GVU Trojaner - Systemwiederherstellung

Serious · 03.09.2012, 19:50

Hallo zusammen,

ich habe mir heute nach kurzer Suche im Internet plötzlich den o.g. Trojaner eingefangen (Bildschirm gesperrt Die Bundesrep. Deutschland... usw.)

Daraufhin habe ich mein System im Abgesicherten Modus gestartet und die Windows System Wiederherstellung benutzt.

Nach dem Neustart konnte ich dann meinen Echtzeitscanner von Antivir nicht mehr aktivieren. Nach kurzer Suche im Internet habe ich Antivir nach Anleitung deinstalliert und neu aufgespielt.

Nun scheint alles wieder zu funktionieren. Anbei meinen Antivire System-scann da ich dem Frieden nicht 100% vertraue.

Ich hoffe jemand kann sich den Scann anschauen und mir dann sagen ob die Sache damit erledigt ist.

Vielen Dank!

Gruß Serious

t'john · 03.09.2012, 20:53

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Wähle Scanne Alle Benuzer

Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe

Unter Extra Registrierung, wähle bitte Benutze SafeList

Klicke nun auf Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt

Poste die Logfiles hier in den Thread.

Serious · 04.09.2012, 18:50

Hallo t'john,

erst mal vorab vielen Dank für deine Unterstürzung. Ein Glück habe ich dem Frieden nicht getraut...

Beim Malewarebytes Scan wurden gleich zwei Trojaner gefunden.

Anbei die Logs:

Malewarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.04.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
P. Loesch :: P-LOESCH-PC [Administrator]

Schutz: Aktiviert

04.09.2012 06:49:26
mbam-log-2012-09-04 (07-04-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 350185
Laufzeit: 13 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\P. Loesch\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Keine Aktion durchgeführt.

Infizierte Dateien: 2
C:\Users\P. Loesch\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Keine Aktion durchgeführt.
C:\Users\P. Loesch\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Keine Aktion durchgeführt.

(Ende)

Ich habe die Trojaner dann gelöscht.

OTL:

Code:

ATTFilter

OTL logfile created on: 04.09.2012 19:33:55 - Run 1
OTL by OldTimer - Version 3.2.60.0     Folder = E:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
11,99 Gb Total Physical Memory | 9,89 Gb Available Physical Memory | 82,45% Memory free
23,98 Gb Paging File | 21,60 Gb Available in Paging File | 90,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 53,18 Gb Free Space | 47,61% Space Free | Partition Type: NTFS
Drive E: | 683,59 Gb Total Space | 671,69 Gb Free Space | 98,26% Space Free | Partition Type: NTFS
Drive F: | 247,92 Gb Total Space | 174,14 Gb Free Space | 70,24% Space Free | Partition Type: NTFS
 
