39-410C-8200-7F5289CD7B02}_is1" = The Sims 3 Ultimate Bundle
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7104189A-C592-4A56-AC9E-7C0CA135DA3C}" = AGEIA PhysX v6.10.25
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8624888C-A959-45A5-98F4-292E956325EA}" = LECTURNITY Player
"{878D2EB2-2D55-42A9-955E-1E08F28529FD}" = Sony Media Manager 2.2
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D20559F7-7755-4811-BCD5-7F344BEC2215}" = QIP Infium 9040 Jeak-Edition
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DFB951D6-4270-42D8-B4B7-AA4B01911DC3}" = Sony Vegas 7.0
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Aurora 16.0a2 (x86 de)" = Aurora 16.0a2 (x86 de)
"avast" = avast! Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"DOSBox 0.74 Installer" = DOSBox 0.74 Installer 0.74
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FLAC To MP3_is1" = FLAC To MP3 V4.0.4
"foobar2000" = foobar2000 v1.1.5
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"Google Chrome" = Google Chrome
"Guard.Mail.ru" = Guard.ICQ
"HijackThis" = HijackThis 2.0.2
"HotspotShield" = Hotspot Shield 2.67
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"King's Quest Collection™ (2006) DOSBox Patch" = King's Quest Collection™ (2006) DOSBox Patch 
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"LastFM_is1" = Last.fm 1.5.4.27091
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"Opera 11.64.1403" = Opera 11.64
"SDUtilities" = SDUtilities 1.0e 
"Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 4.16.2.6
"Steam App 10100" = King's Quest Collection
"Steam App 240" = Counter-Strike: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 400" = Portal
"Steam App 4540" = Titan Quest
"Steam App 4550" = Titan Quest: Immortal Throne
"Steam App 57300" = Amnesia: The Dark Descent
"Tony Hawk's Pro Skater 3®" = Tony Hawk's Pro Skater 3®
"Trojan Remover_is1" = Trojan Remover 6.8.4
"TrojanHunter_is1" = TrojanHunter 5.5
"VLC media player" = VLC media player 1.0.2
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"QIP Infium" = QIP Infium 3.0.9042
"QipGuard" = QIP Internet Guardian
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.08.2012 15:24:03 | Computer Name = Stein | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x7387c9f1  ID des fehlerhaften
 Prozesses: 0xde8  Startzeit der fehlerhaften Anwendung: 0x01cd8164db0f75df  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 18c44dc0-ed58-11e1-a1ad-0026b92531f6
 
Error - 23.08.2012 15:25:03 | Computer Name = Stein | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x7387c9f1  ID des fehlerhaften
 Prozesses: 0x115c  Startzeit der fehlerhaften Anwendung: 0x01cd8164fee4ffdc  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 3c93ec1c-ed58-11e1-a1ad-0026b92531f6
 
Error - 23.08.2012 15:26:03 | Computer Name = Stein | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x7387c9f1  ID des fehlerhaften
 Prozesses: 0x103c  Startzeit der fehlerhaften Anwendung: 0x01cd816522b44fff  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 60661aa0-ed58-11e1-a1ad-0026b92531f6
 
Error - 23.08.2012 15:27:03 | Computer Name = Stein | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x7387c9f1  ID des fehlerhaften
 Prozesses: 0x1190  Startzeit der fehlerhaften Anwendung: 0x01cd81654687e559  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 843932fa-ed58-11e1-a1ad-0026b92531f6
 
Error - 23.08.2012 15:28:04 | Computer Name = Stein | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x7387c9f1  ID des fehlerhaften
 Prozesses: 0x11fc  Startzeit der fehlerhaften Anwendung: 0x01cd81656a5adee6  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: a80e3027-ed58-11e1-a1ad-0026b92531f6
 
Error - 23.08.2012 15:29:04 | Computer Name = Stein | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x7387c9f1  ID des fehlerhaften
 Prozesses: 0x1078  Startzeit der fehlerhaften Anwendung: 0x01cd81658e31fe50  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: cbe3c8f1-ed58-11e1-a1ad-0026b92531f6
 
Error - 23.08.2012 15:30:04 | Computer Name = Stein | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x7387c9f1  ID des fehlerhaften
 Prozesses: 0xfb0  Startzeit der fehlerhaften Anwendung: 0x01cd8165b20489df  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: efb65480-ed58-11e1-a1ad-0026b92531f6
 
Error - 23.08.2012 15:31:04 | Computer Name = Stein | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x7387c9f1  ID des fehlerhaften
 Prozesses: 0x1b4  Startzeit der fehlerhaften Anwendung: 0x01cd8165d5d7156e  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 1385d2ce-ed59-11e1-a1ad-0026b92531f6
 
