Internetseiten-Fehler

Kevinator941 · 23.11.2012, 18:28

wie mache ich schritt drei denn?
Tut mir leid wie gesagt habe gar keine ahnung

ryder · 23.11.2012, 18:39

Deswegen haben wir eine Anleitung die man lesen sollte.

Liste der installierten Programme (Combofix)

Bitte suche und poste mir die folgende Datei:
c:\Qoobox\Add-Remove Programs.txt

Kevinator941 · 23.11.2012, 19:04

Code:

ATTFilter

Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Age of Empires III
Angry Birds
Angry Birds Rio
Angry Birds Space
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Avira Free Antivirus
Bing Rewards Client Installer
Bonjour
Broadcom 2070 Bluetooth 3.0
Broadcom 802.11 Wireless LAN Adapter
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cogs GO Lite
Conduit Engine
Corel Home Office
Corel Home Office - CS Templates
Corel Home Office - CT Templates
Corel Home Office - IPM
Corel Home Office - JP Templates
Corel Home Office - KR Templates
Corel Home Office - Launcher
Corel Home Office - Templates RU
Corel Home Office - Templates1
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Empire Earth
Empire Earth Gold
Energy Star Digital Logo
Far Cry 2
Free Audio CD Burner version 1.4
Free NaturalReader
Free Studio version 5.7.3.916
Free YouTube Download version 2.10.33.324
Free YouTube to MP3 Converter version 3.8
Grand Theft Auto San Andreas
Grand Theft Auto Vice City
HP Advisor
HP Customer Experience Enhancements
HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
HP Deskjet 3050 J610 series Hilfe
HP Documentation
HP ESU for Microsoft Windows 7
HP HotKey Support
HP Photo Creations
HP Setup
HP SoftPaq Download Manager
HP Software Framework
HP Software Setup
HP Update
HP Web Camera
HP Webcam
HP Webcam Driver
HP Wireless Assistant
iCloud
IDT Audio
iTunes
LightScribe System Software
Microsoft .NET Framework 4 Client Profile
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office Klick-und-Los 2010
Microsoft Office Language Pack 2010 - German/Deutsch
Microsoft Office O MUI (German) 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer MUI (German) 2010
Microsoft Office Starter 2010 - Deutsch
Microsoft Office Word 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Office X MUI (German) 2010
Microsoft PowerPoint 2010
Microsoft PowerPoint Viewer
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Word 2010
Mozilla Firefox 16.0.2 (x86 de)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need for Speed Underground 2
OpenAL
PDF Complete Special Edition
PunkBuster Services
QuickTime
Realtek Ethernet Controller All-In-One Windows Driver
Remote Mouse version 1.50
RocketDock 1.3.5
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Steamless Counter Strike Source Pack
Studie zur Verbesserung von HP Deskjet 3050 J610 series Produkten
Synaptics Pointing Device Driver
System Explorer 3.2.1
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
USB PC Camera (SN9C101)
VC80CRTRedist - 8.0.50727.6195
VirtualCloneDrive
VLC media player 1.1.6
Vokabel Trainer 5
Windows 7 Default Setting
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mesh ActiveX control for remote connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.01 (32-Bit)
WinZip 14.5

ryder · 23.11.2012, 19:13

Sieht gut aus, dann müssen wir jetzt noch ein paar Überreste entfernen:

Schritt 1:
AdwCleaner: Werbeprogramme suchen und löschen

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.

Klicke auf Löschen.

Bestätige jeweils mit Ok.

Dein Rechner wird neu gestartet. Schreibe mir nur ob der Schritt geklappt hat, das anfallende Logfile brauchen wir nicht.

Schritt 2:
Kontrollscan mit OTL

Starte bitte OTL.exe - falls noch nicht vorhanden: LINK

Stelle sicher, dass "Alle Benuzter Scannen" angehakt ist!

Drücke den Quick Scan Button.

Poste die OTL.txt hier in deinen Thread.

Schritt 3:
Scan mit SecurityCheck

Downloade Dir bitte SecurityCheck

Speichere es auf dem Desktop.

Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"

Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Kevinator941 · 23.11.2012, 19:49

Code:

ATTFilter

OTL logfile created on: 11/23/2012 7:28:05 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Robi\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
764.56 Mb Total Physical Memory | 135.64 Mb Available Physical Memory | 17.74% Memory free
1.75 Gb Paging File | 0.56 Gb Available in Paging File | 31.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 215.59 Gb Total Space | 83.14 Gb Free Space | 38.56% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 0.00 Gb Free Space | 0.12% Space Free | Partition Type: FAT32
 
Computer Name: ROBI-HP | User Name: Robi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Robi\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Remote Mouse\server\server.exe ()
PRC - C:\Program Files\Remote Mouse\RemoteMouse.exe ()
PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows NT\Accessories\WORDPAD.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\lpksetup.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Remote Mouse\server\server.exe ()
MOD - C:\Program Files\Remote Mouse\RemoteMouse.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Remote Mouse\server\win32gui.pyd ()
MOD - C:\Program Files\Remote Mouse\server\win32api.pyd ()
MOD - C:\Program Files\Remote Mouse\server\pywintypes26.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll ()
MOD - C:\Program Files\Remote Mouse\server\_ctypes.pyd ()
MOD - C:\Program Files\Remote Mouse\server\_ssl.pyd ()
MOD - C:\Program Files\Remote Mouse\server\_socket.pyd ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Remote Mouse\server\autopy.mouse.pyd ()
MOD - C:\Program Files\Remote Mouse\server\autopy.key.pyd ()
MOD - C:\Program Files\RocketDock\RocketDock.exe ()
MOD - C:\Program Files\RocketDock\RocketDock.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe File not found
SRV - (SystemStoreService) -- C:\Program Files\Freetec\SystemStore\SystemStore.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe (IDT, Inc.)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (hpHotkeyMonitor) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (catchme) -- C:\Users\Robi\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (mv2) -- C:\Windows\System32\drivers\mv2.sys (UVNC BVBA)
DRV - (SMARTMouseFilterx86) -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys (SMART Technologies ULC)
DRV - (SMARTVTabletPCx86) -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys (SMART Technologies ULC)
DRV - (SMARTVHidMini2000x86) -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys (SMART Technologies ULC)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (rtsuvc) -- C:\Windows\System32\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{531795A6-54C6-47E1-8ED6-34F290D57429}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = 
 
