Google suche liefert Ask.com Ergebnis

t'john · 24.02.2013, 10:53

Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

JAVA Plug-In deaktivieren

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck

Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Uninstall.
Bestätige mit Ja.

Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html

Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.

Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?

andi2107 · 24.02.2013, 11:39

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.
Chrome 24.0.1312.57 ist aktuell
Flash (11,6,602,167) ist aktuell.
Java ist nicht Installiert oder nicht aktiviert.
Adobe Reader ist nicht installiert oder aktiviert.

aktuell, liefert er mir aber immer noch diese nervige ask-suche. Habe ich irgendwas übersehen?

Andi

upps, war ich zu voreilig. führe noch die anderen Sachen (OTL,...) aus

t'john · 24.02.2013, 11:51

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Wähle Scanne Alle Benuzer
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
Unter Extra Registrierung, wähle bitte Benutze SafeList
Klicke nun auf Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

andi2107 · 24.02.2013, 12:55

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 2/24/2013 11:59:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\andi\unwichtigeOrdner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.75 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 60.04% Memory free
7.49 Gb Paging File | 5.36 Gb Available in Paging File | 71.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 131.75 Gb Total Space | 72.24 Gb Free Space | 54.83% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.64% Space Free | Partition Type: FAT32
 
Computer Name: ANDI-HP | User Name: andi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\andi\unwichtigeOrdner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe (Uniblue Systems Ltd)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e963e9f51746f8e23837be7760e187c6\System.Windows.Forms.ni.dll ()
MOD - C:\Users\andi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll ()
MOD - C:\Users\andi\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\andi\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll ()
MOD - C:\Users\andi\AppData\Local\Google\Chrome\Application\24.0.1312.57\libglesv2.dll ()
MOD - C:\Users\andi\AppData\Local\Google\Chrome\Application\24.0.1312.57\libegl.dll ()
MOD - C:\Users\andi\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\7a33af3fa6a140afb8ab0d9190ab2c9d\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (hpHotkeyMonitor) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839}
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = 
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\..\SearchScopes,Backup.Old.DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839}
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\..\SearchScopes\{507E76F3-1DE3-4614-887F-0B1011E4770C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=83F153E2-2CFA-4541-8E00-94EA57D11930&apn_sauid=DF93FE97-3DC2-4D7D-9E36-4B5CD607CAFA
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..backup.old.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.3.4
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0.0.479
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\andi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\andi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\andi\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\andi\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2012/09/03 09:39:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/09 12:05:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/15 16:26:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/09 12:05:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/15 16:26:25 | 000,000,000 | ---D | M]
 
[2011/02/21 19:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\Extensions
[2013/02/16 15:29:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\1c3dr9as.default\extensions
[2012/11/22 21:01:08 | 000,559,819 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\1c3dr9as.default\extensions\toolbar@web.de.xpi
[2012/05/13 13:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/07/09 12:05:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/21 02:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/04/21 02:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/21 02:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/04/21 02:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/04/21 02:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/04/21 02:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=83F153E2-2CFA-4541-8E00-94EA57D11930&apn_ptnrs=U3&apn_sauid=DF93FE97-3DC2-4D7D-9E36-4B5CD607CAFA&apn_dtid=OSJ000YYDE&q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\andi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\andi\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\andi\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\andi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\andi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U15 (Disabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Disabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
 