Computer Name: P.LOESCH-PC | User Name: P. Loesch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - E:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\Garmin\gStart.exe (GARMIN Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (SearchAnonymizer) -- C:\Users\P. Loesch\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (rzdaendpt) -- C:\Windows\SysNative\drivers\rzdaendpt.sys (Razer USA Ltd)
DRV:64bit: - (rzvkeyboard) -- C:\Windows\SysNative\drivers\rzvkeyboard.sys (Razer USA Ltd)
DRV:64bit: - (rzudd) -- C:\Windows\SysNative\drivers\rzudd.sys (Razer USA Ltd)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9B 27 5E 58 B6 6C CD 01  [binary data]
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=0c5ad7a3-ac4c-4e2c-9ae0-0fb8ae165e5b&pid=murb&k=0
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\SearchScopes\{385D7B5B-F78D-482f-955F-4879757256FC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\SearchScopes\{50F52955-E292-497A-8CB8-67D33C076D80}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=0c5ad7a3-ac4c-4e2c-9ae0-0fb8ae165e5b&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\SearchScopes\{53F424E3-27CA-4FD8-BEE6-68EFE826DF48}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=0c5ad7a3-ac4c-4e2c-9ae0-0fb8ae165e5b&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\SearchScopes\{7FF8898A-72B5-4EF1-84E3-7402D50B03C4}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=2DD233F1-89D6-44DB-B6FC-A3801EB03B8B&apn_sauid=10126B61-A3B1-4B10-9E9F-C428223A07D3
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\SearchScopes\{A269A712-3E5B-4D67-9762-F6DBBFC575C7}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=0c5ad7a3-ac4c-4e2c-9ae0-0fb8ae165e5b&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\SearchScopes\{BC43499E-6D21-4d4a-8D2D-8CA53EF31E00}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\SearchScopes\{CE96532B-F3E4-47bf-87B6-1C7CE596F41E}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\SearchScopes\{DB5612C2-F1E6-43DF-A052-1020FC3E3447}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=0c5ad7a3-ac4c-4e2c-9ae0-0fb8ae165e5b&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\SearchScopes\{E97CA733-AB0B-4487-8665-5570665982A6}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=0c5ad7a3-ac4c-4e2c-9ae0-0fb8ae165e5b&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\SearchScopes\{F5227BD4-B9CF-4AB6-AB2E-5170B04A51AC}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=0c5ad7a3-ac4c-4e2c-9ae0-0fb8ae165e5b&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=2DD233F1-89D6-44DB-B6FC-A3801EB03B8B&apn_ptnrs=&apn_sauid=10126B61-A3B1-4B10-9E9F-C428223A07D3&apn_dtid=OSJ000&&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: F:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.03 19:34:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.29 20:06:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\P. Loesch\AppData\Roaming\Mozilla\Firefox\Profiles\rhvr5aof.default\extensions\firejump@firejump.net [2012.03.22 07:51:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.03 19:34:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.09.11 20:35:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\P. Loesch\AppData\Roaming\mozilla\Extensions
[2012.09.03 19:52:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\P. Loesch\AppData\Roaming\mozilla\Firefox\Profiles\rhvr5aof.default\extensions
[2011.09.18 13:23:21 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\P. Loesch\AppData\Roaming\mozilla\Firefox\Profiles\rhvr5aof.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012.03.22 07:51:55 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\P. Loesch\AppData\Roaming\mozilla\Firefox\Profiles\rhvr5aof.default\extensions\firejump@firejump.net
[2012.09.03 19:52:53 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\P. Loesch\AppData\Roaming\mozilla\Firefox\Profiles\rhvr5aof.default\extensions\toolbar@ask.com
[2012.09.03 19:52:53 | 000,002,299 | ---- | M] () -- C:\Users\P. Loesch\AppData\Roaming\Mozilla\Firefox\Profiles\rhvr5aof.default\searchplugins\askcom.xml
[2011.09.16 20:17:44 | 000,002,182 | ---- | M] () -- C:\Users\P. Loesch\AppData\Roaming\Mozilla\Firefox\Profiles\rhvr5aof.default\searchplugins\{14C1EE77-B9F2-4CDB-90E8-FBC3D72E147A}.xml
[2011.09.16 20:17:44 | 000,002,071 | ---- | M] () -- C:\Users\P. Loesch\AppData\Roaming\Mozilla\Firefox\Profiles\rhvr5aof.default\searchplugins\{66680907-5FC7-43B7-B3C2-3DD925A8727D}.xml
[2011.09.16 20:17:44 | 000,001,864 | ---- | M] () -- C:\Users\P. Loesch\AppData\Roaming\Mozilla\Firefox\Profiles\rhvr5aof.default\searchplugins\{8D592AC5-B9CB-4233-A4D7-9B999FF9DA31}.xml
[2011.11.23 22:54:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.09.12 06:24:17 | 000,021,093 | ---- | M] () (No name found) -- C:\USERS\P. LOESCH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RHVR5AOF.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}.XPI
[2012.07.20 14:56:36 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.13 06:20:42 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.01 03:29:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.13 06:20:42 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.13 06:20:42 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.13 06:20:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.13 06:20:42 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.2\PriceGongIE.dll (PriceGong)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\P. Loesch\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001..\Run: [PC Speed Maximizer] C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\P. Loesch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - F:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - F:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49A3DE8F-B5EE-4F48-BF01-1CE3C75DB9BA}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.04 06:47:01 | 000,000,000 | ---D | C] -- C:\Users\P. Loesch\AppData\Roaming\Malwarebytes
[2012.09.04 06:46:53 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.04 06:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.04 06:46:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.04 06:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.03 19:59:30 | 000,000,000 | ---D | C] -- C:\Users\P. Loesch\AppData\Roaming\Avira
[2012.09.03 19:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.09.03 19:58:57 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.09.03 19:58:57 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.09.03 19:58:57 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.09.03 19:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.09.03 19:58:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.09.03 19:52:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012.09.03 19:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012.09.03 19:42:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.09.03 19:42:36 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.09.03 19:42:34 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.09.03 19:42:34 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.09.03 19:42:34 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.09.03 19:42:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.08.26 18:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.08.26 17:50:44 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.08.26 17:50:44 | 019,828,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.08.26 17:50:44 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.08.26 17:50:44 | 012,388,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.08.26 17:50:44 | 009,164,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.08.26 17:50:44 | 007,699,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.08.26 17:50:44 | 002,744,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.08.26 17:50:44 | 002,573,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.08.26 17:50:44 | 002,422,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.08.26 17:50:44 | 002,216,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.08.26 17:50:44 | 001,865,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.08.26 17:50:44 | 001,472,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012.08.26 17:50:44 | 000,828,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012.08.26 17:50:44 | 000,247,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012.08.26 17:50:44 | 000,202,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012.08.20 06:52:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2012.08.20 06:52:25 | 000,000,000 | ---D | C] -- C:\Users\P. Loesch\SystemRequirementsLab
[2012.08.19 00:00:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Lunch Design
[2012.08.17 19:41:29 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.17 19:41:28 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.17 19:41:28 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.17 19:41:28 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.17 19:41:28 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.08.17 19:41:28 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.17 19:41:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.17 19:41:28 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.17 19:41:28 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.17 19:41:28 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.17 19:41:27 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.17 19:41:23 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.08.17 19:41:23 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.17 19:41:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.17 19:41:23 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.17 19:41:23 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.17 19:41:23 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.17 19:41:23 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.15 06:41:10 | 000,588,800 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysWow64\rzdevicedll.dll
[2012.08.07 08:21:22 | 000,143,360 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysWow64\rztouchdll.dll
[2012.08.07 08:21:18 | 000,165,888 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysWow64\rzaudiodll.dll
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.04 19:30:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.04 19:30:45 | 1066,749,950 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.04 06:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.04 06:48:55 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.04 06:48:55 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.04 06:48:17 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.04 06:48:17 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.04 06:48:17 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.04 06:48:17 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.04 06:48:17 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.04 06:46:53 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.03 19:58:58 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.09.03 19:42:32 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.09.03 19:42:32 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.09.03 19:42:32 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.09.03 19:42:32 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.09.03 19:42:32 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.09.03 19:42:32 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.08.19 00:00:27 | 000,000,691 | ---- | M] () -- C:\Users\P. Loesch\Desktop\Icy Tower.lnk
[2012.08.17 22:11:21 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.17 22:11:21 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.17 22:10:29 | 000,316,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.15 06:41:10 | 000,588,800 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysWow64\rzdevicedll.dll
[2012.08.07 08:21:22 | 000,143,360 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysWow64\rztouchdll.dll
[2012.08.07 08:21:18 | 000,165,888 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysWow64\rzaudiodll.dll
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.04 06:46:53 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.03 19:58:58 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.08.19 00:00:27 | 000,000,691 | ---- | C] () -- C:\Users\P. Loesch\Desktop\Icy Tower.lnk
[2012.08.05 14:29:59 | 000,000,001 | ---- | C] () -- C:\Users\P. Loesch\.SIG_PINSTATUS_VOREINSTELLUNG
[2012.08.05 14:29:59 | 000,000,001 | ---- | C] () -- C:\Users\P. Loesch\.SIG_DIALOG_VOREINSTELLUNG
[2012.08.05 14:22:46 | 000,010,447 | ---- | C] () -- C:\Users\P. Loesch\PJLoesch_elster_2048.pfx
[2012.06.25 20:02:36 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.09.24 16:31:43 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011.09.24 16:31:43 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011.09.24 16:31:43 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011.09.24 14:45:19 | 000,033,975 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011.09.11 21:21:44 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.09.11 21:21:42 | 000,030,065 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

< End of report >

OTL Extra:

Code:

ATTFilter

OTL Extras logfile created on: 04.09.2012 19:33:55 - Run 1
OTL by OldTimer - Version 3.2.60.0     Folder = E:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
11,99 Gb Total Physical Memory | 9,89 Gb Available Physical Memory | 82,45% Memory free
23,98 Gb Paging File | 21,60 Gb Available in Paging File | 90,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 53,18 Gb Free Space | 47,61% Space Free | Partition Type: NTFS
Drive E: | 683,59 Gb Total Space | 671,69 Gb Free Space | 98,26% Space Free | Partition Type: NTFS
Drive F: | 247,92 Gb Total Space | 174,14 Gb Free Space | 70,24% Space Free | Partition Type: NTFS
 
Computer Name: P.LOESCH-PC | User Name: P. Loesch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00840598-EB91-47EA-A898-715EF4599601}" = lport=138 | protocol=17 | dir=in | app=system | 
"{06C2338A-343A-4C67-A920-09FC0851F8C5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{0ED29F12-66D7-4D7B-AE3B-889210EB902F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1C61E101-C58A-4C45-AB5A-97D65699864B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1FCC5A54-2D21-4907-B015-DD7E949F87E1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{263B71B0-4D00-43AF-9615-F5C2241162C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3E4E0947-75DB-4B81-89BA-760B5F53E785}" = lport=445 | protocol=6 | dir=in | app=system | 
"{494CCF3E-61D7-45D2-89A2-056A99B3E45B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5DC02345-E167-41CB-ABE8-DF0B9312B66C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{62A79135-453B-44D8-A193-9CEA5C830068}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9247D850-81A1-4881-91AD-F7B48509C295}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9AD6794B-DFAC-4746-8E99-6C3DDC0440BC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A19E4C09-8F39-46D8-854E-E8F08ECFF64D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A1BF471F-C78F-4339-B017-59F874D96CDF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{AEF4DF2A-164A-441D-A288-6B28ACFB18B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C002C7C2-A5EB-4DEB-9D2F-F42C67937941}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C688748A-4492-42C1-A7A4-B2932B84EDB2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DF5827D1-A036-49D9-9471-D0740A92D6A3}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E0094311-7BE8-4AC0-AA42-C139C9CBBBAB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E044BBA6-723D-4532-BBE3-1E4EC7E371EB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E0F90361-D6E5-47D2-B7FA-7970618B9410}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F29140C1-46A6-4252-8B29-8E6854123977}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F7A67079-28F4-4E84-B5F9-445D1ED97F4C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0426EB2A-6F77-4F50-AFF1-C790E8E73231}" = protocol=6 | dir=in | app=f:\programme\icq7.6\icq.exe | 
"{05E2EB02-868B-4FF8-9545-C2F2E2A39582}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{06C92679-AA2E-41EE-A4E8-B634D2CD40BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{07FDCF19-F21D-4038-8AF8-C5E227994328}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{156ECDFF-6FF7-42DC-A4AD-A48109D012DC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{158EB668-E7CE-46FD-B90C-AC1F95897025}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1ABD2F8E-CF7A-446C-9834-B7CEB8541119}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{233DCE36-5702-4242-B634-DD3E848FEA9C}" = protocol=17 | dir=in | app=f:\programme\world of warcraft\launcher.exe | 
"{25CAC724-182A-49E8-B8FF-892C58612A38}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.516\agent.exe | 
"{2728BA15-62FC-4AAB-824C-C5A84F11D2B3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{2992556A-CC81-4A8D-A30A-C47D8541E765}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3B2B165C-B3A1-4B5C-BDC6-110DFB9C3BEB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{3CB6B861-8B3E-444B-B798-A3B201BE7479}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{3CE6AF0A-DB61-46EC-AD81-0A5FD32AA9BF}" = protocol=6 | dir=in | app=f:\programme\reality pump\two worlds ii\twoworlds2.exe | 
"{4470E0CA-E730-4C86-84BA-97AE86A9FAA1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4AF8BCA8-95F6-452B-A262-4E8C88C93341}" = protocol=6 | dir=in | app=f:\programme\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{4B3EFFCE-5D2D-4509-98DB-17F3A3D2187E}" = protocol=17 | dir=in | app=f:\programme\world of warcraft\launcher.patch.exe | 
"{57332326-B3BE-459E-9668-632E47287A67}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{58425DB5-9E9B-4654-8CF5-75CDE5A31B2D}" = protocol=6 | dir=in | app=f:\programme\world of warcraft\launcher.patch.exe | 
"{6BD7F326-FC81-4160-A7B5-7CE3C1F6B69C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6C2AF580-9A6B-4A9B-AACF-DEF7338D8E99}" = protocol=17 | dir=in | app=f:\programme\diablo iii\diablo iii.exe | 
"{6E56B06E-5A6E-40C6-8343-7EA73C5488A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7193DA0B-6557-46F5-A485-3790614BEFBA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.516\agent.exe | 
"{72911E32-86A7-4703-8C7D-F1D7F82EEBB1}" = protocol=6 | dir=in | app=f:\programme\diablo iii\diablo iii.exe | 
"{8542E4E1-D511-43D4-9B5A-0C7E0A1CDC77}" = protocol=6 | dir=in | app=f:\programme\steam\steam.exe | 
"{87646188-927C-4B22-95DB-0520214EA58E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{8C09B3D4-5663-4D67-94A0-1A839827CC6D}" = protocol=17 | dir=in | app=f:\programme\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{8F5A6747-1C9F-4133-8B4A-FB02038F8BC0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{930107DC-4A58-43E4-B4F9-C048E8B5A5BE}" = protocol=6 | dir=in | app=f:\programme\steam\steamapps\common\arma 2\arma2.exe | 
"{9359FA0E-8F3B-4A9D-ADE9-93B7935D3AF0}" = protocol=17 | dir=in | app=f:\programme\reality pump\two worlds ii\twoworlds2.exe | 
"{97DB3099-12FC-48A8-BE0A-A384BB7A3032}" = protocol=17 | dir=in | app=f:\programme\icq7.6\icq.exe | 
"{9EB0A026-46C1-4D08-A157-7BC1BEF16073}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9F4517CD-EA03-48DE-A6EB-4AB232FB7293}" = protocol=17 | dir=in | app=f:\programme\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{A3A46DE8-D6FA-4CF9-B968-7D674A6C899C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5FD7556-355A-489B-8964-5A12A08272F1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{AB096016-5A60-4B8B-9965-68B0386C4DDE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AE42459E-CA61-46A4-9E64-67FB6CDB356B}" = protocol=17 | dir=in | app=f:\programme\steam\steam.exe | 
"{AE5A0261-7388-4EF7-A1E7-07C63DC87BF0}" = protocol=6 | dir=in | app=f:\programme\icq7.6\icq.exe | 
"{AF32B8EC-294D-4FF6-8BED-C797C93F424B}" = protocol=6 | dir=in | app=f:\programme\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{B4B791CF-C489-4F65-82C4-A36774345CA7}" = protocol=6 | dir=in | app=f:\programme\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{B6FF162C-4BD8-4ED1-8428-F18462C9317F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{B92498A3-8312-4C37-B9D7-2195A194E0DE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C10E564B-D043-474A-8AC6-C6B6A41DA9CB}" = protocol=17 | dir=in | app=f:\programme\steam\steamapps\common\arma 2\arma2.exe | 
"{CF254F8A-E6BC-4AAC-923C-FD59F63F2B6B}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{D02273B6-4756-4540-A6FA-E458CA27263B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D319EB4A-EA6C-4C0C-8C46-A513B6520E71}" = protocol=6 | dir=in | app=f:\programme\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{D859A75D-E463-4A63-BC5C-A17E08FF9B5C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E2C97652-AC20-47A0-9030-FAB77C9A272E}" = protocol=17 | dir=in | app=f:\programme\icq7.6\icq.exe | 