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes\{531795A6-54C6-47E1-8ED6-34F290D57429}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes\{7FA1E07F-182B-4840-8746-1D4F740CCBA3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=2eddcdec-482e-487e-b9d2-d337c083fa0c&apn_sauid=16503CEE-24EC-4F95-9BC2-30168582F901
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.10
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.7
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/28 18:46:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/28 18:46:47 | 000,000,000 | ---D | M]
 
[2012/11/23 17:09:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\Extensions
[2012/11/23 18:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\Firefox\Profiles\e7qdcxpt.default\extensions
[2012/11/20 22:21:19 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\extension@preispilot.com.xpi
[2012/10/11 12:06:25 | 000,281,285 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012/11/23 18:38:46 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012/11/23 14:59:58 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/11/21 11:53:59 | 000,001,632 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\firefox-add-ons.xml
[2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-4.xml
[2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-5.xml
[2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-6.xml
[2012/10/28 18:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/10/28 18:46:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/16 18:51:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/15 15:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012/11/21 18:14:00 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/11/21 18:14:00 | 000,001,679 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/21 18:14:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/11/21 18:14:00 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/12/25 19:11:09 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
[2012/11/20 12:32:01 | 000,001,278 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/11/21 18:14:00 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012/11/23 17:37:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [Remote Mouse] C:\Program Files\Remote Mouse\RemoteMouse.exe ()
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Robi\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Robi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4FCF358-0D16-48CE-8144-1A6C7EBEBD6C}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/11/23 17:42:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/23 17:42:00 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/11/23 17:42:00 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\temp
[2012/11/23 17:22:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/11/23 17:22:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/11/23 17:22:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/11/23 17:09:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/23 17:09:09 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/11/23 16:49:42 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2012/11/23 16:49:18 | 000,000,000 | ---D | C] -- C:\JRT
[2012/11/22 12:16:43 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{56F4D31D-2F68-4B81-8FE6-4F6101085ECD}
[2012/11/22 11:55:12 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{66E052C8-5437-413C-8AC1-0CB48B0DB0BA}
[2012/11/21 18:14:00 | 000,000,000 | ---D | C] -- C:\windows\System32\IO
[2012/11/21 16:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/11/21 11:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/11/21 11:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/11/20 12:32:34 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\windows\System32\dhRichClient3.dll
[2012/11/20 12:32:11 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\DesktopIconForAmazon
[2012/11/20 12:32:01 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\Opera
[2012/11/20 12:31:51 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\OCS
[2012/11/20 12:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\SelfUpdater
[2012/11/20 11:58:43 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\Bloson
[2012/11/19 17:21:17 | 000,000,000 | ---D | C] -- C:\Users\Robi\Desktop\päda filmr fotos
[2012/11/09 06:36:20 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{23ABBB6E-6153-4E10-9C0F-8A4C7CFA2B33}
[2012/11/08 12:36:46 | 000,000,000 | ---D | C] -- C:\Users\Robi\Documents\GTA San Andreas User Files
[2012/11/08 08:04:59 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{449D7202-ACCA-46FD-A049-6FA5561DDDE6}
[2012/11/07 16:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2012/10/28 18:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/03/15 16:12:29 | 000,885,024 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Robi\JavaSetup6u24.exe
[2011/02/17 19:45:10 | 008,417,616 | ---- | C] (Mozilla) -- C:\Users\Robi\Firefox_Setup_3.6.13.exe
[2011/02/07 17:25:15 | 060,458,664 | ---- | C] (DVDVideoSoft Limited.                                       ) -- C:\Program Files\FreeStudio.exe
[2011/01/30 18:36:11 | 008,417,616 | ---- | C] (Mozilla) -- C:\Program Files\Firefox.exe
[10 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/11/23 19:33:57 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 19:33:57 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 19:23:26 | 000,000,314 | ---- | M] () -- C:\windows\tasks\asilfsat.job
[2012/11/23 19:23:10 | 000,016,384 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2012/11/23 19:23:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/23 19:22:56 | 801,697,792 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/23 17:37:55 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/11/23 15:01:39 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/11/22 13:21:13 | 000,007,250 | ---- | M] () -- C:\Users\Robi\Documents\Pädagogik Projekt.wlmp
[2012/11/22 12:21:02 | 000,654,844 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/11/22 12:21:02 | 000,616,686 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/11/22 12:21:02 | 000,130,426 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/11/22 12:21:02 | 000,106,808 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/11/21 23:05:20 | 000,211,168 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 09.07.2012 - 03.08.2012.jpg
[2012/11/21 23:03:25 | 000,203,440 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 02.04.2012 - 13.04.2012.jpg
[2012/11/21 23:01:38 | 000,370,461 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Diakonie 02.01.2012 - 06.01.2012.jpg
[2012/11/21 22:59:28 | 000,361,755 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim schulisch 21.03.2011 - 08.04.2011.jpg
[2012/11/21 22:57:34 | 000,327,275 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Kindergarten 15.11.2010 - 03.12.2010.jpg
[2012/11/21 22:52:42 | 000,289,663 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 11.10.2010 - 22.10.2010.jpg
[2012/11/21 22:50:54 | 000,276,004 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 26.07.2010 - 13.08.2010.jpg
[2012/11/21 22:47:21 | 000,343,463 | ---- | M] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 2.jpg
[2012/11/21 22:45:59 | 000,306,644 | ---- | M] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 1.jpg
[2012/11/21 22:43:07 | 000,180,681 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 4.jpg
[2012/11/21 22:41:51 | 000,292,828 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 3.jpg
[2012/11/21 22:40:39 | 000,234,454 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 2.jpg
[2012/11/21 22:39:14 | 000,240,593 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 1.jpg
[2012/11/21 22:37:58 | 000,337,336 | ---- | M] () -- C:\Users\Robi\Desktop\Arbeits und Sozialverhalten.jpg
[2012/11/21 16:27:40 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2012/11/18 19:23:40 | 000,339,296 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/11/09 08:38:08 | 000,000,316 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForRobi.job
