Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield?

Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield?


Log-Analyse und Auswertung: Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 01.05.2013, 23:18   #1
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield? - Standard

Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield?


JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.05.2013, 05:04   #2
alopolo
 
Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield? - Standard

Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield?


Zitat:
Zitat von cosinus Beitrag anzeigen
JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.
wie meinst du das mit dem beenden? deaktivieren oder?

ich habe es ausgeführt, es hat mir eine log auf dem desktop erstellt und wo ich dann neu gestartet hatte war es weg...?

Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 02/05/2013 um 06:13:52 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : alopolo - alopolo-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\alopolosmann\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\.autoreg
Datei Gelöscht : C:\Users\alopolo\AppData\Roaming\Mozilla\Firefox\Profiles\2zpm80sg.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\alopolosmann\AppData\Roaming\Mozilla\Firefox\Profiles\dgvctsjl.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\alopolosmann\AppData\Roaming\Mozilla\Firefox\Profiles\dgvctsjl.default\searchplugins\Conduit.xml
Gelöscht mit Neustart : C:\Program Files\MyScrapNook_12
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\alopolo\AppData\LocalLow\MyScrapNook_12
Ordner Gelöscht : C:\Users\alopolo\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\alopolo\AppData\Roaming\Mozilla\Firefox\Profiles\2zpm80sg.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
Ordner Gelöscht : C:\Users\alopolo\AppData\Roaming\Mozilla\Firefox\Profiles\2zpm80sg.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
Ordner Gelöscht : C:\Users\alopolo\AppData\Roaming\Mozilla\Firefox\Profiles\2zpm80sg.default\extensions\12ffxtbr@MyScrapNook_12.com
Ordner Gelöscht : C:\Users\alopolo\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\alopolosmann\AppData\Local\MyScrapNook_12
Ordner Gelöscht : C:\Users\alopolosmann\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\alopolosmann\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\alopolosmann\AppData\LocalLow\FunWebProducts
Ordner Gelöscht : C:\Users\alopolosmann\AppData\LocalLow\MyScrapNook_12
Ordner Gelöscht : C:\Users\alopolosmann\AppData\LocalLow\MyWebSearch
Ordner Gelöscht : C:\Users\alopolosmann\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\alopolosmann\AppData\Roaming\Mozilla\Firefox\Profiles\dgvctsjl.default\extensions\12ffxtbr@MyScrapNook_12.com

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\53eda8be13ce944
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\53eda8be13ce944
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKU\S-1-5-21-2100976069-891764606-4081223034-1001\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Schlüssel Gelöscht : HKU\S-1-5-21-2100976069-891764606-4081223034-1001\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v3.6.8 (de)

Datei : C:\Users\alopolo\AppData\Roaming\Mozilla\Firefox\Profiles\2zpm80sg.default\prefs.js

Gelöscht : user_pref("extensions.enabledAddons", "autopager@mozilla.org:0.6.1.32,m3ffxtbr@mywebsearch.com:1.2,{[...]

Datei : C:\Users\alopolosmann\AppData\Roaming\Mozilla\Firefox\Profiles\dgvctsjl.default\prefs.js

Gelöscht : user_pref("browser.search.defaultthis.engineName", "WiseConvert Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&Sea[...]
Gelöscht : user_pref("browser.search.selectedEngine", "WiseConvert Customized Web Search");
Gelöscht : user_pref("extensions.toolbar.mindspark._12Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]

*************************

AdwCleaner[S1].txt - [5538 octets] - [02/05/2013 06:13:52]

########## EOF - \AdwCleaner[S1].txt - [5598 octets] ##########
so das otl dann noch;
Code:
ATTFilter
OTL logfile created on: 02.05.2013 06:25:44 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\alopolosmann\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 64,92% Memory free
6,22 Gb Paging File | 5,16 Gb Available in Paging File | 82,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,63 Gb Total Space | 24,70 Gb Free Space | 16,08% Space Free | Partition Type: NTFS
Drive D: | 303,34 Gb Total Space | 266,44 Gb Free Space | 87,83% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 907,93 Gb Free Space | 97,47% Space Free | Partition Type: NTFS
 
