Cyber Crime Investigation Department Virus

conlinz · 31.08.2012, 23:48

Hallo!

Mein PC (Win 7) hat sich heute den hier schon in einigen Themen angesprochenen Virus mit der Meldung "Cyber Crime Investigation Department" in der österreichischen Version eingefangen. Die erschienene Meldung sperrt meinen PC und fordert zur Zahlung von 100 Euro mittels Paypal auf.

Bevor ich auf dieses Forum hier gestoßen bin, habe ich schon entsprechend einer anderen Anleitung aus dem Web im geschützten Modus einen Scan mit Malwarebytes Anti-Malware durchgeführt. Dabei wurden zwei infizierte Dateien gefunden und in Quarantäne verschoben. Anschließend ließ sich der Rechner wieder problemlos starten, es gibt keine offensichtlichen Fehlfunktionen mehr

Nun bin ich mir nicht ganz sicher ob schon alles wieder in Ordung ist oder doch noch zusätzlich etwas zu tun ist.

Hier die Logs in der Reihenfolge wie ich die Scans durchgeführt habe:

Malwarebytes Anti-Malware :

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.31.09

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
User :: PABLO [Administrator]

Schutz: Deaktiviert

31.08.2012 18:54:04
mbam-log-2012-08-31 (18-54-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 565643
Laufzeit: 1 Stunde(n), 24 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\User\AppData\Local\Temp\roper0dun.exe (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

danach der Scan mit OTL:

Code:

ATTFilter

OTL logfile created on: 31.08.2012 20:39:05 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\User\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 60,41% Memory free
3,75 Gb Paging File | 2,67 Gb Available in Paging File | 71,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 156,63 Gb Total Space | 65,10 Gb Free Space | 41,57% Space Free | Partition Type: NTFS
Drive D: | 309,11 Gb Total Space | 28,75 Gb Free Space | 9,30% Space Free | Partition Type: NTFS
 
Computer Name: PABLO | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.31 20:36:53 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.04.14 12:23:18 | 003,133,704 | ---- | M] (Evgeny Lachinov) -- C:\Program Files\Wild Media Server\wmssvc.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.05.16 16:58:21 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.05.10 09:23:08 | 000,958,464 | ---- | M] () -- C:\Programme\BirdieSync\BirdieSync.exe
PRC - [2010.04.15 12:51:02 | 000,261,256 | ---- | M] (NovaStor) -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2010.03.02 10:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.02.03 13:57:56 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.11 14:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2009.11.19 16:19:48 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
PRC - [2009.11.11 15:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Programme\AirPort\APAgent.exe
PRC - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009.09.29 12:29:00 | 000,356,352 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
PRC - [2009.09.29 12:28:26 | 001,011,712 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2009.09.29 12:03:26 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2009.09.29 12:03:02 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2009.06.03 09:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Program Files\Common Files\Teleca Shared\logger.exe
PRC - [2009.05.15 12:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
PRC - [2009.05.15 12:36:48 | 000,206,128 | R--- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassche.exe
PRC - [2009.04.14 12:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2006.11.03 09:56:28 | 000,920,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.06.03 02:51:08 | 000,095,528 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.05.10 09:23:08 | 000,958,464 | ---- | M] () -- C:\Programme\BirdieSync\BirdieSync.exe
MOD - [2010.02.10 18:08:38 | 000,237,361 | R--- | M] () -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll
MOD - [2010.02.10 18:08:38 | 000,237,361 | R--- | M] () -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll
MOD - [2010.02.04 12:15:22 | 000,209,920 | ---- | M] () -- C:\Programme\BirdieSync\BirdieSync.Lib\QtSqlBirdie4.dll
MOD - [2010.02.04 12:15:10 | 007,810,560 | ---- | M] () -- C:\Programme\BirdieSync\BirdieSync.Lib\QtGuiBirdie4.dll
MOD - [2010.02.04 12:02:16 | 000,673,792 | ---- | M] () -- C:\Programme\BirdieSync\BirdieSync.Lib\QtNetworkBirdie4.dll
MOD - [2010.02.04 12:01:02 | 002,097,152 | ---- | M] () -- C:\Programme\BirdieSync\BirdieSync.Lib\QtCoreBirdie4.dll
MOD - [2010.01.20 17:57:38 | 000,030,208 | ---- | M] () -- C:\Programme\BirdieSync\BirdieSync.Lib\QtSolutions_SingleApplication-2.6.dll
MOD - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
MOD - [2009.09.29 12:24:24 | 000,139,264 | R--- | M] () -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll
MOD - [2009.09.12 15:47:34 | 000,544,768 | ---- | M] () -- C:\Programme\BirdieSync\BirdieSync.Lib\sqlite3.dll
MOD - [2007.01.11 17:33:20 | 000,106,496 | R--- | M] () -- C:\Program Files\Common Files\Teleca Shared\boost_log-vc80-mt-1_33.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.08.31 08:29:12 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.22 00:41:25 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.04.14 12:23:18 | 003,133,704 | ---- | M] (Evgeny Lachinov) [Auto | Running] -- C:\Program Files\Wild Media Server\wmssvc.exe -- (WmsService)
SRV - [2010.06.15 19:55:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.05.16 16:58:21 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.04.15 12:51:02 | 000,261,256 | ---- | M] (NovaStor) [Auto | Running] -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe -- (nsService)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009.05.15 12:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.11.03 09:56:28 | 000,920,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.07.30 11:24:30 | 000,132,608 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2plx86)
DRV - [2012.07.30 11:24:30 | 000,132,608 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.08 20:03:17 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 20:03:17 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.05.02 01:35:17 | 000,121,208 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.10 16:39:48 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011.07.20 02:54:06 | 000,047,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV - [2011.07.19 23:12:22 | 000,225,280 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmhsf.sys -- (btmhsf)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.22 18:37:42 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2010.10.22 18:37:42 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750obex.sys -- (k750obex)
DRV - [2010.10.22 18:37:41 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2010.10.22 18:37:41 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2010.06.13 19:56:17 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.10.26 16:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.10.07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.07.14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.07.26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008.07.26 15:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008.07.26 15:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2008.07.26 15:22:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007.09.25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2005.02.11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus)
DRV - [2004.08.13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=109992&babsrc=HP_ss&mntrId=853668800000000000000009dd5084cf
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F9 59 19 18 41 BF CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{033D0AAE-1F9D-4141-AA17-8965E3B86015}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109992&babsrc=SP_ss&mntrId=853668800000000000000009dd5084cf
IE - HKCU\..\SearchScopes\{ABB50930-30DE-43A4-9CF5-2FEA0BF812BA}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\User\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.30 03:54:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.03 20:41:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.05.18 19:21:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.06.03 20:41:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Sunbird\Extensions\\{A69F5EC7-88F0-4902-A15C-E569DFA33C3A}: C:\Program Files\BirdieSync\Sunbird Service [2010.05.29 15:37:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{A69F5EC7-88F0-4902-A15C-E569DFA33C3A}: C:\Program Files\BirdieSync\Thunderbird Service [2010.05.29 15:37:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.30 03:54:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.03 20:41:07 | 000,000,000 | ---D | M]
 