[2012/11/07 16:19:00 | 000,119,300 | -H-- | M] () -- C:\windows\System32\mlfcache.dat
[2012/11/03 11:35:40 | 000,000,017 | ---- | M] () -- C:\windows\System32\shortcut_ex.dat
[10 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/11/23 17:22:56 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/11/23 17:22:56 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/11/23 17:22:56 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/11/23 17:22:56 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/11/23 17:22:56 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/11/22 13:21:13 | 000,007,250 | ---- | C] () -- C:\Users\Robi\Documents\Pädagogik Projekt.wlmp
[2012/11/21 23:05:20 | 000,211,168 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 09.07.2012 - 03.08.2012.jpg
[2012/11/21 23:03:25 | 000,203,440 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 02.04.2012 - 13.04.2012.jpg
[2012/11/21 23:01:37 | 000,370,461 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Diakonie 02.01.2012 - 06.01.2012.jpg
[2012/11/21 22:59:28 | 000,361,755 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim schulisch 21.03.2011 - 08.04.2011.jpg
[2012/11/21 22:57:34 | 000,327,275 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Kindergarten 15.11.2010 - 03.12.2010.jpg
[2012/11/21 22:52:41 | 000,289,663 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 11.10.2010 - 22.10.2010.jpg
[2012/11/21 22:50:54 | 000,276,004 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 26.07.2010 - 13.08.2010.jpg
[2012/11/21 22:47:21 | 000,343,463 | ---- | C] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 2.jpg
[2012/11/21 22:45:59 | 000,306,644 | ---- | C] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 1.jpg
[2012/11/21 22:43:07 | 000,180,681 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 4.jpg
[2012/11/21 22:41:50 | 000,292,828 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 3.jpg
[2012/11/21 22:40:39 | 000,234,454 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 2.jpg
[2012/11/21 22:39:13 | 000,240,593 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 1.jpg
[2012/11/21 22:37:57 | 000,337,336 | ---- | C] () -- C:\Users\Robi\Desktop\Arbeits und Sozialverhalten.jpg
[2012/11/20 12:32:34 | 000,338,432 | ---- | C] () -- C:\windows\System32\sqlite36_engine.dll
[2012/11/17 22:23:14 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/17 22:22:38 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/07 16:07:32 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/11/03 11:35:40 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat
[2012/09/17 21:02:28 | 000,001,652 | ---- | C] () -- C:\windows\System32\ASOROSet.bin
[2012/09/03 20:25:13 | 000,000,193 | ---- | C] () -- C:\windows\WORDPAD.INI
[2012/07/22 19:46:16 | 000,000,000 | ---- | C] () -- C:\windows\appXYqt3.ini
[2012/06/17 23:40:45 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r06
[2012/06/17 23:40:43 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r05
[2012/06/17 23:40:43 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r04
[2012/06/17 23:40:39 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r03
[2012/06/17 23:40:39 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r02
[2012/06/17 23:40:39 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r01
[2012/06/17 23:40:38 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r00
[2012/06/17 23:40:38 | 000,009,006 | ---- | C] () -- C:\Users\Robi\aoe-project.nfo
[2012/05/13 18:11:07 | 000,119,300 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2012/04/27 17:19:28 | 000,027,969 | ---- | C] () -- C:\Users\Robi\AppData\Roaming\UserTile.png
[2012/04/24 10:12:02 | 000,139,264 | ---- | C] () -- C:\windows\System32\usbceipi.dll
[2012/03/20 21:21:18 | 000,000,046 | ---- | C] () -- C:\windows\QTW.INI
[2012/02/21 10:51:49 | 000,000,190 | ---- | C] () -- C:\windows\cncscore.ini
[2012/02/17 18:30:29 | 000,286,720 | ---- | C] () -- C:\windows\vsnpstd.exe
[2012/02/17 18:30:28 | 000,053,248 | ---- | C] () -- C:\windows\System32\dsnpstd.dll
[2012/02/17 18:30:19 | 000,061,440 | ---- | C] ( ) -- C:\windows\System32\rsnpstd.dll
[2012/01/29 21:29:47 | 000,000,109 | ---- | C] () -- C:\windows\disney.ini
[2011/11/17 19:11:31 | 000,000,236 | ---- | C] () -- C:\ProgramData\{5CAFA1B7-9EEF-4cc7-B9F7-9DDB3DAA679E}
[2011/10/26 16:04:43 | 000,139,152 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2011/10/26 16:04:43 | 000,139,152 | ---- | C] () -- C:\Users\Robi\AppData\Roaming\PnkBstrK.sys
[2011/10/26 16:04:32 | 000,111,928 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe
[2011/10/26 16:04:14 | 002,793,768 | ---- | C] () -- C:\windows\System32\pbsvc.exe
[2011/10/26 16:04:14 | 000,066,872 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe
[2011/08/02 10:34:12 | 000,000,528 | R--- | C] () -- C:\Program Files\MediaID.bin
[2011/07/27 19:48:14 | 000,021,840 | ---- | C] () -- C:\windows\System32\SIntfNT.dll
[2011/07/27 19:48:14 | 000,017,212 | ---- | C] () -- C:\windows\System32\SIntf32.dll
[2011/07/27 19:48:14 | 000,012,067 | ---- | C] () -- C:\windows\System32\SIntf16.dll
[2011/07/27 19:46:30 | 000,000,228 | ---- | C] () -- C:\windows\SIERRA.INI
[2011/07/21 21:18:46 | 000,000,236 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
[2011/06/23 21:02:37 | 000,137,216 | ---- | C] () -- C:\windows\epuninstall.exe
[2011/04/24 17:21:37 | 000,000,032 | ---- | C] () -- C:\windows\Menu.INI
[2011/04/09 20:30:55 | 000,001,849 | ---- | C] () -- C:\Users\Robi\AppData\Roaming\GhostObjGAFix.xml
[2011/03/14 15:18:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/30 19:14:14 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011/01/28 23:32:28 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/08/17 20:21:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Ashampoo
[2012/11/20 22:27:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Bloson
[2012/04/30 23:09:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DAEMON Tools Lite
[2011/11/17 19:11:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Degener
[2012/11/21 18:15:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DesktopIconForAmazon
[2011/06/23 14:49:05 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\GetRightToGo
[2012/03/24 23:38:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Lazy 8 Studios
[2011/10/14 16:23:36 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Leadertech
[2012/11/20 12:31:51 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\OCS
[2012/04/16 18:56:37 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\OpenOffice.org
[2012/11/20 12:32:01 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Opera
[2012/04/07 19:19:43 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Rovio
[2012/04/24 18:48:13 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SMART Technologies
[2012/04/24 10:50:20 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SMART Technologies Inc
[2012/09/17 13:56:22 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SoftGrid Client
[2011/10/01 14:10:46 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SpringLobby
[2011/10/01 14:10:22 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\springsettings
[2011/01/30 08:27:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\supertuxkart
[2011/10/24 17:13:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Teeworlds
[2012/10/14 14:02:11 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Tonido
[2011/01/28 23:08:32 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\TP
[2011/05/02 22:00:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Visan
[2011/10/01 11:23:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Windows Live Writer
[2012/03/25 22:34:27 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Windows SideBar
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.54  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
AntiVir Desktop   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 	11.4.402.265  
 Mozilla Firefox (16.0.2) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