Error - 23.08.2012 15:44:33 | Computer Name = Stein | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x73d4c9f1  ID des fehlerhaften
 Prozesses: 0x10a8  Startzeit der fehlerhaften Anwendung: 0x01cd8167b6b5b683  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: f59af062-ed5a-11e1-ae4c-0026b92531f6
 
Error - 23.08.2012 15:45:33 | Computer Name = Stein | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x73d4c9f1  ID des fehlerhaften
 Prozesses: 0x994  Startzeit der fehlerhaften Anwendung: 0x01cd8167dbf98641  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 19a87282-ed5b-11e1-ae4c-0026b92531f6
 
[ System Events ]
Error - 23.08.2012 15:33:30 | Computer Name = Stein | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 23.08.2012 15:33:58 | Computer Name = Stein | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 23.08.2012 15:34:28 | Computer Name = Stein | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Net.Tcp-Portfreigabedienst erreicht.
 
Error - 23.08.2012 15:34:28 | Computer Name = Stein | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Net.Tcp-Portfreigabedienst" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 23.08.2012 15:35:13 | Computer Name = Stein | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 23.08.2012 15:35:17 | Computer Name = Stein | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1053
 
Error - 23.08.2012 15:35:17 | Computer Name = Stein | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Security Center" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1079
 
Error - 23.08.2012 15:35:17 | Computer Name = Stein | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SBSD Security Center Service" ist vom Dienst "Security
 Center" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1079
 
Error - 23.08.2012 15:36:14 | Computer Name = Stein | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 23.08.2012 15:36:14 | Computer Name = Stein | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
 
< End of report >

--- --- ---

Ich hoffe, das ist alles, was ihr für die Analyse braucht - ich hab leider nicht so den großen Plan von PC-Angelegenheiten

Liebe Grüße und danke schonmals!

t'john · 24.08.2012, 02:18

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\URLSearchHook: - No CLSID value found 
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found 
IE - HKLM\..\SearchScopes,DefaultScope = {95289393-33EA-4F8D-B952-483415B9C955} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = http://search.qip.ru/?query={searchTerms} 
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd 
IE - HKCU\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = http://search.qip.ru/?query={searchTerms} 
IE - HKCU\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/search?query={searchTerms}&from=IE 
IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search" 
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" 
FF - prefs.js..browser.search.update: false 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.1.0 
FF - prefs.js..keyword.URL: "http://www.google.de/search?q=" 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. 
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) 
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{0e18b279-0867-11e0-9cb4-a94d0f350a97}\Shell - "" = AutoRun 
O33 - MountPoints2\{0e18b279-0867-11e0-9cb4-a94d0f350a97}\Shell\AutoRun\command - "" = G:\pushinst.exe 
O33 - MountPoints2\{1ae927b8-1a56-11e0-91a7-0026b92531f6}\Shell - "" = AutoRun 
O33 - MountPoints2\{1ae927b8-1a56-11e0-91a7-0026b92531f6}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE 
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] 

@Alternate Data Stream - 160 bytes -> C:\Users\Stephie\Desktop\VP 2.tiff:3or4kl4x13tuuug3Byamue2s4b 
@Alternate Data Stream - 160 bytes -> C:\Users\Stephie\Desktop\VP 1.tiff:3or4kl4x13tuuug3Byamue2s4b 
@Alternate Data Stream - 160 bytes -> C:\Users\Stephie\Desktop\Vertrag.jpeg:3or4kl4x13tuuug3Byamue2s4b 
@Alternate Data Stream - 160 bytes -> C:\Users\Stephie\Desktop\Vertrag No 2.jpeg:3or4kl4x13tuuug3Byamue2s4b 
@Alternate Data Stream - 160 bytes -> C:\Users\Stephie\Desktop\Perso.jpeg:3or4kl4x13tuuug3Byamue2s4b 
@Alternate Data Stream - 160 bytes -> C:\Users\Stephie\Desktop\Perso 2.jpeg:3or4kl4x13tuuug3Byamue2s4b 
@Alternate Data Stream - 160 bytes -> C:\Users\Stephie\Desktop\Passbild.jpeg:3or4kl4x13tuuug3Byamue2s4b 
@Alternate Data Stream - 160 bytes -> C:\Users\Stephie\Desktop\Kündigung.tiff:3or4kl4x13tuuug3Byamue2s4b 
@Alternate Data Stream - 160 bytes -> C:\Users\Stephie\Desktop\fukken uber death party.jpeg:3or4kl4x13tuuug3Byamue2s4b 
@Alternate Data Stream - 160 bytes -> C:\Users\Stephie\Desktop\Bank 2.jpeg:3or4kl4x13tuuug3Byamue2s4b 
@Alternate Data Stream - 160 bytes -> C:\Users\Stephie\Desktop\Bank 1.jpeg:3or4kl4x13tuuug3Byamue2s4b 
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml 
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml 
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml 
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml 
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml 
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml 