[2011.12.22 21:54:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2010.06.12 23:17:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.06.13 14:13:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\MediaCoder
[2010.06.13 22:23:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\MediaCoder-MCEX
[2010.06.13 14:14:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\MediaCoder-Setup-Wizard
[2011.12.22 21:54:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012.08.30 11:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\fl8p56oj.default\extensions
[2010.06.12 23:10:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\fl8p56oj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.08.30 11:43:51 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\fl8p56oj.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2011.01.28 14:00:10 | 000,000,000 | ---D | M] (FireTorrent) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\fl8p56oj.default\extensions\firetorrent@radicalsoft.com
[2012.03.17 14:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.31 08:29:13 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.06.13 19:28:17 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.06.26 22:45:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.28 19:50:46 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.08.31 08:29:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.26 22:45:29 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.26 22:45:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.26 22:45:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.26 22:45:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {D6E0063B-7B09-45C9-A51D-1FB51840EBE0} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {66BD2442-241B-44CD-8C7A-B51037053CDB} - No CLSID value found.
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BirdieSync] C:\Program Files\BirdieSync\BirdieSync.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Nero AG)
O4 - HKCU..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [Nero MediaHome 4] "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN File not found
O4 - HKCU..\Run: [Wild Media Server (UPnP, DLNA, HTTP)] C:\Program Files\Wild Media Server\wms.exe (Evgeny Lachinov)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk = C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Playlist - res://C:\Program Files\PacketVideo\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314 File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKCU\..Trusted Domains: cleverreach.com ([novastor] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google-analytics.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: novastor.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: novastor.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B23B6D48-271C-43AA-AEDB-F49E63BDCE79}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.31 20:36:50 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.08.31 20:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.08.31 18:52:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012.08.31 18:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.31 18:51:55 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.31 18:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.31 18:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.31 18:50:46 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\User\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.29 18:33:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{726BFC50-6E04-43FC-8EF4-AC04F172C1AB}
[2012.08.27 19:41:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3A67FCD4-39AD-41B2-9170-52DCB6928241}
[2012.08.23 00:28:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BEB32763-825B-41F6-9FDB-60C2C8A64684}
[2012.08.22 10:59:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DDBA9F3C-2037-40B1-82E2-F57AF3097E11}
[2012.08.22 00:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012.08.22 00:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012.08.21 16:47:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{40D3583C-2FA4-486E-9C82-165BC339FE89}
[2012.08.21 14:04:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Alpen 3D Online
[2012.08.20 01:44:32 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.08.20 01:33:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F11543B5-59CB-4DB6-93A8-3B280E8562A6}
[2012.08.18 02:26:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F57C37CB-0CF2-47FF-AB26-111C539AB080}
[2012.08.15 18:15:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3F7DC36E-1BBC-47DB-B748-8710655A8393}
[2012.08.15 18:15:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{974E162D-CAC3-4A5D-9707-36002E4547DD}
[2012.08.11 17:53:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EB041BD3-EF57-43B6-BC09-5255D9C05D91}
[2012.08.11 17:53:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3E574AA1-B3D2-474E-A9D8-D02C13E1E279}
[2012.08.08 22:22:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F23488B4-4A23-481E-88C0-0F0CB7455479}
[2012.08.08 22:22:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7133A287-EE6E-4CF6-B750-1888C140A9B1}
[2012.08.03 22:22:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{16FF14EF-FF29-44FC-8C8C-11E563129080}
[2012.08.03 22:22:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2C99307C-D624-4F0A-9E39-B6C617BB895A}
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.31 20:36:53 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.08.31 20:36:07 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable
[2012.08.31 20:35:06 | 000,000,514 | ---- | M] () -- C:\Users\User\Desktop\Defogger - Verknüpfung.lnk
[2012.08.31 20:34:00 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe
[2012.08.31 20:29:09 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 20:29:09 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 20:21:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.31 20:21:40 | 1508,761,600 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.31 18:51:56 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.31 18:50:46 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\User\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.31 18:45:03 | 001,008,141 | ---- | M] () -- C:\Users\User\Desktop\rkill.com
[2012.08.31 18:37:32 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012.08.31 17:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.31 10:42:28 | 000,004,197 | ---- | M] () -- C:\Users\User\.recently-used.xbel
[2012.08.22 01:07:59 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2012.08.22 00:40:54 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012.08.18 02:16:13 | 000,294,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.08.31 20:36:07 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable
[2012.08.31 20:35:29 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe
[2012.08.31 20:35:06 | 000,000,514 | ---- | C] () -- C:\Users\User\Desktop\Defogger - Verknüpfung.lnk
[2012.08.31 18:51:56 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.31 18:45:03 | 001,008,141 | ---- | C] () -- C:\Users\User\Desktop\rkill.com
[2012.08.31 17:47:36 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2012.08.31 10:42:28 | 000,004,197 | ---- | C] () -- C:\Users\User\.recently-used.xbel
[2012.08.22 00:41:29 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.22 00:40:54 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012.03.07 22:31:05 | 000,000,087 | ---- | C] () -- C:\Users\User\.iccbutton_history
[2011.04.30 09:19:29 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.12.13 21:07:17 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6
[2010.12.12 16:50:23 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.12.12 16:20:02 | 000,000,842 | ---- | C] () -- C:\Windows\wms.ini
[2010.12.12 16:19:56 | 000,000,134 | ---- | C] () -- C:\Windows\wmssetup.ini
[2010.12.11 22:54:20 | 000,003,584 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.12 02:00:23 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.06.13 19:38:22 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.06.13 12:38:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== LOP Check ==========
 
[2012.08.21 14:04:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Alpen 3D Online
[2011.12.31 12:47:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Amazon
[2012.02.28 19:50:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon
[2011.02.26 23:26:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BirdieSync
[2010.06.13 22:43:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Broad Intelligence
[2010.06.13 13:46:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canneverbe Limited
[2010.06.13 17:53:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canon
[2012.03.25 23:07:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft
[2010.11.16 20:07:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Engelmann Media
[2010.06.21 20:46:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Facebook
[2011.04.02 12:11:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Foxit Software
[2012.08.31 10:42:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0
[2010.06.12 22:36:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2010.11.20 13:36:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MyPhoneExplorer
[2011.01.05 20:27:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NASNaviator2
[2010.06.18 16:28:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2011.12.22 21:54:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Songbird2
[2012.08.08 21:08:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spotify
[2010.10.30 16:05:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Teleca
[2010.06.12 23:17:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thunderbird
[2010.06.13 12:46:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Trillian
[2010.06.13 19:57:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TrueCrypt
[2010.12.13 21:53:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TwonkyMedia
[2012.08.22 17:10:37 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 31.08.2012 20:39:05 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\User\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 60,41% Memory free
3,75 Gb Paging File | 2,67 Gb Available in Paging File | 71,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 156,63 Gb Total Space | 65,10 Gb Free Space | 41,57% Space Free | Partition Type: NTFS
Drive D: | 309,11 Gb Total Space | 28,75 Gb Free Space | 9,30% Space Free | Partition Type: NTFS
 