kannst du mir vielleicht noch sagen wie ich den laptop wieder schneller machen kann?

ein ganz ganz herzlichen dank von mir

Du hast mir echt super geholfen!!

lg Kevin

Der fehler ist aber immer noch?

(

ryder · 23.11.2012, 21:00

Schneller machen wir ihn am Schluß, wenn das BÖÖÖSE weg ist

Schritt 1:
Fix mit OTL

Zitat:

Warnung: Dieses Skript wurde nur für diesen User und diese spezielle Situation geschrieben. Auf anderen Computern ausgeführt kann es nachhaltige Schäden anrichten!
Hinweis: Wenn du deinen Benutzernamen unkenntlich gemacht hast, musst du wieder deinen richtigen Namen einsetzen, ansonsten wird das Skript nicht funktionieren.

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes\{7FA1E07F-182B-4840-8746-1D4F740CCBA3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9

:files
ipconfig /flushdns /c

:commands
[Emptytemp]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop. ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in deinen Thread, möglichst in Code-Tags.

Hinweis: Die Ausführung des Kommandos kann einige Minuten dauern und OTL scheint in dieser Zeit nicht zu reagieren. Bitte geduldig sein!

Schritt 2:
Deinstalliere den alten Flashplayer

Schritt 3:
Kontrollscan mit OTL

Starte bitte OTL.exe - falls noch nicht vorhanden: LINK

Stelle sicher, dass "Alle Benuzter Scannen" angehakt ist!

Drücke den Quick Scan Button.

Poste die OTL.txt hier in deinen Thread.

Schritt 4:
Scan mit SecurityCheck

Downloade Dir bitte SecurityCheck

Speichere es auf dem Desktop.

Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"

Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Schritt 5:
Besteht das Problem jetzt noch?

Kevinator941 · 23.11.2012, 21:46

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7FA1E07F-182B-4840-8746-1D4F740CCBA3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FA1E07F-182B-4840-8746-1D4F740CCBA3}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//about.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Exclude.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//FWEvent.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//LanguageSelection.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Message.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryCmd.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryNag.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyNotification.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//NOCLessUpdate.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//quarantine.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//ScanNow.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//strings.vbs/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Template.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Update.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//VirFound.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\*\ deleted successfully.
Invalid CLSID key: *
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\*\ not found.
Invalid CLSID key: *
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ not found.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Robi\Downloads\cmd.bat deleted successfully.
C:\Users\Robi\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Robi
->Temp folder emptied: 1160905 bytes
->Temporary Internet Files folder emptied: 48630359 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 104509351 bytes
->Apple Safari cache emptied: 5618688 bytes
->Flash cache emptied: 3888361 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8842 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 156.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11232012_211545

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Code:

ATTFilter

OTL logfile created on: 11/23/2012 9:30:33 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Robi\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
764.56 Mb Total Physical Memory | 121.01 Mb Available Physical Memory | 15.83% Memory free
1.75 Gb Paging File | 0.54 Gb Available in Paging File | 30.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 215.59 Gb Total Space | 82.96 Gb Free Space | 38.48% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 0.00 Gb Free Space | 0.12% Space Free | Partition Type: FAT32
 