Computer Name: alopolo-PC | User Name: alopolo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\alopolosmann\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\alopolosmann\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
PRC - C:\Programme\MyScrapNook_12\bar\1.bin\12barsvc.exe (COMPANYVERS_NAME)
PRC - C:\Programme\MyScrapNook_12\bar\1.bin\12brmon.exe (VER_COMPANY_NAME)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - D:\Tobit ClipInc\Server\ClipInc-Server.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - D:\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software)
PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Programme\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe (Fujitsu Siemens Computers GmbH)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Ulead Systems\Ulead Photo Express 6\CalCheck.exe (Ulead Systems, Inc.)
PRC - C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe (Ulead Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\alopolosmann\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll ()
MOD - C:\Users\alopolosmann\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll ()
MOD - C:\Users\alopolosmann\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - D:\Tobit ClipInc\Player\ClipInc$.ger ()
MOD - D:\Tobit ClipInc\Player\tobitclt.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 6\uviplA6.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 6\uvipl.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 6\Cpuinf32.dll ()
MOD - C:\Programme\Common Files\Ulead Systems\AutoDetector\DetMethod.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\U32MISC.DLL ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\u32Spy.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (MyScrapNook_12Service) -- C:\Programme\MyScrapNook_12\bar\1.bin\12barsvc.exe (COMPANYVERS_NAME)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ClipInc001) -- D:\Tobit ClipInc\Server\ClipInc-Server.exe ()
SRV - (TestHandler) -- C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\alopolo\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
IE - HKLM\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&lang=ru
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\..\URLSearchHook: {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Programme\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\..\SearchScopes\{D87887CC-08DA-431B-919B-2E509C9CC189}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&lang=ru
IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = https://asp.stotax.com/
IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\..\URLSearchHook: {83821C2B-32A8-4DD7-B6D4-44309A78E668} - No CLSID value found
IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\..\URLSearchHook: {b3b5c47e-61f7-4d81-af06-461fc86686ce} - No CLSID value found
IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\..\SearchScopes,bProtectorDefaultScope = {E88E0043-C9D4-4e33-8555-FEE4F5B63060}
IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\..\SearchScopes,BrowserMngrDefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&lang=ru
IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8555
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.1.32
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.1
FF - prefs.js..browser.startup.homepage: 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MyScrapNook_12.com/Plugin: C:\Program Files\MyScrapNook_12\bar\1.bin\NP12Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.19 13:52:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.19 13:52:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\12ffxtbr@MyScrapNook_12.com: C:\Program Files\MyScrapNook_12\bar\1.bin [2013.05.02 06:13:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.20 23:34:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.20 23:34:18 | 000,000,000 | ---D | M]
 