O1 HOSTS File: ([2012/06/21 20:41:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001..\Run: [SpeedUpMyPC] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Ltd)
O4 - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{120C5D6C-4D58-4917-AFEF-107FAA5BD464}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E00C872-5886-46BE-81DB-FEDECAADDD36}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{968FE46D-B07F-4DE7-9C44-13CFA26F553A}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B20EDAB1-112B-43CE-81C0-CEC8C015A170}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/24 11:57:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\andi\unwichtigeOrdner\Desktop\OTL.exe
[2013/02/23 20:52:35 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/02/23 20:52:26 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013/02/23 20:52:26 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013/02/23 20:52:26 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/02/23 20:52:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/02/16 20:42:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise
[2013/02/15 17:27:00 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/02/15 17:27:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/02/15 17:26:58 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/02/15 17:26:58 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/02/15 17:26:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/02/15 17:26:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/02/15 17:26:58 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/02/15 17:26:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/02/15 17:26:57 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/02/15 17:26:57 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/02/15 17:26:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/02/15 17:26:57 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/02/15 17:26:55 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/02/15 17:26:55 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/02/15 17:26:55 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/02/15 16:57:14 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
[2013/02/15 16:56:59 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/02/15 16:56:57 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/02/15 16:56:57 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/02/15 16:56:43 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013/02/15 16:56:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/02/15 16:56:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/02/15 16:56:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/02/15 16:56:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/02/15 16:56:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/02/15 16:26:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/02/15 16:26:25 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2013/01/25 21:08:08 | 000,941,568 | ---- | C] (Amazon Services LLC) -- C:\Users\andi\unwichtigeOrdner\Desktop\QuickSteuer_Deluxe_2013_für_Steuerjahr_2012_Downloader.exe
[2013/01/25 20:53:57 | 000,000,000 | ---D | C] -- C:\Users\andi\unwichtigeOrdner\Desktop\QuickSteuer Deluxe 2013 (für Steuerjahr 2012)
[2013/01/25 20:53:57 | 000,000,000 | ---D | C] -- C:\Users\andi\unwichtigeOrdner\Documents\Amazon Downloader Logs
[2011/11/14 20:37:25 | 006,638,560 | ---- | C] (Microsoft Corporation) -- C:\Users\andi\MsJav86i.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/24 12:02:49 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/24 12:02:49 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/24 12:00:19 | 001,629,964 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/02/24 12:00:19 | 000,702,888 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013/02/24 12:00:19 | 000,657,470 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/02/24 12:00:19 | 000,151,592 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013/02/24 12:00:19 | 000,123,946 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/02/24 11:57:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andi\unwichtigeOrdner\Desktop\OTL.exe
[2013/02/24 11:55:25 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/24 11:55:21 | 000,000,334 | ---- | M] () -- C:\windows\tasks\SpeedUpMyPC.job
[2013/02/24 11:54:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/02/24 11:54:43 | 4022,927,360 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/24 11:41:02 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/24 11:36:00 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3509303512-1638139293-2482028298-1001UA.job
[2013/02/23 23:17:46 | 001,607,730 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/02/23 20:52:19 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/02/23 20:52:18 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2013/02/23 20:52:18 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2013/02/23 20:52:18 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/02/23 20:52:18 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013/02/23 20:52:18 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013/02/22 23:02:08 | 000,881,935 | ---- | M] () -- C:\Users\andi\unwichtigeOrdner\Desktop\SecurityCheck.exe
[2013/02/22 22:41:52 | 000,165,376 | ---- | M] () -- C:\Users\andi\unwichtigeOrdner\Desktop\SystemLook_x64 (1).exe
[2013/02/22 22:38:38 | 000,001,064 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3509303512-1638139293-2482028298-1001Core.job
[2013/02/15 19:56:20 | 000,276,472 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/25 21:09:17 | 000,941,568 | ---- | M] (Amazon Services LLC) -- C:\Users\andi\unwichtigeOrdner\Desktop\QuickSteuer_Deluxe_2013_für_Steuerjahr_2012_Downloader.exe
 
========== Files Created - No Company Name ==========
 
[2013/02/22 23:02:49 | 000,881,935 | ---- | C] () -- C:\Users\andi\unwichtigeOrdner\Desktop\SecurityCheck.exe
[2013/02/22 22:45:09 | 000,165,376 | ---- | C] () -- C:\Users\andi\unwichtigeOrdner\Desktop\SystemLook_x64 (1).exe
[2012/11/19 11:45:15 | 000,000,936 | -H-- | C] () -- C:\Users\andi\.gitk
[2012/11/05 12:56:17 | 000,000,030 | ---- | C] () -- C:\Users\andi\.gitconfig
[2012/09/26 19:57:16 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2012/09/26 19:57:14 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2012/09/26 19:57:14 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2012/09/26 19:57:14 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2012/09/26 19:57:14 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2012/07/03 19:12:35 | 000,307,200 | ---- | C] () -- C:\Users\andi\jaudioMp3Win.tar
[2012/05/28 19:50:53 | 000,000,000 | ---- | C] () -- C:\Users\andi\defogger_reenable
[2012/03/14 21:33:42 | 000,147,227 | ---- | C] () -- C:\Users\andi\QuickSteuer_Deluxe_2012_Dasi.zip
[2011/11/14 20:37:59 | 000,006,550 | ---- | C] () -- C:\windows\jautoexp.dat
[2011/06/07 12:45:51 | 000,951,944 | ---- | C] () -- C:\Users\andi\Trainingstipps_fuer_den_Start_beim_Nehlsen-Triathlon_2011.pdf
[2011/03/29 19:43:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