Computer Name: ROBI-HP | User Name: Robi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Robi\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Remote Mouse\server\server.exe ()
PRC - C:\Program Files\Remote Mouse\RemoteMouse.exe ()
PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Remote Mouse\server\server.exe ()
MOD - C:\Program Files\Remote Mouse\RemoteMouse.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Remote Mouse\server\win32gui.pyd ()
MOD - C:\Program Files\Remote Mouse\server\win32api.pyd ()
MOD - C:\Program Files\Remote Mouse\server\pywintypes26.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll ()
MOD - C:\Program Files\Remote Mouse\server\_ctypes.pyd ()
MOD - C:\Program Files\Remote Mouse\server\_ssl.pyd ()
MOD - C:\Program Files\Remote Mouse\server\_socket.pyd ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Remote Mouse\server\autopy.mouse.pyd ()
MOD - C:\Program Files\Remote Mouse\server\autopy.key.pyd ()
MOD - C:\Program Files\RocketDock\RocketDock.exe ()
MOD - C:\Program Files\RocketDock\RocketDock.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe File not found
SRV - (SystemStoreService) -- C:\Program Files\Freetec\SystemStore\SystemStore.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe (IDT, Inc.)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (hpHotkeyMonitor) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (catchme) -- C:\Users\Robi\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (mv2) -- C:\Windows\System32\drivers\mv2.sys (UVNC BVBA)
DRV - (SMARTMouseFilterx86) -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys (SMART Technologies ULC)
DRV - (SMARTVTabletPCx86) -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys (SMART Technologies ULC)
DRV - (SMARTVHidMini2000x86) -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys (SMART Technologies ULC)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (rtsuvc) -- C:\Windows\System32\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{531795A6-54C6-47E1-8ED6-34F290D57429}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = 
 
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes\{531795A6-54C6-47E1-8ED6-34F290D57429}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.10
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.7
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/28 18:46:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/28 18:46:47 | 000,000,000 | ---D | M]
 
[2012/11/23 17:09:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\Extensions
[2012/11/23 18:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\Firefox\Profiles\e7qdcxpt.default\extensions
[2012/11/20 22:21:19 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\extension@preispilot.com.xpi
[2012/10/11 12:06:25 | 000,281,285 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012/11/23 18:38:46 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012/11/23 14:59:58 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/11/21 11:53:59 | 000,001,632 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\firefox-add-ons.xml
[2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-4.xml
[2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-5.xml
[2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-6.xml
[2012/10/28 18:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/10/28 18:46:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/16 18:51:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/15 15:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012/11/21 18:14:00 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/11/21 18:14:00 | 000,001,679 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/21 18:14:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/11/21 18:14:00 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/12/25 19:11:09 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
[2012/11/20 12:32:01 | 000,001,278 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/11/21 18:14:00 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012/11/23 17:37:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [Remote Mouse] C:\Program Files\Remote Mouse\RemoteMouse.exe ()
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Robi\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Robi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4FCF358-0D16-48CE-8144-1A6C7EBEBD6C}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/11/23 21:15:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/23 17:42:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/23 17:42:00 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/11/23 17:42:00 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\temp
[2012/11/23 17:22:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/11/23 17:22:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/11/23 17:22:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/11/23 17:09:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/23 17:09:09 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/11/23 16:49:42 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2012/11/23 16:49:18 | 000,000,000 | ---D | C] -- C:\JRT
[2012/11/22 12:16:43 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{56F4D31D-2F68-4B81-8FE6-4F6101085ECD}
[2012/11/22 11:55:12 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{66E052C8-5437-413C-8AC1-0CB48B0DB0BA}
[2012/11/21 18:14:00 | 000,000,000 | ---D | C] -- C:\windows\System32\IO
[2012/11/21 16:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/11/21 11:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/11/21 11:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/11/20 12:32:34 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\windows\System32\dhRichClient3.dll
[2012/11/20 12:32:11 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\DesktopIconForAmazon
[2012/11/20 12:32:01 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\Opera
[2012/11/20 12:31:51 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\OCS
[2012/11/20 12:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\SelfUpdater
[2012/11/20 11:58:43 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\Bloson
[2012/11/19 17:21:17 | 000,000,000 | ---D | C] -- C:\Users\Robi\Desktop\päda filmr fotos
[2012/11/09 06:36:20 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{23ABBB6E-6153-4E10-9C0F-8A4C7CFA2B33}
[2012/11/08 12:36:46 | 000,000,000 | ---D | C] -- C:\Users\Robi\Documents\GTA San Andreas User Files
[2012/11/08 08:04:59 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{449D7202-ACCA-46FD-A049-6FA5561DDDE6}
[2012/11/07 16:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2012/10/28 18:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/03/15 16:12:29 | 000,885,024 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Robi\JavaSetup6u24.exe
[2011/02/17 19:45:10 | 008,417,616 | ---- | C] (Mozilla) -- C:\Users\Robi\Firefox_Setup_3.6.13.exe
[2011/02/07 17:25:15 | 060,458,664 | ---- | C] (DVDVideoSoft Limited.                                       ) -- C:\Program Files\FreeStudio.exe
[2011/01/30 18:36:11 | 008,417,616 | ---- | C] (Mozilla) -- C:\Program Files\Firefox.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012/11/23 21:26:59 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 21:26:59 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 21:18:59 | 000,000,314 | ---- | M] () -- C:\windows\tasks\asilfsat.job
[2012/11/23 21:18:44 | 000,016,384 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2012/11/23 21:18:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/23 21:18:30 | 801,697,792 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/23 17:37:55 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/11/23 15:01:39 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/11/22 13:21:13 | 000,007,250 | ---- | M] () -- C:\Users\Robi\Documents\Pädagogik Projekt.wlmp
[2012/11/22 12:21:02 | 000,654,844 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/11/22 12:21:02 | 000,616,686 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/11/22 12:21:02 | 000,130,426 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/11/22 12:21:02 | 000,106,808 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/11/21 23:05:20 | 000,211,168 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 09.07.2012 - 03.08.2012.jpg
[2012/11/21 23:03:25 | 000,203,440 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 02.04.2012 - 13.04.2012.jpg
[2012/11/21 23:01:38 | 000,370,461 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Diakonie 02.01.2012 - 06.01.2012.jpg
[2012/11/21 22:59:28 | 000,361,755 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim schulisch 21.03.2011 - 08.04.2011.jpg
[2012/11/21 22:57:34 | 000,327,275 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Kindergarten 15.11.2010 - 03.12.2010.jpg
[2012/11/21 22:52:42 | 000,289,663 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 11.10.2010 - 22.10.2010.jpg
[2012/11/21 22:50:54 | 000,276,004 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 26.07.2010 - 13.08.2010.jpg
[2012/11/21 22:47:21 | 000,343,463 | ---- | M] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 2.jpg
[2012/11/21 22:45:59 | 000,306,644 | ---- | M] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 1.jpg
[2012/11/21 22:43:07 | 000,180,681 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 4.jpg
[2012/11/21 22:41:51 | 000,292,828 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 3.jpg
[2012/11/21 22:40:39 | 000,234,454 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 2.jpg
[2012/11/21 22:39:14 | 000,240,593 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 1.jpg
[2012/11/21 22:37:58 | 000,337,336 | ---- | M] () -- C:\Users\Robi\Desktop\Arbeits und Sozialverhalten.jpg
[2012/11/21 16:27:40 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2012/11/18 19:23:40 | 000,339,296 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/11/09 08:38:08 | 000,000,316 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForRobi.job
[2012/11/07 16:19:00 | 000,119,300 | -H-- | M] () -- C:\windows\System32\mlfcache.dat
[2012/11/03 11:35:40 | 000,000,017 | ---- | M] () -- C:\windows\System32\shortcut_ex.dat
 