[2009.01.21 20:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alopolo\AppData\Roaming\mozilla\Extensions
[2013.05.02 06:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alopolo\AppData\Roaming\mozilla\Firefox\Profiles\2zpm80sg.default\extensions
[2010.12.21 07:25:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\alopolo\AppData\Roaming\mozilla\Firefox\Profiles\2zpm80sg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.21 07:24:10 | 000,000,000 | ---D | M] ("AutoPager") -- C:\Users\alopolo\AppData\Roaming\mozilla\Firefox\Profiles\2zpm80sg.default\extensions\autopager@mozilla.org
[2011.03.19 07:47:46 | 000,000,000 | ---D | M] (Mein Gutscheincode Finder) -- C:\Users\alopolo\AppData\Roaming\mozilla\Firefox\Profiles\2zpm80sg.default\extensions\finder@meingutscheincode.de
[2009.01.21 20:10:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.20 12:09:01 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.12.20 12:09:01 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.12.20 12:09:01 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.12 12:46:08 | 000,001,278 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.12.20 12:09:01 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.05.01 23:38:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (MailRuBHO Class) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Programme\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ñïóòíèê@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Programme\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found.
O3 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\..\Toolbar\WebBrowser: (Ñïóòíèê@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Programme\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O3 - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\..\Toolbar\WebBrowser: (Ñïóòíèê@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Programme\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EnergySettings] C:\Programme\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe (Fujitsu Siemens Computers GmbH)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [My Scrap Nook Search Scope Monitor] C:\Programme\MyScrapNook_12\bar\1.bin\12SrchMn.exe (MindSpark)
O4 - HKLM..\Run: [MyScrapNook_12 Browser Plugin Loader] C:\Programme\MyScrapNook_12\bar\1.bin\12brmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PE2CKFNT SE] C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Ulead Calendar Checker] C:\Programme\Ulead Systems\Ulead Photo Express 6\CalCheck.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000..\Run: [ClipIncSrvTray] D:\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software)
O4 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2100976069-891764606-4081223034-1001..\Run: [ClipIncSrvTray] D:\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software)
O4 - HKU\S-1-5-21-2100976069-891764606-4081223034-1001..\Run: [Facebook Update] C:\Users\alopolosmann\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2100976069-891764606-4081223034-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000..\RunOnce: [DeleteOnReboot] C:\Windows\DeleteOnReboot.bat ()
O4 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000..\RunOnce: [Report] \AdwCleaner[S1].txt ()
O4 - Startup: C:\Users\alopolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Medien-Prüfung.lnk = C:\Programme\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Users\alopolosmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Ïîèñê@Mail.Ru - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Ñëîâàðè@Mail.Ru - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6C9CDA8-C6B7-477D-9E42-8375C52BB421}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\alopolo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\alopolo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.02 05:51:17 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.02 05:51:11 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.01 23:39:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.01 23:39:44 | 000,000,000 | ---D | C] -- C:\Users\alopolo\AppData\Local\temp
[2013.05.01 23:39:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.01 23:29:32 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.05.01 23:19:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.01 23:19:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.01 23:19:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.01 23:19:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.01 23:19:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.28 20:16:44 | 000,000,000 | ---D | C] -- C:\Users\alopolo\AppData\Roaming\Malwarebytes
[2013.04.28 20:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.28 20:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.28 20:16:25 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.04.28 20:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.04.18 14:43:11 | 000,000,000 | ---D | C] -- C:\Users\alopolo\Local Settings
[2013.04.18 14:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDStyler
[2013.04.18 14:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\DVDStyler
[2013.04.17 14:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.04.17 14:29:02 | 000,000,000 | ---D | C] -- C:\Users\alopolo\AppData\Roaming\DVDVideoSoft
[2013.04.17 14:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013.04.17 14:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2013.04.17 14:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.04.17 14:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.04.12 10:45:02 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.12 10:45:01 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.12 10:45:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.12 10:45:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.12 10:45:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.12 10:45:00 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.12 10:45:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.12 10:44:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.12 06:47:51 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.12 06:47:51 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.12 06:47:51 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.12 06:47:48 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.04.12 06:47:47 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.02 06:23:47 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.02 06:23:47 | 000,596,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.02 06:23:47 | 000,126,486 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.02 06:23:47 | 000,104,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.02 06:16:50 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_alopolo.job
[2013.05.02 06:16:38 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.02 06:16:38 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.02 06:16:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.02 06:16:29 | 3220,312,064 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.02 06:14:16 | 000,000,099 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.05.02 06:11:18 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.02 01:01:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2100976069-891764606-4081223034-1001UA.job
[2013.05.01 23:38:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.30 22:01:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2100976069-891764606-4081223034-1001Core.job
[2013.04.30 05:31:27 | 435,551,619 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.29 11:38:59 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_alopolo.job
[2013.04.29 11:27:16 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_alopolo.job
[2013.04.28 23:51:56 | 000,001,101 | ---- | M] () -- C:\Users\alopolo\Desktop\Free YouTube Download.lnk
[2013.04.28 20:16:26 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.26 11:23:00 | 000,000,000 | ---- | M] () -- C:\Users\alopolo\defogger_reenable
[2013.04.18 23:46:38 | 000,001,038 | ---- | M] () -- C:\Users\alopolo\Desktop\DVDVideoSoft Free Studio.lnk
[2013.04.18 23:46:37 | 000,002,058 | ---- | M] () -- C:\Users\alopolo\Desktop\Free MP4 Video Converter.lnk
[2013.04.18 14:42:47 | 000,000,908 | ---- | M] () -- C:\Users\alopolo\Desktop\DVDStyler.lnk
[2013.04.18 12:15:22 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2013.04.18 09:03:39 | 000,001,197 | ---- | M] () -- C:\Users\alopolo\Desktop\Free YouTube to DVD Converter.lnk
[2013.04.18 09:03:39 | 000,001,106 | ---- | M] () -- C:\Users\alopolo\Desktop\Free DVD Video Burner.lnk
[2013.04.12 12:49:06 | 000,789,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2013.05.02 06:13:59 | 000,000,099 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.05.01 23:19:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.01 23:19:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.01 23:19:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.01 23:19:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.01 23:19:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.30 05:31:27 | 435,551,619 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.04.28 20:16:26 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.26 11:23:00 | 000,000,000 | ---- | C] () -- C:\Users\alopolo\defogger_reenable
[2013.04.18 23:46:37 | 000,002,058 | ---- | C] () -- C:\Users\alopolo\Desktop\Free MP4 Video Converter.lnk
[2013.04.18 14:42:47 | 000,000,908 | ---- | C] () -- C:\Users\alopolo\Desktop\DVDStyler.lnk
[2013.04.18 09:03:39 | 000,001,197 | ---- | C] () -- C:\Users\alopolo\Desktop\Free YouTube to DVD Converter.lnk
[2013.04.18 09:01:08 | 000,001,106 | ---- | C] () -- C:\Users\alopolo\Desktop\Free DVD Video Burner.lnk
[2013.04.17 14:29:12 | 000,001,038 | ---- | C] () -- C:\Users\alopolo\Desktop\DVDVideoSoft Free Studio.lnk
[2013.04.17 14:29:11 | 000,001,101 | ---- | C] () -- C:\Users\alopolo\Desktop\Free YouTube Download.lnk
[2012.08.20 14:36:16 | 000,001,235 | ---- | C] () -- C:\Users\alopolo\AppData\Local\recently-used.xbel
[2009.11.15 21:18:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.03.08 15:36:56 | 000,000,680 | RHS- | C] () -- C:\Users\alopolo\ntuser.pol
[2009.03.07 11:50:23 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.01.25 12:48:22 | 000,000,680 | ---- | C] () -- C:\Users\alopolo\AppData\Local\d3d9caps.dat
[2008.12.21 20:02:48 | 000,012,800 | ---- | C] () -- C:\Users\alopolo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Files - Unicode (All) ==========
[2009.01.09 20:46:16 | 000,000,000 | ---D | M](C:\Users\alopolo\Documents\????? Mail.Ru ??????) -- C:\Users\alopolo\Documents\Файлы Mail.Ru Агента
[2009.01.09 20:46:16 | 000,000,000 | ---D | C](C:\Users\alopolo\Documents\????? Mail.Ru ??????) -- C:\Users\alopolo\Documents\Файлы Mail.Ru Агента