< End of report >

--- --- ---
[code/]

t'john · 25.02.2013, 12:57

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL

IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\..\SearchScopes\{507E76F3-1DE3-4614-887F-0B1011E4770C}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=83F153E2-2CFA-4541-8E00-94EA57D11930&apn_sauid=DF93FE97-3DC2-4D7D-9E36-4B5CD607CAFA 
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\..\SearchScopes,Backup.Old.DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839} 
CHR - default_search_provider: search_url = http://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=83F153E2-2CFA-4541-8E00-94EA57D11930&apn_ptnrs=U3&apn_sauid=DF93FE97-3DC2-4D7D-9E36-4B5CD607CAFA&apn_dtid=OSJ000YYDE&q={searchTerms} 
CHR - default_search_provider: suggest_url = http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms} 
[2012/09/26 19:57:16 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe 

:Files 
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\andi\*.tmp
C:\Users\andi\AppData\*.dll
C:\Users\andi\AppData\*.exe
C:\Users\andi\AppData\Local\Temp\*.exe
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

dann:

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

andi2107 · 25.02.2013, 22:48

hier zunächst das erste log

[code]
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3509303512-1638139293-2482028298-1001\Software\Microsoft\Internet Explorer\SearchScopes\{507E76F3-1DE3-4614-887F-0B1011E4770C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{507E76F3-1DE3-4614-887F-0B1011E4770C}\ not found.
HKEY_USERS\S-1-5-21-3509303512-1638139293-2482028298-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-3509303512-1638139293-2482028298-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
C:\Windows\MusiccityDownload.exe moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\andi\*.tmp not found.
File\Folder C:\Users\andi\AppData\*.dll not found.
File\Folder C:\Users\andi\AppData\*.exe not found.
File\Folder C:\Users\andi\AppData\Local\Temp\*.exe not found.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\andi\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\andi\unwichtigeOrdner\Desktop\cmd.bat deleted successfully.
C:\Users\andi\unwichtigeOrdner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: andi
->Temp folder emptied: 33661717 bytes
->Temporary Internet Files folder emptied: 4151290 bytes
->FireFox cache emptied: 73532104 bytes
->Google Chrome cache emptied: 355449115 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 894107904 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 544160 bytes

Total Files Cleaned = 1,298.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 02252013_224220

Files\Folders moved on Reboot...
C:\Users\andi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
[code/]

und hier ist das zweite

[code]
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 7 Home Premium x64
Ran by andi on 25.02.2013 at 22:53:45,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\windows\currentversion\run\\speedupmypc

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted the following from C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\1c3dr9as.default\prefs.js

user_pref("extensions.crossrider.bic", "1376b6a7e820481b0f6af3c2b4ce7af3");
Emptied folder: C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\1c3dr9as.default\minidumps [3 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.02.2013 at 23:04:40,70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[code/]

t'john · 26.02.2013, 12:50

Zitat:

Use Chrome's Settings page to remove the default_search_provider items.

Bitte die Sucheinstellun in Chrome direkt aendern.

Gibt es noch Probleme mit dem Rechner?

andi2107 · 26.02.2013, 22:49

Hallo,

hab eingestellt und es funzt. Ansonsten scheint auch alles wieder ok.

Vielen Dank für Deine Mühen und für deine Geduld.

Andi

t'john · 27.02.2013, 12:13

Tools entfernen: http://www.trojaner-board.de/131196-...ml#post1017895

wuensche eine virenfreie Zeit

27.02.2013, 12:13	#24
t'john /// Helfer-Team	Google suche liefert Ask.com Ergebnis Tools entfernen: http://www.trojaner-board.de/131196-...ml#post1017895 wuensche eine virenfreie Zeit __________________ Mfg, t'john Das TB unterstützen

Google suche liefert Ask.com Ergebnis

Plagegeister aller Art und deren Bekämpfung: Google suche liefert Ask.com Ergebnis