Computer Name: PABLO | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04E97173-A0BC-4893-A0DB-C110BDB51D38}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0A088FA1-F0FE-4D70-AA61-014240EDEB4D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0DBA54ED-FE1C-4867-BCD1-3156E8150E40}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{0FF0908D-4DB0-4D9A-BCE7-CAF015890B7D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{16A66A85-3450-493B-8909-10D22950B748}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1A3A8578-246B-4F27-9EFE-20DC065A475E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{23EC4ACC-2940-417F-9F33-57B4F8C27600}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2FCC5A55-3E4B-4F94-9E06-DA77F87558D4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{39BEE632-19CC-4F4B-93F0-1B493356CDF7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4808CC69-5DC1-4A16-B653-0FD794C643EA}" = lport=1900 | protocol=17 | dir=in | name=medienmanager upnp broadcast | 
"{4AD18B6F-1067-423E-8022-334D555E9C04}" = lport=58927 | protocol=6 | dir=in | app=c:\program files\birdiesync\birdiesync.exe | 
"{4FE7DE1A-6DC5-4262-B643-A396C26A8D63}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{541C7346-08B1-49BB-A6F1-FD28F0876D3C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) | 
"{55920470-DCAD-461A-939F-636553C05079}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5863C073-4C14-4856-8B89-6167B8BD1FDD}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6DE6AD38-A096-45F2-80C7-899E7C4945FB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe | 
"{725BE2D3-7800-4778-9034-FC05B7EFC725}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{751F0AAC-7F2E-446B-9E05-F7B837BBB01C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7C34436A-FBE8-49AF-A36C-6E7350FC35F0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{9F484EED-8D71-41D7-BC11-F5DA51E9E04E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9FD68BDB-BFBA-473E-BBEF-5039029D3089}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A5306BFF-AECE-4244-A8E6-1EC79FC2655A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C264E6A4-0E5C-4711-B29F-FD6683553B59}" = lport=4004 | protocol=6 | dir=in | name=medienmanager tcp port | 
"{D0164924-42B1-47DE-A3BA-B03D7E826B66}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E1B70C69-A1C5-456C-B908-52B3A940E139}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E6972866-550E-4B4B-A7BF-7C71ECFC900C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EE25348B-697B-4557-BB94-5D63350597C7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FA06F76E-E3DA-4BE7-89A5-FA08E530204F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07EE6E46-043F-41AC-A1DD-0361921B7B4A}" = protocol=6 | dir=out | app=system | 
"{08B2D366-AB6A-4694-B1D9-0E09F4512C27}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0FE44533-C1D8-4ECB-AC72-CCD73F713E45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{11F3DE02-29F0-4E03-8600-280C03368687}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) | 
"{123BBCF1-35E3-448E-9C84-C3320ABE98A7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1C32A79E-4039-4EC5-8A1A-297C2D56AF72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1E939EFA-DE42-4D74-BDD7-6236A072F662}" = protocol=17 | dir=in | app=c:\program files\telekom-austria\medienmanager\medienmanager.exe | 
"{1F67EFFF-3D1E-4B6D-BE3F-C62B95EF8A19}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) | 
"{204A7597-3107-4F1C-8841-EA2A0A06B762}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) | 
"{25C50158-D696-4F60-AAD5-89CE22418F30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{27A30CE0-F3E0-4F95-B8EF-9FB193915DBA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{29B6C4D4-B771-45BE-A2A9-B2996BE0D060}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3143D394-31AA-420E-81B1-14A4F62EEE48}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{33A5156F-5261-449D-A49A-0F215EA398D7}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{435A6677-FFB0-4CC0-94CD-874C6F66416F}" = protocol=6 | dir=in | app=c:\program files\wild media server\wmssvc.exe | 
"{4F5773C4-0BF9-4CC9-BDD9-BB1E9634BA88}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{50BA8279-408C-47AB-A4D5-D7B2DA99A29F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{58E099CC-E703-4DFF-98F8-D92DB704708E}" = dir=in | app=c:\program files\airport\apagent.exe | 
"{617C3544-87CD-4E3F-BD86-2D8EC6627930}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{739EFF8E-D4A9-4D58-99C0-A32CAA2EBBA8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{75FB098D-AA7D-4308-B73E-E13614CF509C}" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 
"{768C0B8E-9284-47B5-A7A1-1870CBC2DF61}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7DCEE14A-85B4-4C3B-90B4-7F05EDF60127}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8366AD53-D196-42DB-923B-7AD3FCEC9C6C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8658057C-F31E-40A7-A3AB-0C7579C15567}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8B7E1013-FC08-4D0B-89FC-77A2E7B14B33}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8F2B1193-C67B-4D23-A523-10573DA83E45}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{A0A58A49-1BE4-4853-B749-79DA70C52197}" = protocol=17 | dir=in | app=c:\program files\wild media server\wmssvc.exe | 
"{AAC66BD4-ABCF-4B84-AFAC-3BC13569ADF0}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) | 
"{AF2C48CF-AE84-42E4-800A-99A9B7652A51}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B8021C6F-91FC-4F0C-BAAE-49E3803523D2}" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 
"{C13C5AAC-B39C-44A0-8087-2826EDA66E6C}" = protocol=6 | dir=in | app=c:\program files\telekom-austria\medienmanager\medienmanager.exe | 
"{C6019447-6887-4829-9DC9-BA1456E263FC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{CCB9C2F2-C1C4-4663-B417-B07C7EB72F88}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D0186CE2-AB20-4F89-9ECF-7F457D853BCE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D3C86B5E-BE8D-4134-837C-26E44B8B5C56}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D428B849-D3E9-41C8-860D-A34374ED52A9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E47106F0-B0A0-46D6-BA11-F64E2CBCC9EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E5479991-440E-4256-B248-5D9E89407593}" = protocol=58 | dir=in | app=system | 
"{E78647F8-A558-4DA6-A737-236CDFDD559E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{EF180C8B-C4EA-4E41-9CF7-37C0A4A4D202}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F31D5BBD-6D02-487B-AB0D-A21F0D0868A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F3B6C378-9D54-4A61-9280-C5F6972909C2}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{FDA6B45B-5D38-45E8-99EB-61A998510BC9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{01B122F7-FA93-4FB7-B770-0D7F768E1788}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | 
"TCP Query User{4E27FA99-29DA-4B81-A556-87C12FBBCE4D}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 
"TCP Query User{5A96CF40-0017-4DD9-B141-1BDA5564A163}C:\program files\twonkymedia\mediamanager\twonkymediamanager.exe" = protocol=6 | dir=in | app=c:\program files\twonkymedia\mediamanager\twonkymediamanager.exe | 
"TCP Query User{6A32E334-9D30-4866-9D19-DEBB9B890F02}C:\program files\wild media server\wms.exe" = protocol=6 | dir=in | app=c:\program files\wild media server\wms.exe | 
"TCP Query User{6D2D5BB7-38FE-4F2B-BFEA-46CC7A8B1D5B}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{7AEDABDC-96CC-4B7C-8A85-A17B3EC72DAB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{7F8D8539-2290-47FE-A238-449474628ED3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{96600BB4-338F-4B0A-A7EC-0E7097C48AD5}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{BB6446DC-F8BF-4D13-8C14-2D4392C8D64F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{CE36C443-E082-4010-8E26-392545F198ED}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{D862314A-7E33-4211-923A-49FBA224094D}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{E90DE87D-05CE-412C-A009-51B79B0660BE}C:\program files\airport\aputil.exe" = protocol=6 | dir=in | app=c:\program files\airport\aputil.exe | 
"TCP Query User{EDCCA20D-3076-485C-8547-6FCF5FD89103}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | 
"TCP Query User{EFF4E918-191B-4B03-88BE-D5B8AE41405B}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{F97E0D76-106C-46A9-8FA0-F6E6FE3D18C2}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{21F73122-5E64-4B84-8FF6-D0E68D3E2ED9}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{294C7104-D66C-467B-9606-0C816BFE6A3D}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{2ACD5E1E-601B-4836-B54F-F93DEEFD6ED5}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{5C8B3D5C-D938-49FC-97A9-3419E8B36A7D}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{7E39F8A6-2197-49B4-B715-26431147C0B0}C:\program files\airport\aputil.exe" = protocol=17 | dir=in | app=c:\program files\airport\aputil.exe | 
"UDP Query User{8D02706B-96F3-45F8-9AEF-4CC39AF4F98D}C:\program files\wild media server\wms.exe" = protocol=17 | dir=in | app=c:\program files\wild media server\wms.exe | 
"UDP Query User{933CFB2B-00F6-4963-A667-4A4FE06AE524}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | 
"UDP Query User{970F7085-441E-4A61-AAD7-32F40BBF0C5E}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 
"UDP Query User{9AFC37C1-F4A5-4574-998A-F1B29778BBB5}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{B67F9D20-4D04-47EC-A3ED-F532A62A7442}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{C2186A56-A50E-4E5F-895C-72C9CF2706DD}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | 
"UDP Query User{C466B5AD-4011-445C-B041-37C31DAC98DE}C:\program files\twonkymedia\mediamanager\twonkymediamanager.exe" = protocol=17 | dir=in | app=c:\program files\twonkymedia\mediamanager\twonkymediamanager.exe | 
"UDP Query User{E8FDE45D-15F5-4CF4-8ECA-BC02C6B80CC6}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{E9733189-7062-479C-94C2-88308DE1A3A6}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{F17CE722-BD29-4CAE-B598-0F255C2D0B9F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F547B3D-8347-4262-AB2C-2F49BB716DA8}" = NovaBACKUP
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40184457-4514-4B18-84A8-6BB8A3AB6A81}" = AirPort
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98B8052E-1E55-41D4-9A03-E2F718825D38}" = HTC Sync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D210D79-AEC5-453B-960C-4DD2C73931E1}" = Bonjour-Druckdienste
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 4.65
"8781-9705-0578-2960" = MedienManager 1.2.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"BirdieSync" = BirdieSync 2.2.0.1
"CloneDVD2" = CloneDVD2
"DivX Setup.divx.com" = DivX-Setup
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Foxit Reader" = Foxit Reader
"Free Video Dub_is1" = Free Video Dub version 2.0.3.1206
"GPS Photo Tagger" = GPS Photo Tagger V1.2.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MediaCoder" = MediaCoder 0.7.3.4677
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 15.0 (x86 de)" = Mozilla Thunderbird 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"NovaBACKUP" = NovaBACKUP
"Songbird-release-2160" = Songbird 1.10.1 (Build 2160)
"Trillian" = Trillian
"TrueCrypt" = TrueCrypt
"UN060501" = BUFFALO NAS Navigator2
"UN070209" = Uninstall of File Security Tool
"VLC media player" = VLC media player 1.0.5
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WMS" = Wild Media Server (UPnP, DLNA, HTTP)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.05.2012 13:41:15 | Computer Name = Pablo | Source = wmssvc.exe | ID = 0
Description = 
 