[2012.08.21 12:43:12 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF 
[2012.08.23 16:14:59 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{3c89fd90-a438-6635-af2f-36e132e1456f}\U\80000064.@ 
[2012.08.23 15:32:03 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{3c89fd90-a438-6635-af2f-36e132e1456f}\U\00000008.@ 
[2012.01.11 15:28:52 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{3c89fd90-a438-6635-af2f-36e132e1456f}\@ 
[2012.01.11 15:28:52 | 000,002,048 | -HS- | C] () -- C:\Users\Stephie\AppData\Local\{3c89fd90-a438-6635-af2f-36e132e1456f}\@ 
[2010.12.13 14:57:25 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini 
[2011.05.30 12:45:23 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

EnBackOel · 24.08.2012, 09:11

Vielen Dank! Hab's ausgeführt und das kam dabei raus als Log:

Zitat:

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" removed from browser.search.defaulturl
Prefs.js: false removed from browser.search.update
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: quickstores@quickstores.de:1.1.0 removed from extensions.enabledItems
Prefs.js: "hxxp://www.google.de/search?q=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e18b279-0867-11e0-9cb4-a94d0f350a97}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e18b279-0867-11e0-9cb4-a94d0f350a97}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e18b279-0867-11e0-9cb4-a94d0f350a97}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e18b279-0867-11e0-9cb4-a94d0f350a97}\ not found.
File G:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ae927b8-1a56-11e0-91a7-0026b92531f6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ae927b8-1a56-11e0-91a7-0026b92531f6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ae927b8-1a56-11e0-91a7-0026b92531f6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ae927b8-1a56-11e0-91a7-0026b92531f6}\ not found.
File G:\AUTORUN.EXE not found.
C:\Windows\SysWow64\is-7VP4H.tmp deleted successfully.
Unable to delete ADS C:\Users\Stephie\Desktop\VP 2.tiff:3or4kl4x13tuuug3Byamue2s4b .
Unable to delete ADS C:\Users\Stephie\Desktop\VP 1.tiff:3or4kl4x13tuuug3Byamue2s4b .
Unable to delete ADS C:\Users\Stephie\Desktop\Vertrag.jpeg:3or4kl4x13tuuug3Byamue2s4b .
Unable to delete ADS C:\Users\Stephie\Desktop\Vertrag No 2.jpeg:3or4kl4x13tuuug3Byamue2s4b .
Unable to delete ADS C:\Users\Stephie\Desktop\Perso.jpeg:3or4kl4x13tuuug3Byamue2s4b .
Unable to delete ADS C:\Users\Stephie\Desktop\Perso 2.jpeg:3or4kl4x13tuuug3Byamue2s4b .
Unable to delete ADS C:\Users\Stephie\Desktop\Passbild.jpeg:3or4kl4x13tuuug3Byamue2s4b .
Unable to delete ADS C:\Users\Stephie\Desktop\Kündigung.tiff:3or4kl4x13tuuug3Byamue2s4b .
Unable to delete ADS C:\Users\Stephie\Desktop\fukken uber death party.jpeg:3or4kl4x13tuuug3Byamue2s4b .
Unable to delete ADS C:\Users\Stephie\Desktop\Bank 2.jpeg:3or4kl4x13tuuug3Byamue2s4b .
Unable to delete ADS C:\Users\Stephie\Desktop\Bank 1.jpeg:3or4kl4x13tuuug3Byamue2s4b .
C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\skin\png scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\skin\icons scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\skin\ico 24x24px scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\skin\ico 16x16px scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\zh-TW scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\zh-CN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\vi-VN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ur-PK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\uk-UA scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\tr-TR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\th-TH scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\sv-SE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\sl-SI scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\sk-SK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ru-RU scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ro-RO scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\pt-PT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\pt-BR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\pl-PL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\nl-NL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\nb-NO scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ko-KR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ja-JP scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\it-IT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\id-ID scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\hu-HU scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\hr-HR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\he-IL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\fr-FR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\fi-FI scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\et-EE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\es-ES scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\en-US scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\en-GB scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\el-GR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\de-DE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\da-DK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\cs-CZ scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ca-ES scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\bg-BG scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\be-BY scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ar-SA scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\defaults scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\content scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF scheduled to be moved on reboot.
C:\Windows\Installer\{3c89fd90-a438-6635-af2f-36e132e1456f}\U\80000064.@ moved successfully.
C:\Windows\Installer\{3c89fd90-a438-6635-af2f-36e132e1456f}\U\00000008.@ moved successfully.
C:\Windows\Installer\{3c89fd90-a438-6635-af2f-36e132e1456f}\@ moved successfully.
C:\Users\Stephie\AppData\Local\{3c89fd90-a438-6635-af2f-36e132e1456f}\@ moved successfully.
C:\Windows\avisplitter.ini moved successfully.
C:\Users\Stephie\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1\Local Store folder moved successfully.
C:\Users\Stephie\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Stephie\Desktop\cmd.bat deleted successfully.
C:\Users\Stephie\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Stephie
->Temp folder emptied: 969108 bytes
->Temporary Internet Files folder emptied: 12592289 bytes
->Java cache emptied: 1699823 bytes
->FireFox cache emptied: 752128865 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 9939 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 732,00 mb