"{E6845AF3-747B-4A05-B617-7BFBFC8D9388}" = protocol=17 | dir=in | app=f:\programme\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{EA4F61EB-D450-4A14-A78B-3899840A34A7}" = protocol=17 | dir=in | app=f:\programme\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{EE6076DC-3143-4709-9D3C-65527B533F21}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F5F35FC9-14D0-44D2-BB17-B5D788027D1F}" = protocol=6 | dir=in | app=f:\programme\world of warcraft\launcher.exe | 
"{F83D4F48-4947-4772-8BFF-2D171B719693}" = protocol=6 | dir=out | app=system | 
"{F92801A7-168B-4ACD-9A04-C46B3F011144}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FEF7B365-89C3-4B54-8D79-9300BE497993}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{02D392E1-82DF-4E39-BB8F-85184F701BDA}F:\programme\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=f:\programme\six projects\six updater\tools\bin\rsync.exe | 
"TCP Query User{155001F3-4324-4DC6-9593-36DA28C4F72F}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"TCP Query User{18A9A9F2-252B-4BB6-A2BE-7072BCB704F3}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{21F69AF8-D24F-4541-8C34-BF9E7C16206A}C:\users\p. loesch\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\p. loesch\appdata\local\temp\gw2.exe | 
"TCP Query User{38155AAC-5DD4-4545-AFAB-22F5C9DCD4D2}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{42FE8DF0-1507-435A-931E-C1AEC811D169}C:\programdata\battle.net\agent\agent.649\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 
"TCP Query User{5223C47B-7BB2-4E5C-AB7B-ABFEB4FFEED3}F:\programme\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\programme\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{7AB9FB6E-9D7A-4870-B1B0-631320ADC857}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{7D87F76D-6C61-4008-8F74-D8B7189BF268}F:\programme\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\programme\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | 
"TCP Query User{9A812F73-C8D1-4BBE-AA90-68148CF28869}F:\programme\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=f:\programme\diablo iii\diablo iii.exe | 
"TCP Query User{A2BE5E19-AA70-4768-8743-058385A0E397}F:\programme\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=f:\programme\guild wars 2\gw2.exe | 
"TCP Query User{AB3BBA7D-B5FD-4B7A-8C83-EAE5DBBA97C2}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe | 
"TCP Query User{BC3F1B60-4F9D-473E-87B8-07C1103B9C5E}F:\programme\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=f:\programme\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"TCP Query User{CC2B4876-1702-44A8-9C71-F66ECDC0F5AD}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{D58B5ABB-5D82-43AF-8189-272D76ED3594}F:\programme\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=f:\programme\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{EE2E6BF7-6C59-4985-A46D-FD0A8A187CB7}F:\programme\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\programme\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 
"UDP Query User{025DC06B-E6F4-4D26-BC79-E00D610D5C38}C:\programdata\battle.net\agent\agent.649\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 
"UDP Query User{17C6104E-A057-4D10-8B00-AEC4E2AD74BF}F:\programme\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\programme\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{20A01EF7-7E9A-4043-B75A-8BA7EEAED333}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{2580B9C5-CC92-4C22-AB53-23D0D77C52EF}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{3CE076C0-D8A9-4650-BFBF-02E1A6BD9BC8}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe | 
"UDP Query User{52A47766-ADE1-46F0-8E70-A948589C7C3B}F:\programme\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=f:\programme\guild wars 2\gw2.exe | 
"UDP Query User{57822E33-B48F-45F7-822C-ED3B06B7C554}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"UDP Query User{5A23EC89-B2C4-464A-BD72-AA5CC3D9B721}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{6EAD3EE3-9F24-4629-AE38-128897683F01}F:\programme\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=f:\programme\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{758A9A41-17E5-4471-8738-B1B301FEF94A}F:\programme\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=f:\programme\six projects\six updater\tools\bin\rsync.exe | 
"UDP Query User{A77054CD-C358-4CC1-A569-CE1B356E18F3}F:\programme\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\programme\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | 
"UDP Query User{AA307F4E-4B75-4F97-A4C0-B662DD81F711}C:\users\p. loesch\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\p. loesch\appdata\local\temp\gw2.exe | 
"UDP Query User{D36F3469-D9A5-4F87-BCAC-08BF7D712AE1}F:\programme\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\programme\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 
"UDP Query User{EA4CE76A-FA20-4530-BC7D-00BC5C5DE923}F:\programme\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=f:\programme\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"UDP Query User{ECAD56D3-DE04-42EE-8E3C-A6C250FE95FE}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{FA36205D-5A58-4142-A044-C75530232FA2}F:\programme\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=f:\programme\diablo iii\diablo iii.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java(TM) SE Development Kit 7 Update 1 (64-bit)
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 304.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 304.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 304.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"DesktopIconAmazon" = Desktop Icon für Amazon
"Logitech Gaming Software" = Logitech Gaming Software 8.30
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SearchAnonymizer" = SearchAnonymizer
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.6 Build #5618 Banner Remover 1.0
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2A03B9F8-BE6D-43C6-A16A-B9998A194AF0}" = Garmin Training Center
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump 1.0
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BattlEye for OA" = BattlEye for OA Uninstall
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"Diablo III Beta" = Diablo III Beta
"ElsterFormular" = ElsterFormular
"Everest Poker" = Everest Poker (Remove Only)
"Foxit Reader_is1" = Foxit Reader
"Guild Wars 2" = Guild Wars 2
"Icy Tower v1.5_is1" = Icy Tower v1.5
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PC Speed Maximizer_is1" = PC Speed Maximizer v3.0
"PriceGong" = PriceGong 2.5.2
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Two Worlds II" = Two Worlds II
"Unigine Heaven DX11 Benchmark 2.5_is1" = Unigine Heaven DX11 Benchmark 2.5 version 2.5
"VLC media player" = VLC media player 1.1.11
"World of Warcraft" = World of Warcraft
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.07.2012 01:17:10 | Computer Name = P.Loesch-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: arma2oa.exe, Version: 1.60.94.700,
 Zeitstempel: 0x4ffc1914  Name des fehlerhaften Moduls: arma2oa.exe, Version: 1.60.94.700,
 Zeitstempel: 0x4ffc1914  Ausnahmecode: 0xc0000005  Fehleroffset: 0x002a1b03  ID des fehlerhaften
 Prozesses: 0x1498  Startzeit der fehlerhaften Anwendung: 0x01cd5f23976d0456  Pfad der
 fehlerhaften Anwendung: F:\Programme\Steam\SteamApps\common\arma 2 operation arrowhead\Expansion\beta\arma2oa.exe
Pfad
 des fehlerhaften Moduls: F:\Programme\Steam\SteamApps\common\arma 2 operation arrowhead\Expansion\beta\arma2oa.exe
Berichtskennung:
 a9f7b44b-cb17-11e1-bd35-14dae9339d01
 