Error - 09.05.2012 13:41:15 | Computer Name = Pablo | Source = wmssvc.exe | ID = 0
Description = 
 
Error - 09.05.2012 13:43:12 | Computer Name = Pablo | Source = wmssvc.exe | ID = 0
Description = 
 
Error - 09.05.2012 13:43:24 | Computer Name = Pablo | Source = wmssvc.exe | ID = 0
Description = 
 
Error - 10.05.2012 11:32:34 | Computer Name = Pablo | Source = wmssvc.exe | ID = 0
Description = 
 
Error - 10.05.2012 11:33:53 | Computer Name = Pablo | Source = wmssvc.exe | ID = 0
Description = 
 
Error - 10.05.2012 13:17:58 | Computer Name = Pablo | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\NovaStor\NovaStor
 NovaBACKUP\x64\ExchangeDelegate.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10.05.2012 13:35:01 | Computer Name = Pablo | Source = wmssvc.exe | ID = 0
Description = 
 
Error - 10.05.2012 16:53:51 | Computer Name = Pablo | Source = wmssvc.exe | ID = 0
Description = 
 
Error - 10.05.2012 16:53:51 | Computer Name = Pablo | Source = wmssvc.exe | ID = 0
Description = 
 
[ System Events ]
Error - 31.08.2012 14:07:01 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.08.2012 14:09:09 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.08.2012 14:09:09 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.08.2012 14:09:09 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.08.2012 14:14:09 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.08.2012 14:14:09 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.08.2012 14:14:09 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.08.2012 14:16:15 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.08.2012 14:16:15 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.08.2012 14:16:15 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >

und mit Gmer:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-01 00:08:28
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-00YGA0 rev.12.01C02
Running: pc70uyhh.exe; Driver: C:\Users\User\AppData\Local\Temp\ugldapod.sys


---- System - GMER 1.0.15 ----

SSDT            8E3B0906                                                                                         ZwCreateSection
SSDT            8E3B0910                                                                                         ZwRequestWaitReplyPort
SSDT            8E3B090B                                                                                         ZwSetContextThread
SSDT            8E3B0915                                                                                         ZwSetSecurityObject
SSDT            8E3B091A                                                                                         ZwSystemDebugControl
SSDT            8E3B08A7                                                                                         ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         82C543C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           82C8DD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                              82C94EAC 4 Bytes  [06, 09, 3B, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                              82C95208 4 Bytes  JMP BDD2628F 
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                              82C9524C 4 Bytes  [0B, 09, 3B, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                              82C952C8 4 Bytes  [15, 09, 3B, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                              82C9531C 4 Bytes  [1A, 09, 3B, 8E]
.text           ...                                                                                              
?               System32\drivers\vqcgjrx.sys                                                                     Das System kann den angegebenen Pfad nicht finden. !
.text           C:\Windows\system32\drivers\atikmdag.sys                                                         section is writeable [0x8EC18000, 0x227A14, 0xE8000020]
PAGE            spsys.sys!?SPRevision@@3PADA + 4F90                                                              A84BA000 68 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 4FD5                                                              A84BA045 203 Bytes  [8B, C6, F0, 0F, BA, 28, 00, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50A1                                                              A84BA111 17 Bytes  [87, 01, 6A, 00, 6A, 20, A3, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50B3                                                              A84BA123 629 Bytes  [55, 4B, A8, FE, 05, 34, 55, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 5329                                                              A84BA399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE            ...                                                                                              

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004a                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd5084cf                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd5084cf@0060d1000b58         0x6D 0x90 0x99 0x19 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd5084cf@123456789cdf         0xC9 0x54 0xC4 0x86 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd5084cf (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd5084cf@0060d1000b58             0x6D 0x90 0x99 0x19 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd5084cf@123456789cdf             0xC9 0x54 0xC4 0x86 ...

---- EOF - GMER 1.0.15 ----

Ich hoffe ihr könnt mir helfen und im Voraus vielen Dank!

LG Rudi

t'john · 01.09.2012, 03:02

Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Code:

ATTFilter

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=109992&babsrc=HP_ss&mntrId=853668800000000000000009dd5084cf 
IE - HKCU\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - No CLSID value found 
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} 
IE - HKCU\..\SearchScopes\{033D0AAE-1F9D-4141-AA17-8965E3B86015}: "URL" = http://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109992&babsrc=SP_ss&mntrId=853668800000000000000009dd5084cf 
IE - HKCU\..\SearchScopes\{ABB50930-30DE-43A4-9CF5-2FEA0BF812BA}: "URL" = http://www.google.de/search?q={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - user.js - File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) 
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) 
O2 - BHO: (no name) - {D6E0063B-7B09-45C9-A51D-1FB51840EBE0} - No CLSID value found. 
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) 
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {66BD2442-241B-44CD-8C7A-B51037053CDB} - No CLSID value found. 
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () 
O4 - HKCU..\Run: [Nero MediaHome 4] "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O8 - Extra context menu item: Add to Playlist - res://C:\Program Files\PacketVideo\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314 File not found 
O15 - HKCU\..Trusted Domains: cleverreach.com ([novastor] http in Trusted sites) 
O15 - HKCU\..Trusted Domains: google-analytics.com ([]http in Trusted sites) 
O15 - HKCU\..Trusted Domains: novastor.com ([]http in Trusted sites) 
O15 - HKCU\..Trusted Domains: novastor.com ([]https in Trusted sites) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) 
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2) 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
[
[2012.08.31 18:37:32 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad 
 
[2012.02.28 19:50:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon 

[2010.06.13 12:38:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat 
:Files
C:\Users\User\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\User\AppData\Local\Temp\*.exe
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp
%SystemRoot%\SysWOW64\*.tmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

2. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

4. Schritt

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

conlinz · 01.09.2012, 12:19

Hallo!