OTL by OldTimer - Version 3.2.58.1 log created on 08242012_100029

Files\Folders moved on Reboot...
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\skin\png scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\skin\icons scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\skin\ico 24x24px scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\skin\ico 16x16px scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\skin\png scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\skin\icons scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\skin\ico 24x24px scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\skin\ico 16x16px scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\zh-TW scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\zh-CN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\vi-VN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ur-PK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\uk-UA scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\tr-TR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\th-TH scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\sv-SE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\sl-SI scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\sk-SK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ru-RU scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ro-RO scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\pt-PT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\pt-BR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\pl-PL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\nl-NL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\nb-NO scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ko-KR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ja-JP scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\it-IT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\id-ID scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\hu-HU scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\hr-HR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\he-IL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\fr-FR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\fi-FI scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\et-EE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\es-ES scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\en-US scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\en-GB scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\el-GR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\de-DE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\da-DK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\cs-CZ scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ca-ES scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\bg-BG scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\be-BY scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ar-SA scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\zh-TW scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\zh-CN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\vi-VN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ur-PK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\uk-UA scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\tr-TR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\th-TH scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\sv-SE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\sl-SI scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\sk-SK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ru-RU scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ro-RO scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\pt-PT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\pt-BR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\pl-PL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\nl-NL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\nb-NO scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ko-KR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ja-JP scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\it-IT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\id-ID scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\hu-HU scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\hr-HR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\he-IL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\fr-FR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\fi-FI scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\et-EE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\es-ES scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\en-US scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\en-GB scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\el-GR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\de-DE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\da-DK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\cs-CZ scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ca-ES scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\bg-BG scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\be-BY scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ar-SA scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\defaults scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\content scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\skin\png scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\skin\icons scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\skin\ico 24x24px scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\skin\ico 16x16px scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\zh-TW scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\zh-CN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\vi-VN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ur-PK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\uk-UA scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\tr-TR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\th-TH scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\sv-SE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\sl-SI scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\sk-SK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ru-RU scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ro-RO scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\pt-PT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\pt-BR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\pl-PL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\nl-NL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\nb-NO scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ko-KR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ja-JP scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\it-IT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\id-ID scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\hu-HU scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\hr-HR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\he-IL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\fr-FR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\fi-FI scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\et-EE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\es-ES scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\en-US scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\en-GB scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\el-GR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\de-DE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\da-DK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\cs-CZ scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ca-ES scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\bg-BG scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\be-BY scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale\ar-SA scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\locale scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\defaults scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF\content scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF scheduled to be moved on reboot.
C:\Users\Stephie\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

t'john · 24.08.2012, 15:58

Sehr gut!

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

EnBackOel · 24.08.2012, 18:37

Also die Meldungen von avast kamen bisher nicht mehr wieder.

Log von Malwarebytes - Antimalware:

Zitat:

Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.08.24.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Stephie :: STEIN [Administrator]

24.08.2012 17:40:08
mbam-log-2012-08-24 (17-40-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 557149
Laufzeit: 1 Stunde(n), 46 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Windows\Installer\{3c89fd90-a438-6635-af2f-36e132e1456f}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{3c89fd90-a438-6635-af2f-36e132e1456f}\U\000000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\08242012_100029\C_Windows\Installer\{3c89fd90-a438-6635-af2f-36e132e1456f}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Und von AdwCleaner:

Zitat:

# AdwCleaner v1.801 - Logfile created 08/24/2012 at 19:36:25
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Stephie - STEIN
# Boot Mode : Normal
# Running from : C:\Users\Stephie\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Users\Stephie\AppData\Local\OpenCandy
Folder Found : C:\Users\Stephie\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Stephie\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Stephie\AppData\Roaming\Mozilla\Firefox\Profiles\mtcnqs2u.default\Conduit
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de
Folder Found : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
File Found : C:\Users\Stephie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
File Found : C:\Users\Stephie\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
File Found : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Softonic
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\Softonic

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v5.0 (de)

Profile name : default
File : C:\Users\Stephie\AppData\Roaming\Mozilla\Firefox\Profiles\mtcnqs2u.default\prefs.js