========== Files Created - No Company Name ==========
 
[2012/11/23 17:22:56 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/11/23 17:22:56 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/11/23 17:22:56 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/11/23 17:22:56 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/11/23 17:22:56 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/11/22 13:21:13 | 000,007,250 | ---- | C] () -- C:\Users\Robi\Documents\Pädagogik Projekt.wlmp
[2012/11/21 23:05:20 | 000,211,168 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 09.07.2012 - 03.08.2012.jpg
[2012/11/21 23:03:25 | 000,203,440 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 02.04.2012 - 13.04.2012.jpg
[2012/11/21 23:01:37 | 000,370,461 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Diakonie 02.01.2012 - 06.01.2012.jpg
[2012/11/21 22:59:28 | 000,361,755 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim schulisch 21.03.2011 - 08.04.2011.jpg
[2012/11/21 22:57:34 | 000,327,275 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Kindergarten 15.11.2010 - 03.12.2010.jpg
[2012/11/21 22:52:41 | 000,289,663 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 11.10.2010 - 22.10.2010.jpg
[2012/11/21 22:50:54 | 000,276,004 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 26.07.2010 - 13.08.2010.jpg
[2012/11/21 22:47:21 | 000,343,463 | ---- | C] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 2.jpg
[2012/11/21 22:45:59 | 000,306,644 | ---- | C] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 1.jpg
[2012/11/21 22:43:07 | 000,180,681 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 4.jpg
[2012/11/21 22:41:50 | 000,292,828 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 3.jpg
[2012/11/21 22:40:39 | 000,234,454 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 2.jpg
[2012/11/21 22:39:13 | 000,240,593 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 1.jpg
[2012/11/21 22:37:57 | 000,337,336 | ---- | C] () -- C:\Users\Robi\Desktop\Arbeits und Sozialverhalten.jpg
[2012/11/20 12:32:34 | 000,338,432 | ---- | C] () -- C:\windows\System32\sqlite36_engine.dll
[2012/11/17 22:23:14 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/17 22:22:38 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/07 16:07:32 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/11/03 11:35:40 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat
[2012/09/17 21:02:28 | 000,001,652 | ---- | C] () -- C:\windows\System32\ASOROSet.bin
[2012/09/03 20:25:13 | 000,000,193 | ---- | C] () -- C:\windows\WORDPAD.INI
[2012/07/22 19:46:16 | 000,000,000 | ---- | C] () -- C:\windows\appXYqt3.ini
[2012/06/17 23:40:45 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r06
[2012/06/17 23:40:43 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r05
[2012/06/17 23:40:43 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r04
[2012/06/17 23:40:39 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r03
[2012/06/17 23:40:39 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r02
[2012/06/17 23:40:39 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r01
[2012/06/17 23:40:38 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r00
[2012/06/17 23:40:38 | 000,009,006 | ---- | C] () -- C:\Users\Robi\aoe-project.nfo
[2012/05/13 18:11:07 | 000,119,300 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2012/04/27 17:19:28 | 000,027,969 | ---- | C] () -- C:\Users\Robi\AppData\Roaming\UserTile.png
[2012/03/20 21:21:18 | 000,000,046 | ---- | C] () -- C:\windows\QTW.INI
[2012/02/21 10:51:49 | 000,000,190 | ---- | C] () -- C:\windows\cncscore.ini
[2012/02/17 18:30:29 | 000,286,720 | ---- | C] () -- C:\windows\vsnpstd.exe
[2012/02/17 18:30:28 | 000,053,248 | ---- | C] () -- C:\windows\System32\dsnpstd.dll
[2012/02/17 18:30:19 | 000,061,440 | ---- | C] ( ) -- C:\windows\System32\rsnpstd.dll
[2012/01/29 21:29:47 | 000,000,109 | ---- | C] () -- C:\windows\disney.ini
[2011/11/17 19:11:31 | 000,000,236 | ---- | C] () -- C:\ProgramData\{5CAFA1B7-9EEF-4cc7-B9F7-9DDB3DAA679E}
[2011/10/26 16:04:43 | 000,139,152 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2011/10/26 16:04:43 | 000,139,152 | ---- | C] () -- C:\Users\Robi\AppData\Roaming\PnkBstrK.sys
[2011/10/26 16:04:32 | 000,111,928 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe
[2011/10/26 16:04:14 | 002,793,768 | ---- | C] () -- C:\windows\System32\pbsvc.exe
[2011/10/26 16:04:14 | 000,066,872 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe
[2011/08/02 10:34:12 | 000,000,528 | R--- | C] () -- C:\Program Files\MediaID.bin
[2011/07/27 19:48:14 | 000,021,840 | ---- | C] () -- C:\windows\System32\SIntfNT.dll
[2011/07/27 19:48:14 | 000,017,212 | ---- | C] () -- C:\windows\System32\SIntf32.dll
[2011/07/27 19:48:14 | 000,012,067 | ---- | C] () -- C:\windows\System32\SIntf16.dll
[2011/07/27 19:46:30 | 000,000,228 | ---- | C] () -- C:\windows\SIERRA.INI
[2011/07/21 21:18:46 | 000,000,236 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
[2011/06/23 21:02:37 | 000,137,216 | ---- | C] () -- C:\windows\epuninstall.exe
[2011/04/24 17:21:37 | 000,000,032 | ---- | C] () -- C:\windows\Menu.INI
[2011/04/09 20:30:55 | 000,001,849 | ---- | C] () -- C:\Users\Robi\AppData\Roaming\GhostObjGAFix.xml
[2011/03/14 15:18:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/30 19:14:14 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011/01/28 23:32:28 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/08/17 20:21:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Ashampoo
[2012/11/20 22:27:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Bloson
[2012/04/30 23:09:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DAEMON Tools Lite
[2011/11/17 19:11:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Degener
[2012/11/21 18:15:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DesktopIconForAmazon
[2011/06/23 14:49:05 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\GetRightToGo
[2012/03/24 23:38:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Lazy 8 Studios
[2011/10/14 16:23:36 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Leadertech
[2012/11/20 12:31:51 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\OCS
[2012/04/16 18:56:37 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\OpenOffice.org
[2012/11/20 12:32:01 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Opera
[2012/04/07 19:19:43 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Rovio
[2012/04/24 18:48:13 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SMART Technologies
[2012/04/24 10:50:20 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SMART Technologies Inc
[2012/09/17 13:56:22 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SoftGrid Client
[2011/10/01 14:10:46 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SpringLobby
[2011/10/01 14:10:22 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\springsettings
[2011/01/30 08:27:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\supertuxkart
[2011/10/24 17:13:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Teeworlds
[2012/10/14 14:02:11 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Tonido
[2011/01/28 23:08:32 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\TP
[2011/05/02 22:00:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Visan
[2011/10/01 11:23:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Windows Live Writer
[2012/03/25 22:34:27 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Windows SideBar
 