Error - 12.07.2012 00:38:19 | Computer Name = P.Loesch-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Core Temp.exe, Version: 1.0.0.0, 
Zeitstempel: 0x4e5ff94d  Name des fehlerhaften Moduls: Core Temp.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4e5ff94d  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000002dbc6
ID
 des fehlerhaften Prozesses: 0xb88  Startzeit der fehlerhaften Anwendung: 0x01cd5fe824d208b7
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Core Temp\Core Temp.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Core Temp\Core Temp.exe  Berichtskennung: 6703ddb0-cbdb-11e1-8698-14dae9339d01
 
Error - 14.07.2012 17:04:57 | Computer Name = P.Loesch-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: arma2oa.exe, Version: 1.61.94.876,
 Zeitstempel: 0x4ffef77f  Name des fehlerhaften Moduls: arma2oa.exe, Version: 1.61.94.876,
 Zeitstempel: 0x4ffef77f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x002a1b63  ID des fehlerhaften
 Prozesses: 0x10e4  Startzeit der fehlerhaften Anwendung: 0x01cd620397ebec4f  Pfad der
 fehlerhaften Anwendung: F:\Programme\Steam\SteamApps\common\arma 2 operation arrowhead\Expansion\beta\arma2oa.exe
Pfad
 des fehlerhaften Moduls: F:\Programme\Steam\SteamApps\common\arma 2 operation arrowhead\Expansion\beta\arma2oa.exe
Berichtskennung:
 90de1c92-cdf7-11e1-b111-14dae9339d01
 
Error - 15.07.2012 06:02:08 | Computer Name = P.Loesch-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 13.0.1.4548 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: d70    Startzeit: 
01cd626f6b32427b    Endzeit: 26    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 2207d159-ce64-11e1-8223-14dae9339d01  
 
Error - 18.07.2012 15:00:10 | Computer Name = P.Loesch-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 13.0.1.4548 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1244    Startzeit:
 01cd65143d2ce77a    Endzeit: 65    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 ca3dcf94-d10a-11e1-9234-14dae9339d01  
 
Error - 24.07.2012 15:47:14 | Computer Name = P.Loesch-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.1.4577 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: f34    Startzeit: 
01cd69d4f9ca1e40    Endzeit: 31    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 5c0ccbec-d5c8-11e1-b40d-14dae9339d01  
 
Error - 24.07.2012 16:11:05 | Computer Name = P.Loesch-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.1.4577 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1384    Startzeit:
 01cd69d5209decad    Endzeit: 39    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 b1546828-d5cb-11e1-b40d-14dae9339d01  
 
Error - 11.08.2012 07:33:55 | Computer Name = P.Loesch-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.1.4577 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 3c8    Startzeit: 
01cd77b3faba68e0    Endzeit: 20    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 6d84b784-e3a8-11e1-85f2-14dae9339d01  
 
Error - 03.09.2012 13:35:24 | Computer Name = P.Loesch-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 03.09.2012 13:39:21 | Computer Name = P.Loesch-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
[ System Events ]
Error - 03.09.2012 13:37:26 | Computer Name = P.Loesch-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 03.09.2012 13:39:21 | Computer Name = P.Loesch-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%306.
 
Error - 03.09.2012 13:54:51 | Computer Name = P.Loesch-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 03.09.2012 13:54:51 | Computer Name = P.Loesch-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 03.09.2012 14:16:06 | Computer Name = P.Loesch-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 03.09.2012 14:16:06 | Computer Name = P.Loesch-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 04.09.2012 00:43:54 | Computer Name = P.Loesch-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 04.09.2012 00:43:54 | Computer Name = P.Loesch-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 04.09.2012 13:32:54 | Computer Name = P.Loesch-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 04.09.2012 13:32:54 | Computer Name = P.Loesch-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >

t'john · 04.09.2012, 20:14

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Code:

ATTFilter

:OTL
SRV - (SearchAnonymizer) -- C:\Users\P. Loesch\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) 
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=0c5ad7a3-ac4c-4e2c-9ae0-0fb8ae165e5b&pid=murb&k=0 
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\SearchScopes\{385D7B5B-F78D-482f-955F-4879757256FC}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH 
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\SearchScopes\{50F52955-E292-497A-8CB8-67D33C076D80}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=0c5ad7a3-ac4c-4e2c-9ae0-0fb8ae165e5b&pid=murb&mode=bounce&k=0 
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\SearchScopes\{53F424E3-27CA-4FD8-BEE6-68EFE826DF48}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=0c5ad7a3-ac4c-4e2c-9ae0-0fb8ae165e5b&pid=murb&mode=bounce&k=0 
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\SearchScopes\{7FF8898A-72B5-4EF1-84E3-7402D50B03C4}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=2DD233F1-89D6-44DB-B6FC-A3801EB03B8B&apn_sauid=10126B61-A3B1-4B10-9E9F-C428223A07D3 
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\SearchScopes\{A269A712-3E5B-4D67-9762-F6DBBFC575C7}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=0c5ad7a3-ac4c-4e2c-9ae0-0fb8ae165e5b&pid=murb&mode=bounce&k=0 
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\SearchScopes\{BC43499E-6D21-4d4a-8D2D-8CA53EF31E00}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM 
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\SearchScopes\{CE96532B-F3E4-47bf-87B6-1C7CE596F41E}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346 
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\SearchScopes\{DB5612C2-F1E6-43DF-A052-1020FC3E3447}: "URL" = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=0c5ad7a3-ac4c-4e2c-9ae0-0fb8ae165e5b&pid=murb&mode=bounce&k=0 
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\SearchScopes\{E97CA733-AB0B-4487-8665-5570665982A6}: "URL" = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=0c5ad7a3-ac4c-4e2c-9ae0-0fb8ae165e5b&pid=murb&mode=bounce&k=0 
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\..\SearchScopes\{F5227BD4-B9CF-4AB6-AB2E-5170B04A51AC}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=0c5ad7a3-ac4c-4e2c-9ae0-0fb8ae165e5b&pid=murb&mode=bounce&k=0 
IE - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultengine: "Ask.com" 
FF - prefs.js..browser.search.defaultenginename: "Ask.com" 
FF - prefs.js..browser.search.order.1: "Ask.com" 
FF - prefs.js..browser.search.selectedEngine: "Google" 
FF - prefs.js..browser.startup.homepage: "www.google.com" 
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=2DD233F1-89D6-44DB-B6FC-A3801EB03B8B&apn_ptnrs=&apn_sauid=10126B61-A3B1-4B10-9E9F-C428223A07D3&apn_dtid=OSJ000&&q=" 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found 
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\P. Loesch\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) 
O4 - HKU\S-1-5-21-3319000499-2840504630-3361563802-1001..\Run: [PC Speed Maximizer] C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe () 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) 
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) 
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
 
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] 

[2012.09.03 19:52:53 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\P. Loesch\AppData\Roaming\mozilla\Firefox\Profiles\rhvr5aof.default\extensions\toolbar@ask.com 
[2012.09.03 19:52:53 | 000,002,299 | ---- | M] () -- C:\Users\P. Loesch\AppData\Roaming\Mozilla\Firefox\Profiles\rhvr5aof.default\searchplugins\askcom.xml 
[2012.09.03 19:52:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com 


:Files

C:\Users\P. Loesch\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\P. Loesch\AppData\Local\Temp\*.exe
C:\Users\P. Loesch\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp
%SystemRoot%\SysWOW64\*.tmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Serious · 04.09.2012, 20:35

Hi,

anbei das Log:

Code:

ATTFilter

All processes killed
========== OTL ==========
Service SearchAnonymizer stopped successfully!
Service SearchAnonymizer deleted successfully!
File  C:\Users\P. Loesch\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe  not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\ deleted successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll moved successfully.
HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\SearchScopes\{385D7B5B-F78D-482f-955F-4879757256FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{385D7B5B-F78D-482f-955F-4879757256FC}\ not found.
Registry key HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\SearchScopes\{50F52955-E292-497A-8CB8-67D33C076D80}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50F52955-E292-497A-8CB8-67D33C076D80}\ not found.
Registry key HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\SearchScopes\{53F424E3-27CA-4FD8-BEE6-68EFE826DF48}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53F424E3-27CA-4FD8-BEE6-68EFE826DF48}\ not found.
Registry key HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7FF8898A-72B5-4EF1-84E3-7402D50B03C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FF8898A-72B5-4EF1-84E3-7402D50B03C4}\ not found.
Registry key HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A269A712-3E5B-4D67-9762-F6DBBFC575C7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A269A712-3E5B-4D67-9762-F6DBBFC575C7}\ not found.
Registry key HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BC43499E-6D21-4d4a-8D2D-8CA53EF31E00}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC43499E-6D21-4d4a-8D2D-8CA53EF31E00}\ not found.
Registry key HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CE96532B-F3E4-47bf-87B6-1C7CE596F41E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE96532B-F3E4-47bf-87B6-1C7CE596F41E}\ not found.
Registry key HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\SearchScopes\{DB5612C2-F1E6-43DF-A052-1020FC3E3447}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB5612C2-F1E6-43DF-A052-1020FC3E3447}\ not found.
Registry key HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E97CA733-AB0B-4487-8665-5570665982A6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E97CA733-AB0B-4487-8665-5570665982A6}\ not found.
Registry key HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\SearchScopes\{F5227BD4-B9CF-4AB6-AB2E-5170B04A51AC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5227BD4-B9CF-4AB6-AB2E-5170B04A51AC}\ not found.
HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: "www.google.com" removed from browser.startup.homepage
Prefs.js: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=2DD233F1-89D6-44DB-B6FC-A3801EB03B8B&apn_ptnrs=&apn_sauid=10126B61-A3B1-4B10-9E9F-C428223A07D3&apn_dtid=OSJ000&&q=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ocs_SM deleted successfully.
File C:\Users\P. Loesch\AppData\Roaming\OCS\SM\SearchAnonymizer.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Windows\CurrentVersion\Run\\PC Speed Maximizer deleted successfully.
C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\Windows\SysNative\SET4559.tmp deleted successfully.
C:\Windows\SysNative\SET4965.tmp deleted successfully.
C:\Windows\SysNative\SET4B4C.tmp deleted successfully.
C:\Windows\SysNative\SET4B6E.tmp deleted successfully.
C:\Windows\SysNative\SET4C4A.tmp deleted successfully.
C:\Windows\SysNative\SET525F.tmp deleted successfully.
Folder C:\Users\P. Loesch\AppData\Roaming\mozilla\Firefox\Profiles\rhvr5aof.default\extensions\toolbar@ask.com\ not found.
File C:\Users\P. Loesch\AppData\Roaming\Mozilla\Firefox\Profiles\rhvr5aof.default\searchplugins\askcom.xml not found.
C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
C:\Program Files (x86)\Ask.com\assets folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
========== FILES ==========
File\Folder C:\Users\P. Loesch\AppData\Local\{*} not found.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\P. Loesch\AppData\Local\Temp\*.exe not found.
File\Folder C:\Users\P. Loesch\AppData\LocalLow\Sun\Java\Deployment\cache not found.
File/Folder C:\Users\P. Loesch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
C:\Windows\System32\SET4F6D.tmp moved successfully.
File/Folder C:\Windows\SysWOW64\*.tmp not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\P. Loesch\Desktop\cmd.bat deleted successfully.
C:\Users\P. Loesch\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: P. Loesch
->Temp folder emptied: 1016440615 bytes
->Temporary Internet Files folder emptied: 65790447 bytes
->Java cache emptied: 7991789 bytes
->FireFox cache emptied: 949654844 bytes
->Flash cache emptied: 130973 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 369027171 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 2357291115 bytes
 