Found : user_pref("aol_toolbar.surf.date", "41");
Found : user_pref("aol_toolbar.surf.lastDate", "31");
Found : user_pref("aol_toolbar.surf.lastMonth", "9");
Found : user_pref("aol_toolbar.surf.lastYear", "2011");
Found : user_pref("aol_toolbar.surf.month", "196");
Found : user_pref("aol_toolbar.surf.prevMonth", "32");
Found : user_pref("aol_toolbar.surf.total", "18155");
Found : user_pref("aol_toolbar.surf.week", "41");
Found : user_pref("aol_toolbar.surf.year", "18073");

-\\ Opera v11.64.1403.0

File : C:\Users\Stephie\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4220 octets] - [24/08/2012 19:36:25]

########## EOF - C:\AdwCleaner[R1].txt - [4348 octets] ##########

Danke schonmal für die Hilfe!

t'john · 24.08.2012, 18:56

Sehr gut!

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

EnBackOel · 24.08.2012, 22:21

Mhhh, alles getan

Log von AdwCleaner:

Zitat:

# AdwCleaner v1.801 - Logfile created 08/24/2012 at 20:40:49
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Stephie - STEIN
# Boot Mode : Normal
# Running from : C:\Users\Stephie\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\Stephie\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Stephie\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Stephie\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Stephie\AppData\Roaming\Mozilla\Firefox\Profiles\mtcnqs2u.default\Conduit
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de
Folder Deleted : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
File Deleted : C:\Users\Stephie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
File Deleted : C:\Users\Stephie\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
File Deleted : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Softonic

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v5.0 (de)

Profile name : default
File : C:\Users\Stephie\AppData\Roaming\Mozilla\Firefox\Profiles\mtcnqs2u.default\prefs.js

C:\Users\Stephie\AppData\Roaming\Mozilla\Firefox\Profiles\mtcnqs2u.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.surf.date", "41");
Deleted : user_pref("aol_toolbar.surf.lastDate", "31");
Deleted : user_pref("aol_toolbar.surf.lastMonth", "9");
Deleted : user_pref("aol_toolbar.surf.lastYear", "2011");
Deleted : user_pref("aol_toolbar.surf.month", "196");
Deleted : user_pref("aol_toolbar.surf.prevMonth", "32");
Deleted : user_pref("aol_toolbar.surf.total", "18155");
Deleted : user_pref("aol_toolbar.surf.week", "41");
Deleted : user_pref("aol_toolbar.surf.year", "18073");

-\\ Opera v11.64.1403.0

File : C:\Users\Stephie\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4329 octets] - [24/08/2012 19:36:25]
AdwCleaner[S1].txt - [3634 octets] - [24/08/2012 20:40:49]

########## EOF - C:\AdwCleaner[S1].txt - [3762 octets] ##########

Und noch von Emsisoft Anti-Malware

Zitat:

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 24.08.2012 20:47:49

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 24.08.2012 20:48:01

Key: hkey_local_machine\software\trymedia systems gefunden: Trace.Registry.trymedia!E1
Key: hkey_local_machine\software\trymedia systems\activemark software gefunden: Trace.Registry.trymedia!E1
C:\_OTL\MovedFiles\08242012_100029\C_Windows\Installer\{3c89fd90-a438-6635-af2f-36e132e1456f}\U\80000064.@ gefunden: Trojan.Win64!E2
C:\Windows\Installer\{3c89fd90-a438-6635-af2f-36e132e1456f}\U\80000064.@ gefunden: Trojan.Win64!E2
C:\Windows\Installer\{3c89fd90-a438-6635-af2f-36e132e1456f}\U\80000000.@ gefunden: Backdoor.Win64.AMN!E1
C:\Windows\Installer\{3c89fd90-a438-6635-af2f-36e132e1456f}\U\trzF761.tmp gefunden: Trojan.Win64.Sirefef.AMN!E1
C:\Windows\Installer\{3c89fd90-a438-6635-af2f-36e132e1456f}\U\00000004.@ gefunden: Trojan.Win64.Sirefef.AMN!E1
C:\Windows\assembly\GAC_64\Desktop.ini gefunden: Trojan.Win64!E2
C:\Windows\assembly\GAC_32\Desktop.ini gefunden: Trojan.Win32.Sirefef!E2
D:\Games\LA Noire\SKIDROW\LANoire.exe gefunden: Trojan.Crypt!E2

Gescannt 774093
Gefunden 10

Scan Ende: 24.08.2012 23:18:22
Scan Zeit: 2:30:21
[/B]

t'john · 24.08.2012, 22:58

Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:

Windows XP (nur 32-bit)
Windows Vista (32-bit/64-bit)
Windows 7 (32-bit/64-bit)

Vorbereitung und wichtige Hinweise

Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
Liste der zu deaktivierenden Programme.
Bei Unklarheiten bitte fragen.

ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
Teile uns das mit und warte auf unsere Anweisungen.

Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
Während des Laufs von Combofix nichts anderes am Computer machen!
Akzeptiere die Bedingungen (Disclaimer) mit "Ja".

Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
Bitte nicht in dieses Combofix-Fenster klicken.
Das könnte Dein System einfrieren oder hängen bleiben lassen.
Es wird ein Backup Deiner Registry erstellt.
Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.

Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

EnBackOel · 25.08.2012, 11:09

Getan. Emsisoft ließ sich nicht ohne weiteres schließen.

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-08-25.02 - Stephie 25.08.2012  11:24:54.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3957.2523 [GMT 2:00]
ausgeführt von:: c:\users\Stephie\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\Stephie\AppData\Roaming\Local
c:\users\Stephie\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Stephie\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Stephie\AppData\Roaming\Local\Temp\DDM\Settings\freakyfirday_790x450.mp4.ddr
c:\users\Stephie\AppData\Roaming\Local\Temp\DDM\Settings\itg_himym_s03e14.avi.ddr
c:\users\Stephie\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_de.divx.ddr
c:\users\Stephie\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Stephie\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\freakyfirday_790x450.mp4
c:\users\Stephie\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\itg_himym_s03e14.avi.ddp
c:\users\Stephie\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_de.divx
c:\windows\Installer\{3c89fd90-a438-6635-af2f-36e132e1456f}\L\00000004.@
c:\windows\Installer\{3c89fd90-a438-6635-af2f-36e132e1456f}\U\00000004.@
c:\windows\Installer\{3c89fd90-a438-6635-af2f-36e132e1456f}\U\80000000.@
c:\windows\Installer\{3c89fd90-a438-6635-af2f-36e132e1456f}\U\80000064.@
c:\windows\Installer\{3c89fd90-a438-6635-af2f-36e132e1456f}\U\trzF761.tmp
c:\windows\IsUn0407.exe
c:\windows\SysWow64\FlashPlayerInstaller.exe
.
Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-25 bis 2012-08-25  ))))))))))))))))))))))))))))))
.
.
2012-08-25 09:30 . 2012-08-25 09:30	--------	d-----w-	c:\users\DefaultAppPool\AppData\Local\temp
2012-08-25 09:30 . 2012-08-25 09:30	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-08-25 09:21 . 2012-08-01 22:58	9309624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D94280C-5AE7-4373-B3E7-94FD13E67742}\mpengine.dll
2012-08-24 18:35 . 2012-08-25 09:22	--------	d-----w-	c:\program files (x86)\Emsisoft Anti-Malware
2012-08-24 08:00 . 2012-08-24 08:00	--------	d-----w-	C:\_OTL
2012-08-23 20:15 . 2012-08-23 22:37	--------	d-----w-	c:\program files (x86)\Aurora
2012-08-23 14:35 . 2012-08-23 14:35	--------	d-----w-	c:\users\Stephie\AppData\Roaming\TrojanHunter
2012-08-23 14:27 . 2012-08-23 14:28	--------	d-----w-	c:\programdata\TrojanHunter
2012-08-23 14:27 . 2012-08-23 14:36	--------	d-----w-	c:\program files (x86)\TrojanHunter 5.5
2012-08-23 14:27 . 2003-02-02 17:06	153088	----a-w-	c:\windows\SysWow64\UNRAR3.dll
2012-08-23 14:27 . 2002-03-05 22:00	75264	----a-w-	c:\windows\SysWow64\unacev2.dll
2012-08-23 14:27 . 2012-08-23 14:27	--------	d-----w-	c:\program files (x86)\Trojan Remover
2012-08-23 14:27 . 2012-08-23 14:27	--------	d-----w-	c:\users\Stephie\AppData\Roaming\Simply Super Software
2012-08-23 14:27 . 2012-08-23 14:27	--------	d-----w-	c:\programdata\Simply Super Software
2012-08-23 10:59 . 2012-08-23 10:59	129024	----a-w-	c:\windows\RegBootClean64.exe
2012-08-23 09:54 . 2012-08-23 09:54	--------	d-----w-	C:\sh4ldr
2012-08-23 09:54 . 2012-08-23 09:54	110080	----a-r-	c:\users\Stephie\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconF7A21AF7.exe
2012-08-23 09:54 . 2012-08-23 09:54	110080	----a-r-	c:\users\Stephie\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconD7F16134.exe
2012-08-23 09:54 . 2012-08-23 09:54	110080	----a-r-	c:\users\Stephie\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\Icon1226A4C5.exe
2012-08-23 09:54 . 2012-08-23 09:54	--------	d-----w-	c:\program files\Enigma Software Group
2012-08-21 18:30 . 2012-08-21 18:30	--------	d-----w-	c:\users\Stephie\temp
2012-08-21 12:22 . 2012-08-21 12:22	--------	d-----w-	c:\users\Stephie\AppData\Roaming\Malwarebytes
2012-08-21 12:21 . 2012-08-21 12:21	--------	d-----w-	c:\programdata\Malwarebytes
2012-08-21 12:21 . 2012-08-21 12:21	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-21 12:21 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-08-21 07:54 . 2012-08-21 07:54	0	---ha-w-	c:\users\Stephie\AppData\Roaming\winbras.sys
2012-08-20 20:56 . 2012-08-21 14:19	--------	d-sh--r-	c:\users\Stephie\M-10-6897-8685-3464
2012-08-19 22:50 . 2012-08-19 22:50	--------	d-----w-	c:\windows\SysWow64\Hotspot Shield
2012-08-19 22:49 . 2012-07-06 20:07	552960	----a-w-	c:\windows\system32\drivers\bthport.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-19 22:46 . 2010-12-13 11:50	62134624	----a-w-	c:\windows\system32\MRT.exe
2012-07-10 02:48 . 2012-07-10 02:48	41704	----a-w-	c:\windows\system32\drivers\hssdrv6.sys
2012-07-03 16:21 . 2012-03-18 10:19	54072	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-05-24 20:00	958400	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2010-12-13 12:57	355856	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2010-12-13 12:57	59728	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2010-12-13 12:57	71064	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2010-12-13 12:57	25232	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2010-12-13 12:56	41224	----a-w-	c:\windows\avastSS.scr
2012-07-03 16:21 . 2010-12-13 12:56	227648	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2011-01-31 13:56	285328	----a-w-	c:\windows\system32\aswBoot.exe