Danke für die prompte Anwort!

Es haben alle Schritte wie angegeben funktioniert, jedoch hat sich während des Laufes von Anti-Malware der Avira Antivir gemeldet, den ich zu diesem Zeitpunkt nicht deaktiviert hatte. Da ich nicht sicher war ob es zu Wechselwirkungen kommt habe ich den Fund in Antivir vorerst ohne Maßnahme ignoriert. Ich stelle das Antivir-Log am Ende auch hier rein.

Log Schritt 1 - OTL:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{66bd2442-241b-44cd-8c7a-b51037053cdb} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66bd2442-241b-44cd-8c7a-b51037053cdb}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{033D0AAE-1F9D-4141-AA17-8965E3B86015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{033D0AAE-1F9D-4141-AA17-8965E3B86015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABB50930-30DE-43A4-9CF5-2FEA0BF812BA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABB50930-30DE-43A4-9CF5-2FEA0BF812BA}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D6E0063B-7B09-45C9-A51D-1FB51840EBE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6E0063B-7B09-45C9-A51D-1FB51840EBE0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{66BD2442-241B-44CD-8C7A-B51037053CDB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66BD2442-241B-44CD-8C7A-B51037053CDB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Programme\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Nero MediaHome 4 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Playlist\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cleverreach.com\novastor\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google-analytics.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\novastor.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\novastor.com\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File  not found.
C:\ProgramData\nud0repor.pad moved successfully.
C:\Users\User\AppData\Roaming\Babylon folder moved successfully.
C:\ProgramData\ezsidmv.dat moved successfully.
========== FILES ==========
C:\Users\User\AppData\Local\{03A1A3A6-BFBC-4278-88A4-10238F18F249} folder moved successfully.
C:\Users\User\AppData\Local\{047A3359-3C54-47EF-BE77-539633EFAF61} folder moved successfully.
C:\Users\User\AppData\Local\{0EC291A3-9C8E-45B9-8CC1-4EF9485BF84D} folder moved successfully.
C:\Users\User\AppData\Local\{158119E0-911C-4590-8CF6-F680DACDD509} folder moved successfully.
C:\Users\User\AppData\Local\{161E84AA-DC18-417D-9616-40297EE063AD} folder moved successfully.
C:\Users\User\AppData\Local\{16FF14EF-FF29-44FC-8C8C-11E563129080} folder moved successfully.
C:\Users\User\AppData\Local\{1ADF2047-CB41-4C73-817F-FA3D0DE7B746} folder moved successfully.
C:\Users\User\AppData\Local\{1C4F9CBD-2DB2-41A0-AC70-30F721E66124} folder moved successfully.
C:\Users\User\AppData\Local\{1E0A1C64-5DA2-4FB8-9356-667DF24F3643} folder moved successfully.
C:\Users\User\AppData\Local\{2817AD14-0D44-48D6-A4D4-7BF173BE0C07} folder moved successfully.
C:\Users\User\AppData\Local\{28C216D9-3554-48B6-BC86-76EEE590BC8A} folder moved successfully.
C:\Users\User\AppData\Local\{2AAE8BE5-9D2C-4E46-8CB7-E0EA7C9DA371} folder moved successfully.
C:\Users\User\AppData\Local\{2C99307C-D624-4F0A-9E39-B6C617BB895A} folder moved successfully.
C:\Users\User\AppData\Local\{2F7CF4F6-6C0C-4B6D-8CCE-133D8A0CFCCA} folder moved successfully.
C:\Users\User\AppData\Local\{32DD59E4-96DD-41BE-8D57-027FC349B05A} folder moved successfully.
C:\Users\User\AppData\Local\{34959A2A-D51A-47FC-B2AD-1C42AA13BD49} folder moved successfully.
C:\Users\User\AppData\Local\{37967D58-410C-41D5-8478-0CF33F9B7F88} folder moved successfully.
C:\Users\User\AppData\Local\{38992440-801B-40C6-B03A-B498985222DD} folder moved successfully.
C:\Users\User\AppData\Local\{3A67FCD4-39AD-41B2-9170-52DCB6928241} folder moved successfully.
C:\Users\User\AppData\Local\{3D18B127-7422-4D1C-AE93-57BC31FD1837} folder moved successfully.
C:\Users\User\AppData\Local\{3E574AA1-B3D2-474E-A9D8-D02C13E1E279} folder moved successfully.
C:\Users\User\AppData\Local\{3F7DC36E-1BBC-47DB-B748-8710655A8393} folder moved successfully.
C:\Users\User\AppData\Local\{3FD31282-5EA5-4F41-BC77-735CCD0EE9C1} folder moved successfully.
C:\Users\User\AppData\Local\{40D3583C-2FA4-486E-9C82-165BC339FE89} folder moved successfully.
C:\Users\User\AppData\Local\{457F0633-79BF-42CC-BFC3-C3F7E0B729A5} folder moved successfully.
C:\Users\User\AppData\Local\{47F233D7-7BE8-4C1C-9AD1-C7BA6DC1AAEB} folder moved successfully.
C:\Users\User\AppData\Local\{4C137FB4-5976-4382-BC8A-B9DAEFFDBC36} folder moved successfully.
C:\Users\User\AppData\Local\{4D2DCEE4-BD96-47B4-B02F-F1DBFC1D8CFF} folder moved successfully.
C:\Users\User\AppData\Local\{4DED4B7C-33B7-4D40-975A-3FABDBE80324} folder moved successfully.
C:\Users\User\AppData\Local\{4E64DF06-AAA0-4484-B430-E75906EC2588} folder moved successfully.
C:\Users\User\AppData\Local\{50D08B4C-C9D6-41A7-B016-A5552E4F6C72} folder moved successfully.
C:\Users\User\AppData\Local\{5409E024-1720-4895-B2CA-FC6411C2C953} folder moved successfully.
C:\Users\User\AppData\Local\{5A07D394-70CD-40D6-A243-853360675705} folder moved successfully.
C:\Users\User\AppData\Local\{5AC25F8D-7826-401D-910C-898017ED43A5} folder moved successfully.
C:\Users\User\AppData\Local\{5ADBA7B3-4130-4498-9D40-D4B207230093} folder moved successfully.
C:\Users\User\AppData\Local\{5ECDBB73-AB49-43F5-A848-AF5E683B9E37} folder moved successfully.
C:\Users\User\AppData\Local\{5F1833A6-088B-4C5F-BF55-4A0C57AE219A} folder moved successfully.
C:\Users\User\AppData\Local\{62B8EA79-E91F-4571-869D-FA447A275D49} folder moved successfully.
C:\Users\User\AppData\Local\{64513F46-1DCE-4638-9C22-3BF1EC0856A0} folder moved successfully.
C:\Users\User\AppData\Local\{66F8DC86-94D9-41BE-BE1C-78342903D66B} folder moved successfully.
C:\Users\User\AppData\Local\{7133A287-EE6E-4CF6-B750-1888C140A9B1} folder moved successfully.
C:\Users\User\AppData\Local\{7231DA06-0BD5-4F01-8818-500E0A241A51} folder moved successfully.
C:\Users\User\AppData\Local\{726BFC50-6E04-43FC-8EF4-AC04F172C1AB} folder moved successfully.
C:\Users\User\AppData\Local\{73DC0DE8-6A7A-4A24-8DFF-58481A00CF2D} folder moved successfully.
C:\Users\User\AppData\Local\{78959057-945B-47A7-8A92-6719CB94F5ED} folder moved successfully.
C:\Users\User\AppData\Local\{7BC6BDA1-6848-4D39-B98A-67C1B26956D3} folder moved successfully.
C:\Users\User\AppData\Local\{7D4F23EF-7AD7-4778-89F6-530C50D720FE} folder moved successfully.
C:\Users\User\AppData\Local\{7F487D80-0406-4760-8AB7-599367CE7FA4} folder moved successfully.