========== Purity Check ==========
 
 

< End of report >

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.54  
 Windows 7 Service Pack 1 x86   
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
AntiVir Desktop   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Mozilla Firefox (16.0.2) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

ja danke das problem scheint schonmal weg zu sein

ryder · 23.11.2012, 21:50

YAY! Dann Avira-UPdate noch und ... dannn ...

Prima!

Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich.

Schritt 1:
Tools deinstallieren

Falls Defogger benutzt wurde: jetzt auf re-enable klicken.
Falls Combofix benutzt wurde: Windowstaste + R > Combofix /Uninstall (eingeben) > OK
Downloade Dir bitte delfix auf deinen Desktop:
- Starte Delfix und klicke auf Löschen.
- Bitte poste mir das sich jetzt öffnende Logfile: C:\DelFix[S1].txt.
- Klicke dann auf Deinstallation und dann OK.

Schritt 2:
ESET deinstallieren (Optional)

Ich empfehle dir dein System einmal pro Woche mit ESET zu scannen. Möchtest du ESET aber entfernen:
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Code:
ATTFilter
"%ProgramFiles%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"
         

Abschließend noch Tipps zu folgenden Themen:

Systemupdates

Softwareupdates

Sicherheitssoftware

Sicheres Surfen

Zitat:

Lesestoff:
Systemupdates
Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:

Bitte überprüfe, ob dein System Windows Updates automatisch herunter lädt:

Windows Updates

Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates

Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Gehe sicher das die automatischen Updates aktiviert sind.

Zitat:

Lesestoff:
Softwareupdates
Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:

Adobe Reader (Adobe - Adobe Reader herunterladen - Alle Versionen => Kein Haken bei "Ja, McAfee ...")

Flash Plugin (Adobe - Adobe Flash Player installieren => Kein Haken bei "Ja, McAfee ...")

Java (Download der kostenlosen Java-Software -> Kein Haken für die ASK-Toolbar während der Installation)

Dein Browser inklusive aller Add-Ons. Das Trojaner-Board bietet dir auch einen Browser-Check.

Auch nicht gelistete Programme sind natürlich wichtig. Ob es für diese eine neue Version gibt, kannst du auf deren Herstellerwebseite oder ganz bequem mit diesen Tools überprüfen:

Secunia Online Software

FileHippo-Update-Checker

Zitat:

Lesestoff:
Sicherheitssoftware
Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.

Wenn du deine Antivirenlösung wechseln solltest, findest du hier Tools mit denen du die Überreste nach der Deinstallation deines alten Scanners entfernen kannst.

Installiere niemals mehr als einen Virenscanner. Deren Hintergrundwächter würden sich gegenseitig behindern und dein System ausbremsen.

Ein Browserplugin, das dich vor betrügerischen Webseiten schützt, kann dir gute Dienste leisten, wenn du dich nicht gut auskennst (siehe oben).

Sorge dafür, dass deine Sicherheitslösung ständig up-to-date ist und sich automatisch Updates besorgt. Wenn du auf manuelle Updates setzt bist du meistens zu spät, da die Virendatenbanken oft täglich sogar mehrfach erneuert werden.

Einen zusätzlichen Schutz (und dieser wäre auch erlaubt) bietet ein spezieller Malwarescanner. Hier empfehle ich dir dringend Malwarebytes und einmal wöchentlich damit zu scannen. In der kostenpflichtigen Version hat es sogar einen Hintergrundwächter. Hierfür haben wir eine Anleitung für dich.