2012-06-11 14:36 . 2012-04-06 17:32	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-11 14:36 . 2011-05-24 11:57	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-09 05:43 . 2012-07-11 18:38	14172672	----a-w-	c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 18:38	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 18:38	1881600	----a-w-	c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 18:38	1133568	----a-w-	c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 18:38	1390080	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 18:38	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 18:38	805376	----a-w-	c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-22 13:42	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 13:42	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 13:42	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 13:42	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 13:42	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 13:42	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 13:42	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 13:41	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-22 13:41	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 18:38	458704	----a-w-	c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 18:38	95600	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 18:38	151920	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 18:38	340992	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 18:38	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 18:38	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 18:38	225280	----a-w-	c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 18:38	219136	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 18:38	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-05-31 10:25 . 2010-12-13 11:53	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-04-16 13:25 . 2012-04-16 13:25	3993600	----a-w-	c:\program files (x86)\GUTB655.tmp
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Stephie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Stephie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Stephie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Stephie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Guard.Mail.ru.gui"="c:\program files (x86)\Guard-ICQ\GuardICQ.exe" [2012-06-04 1564368]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-08-23 1240848]
"THGuard"="c:\program files (x86)\TrojanHunter 5.5\THGuard.exe" [2011-10-04 1088280]
"emsisoft anti-malware"="c:\program files (x86)\Emsisoft Anti-Malware\a2guard.exe" [2012-07-30 3408288]
.
c:\users\Stephie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Stephie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
foobar2000.lnk - c:\program files (x86)\foobar2000\foobar2000.exe [2011-2-27 2007552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-16 136176]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 14120]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2010-10-22 460800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-16 136176]
R3 HPMo4DE3;Mouse Suite Driver_4DE3 (WDF Version);c:\windows\system32\DRIVERS\HPMo4DE3.sys [2011-03-09 25088]
R3 HPub4DE3;USB Mouse Low Filter Driver_4DE3 (WDF Version);c:\windows\system32\Drivers\HPub4DE3.sys [2011-04-12 18432]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-23 115184]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-08-15 146736]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-28 1255736]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-07-10 41704]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-07-30 3075920]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Guard-ICQ\GuardICQ.exe [2012-06-04 1564368]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-08-03 476016]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-08-03 387440]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 66320]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-05-09 115216]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-16 12:18]
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-16 12:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21	133400	----a-w-	c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Stephie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Stephie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Stephie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Stephie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-10-01 3189016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{9829E590-51E3-42AC-9290-8CB9DE81633E}: NameServer = 0.0.0.0
TCP: Interfaces\{B8C26338-0E24-4996-9BA3-47F670C4BA58}: NameServer = 10.71.40.1
FF - ProfilePath - c:\users\Stephie\AppData\Roaming\Mozilla\Firefox\Profiles\mtcnqs2u.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.startup.homepage - hxxp://www.wetter.com/deutschland/saarbruecken/malstatt/DE0009173037.html
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Vampire - c:\windows\IsUn0407.exe
AddRemove-QipGuard - c:\users\Stephie\AppData\Roaming\QipGuard\QipGuard.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2557127193-1638674719-1600278139-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ec,67,72,a6,16,39,92,b6,27,92,41,84,d1,1d,30,15,2e,2c,fb,da,1c,2c,0d,
   3b,8e,75,a8,4f,3b,89,69,a4,86,ef,61,34,d9,c4,1f,78,59,10,ea,1a,84,b2,89,e8,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-2557127193-1638674719-1600278139-1000\Software\SecuROM\License information*]
"datasecu"=hex:c3,10,cd,20,eb,aa,92,bb,13,03,d3,b1,b8,52,0b,71,8c,b2,ad,60,c7,
   6c,e1,0c,97,c8,00,9f,ff,af,54,4f,ea,59,e0,1d,43,8b,ae,cb,1f,b0,25,2d,78,2c,\
"rkeysecu"=hex:1e,36,e3,6e,c6,c1,f6,58,e1,25,ec,50,a7,0b,da,ea
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Hotspot Shield\bin\openvpntray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-25  11:48:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-25 09:48
.
Vor Suchlauf: 14 Verzeichnis(se), 15.891.030.016 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 15.553.515.520 Bytes frei
.
- - End Of File - - 7B8EE591CA0B72EFF55177C12029DCA8