C:\Users\User\AppData\Local\{80F80812-BD51-4E1D-B49A-3C96BF393821} folder moved successfully.
C:\Users\User\AppData\Local\{812CECEC-718C-4E1D-AB0E-61606F77907D} folder moved successfully.
C:\Users\User\AppData\Local\{8159BE8A-812B-4452-A86D-7E174570CF0C} folder moved successfully.
C:\Users\User\AppData\Local\{863CBD9D-25D9-4C75-9C5C-68A92B34FE69} folder moved successfully.
C:\Users\User\AppData\Local\{8646E395-4FEF-41D5-9CAB-46B819099AAA} folder moved successfully.
C:\Users\User\AppData\Local\{86ECB046-55E3-4D4B-8145-CD33EFCC1A47} folder moved successfully.
C:\Users\User\AppData\Local\{8C986ED3-12F0-403E-8602-E2520BDA2255} folder moved successfully.
C:\Users\User\AppData\Local\{8D2FAAD4-16DC-467F-B9BC-F744247D9720} folder moved successfully.
C:\Users\User\AppData\Local\{8E20A69A-62B0-4693-8D2E-2D656963D726} folder moved successfully.
C:\Users\User\AppData\Local\{9096CEA5-8D0E-4D2A-915F-FB0953A94703} folder moved successfully.
C:\Users\User\AppData\Local\{94E42EF5-56BE-4250-BDA2-16B10A1ABD85} folder moved successfully.
C:\Users\User\AppData\Local\{974E162D-CAC3-4A5D-9707-36002E4547DD} folder moved successfully.
C:\Users\User\AppData\Local\{9C3623B5-4182-4BA9-88EC-994D83C7BCCB} folder moved successfully.
C:\Users\User\AppData\Local\{A028E238-24C9-4893-8EF5-90EF3E55EF0B} folder moved successfully.
C:\Users\User\AppData\Local\{A1E30A37-A076-43AD-B69F-6C48A917EE33} folder moved successfully.
C:\Users\User\AppData\Local\{A3F7D24E-8AC9-4A8C-A407-6B296FB9EC7C} folder moved successfully.
C:\Users\User\AppData\Local\{A6830CEA-ED97-410D-86BF-75C5CF29D7FA} folder moved successfully.
C:\Users\User\AppData\Local\{A6F824CC-0A04-48E1-9047-DECFE1D6EAF4} folder moved successfully.
C:\Users\User\AppData\Local\{AB0D7A7E-B44B-491C-9BD6-39C98DE4BA0A} folder moved successfully.
C:\Users\User\AppData\Local\{ABF90AE6-E9EE-4B11-A2DF-53B371E3F28B} folder moved successfully.
C:\Users\User\AppData\Local\{B8933506-1102-4112-9190-3192B5C3AFA2} folder moved successfully.
C:\Users\User\AppData\Local\{BCF38C56-6F33-4971-AA6B-F6156F0610FF} folder moved successfully.
C:\Users\User\AppData\Local\{BEB32763-825B-41F6-9FDB-60C2C8A64684} folder moved successfully.
C:\Users\User\AppData\Local\{C0DEABE1-D6D3-4E30-B32B-E9EB16EB1FCB} folder moved successfully.
C:\Users\User\AppData\Local\{C175A256-E81B-4329-9B3C-7941800E0BCB} folder moved successfully.
C:\Users\User\AppData\Local\{C711F844-840E-4479-9531-F4927CE858D9} folder moved successfully.
C:\Users\User\AppData\Local\{C7AB1F33-7272-48B0-B918-564D59F2D12D} folder moved successfully.
C:\Users\User\AppData\Local\{CC4FECA8-2D64-42E1-AABA-65A4EB695F2D} folder moved successfully.
C:\Users\User\AppData\Local\{CF84CCD7-7A0C-43E7-BEF6-AC157D31F5C6} folder moved successfully.
C:\Users\User\AppData\Local\{D1D5025F-29D8-4C1A-9B2B-F63AC5C96D46} folder moved successfully.
C:\Users\User\AppData\Local\{D2F9DA19-F496-4325-8F3B-E1C6155D3EFA} folder moved successfully.
C:\Users\User\AppData\Local\{D4099B7E-5359-43C5-9347-44C19F6370FB} folder moved successfully.
C:\Users\User\AppData\Local\{D4871B89-5951-4431-8B17-79801E6E061A} folder moved successfully.
C:\Users\User\AppData\Local\{D9983AAC-B859-4359-84AB-C44231CDD986} folder moved successfully.
C:\Users\User\AppData\Local\{DDBA9F3C-2037-40B1-82E2-F57AF3097E11} folder moved successfully.
C:\Users\User\AppData\Local\{E1EBB7C5-85DA-428F-899F-B432990592A0} folder moved successfully.
C:\Users\User\AppData\Local\{EA551F62-C527-4593-9897-A781E920E592} folder moved successfully.
C:\Users\User\AppData\Local\{EABCDA3B-C3A0-4817-BB67-66556BE54D75} folder moved successfully.
C:\Users\User\AppData\Local\{EB041BD3-EF57-43B6-BC09-5255D9C05D91} folder moved successfully.
C:\Users\User\AppData\Local\{EBFBD3E0-11D1-4019-BFF5-58B60033E275} folder moved successfully.
C:\Users\User\AppData\Local\{ED3E9490-A800-46FA-A75E-45E1F47F0778} folder moved successfully.
C:\Users\User\AppData\Local\{F11543B5-59CB-4DB6-93A8-3B280E8562A6} folder moved successfully.
C:\Users\User\AppData\Local\{F1D7F7BB-2DC2-47A7-A7FE-40CE901B6D89} folder moved successfully.
C:\Users\User\AppData\Local\{F23488B4-4A23-481E-88C0-0F0CB7455479} folder moved successfully.
C:\Users\User\AppData\Local\{F57C37CB-0CF2-47FF-AB26-111C539AB080} folder moved successfully.
C:\Users\User\AppData\Local\{F6ED3CE4-DFA9-4B28-8A3D-DEAEA52347E6} folder moved successfully.
C:\Users\User\AppData\Local\{F7EC8784-CC01-4983-A8BF-A73E22B796F4} folder moved successfully.
C:\Users\User\AppData\Local\{FE9DE3F8-9CF3-4CA5-A835-F3D7F1DCF81B} folder moved successfully.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
C:\Users\User\AppData\Local\Temp\adobe_installer.exe moved successfully.
C:\Users\User\AppData\Local\Temp\bpuninstall.exe moved successfully.
C:\Users\User\AppData\Local\Temp\DivXSetup.exe moved successfully.
C:\Users\User\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe moved successfully.
C:\Users\User\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe moved successfully.
C:\Users\User\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe moved successfully.
C:\Users\User\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe moved successfully.
C:\Users\User\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe moved successfully.
C:\Users\User\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe moved successfully.
C:\Users\User\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe moved successfully.
C:\Users\User\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe moved successfully.
C:\Users\User\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe moved successfully.
C:\Users\User\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe moved successfully.
C:\Users\User\AppData\Local\Temp\mnyAE98.exe moved successfully.
C:\Users\User\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe moved successfully.
C:\Users\User\AppData\Local\Temp\SkypeSetup.exe moved successfully.
C:\Users\User\AppData\Local\Temp\TVersitybar.exe moved successfully.
C:\Users\User\AppData\Local\Temp\wlsetup-cvr.exe moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
File/Folder C:\Windows\System32\*.tmp not found.
File/Folder C:\Windows\SysWOW64\*.tmp not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\User\Desktop\cmd.bat deleted successfully.
C:\Users\User\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: User
->Temp folder emptied: 870080268 bytes
->Temporary Internet Files folder emptied: 452239410 bytes
->FireFox cache emptied: 971438912 bytes
->Flash cache emptied: 119015 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70611137 bytes
RecycleBin emptied: 14281697722 bytes
 