Total Files Cleaned = 4.546,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: P. Loesch
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.60.0 log created on 09042012_212856

Files\Folders moved on Reboot...
C:\Users\P. Loesch\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Oh Mist mir ist da grade etwas aufgefallen... Ich habe meine Vornamen in sämtlichen Logdatein abgekürzt -.-.

Ich vermute daher das du das letzte Log nicht verwenden kannst.

Kann ich das P. in diesem OTL Skript einfach durch den vollständigen Namen ersetzen?

t'john · 05.09.2012, 13:38

Zitat:

Kann ich das P. in diesem OTL Skript einfach durch den vollständigen Namen ersetzen?

Ja unbedingt!

Serious · 05.09.2012, 18:16

Hi,

so habe das den Namen im Skript ersetzt und nochmal durch laufen lassen anbei das neue Log:

Code:

ATTFilter

All processes killed
========== OTL ==========
Error: No service named SearchAnonymizer was found to stop!
Service\Driver key SearchAnonymizer not found.
C:\Users\P. Loesch\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\ not found.
File C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll not found.
HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\SearchScopes\{385D7B5B-F78D-482f-955F-4879757256FC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{385D7B5B-F78D-482f-955F-4879757256FC}\ not found.
Registry key HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\SearchScopes\{50F52955-E292-497A-8CB8-67D33C076D80}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50F52955-E292-497A-8CB8-67D33C076D80}\ not found.
Registry key HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\SearchScopes\{53F424E3-27CA-4FD8-BEE6-68EFE826DF48}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53F424E3-27CA-4FD8-BEE6-68EFE826DF48}\ not found.
Registry key HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7FF8898A-72B5-4EF1-84E3-7402D50B03C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FF8898A-72B5-4EF1-84E3-7402D50B03C4}\ not found.
Registry key HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A269A712-3E5B-4D67-9762-F6DBBFC575C7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A269A712-3E5B-4D67-9762-F6DBBFC575C7}\ not found.
Registry key HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BC43499E-6D21-4d4a-8D2D-8CA53EF31E00}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC43499E-6D21-4d4a-8D2D-8CA53EF31E00}\ not found.
Registry key HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CE96532B-F3E4-47bf-87B6-1C7CE596F41E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE96532B-F3E4-47bf-87B6-1C7CE596F41E}\ not found.
Registry key HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\SearchScopes\{DB5612C2-F1E6-43DF-A052-1020FC3E3447}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB5612C2-F1E6-43DF-A052-1020FC3E3447}\ not found.
Registry key HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E97CA733-AB0B-4487-8665-5570665982A6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E97CA733-AB0B-4487-8665-5570665982A6}\ not found.
Registry key HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Internet Explorer\SearchScopes\{F5227BD4-B9CF-4AB6-AB2E-5170B04A51AC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5227BD4-B9CF-4AB6-AB2E-5170B04A51AC}\ not found.
HKU\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: "www.google.com" removed from browser.startup.homepage
Prefs.js: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=2DD233F1-89D6-44DB-B6FC-A3801EB03B8B&apn_ptnrs=&apn_sauid=10126B61-A3B1-4B10-9E9F-C428223A07D3&apn_dtid=OSJ000&&q=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ocs_SM not found.
C:\Users\P. Loesch\AppData\Roaming\OCS\SM\SearchAnonymizer.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
File C:\Program Files (x86)\Ask.com\Updater\Updater.exe not found.
Registry value HKEY_USERS\S-1-5-21-3319000499-2840504630-3361563802-1001\Software\Microsoft\Windows\CurrentVersion\Run\\PC Speed Maximizer not found.
File C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File/Folder C:\Windows\SysNative\*.tmp not found.
C:\Users\P. Loesch\AppData\Roaming\mozilla\Firefox\Profiles\rhvr5aof.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\P. Loesch\AppData\Roaming\mozilla\Firefox\Profiles\rhvr5aof.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\P. Loesch\AppData\Roaming\mozilla\Firefox\Profiles\rhvr5aof.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\P. Loesch\AppData\Roaming\mozilla\Firefox\Profiles\rhvr5aof.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\P. Loesch\AppData\Roaming\mozilla\Firefox\Profiles\rhvr5aof.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\P. Loesch\AppData\Roaming\mozilla\Firefox\Profiles\rhvr5aof.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\P. Loesch\AppData\Roaming\mozilla\Firefox\Profiles\rhvr5aof.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\P. Loesch\AppData\Roaming\Mozilla\Firefox\Profiles\rhvr5aof.default\searchplugins\askcom.xml moved successfully.
Folder C:\Program Files (x86)\Ask.com\ not found.
========== FILES ==========
File\Folder C:\Users\P. Loesch\AppData\Local\{*} not found.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\P. Loesch\AppData\Local\Temp\*.exe not found.
C:\Users\P. Loesch\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\P. Loesch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
File/Folder C:\Windows\System32\*.tmp not found.
File/Folder C:\Windows\SysWOW64\*.tmp not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\P. Loesch\Desktop\cmd.bat deleted successfully.
C:\Users\P. Loesch\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: P. Loesch
->Temp folder emptied: 20347690 bytes
->Temporary Internet Files folder emptied: 281308 bytes
->FireFox cache emptied: 48236200 bytes
->Flash cache emptied: 977 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 66,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: P. Loesch
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.60.0 log created on 09052012_190825

Files\Folders moved on Reboot...
C:\Users\P. Loesch\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Ich hoffe diesmal hat alles geklappt

.