--- --- ---

Ich kann nun nichts mehr öffnen. Folgende Meldung kommt für das jeweilige Programm:

Wenn ich's als Administrator öffne, geht's.

t'john · 26.08.2012, 01:56

Neustart sollte helfen.

betreibst du Homebanking an dem Rechner?

EnBackOel · 26.08.2012, 09:34

Danke, funktioniert wieder. Langsam komm ich mir echt hart blöd vor... ^^

Ja, ich mache Homebanking an dem Rechner, habe das allerdings seit den Meldungen von avast nicht mehr gemacht.

t'john · 27.08.2012, 00:19

Ich empfele Dir den Rechner neuaufzusetzen, weil mit Rootkits nicht zu spassen ist.

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

EnBackOel · 30.08.2012, 18:39

Hier der Log von Eset:

Zitat:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8049771b2694c346a23f32936cdc218a
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-30 03:05:29
# local_time=2012-08-30 05:05:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 54097510 54097510 0 0
# compatibility_mode=768 16777215 100 0 54097571 54097571 0 0
# compatibility_mode=5893 16776573 100 94 0 97968820 0 0
# compatibility_mode=8192 67108863 100 0 155 155 0 0
# scanned=6528
# found=0
# cleaned=0
# scan_time=159
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8049771b2694c346a23f32936cdc218a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-30 05:36:26
# local_time=2012-08-30 07:36:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 54097765 54097765 0 0
# compatibility_mode=768 16777215 100 0 54097826 54097826 0 0
# compatibility_mode=5893 16776573 100 94 0 97969075 0 0
# compatibility_mode=8192 67108863 100 0 410 410 0 0
# scanned=356885
# found=2
# cleaned=2
# scan_time=8960
C:\Qoobox\Quarantine\C\Windows\Installer\{3c89fd90-a438-6635-af2f-36e132e1456f}\U\80000000.@.vir Win64/Sirefef.AP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.B.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C

Wenn ich den PC neu aufsetze, kann ich dann meine Daten (beispielsweise Dokumente vom Studium, Musik, etc.) auf eine externe Platte zwischenlagern oder nehme ich dann automatisch die infizierten Daten mit?

t'john · 30.08.2012, 21:34

Solange du keine ausfuehrbaren Dateien mitnimmst ist es OK.
Also nur JPG, MP3, DOC etc und keine EXE, COM, SCR etc.

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 7 ) herunter laden.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: http://tools.trojaner-board.de/plugincheck.html

EnBackOel · 30.08.2012, 23:33

So, hier der Bericht

Zitat:

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 16.0 ist aktuell

Flash (11,4,402,265) ist aktuell.

Java (1,7,0,7) ist aktuell.

Adobe Reader 10,1,4,38 ist aktuell.

26.08.2012, 01:56	#10
t'john /// Helfer-Team	$Win32: Sirefef-AHF [Trj] und Win32: Malware-gen in C:\Windows\System32\services.exe Windows 7 64bit - Standard$ Win32: Sirefef-AHF [Trj] und Win32: Malware-gen in C:\Windows\System32\services.exe Windows 7 64bit Neustart sollte helfen. betreibst du Homebanking an dem Rechner? __________________ Mfg, t'john Das TB unterstützen

Win32: Sirefef-AHF [Trj] und Win32: Malware-gen in C:\Windows\System32\services.exe Windows 7 64bit

Log-Analyse und Auswertung: Win32: Sirefef-AHF [Trj] und Win32: Malware-gen in C:\Windows\System32\services.exe Windows 7 64bit