Zuletzt empfehle ich dir deine Daten regelmässig (am besten automatisch) zu sichern. Dies kann eine professionelle Backuplösung, externe Festplatten, Brennen auf DVDs oder Überspielen auf ein Online-Laufwerk wie z.B. Dropbox sein. Erzeuge so viele Kopien wie möglich und halte sie aktuell. Nur so bist du auf den schlimmsten Fall vorbereitet, wenn dein Computer - wodurch auch immer - unbrauchbar werden sollte. Leider passiert das ja immer unangekündigt und immer dann wenn man ihn am Nötigsten braucht. Also sorge vor!

Zitat:

Lesestoff:
Sicheres Surfen
Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:

Klicke nicht irgendwo hin, nur weil es bunt ist und leuchtet, in einer Ecke aufpoppt oder so aussieht, als wäre es eine Systemmeldung.

Lade dir keine illegale Software, keine Cracks, keine Keygens, keine Gametrainer usw ... die Webseiten, die so etwas anbieten, sind meist nicht seriös und die angeblichen Helfer sind meist verseuchter als du es dir ausmalen würdest. Es spielt dabei keine Rolle, ob du diese Dateien über einen Browser oder Filesharingprogramme beziehst.

Öffne keine Emailanhänge von Leuten, die du nicht kennst, Emails mit seltsamen Rechtschreibfehlern oder starte Dateien, die dir eine Webseite anbietet, ohne dass du sie wolltest.

Lasse niemand an deinem Computer surfen, der diese Regeln nicht auch befolgt.

Verlasse dich nicht darauf, dass dein Virenscanner schon alles findet. Keine Sicherheitslösung ist 100% sicher!

Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.

WOT (Web of trust) Dieses Add-On warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst. Hinweis: Avast enthält ein solches Plugin bereits.

Sandboxie schafft eine zusätzliche isolierte Programmumgebung, damit dein Browser wie ein Kleinkind im Sandkasten sicher ist. (Anleitung: Sandboxie)

Securebanking ist ein Software, die Verbindungen untersucht und dir meldet, wenn jemand "mithört". Wie der Name sagt, wurde es entwickelt, damit Onlinebanking wirklich sicher ist. Mehr Infos auf der Homepage: Secure Banking

Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.

Firefox, Opera, Chrome, ...

... mehr findest du auf Microsofts eigener Browserauswahlwebseite.

Damit wünsche ich dir noch viel Spaß beim Surfen im Internet

... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.

Kevinator941 · 23.11.2012, 22:18

Code:

ATTFilter

# AdwCleaner v6.2 - Datei am 23/11/2012 um 22:17:23 erstellt
# Aktualisiert am 11/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Robi - ROBI-HP
# Ausgeführt unter : C:\Users\Robi\Downloads\delfix.exe
# Option [Löschen]


~~~~~~ Ordner ~~~~~~

Gelöscht : C:\JRT
Gelöscht : C:\_OTL

~~~~~~ Datei(en) ~~~~~~

Gelöscht : C:\AdwCleaner[S1].txt
Gelöscht : C:\Users\Robi\Desktop\JRT.txt
Gelöscht : C:\Users\Robi\Downloads\adwcleaner.exe
Gelöscht : C:\Users\Robi\Downloads\Extras.Txt
Gelöscht : C:\Users\Robi\Downloads\JRT(1).exe
Gelöscht : C:\Users\Robi\Downloads\JRT.exe
Gelöscht : C:\Users\Robi\Downloads\OTL.Txt
Gelöscht : C:\Users\Robi\Downloads\OTL(1).exe
Gelöscht : C:\Users\Robi\Downloads\OTL(2).exe
Gelöscht : C:\Users\Robi\Downloads\OTL.exe
Gelöscht : C:\Users\Robi\Downloads\SecurityCheck(1).exe
Gelöscht : C:\Users\Robi\Downloads\SecurityCheck.exe

~~~~~~ Registrierungsdatenbank ~~~~~~

Schlüssel gelöscht : HKLM\SOFTWARE\OldTimer Tools
Schlüssel gelöscht : HKLM\SOFTWARE\AdwCleaner
Schlüssel gelöscht : HKLM\SOFTWARE\Swearware

~~~~~~ Sonstiges ~~~~~~

-> Prefetch Geleert

*************************

DelFix[S1].txt - [1199 octets] - [23/11/2012 22:17:23]

########## EOF - C:\DelFix[S1].txt - [1323 octets] ##########

Was ist defogger oder wo sehe ich das und ESET?:/

ryder · 23.11.2012, 22:31

Da steht "falls"

und ESET haben wir irgendwie übersehen

Kevinator941 · 23.11.2012, 22:32

Ich danke dir für diese nette und sehr hilfsreiche Hilfe!!

Ich werde auf jeden fall etwas spenden!
Die letzte frage die ich noch habe, ist wo ich den adobe flash player jetzt runterladen soll?
Mit freundlichem gruß Kevin!

ryder · 23.11.2012, 22:35

Der Link in meinem letzten Post müßte funktoinieren.

Schön, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

23.11.2012, 18:39	#17
ryder /// TB-Ausbilder	Internetseiten-Fehler Deswegen haben wir eine Anleitung die man lesen sollte. Liste der installierten Programme (Combofix) Bitte suche und poste mir die folgende Datei: c:\Qoobox\Add-Remove Programs.txt __________________ __________________

23.11.2012, 22:31	#25
ryder /// TB-Ausbilder	Internetseiten-Fehler Da steht "falls" und ESET haben wir irgendwie übersehen __________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM!

23.11.2012, 22:35	#27
ryder /// TB-Ausbilder	Internetseiten-Fehler Der Link in meinem letzten Post müßte funktoinieren. Schön, dass wir helfen konnten Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen __________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM!

Internetseiten-Fehler

Plagegeister aller Art und deren Bekämpfung: Internetseiten-Fehler