Gruß Serious

t'john · 06.09.2012, 01:59

Sehr gut!

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Serious · 06.09.2012, 18:36

Also der Rechner laeuft soweit ich das beurteilen kann normal

.

Anbei die Logs:

Malewarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.06.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
P. Loesch :: P.LOESCH-PC [Administrator]

Schutz: Aktiviert

06.09.2012 19:17:31
mbam-log-2012-09-06 (19-17-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 335271
Laufzeit: 12 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v2.000 - Datei am 09/06/2012 um 19:33:21 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : P. Loesch - P.LOESCH-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\P. Loesch\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files (x86)\PriceGong
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Ordner Gefunden : C:\Users\P. Loesch\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\P. Loesch\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\P. Loesch\AppData\Roaming\Mozilla\Firefox\Profiles\rhvr5aof.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
Ordner Gefunden : C:\Users\P. Loesch\AppData\Roaming\pdfforge
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\Freeze.com
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default 
Datei : C:\Users\P. Loesch\AppData\Roaming\Mozilla\Firefox\Profiles\rhvr5aof.default\prefs.js

Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");

*************************

AdwCleaner[R1].txt - [5040 octets] - [06/09/2012 19:33:21]

########## EOF - C:\AdwCleaner[R1].txt - [5100 octets] ##########

t'john · 06.09.2012, 19:42

Sehr gut!

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

Serious · 06.09.2012, 20:30

Hi,

danke für die schnelle Antwort!

Hier ide Logs:

AdwCleaner

Code:

ATTFilter

# AdwCleaner v2.000 - Datei am 09/06/2012 um 20:59:07 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : P. Loesch - P.LOESCH-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\P. Loesch\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\PriceGong
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Ordner Gelöscht : C:\Users\P. Loesch\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\P. Loesch\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\P. Loesch\AppData\Roaming\Mozilla\Firefox\Profiles\rhvr5aof.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
Ordner Gelöscht : C:\Users\P. Loesch\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default 
Datei : C:\Users\P. Loesch\AppData\Roaming\Mozilla\Firefox\Profiles\rhvr5aof.default\prefs.js

Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");

*************************

AdwCleaner[S1].txt - [5699 octets] - [06/09/2012 20:59:07]

########## EOF - C:\AdwCleaner[S1].txt - [5759 octets] ##########

uuunnnd Emsisoft:

Code:

ATTFilter

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 06.09.2012 21:07:50

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, E:\, F:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	06.09.2012 21:09:25

c:\program files (x86)\everest poker\ 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\data\mp-poker\ 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\data\shared\ 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\data\ 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\data\startup\ 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\data\fonts\ 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\data\mp-lobby\ 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\data\mp-poker\background\ 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\data\shared\shared\ 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\data\shared\shared\bitmaps\ 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\data\shared\shared\sounds\ 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\data\startup\en\ 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\data\startup\shared\ 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\data\startup\shared\icons\ 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\data\startup\shared\sounds\ 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\init.ini 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\gvnetwork.dll 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\gvsound.dll 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\gvmain.exe 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\log.dat 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\settings.ini 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\casino.exe 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\gvbase.dll 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\cstart.exe 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\everest poker.exe 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\gvgfx-dib.dll 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\gvcrt.dll 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\gvgfx.dll 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\data\mp-poker\background\default.gvt 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\data\mp-lobby\shared.gvt 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\data\shared\shared\bitmaps\check.art 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\data\shared\shared\bitmaps\chips.art 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\data\shared\shared\bitmaps\btn_scroll.gvt 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\gvmain.dll 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\data\shared\shared\sounds\button.ogg 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\data\mp-poker\shared.gvt 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\data\shared\shared\sounds\carddeal.ogg 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\data\shared\shared\sounds\cardflip.ogg 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\data\shared\shared\sounds\chipclick.ogg 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\data\startup\en\startup_strings.txt 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\data\startup\shared\icons\ep.ico 	gefunden: Trace.File.everestpoker!E1
c:\program files (x86)\everest poker\data\startup\shared\sounds\alert.ogg 	gefunden: Trace.File.everestpoker!E1
Key: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\everest poker 	gefunden: Trace.Registry.everestpoker!E1
Key: hkey_current_user\software\grand virtual 	gefunden: Trace.Registry.everestpoker!E1
C:\Users\P. Loesch\AppData\Local\Microsoft\Windows\907\7be90d7b 	gefunden: Trojan.Win32.Ransom!E2
F:\Programme\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe 	gefunden: Adware.Win32.Toolbar.Dealio.AMN!E1

Gescannt	575759
Gefunden	46

Scan Ende:	06.09.2012 21:18:11
Scan Zeit:	0:08:46

Was ist ein "Trace", habe davon scheinbar jede Menge

t'john · 07.09.2012, 11:59

Sehr gut!

Lasse die Funde in Quarantaene verschieben, dann:

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Serious · 07.09.2012, 19:27

Hallo,

der Scann hat ewig gedauert, anbei das Log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2ebc9a83658b494e9b0c003260318f73
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-07 06:23:55
# local_time=2012-09-07 08:23:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 344712 344712 0 0
# compatibility_mode=5893 16776574 100 94 31191103 98669698 0 0
# compatibility_mode=8192 67108863 100 0 105 105 0 0
# scanned=132455
# found=1
# cleaned=1
# scan_time=2387
C:\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe	a variant of Win32/SpeedingUpMyPC application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

t'john · 08.09.2012, 18:46

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 7 ) herunter laden.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck

Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck

Serious · 09.09.2012, 12:07

Hallo,

Code:

ATTFilter

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

    Firefox 15.0.1 ist aktuell

    Flash 11,3,300,271 ist veraltet!
    Aktualisieren Sie bitte auf die neueste Version!

    Java (1,7,0,7) ist aktuell.

    Adobe Reader ist nicht installiert oder aktiviert.

 

Zurück

und hier nach dem deaktivieren:

Code:

ATTFilter

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

    Firefox 15.0.1 ist aktuell

    Flash 11,3,300,271 ist veraltet!
    Aktualisieren Sie bitte auf die neueste Version!

    Java ist Installiert aber nicht aktiviert.

    Adobe Reader ist nicht installiert oder aktiviert.

 

Zurück

Das Java ist aber die 32-Bit Version und ich habe ein 64-Bit System ist das okay?