Total Files Cleaned = 15.875,00 mb
 
 
OTL by OldTimer - Version 3.2.59.1 log created on 09012012_102959

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\~WKCPI4~.~-~\workfile.lck not found!
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Log Schritt 2 - Malwarebytes Anti-Malware :

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.01.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: PABLO [Administrator]

Schutz: Aktiviert

01.09.2012 10:54:08
mbam-log-2012-09-01 (10-54-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 504808
Laufzeit: 1 Stunde(n), 57 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Log Schritt 3 - AdwCleaner Suchlauf:

Code:

ATTFilter

# AdwCleaner v2.000 - Datei am 09/01/2012 um 12:55:44 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : User - PABLO
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\User\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\user.js
Ordner Gefunden : C:\Program Files\BabylonToolbar
Ordner Gefunden : C:\ProgramData\Babylon

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gefunden : HKCU\Software\BabylonToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\Software\BabylonToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\b
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\S
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2548838
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

*************************

AdwCleaner[R1].txt - [5548 octets] - [01/09/2012 12:55:44]

########## EOF - C:\AdwCleaner[R1].txt - [5608 octets] ##########

Log Schritt 4 - AdwCleaner Delete:

Code:

ATTFilter

# AdwCleaner v2.000 - Datei am 09/01/2012 um 12:58:30 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : User - PABLO
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\User\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\Program Files\BabylonToolbar
Ordner Gelöscht : C:\ProgramData\Babylon

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2548838
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (de)

*************************

AdwCleaner[R1].txt - [5677 octets] - [01/09/2012 12:55:44]
AdwCleaner[S1].txt - [6053 octets] - [01/09/2012 12:58:30]

########## EOF - C:\AdwCleaner[S1].txt - [6113 octets] ##########

Log Fund mit Avira Antivir:

Code:

ATTFilter

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 01. September 2012  11:53

Es wird nach 4201758 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : PABLO

Versionsinformationen:
BUILD.DAT      : 12.0.0.1167    40870 Bytes  18.07.2012 19:07:00
AVSCAN.EXE     : 12.3.0.33     468472 Bytes  08.08.2012 19:02:37
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  08.05.2012 18:03:17
LUKE.DLL       : 12.3.0.15      68304 Bytes  08.05.2012 18:03:17
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 18:03:17
AVREG.DLL      : 12.3.0.17     232200 Bytes  12.05.2012 07:07:21
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 10:49:21
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 07:56:15
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 07:56:21
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 18:20:54
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 18:46:03
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 08:05:19
VBASE006.VDF   : 7.11.34.117     2048 Bytes  29.06.2012 08:05:19
VBASE007.VDF   : 7.11.34.118     2048 Bytes  29.06.2012 08:05:19
VBASE008.VDF   : 7.11.34.119     2048 Bytes  29.06.2012 08:05:19
VBASE009.VDF   : 7.11.34.120     2048 Bytes  29.06.2012 08:05:19
VBASE010.VDF   : 7.11.34.121     2048 Bytes  29.06.2012 08:05:19
VBASE011.VDF   : 7.11.34.122     2048 Bytes  29.06.2012 08:05:19
VBASE012.VDF   : 7.11.34.123     2048 Bytes  29.06.2012 08:05:19
VBASE013.VDF   : 7.11.34.124     2048 Bytes  29.06.2012 08:05:19
VBASE014.VDF   : 7.11.38.18   2554880 Bytes  30.07.2012 16:58:14
VBASE015.VDF   : 7.11.38.70    556032 Bytes  31.07.2012 16:58:14
VBASE016.VDF   : 7.11.38.143   171008 Bytes  02.08.2012 19:23:28
VBASE017.VDF   : 7.11.38.221   178176 Bytes  06.08.2012 15:58:21
VBASE018.VDF   : 7.11.39.37    168448 Bytes  08.08.2012 19:02:36
VBASE019.VDF   : 7.11.39.89    131072 Bytes  09.08.2012 19:02:32
VBASE020.VDF   : 7.11.39.145   142336 Bytes  11.08.2012 15:53:26
VBASE021.VDF   : 7.11.39.207   165888 Bytes  14.08.2012 11:52:46
VBASE022.VDF   : 7.11.40.9     156160 Bytes  16.08.2012 00:21:29
VBASE023.VDF   : 7.11.40.49    133120 Bytes  17.08.2012 00:21:29
VBASE024.VDF   : 7.11.40.95    156160 Bytes  20.08.2012 17:10:24
VBASE025.VDF   : 7.11.40.155   181760 Bytes  22.08.2012 17:10:30
VBASE026.VDF   : 7.11.40.205   203264 Bytes  23.08.2012 18:45:13
VBASE027.VDF   : 7.11.41.29    188416 Bytes  27.08.2012 14:59:21
VBASE028.VDF   : 7.11.41.87    250368 Bytes  30.08.2012 14:59:09
VBASE029.VDF   : 7.11.41.88      2048 Bytes  30.08.2012 14:59:09
VBASE030.VDF   : 7.11.41.89      2048 Bytes  30.08.2012 14:59:09
VBASE031.VDF   : 7.11.41.114   154624 Bytes  31.08.2012 14:59:09
Engineversion  : 8.2.10.150
AEVDF.DLL      : 8.1.2.10      102772 Bytes  10.07.2012 17:01:05
AESCRIPT.DLL   : 8.1.4.46      455034 Bytes  24.08.2012 18:45:19
AESCN.DLL      : 8.1.8.2       131444 Bytes  11.03.2012 18:21:00
AESBX.DLL      : 8.2.5.12      606578 Bytes  16.06.2012 08:07:06
AERDL.DLL      : 8.1.9.15      639348 Bytes  31.01.2012 07:55:37
AEPACK.DLL     : 8.3.0.32      811382 Bytes  24.08.2012 18:45:19
AEOFFICE.DLL   : 8.1.2.42      201083 Bytes  19.07.2012 17:35:47
AEHEUR.DLL     : 8.1.4.94     5230967 Bytes  30.08.2012 15:00:05
AEHELP.DLL     : 8.1.23.2      258422 Bytes  29.06.2012 01:20:46
AEGEN.DLL      : 8.1.5.36      434549 Bytes  24.08.2012 18:45:14
AEEXP.DLL      : 8.1.0.84       90485 Bytes  30.08.2012 15:00:29
AEEMU.DLL      : 8.1.3.2       393587 Bytes  10.07.2012 17:01:05
AECORE.DLL     : 8.1.27.4      201078 Bytes  07.08.2012 19:02:28
AEBB.DLL       : 8.1.1.0        53618 Bytes  31.01.2012 07:55:33
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 18:03:16
AVPREF.DLL     : 12.3.0.15      51920 Bytes  08.05.2012 18:03:17
AVREP.DLL      : 12.3.0.15     179208 Bytes  08.05.2012 18:03:17
AVARKT.DLL     : 12.3.0.15     211408 Bytes  08.05.2012 18:03:17
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  08.05.2012 18:03:17
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  08.05.2012 18:03:17
AVSMTP.DLL     : 12.3.0.32      63480 Bytes  08.08.2012 19:02:37
NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 18:03:17
RCIMAGE.DLL    : 12.3.0.31    4444408 Bytes  08.08.2012 19:02:35
RCTEXT.DLL     : 12.3.0.31     100088 Bytes  08.08.2012 19:02:35

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_5041cad0\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Samstag, 01. September 2012  11:53

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mobsync.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FsynSrvStarter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HTCVBTServer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DbgOut.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'epmworker.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ClientInitiatedStarter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CapabilityManager.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'logger.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Generic.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nassche.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NasNavi.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nsCtrl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wms.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AnyDVDtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ipoint.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'itype.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'COCIManager.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'APAgent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Application Launcher.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BirdieSync.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmdc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LWS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'notepad.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'YahooAUService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmssvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nsService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMSAccessU.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nassvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LVPrcSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Programme\IDrive\IDriveEReg2ini.exe'
C:\Programme\IDrive\IDriveEReg2ini.exe
  [FUND]      Ist das Trojanische Pferd TR/Dropper.Gen

Beginne mit der Desinfektion:
C:\Programme\IDrive\IDriveEReg2ini.exe
  [FUND]      Ist das Trojanische Pferd TR/Dropper.Gen
  [WARNUNG]   Die Datei wurde ignoriert.


Ende des Suchlaufs: Samstag, 01. September 2012  11:54
Benötigte Zeit: 00:05 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
     81 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
     80 Dateien ohne Befall
      0 Archive wurden durchsucht
      1 Warnungen
      0 Hinweise


Die Suchergebnisse werden an den Guard übermittelt.

t'john · 01.09.2012, 16:48

Sehr gut!

Wie laeuft der Rechner?

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

conlinz · 02.09.2012, 14:42

Hi,

danke! Rechner läuft soweit derzeit wieder normal.

Log:

Code:

ATTFilter

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 02.09.2012 10:53:07

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	02.09.2012 10:55:56

Key: hkey_local_machine\software\wms 	gefunden: Trace.Registry.whazit!E1
C:\_OTL\MovedFiles\09012012_102959\C_Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\34888a6c-3b16340a -> json\Option.class 	gefunden: Exploit.Java.Blacole!E2
C:\_OTL\MovedFiles\09012012_102959\C_Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\34888a6c-3b16340a -> json\XML.class 	gefunden: Exploit.Java.Blacole!E2
C:\_OTL\MovedFiles\09012012_102959\C_Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\34888a6c-3b16340a -> json\ThreadParser.class 	gefunden: Exploit.Java.Blacole!E2
C:\_OTL\MovedFiles\09012012_102959\C_Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\34888a6c-3b16340a -> json\SmartyPointer.class 	gefunden: Exploit.Java.Blacole!E2
C:\_OTL\MovedFiles\09012012_102959\C_Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\34888a6c-3b16340a -> json\Parser.class 	gefunden: Exploit.Java.CVE-2010-0840!E2
C:\_OTL\MovedFiles\09012012_102959\C_Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\79c84c83-495fc84f 	gefunden: Trojan.Ransom.Win32.Foreign.AMN!E1
C:\_OTL\MovedFiles\09012012_102959\C_Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\583588cc-39875507 -> ndshesa\ndshesf.class 	gefunden: JAVA.Agent!E2
C:\_OTL\MovedFiles\09012012_102959\C_Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\583588cc-39875507 -> ndshesa\ndshesa.class 	gefunden: Java.CVE!E2
C:\_OTL\MovedFiles\09012012_102959\C_Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\583588cc-39875507 -> ndshesa\ndshesb.class 	gefunden: Exploit.Java.Blacole!E2
C:\_OTL\MovedFiles\09012012_102959\C_Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\583588cc-39875507 -> ndshesa\ndshesc.class 	gefunden: Java.CVE!E2
C:\_OTL\MovedFiles\09012012_102959\C_Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\583588cc-39875507 -> ndshesa\ndshesd.class 	gefunden: Java.CVE!E2
C:\System Volume Information\_restore{9160FA06-15A7-4777-B7CE-87E315FB4DE0}\RP621\A0096048.exe 	gefunden: Adware.Win32.ADON.AMN!E1
D:\Downloads\SoftonicDownloader_fuer_free-video-dub.exe 	gefunden: Riskware.Win32.SoftonicDownloader.AMN!E1
D:\Daten\studium\WS2005\ue pkm\ue3\aris_6[1].x_keygen.ZIP -> ATSKEY.EXE 	gefunden: Trojan-Dropper.Agent!E2

Gescannt	773807
Gefunden	15

Scan Ende:	02.09.2012 13:24:22
Scan Zeit:	2:28:26

lg Rudi

t'john · 02.09.2012, 19:46

Sehr gut!

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

conlinz · 03.09.2012, 09:39

Logfile ESET Online Scanner

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=25b57a863e47824ca4c209996c0ff483
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-03 05:05:00
# local_time=2012-09-03 07:05:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 15126815 15126815 0 0
# compatibility_mode=5893 16776573 100 94 159372 98244392 0 0
# compatibility_mode=8192 67108863 100 0 102 102 0 0
# scanned=413290
# found=11
# cleaned=11
# scan_time=35499
C:\_OTL\MovedFiles\09012012_102959\C_Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll	Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\_OTL\MovedFiles\09012012_102959\C_Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll	Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\_OTL\MovedFiles\09012012_102959\C_Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\583588cc-39875507	Java/Exploit.CVE-2012-4681.K trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\_OTL\MovedFiles\09012012_102959\C_Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\79c84c83-495fc84f	a variant of Win32/Kryptik.ALFZ trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\_OTL\MovedFiles\09012012_102959\C_Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\34888a6c-3b16340a	multiple threats (deleted - quarantined)	00000000000000000000000000000000	C
D:\Downloads\SoftonicDownloader_fuer_free-video-dub.exe	Win32/SoftonicDownloader.D application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
G:\ACERDATA\progs\anydvd\hgo-dfix.exe	probably a variant of Win32/Agent.MYXVWBI trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
G:\ACERDATA\ZArchiv\anydvd\hgo-dfix.exe	probably a variant of Win32/Agent.MYXVWBI trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
G:\Recycled\Dg601\anydvd\hgo-dfix.exe	probably a variant of Win32/Agent.MYXVWBI trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
G:\DATEN (F)\ARCHIV\anydvd\hgo-dfix.exe	probably a variant of Win32/Agent.MYXVWBI trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
G:\Backup20071217\ACERDATA (D)\ZArchiv\anydvd\hgo-dfix.exe	probably a variant of Win32/Agent.MYXVWBI trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

lg
Rudi

t'john · 03.09.2012, 20:19

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 7 ) herunter laden.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck

Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck

conlinz · 03.09.2012, 21:28

Hallo,

danke wieder für die Antwort.

Erster PluginChek lieferte veraltetes Flash, daher habe ich da gleich ein Update durchgeführt. Ergebnis:

PluginCheck

Firefox 15.0 ist aktuell

Flash (11,4,402,265) ist aktuell.

Java (1,7,0,7) ist aktuell.

Adobe Reader ist nicht installiert oder aktiviert.

Erneuter Chek nach Deaktivierung Java Plaug-In:

PluginCheck

Firefox 15.0 ist aktuell

Flash (11,4,402,265) ist aktuell.

Java ist Installiert aber nicht aktiviert.

Adobe Reader ist nicht installiert oder aktiviert.

lg Rudi

t'john · 04.09.2012, 17:55

Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Uninstall.
Bestätige mit Ja.

Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html

Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.

Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der