< End of report >
Code:
ATTFilter
OTL Extras logfile created on: 02.05.2013 06:25:44 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\alopolosmann\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 64,92% Memory free
6,22 Gb Paging File | 5,16 Gb Available in Paging File | 82,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,63 Gb Total Space | 24,70 Gb Free Space | 16,08% Space Free | Partition Type: NTFS
Drive D: | 303,34 Gb Total Space | 266,44 Gb Free Space | 87,83% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 907,93 Gb Free Space | 97,47% Space Free | Partition Type: NTFS
 
Computer Name: alopolo-PC | User Name: alopolo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2100976069-891764606-4081223034-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-2100976069-891764606-4081223034-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Users\alopolosmann\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Müller Foto\Müller Foto\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Müller Foto] -- "C:\Program Files\Müller Foto\Müller Foto\Müller Foto.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{079FC0CC-D153-4A89-87EE-EDCAFBA3D83D}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) | 
"{17436347-8224-4707-B059-310136E7CF38}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) | 
"{27FC8AFA-F492-460B-9781-73B2363B6261}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5C2FDDCC-FCDE-4BB8-8844-E376CB7AE995}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5D7E5C46-EA15-4A58-A062-6F4ECF063674}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6A7CF2F9-B80E-41CD-BDEE-E52CE2E3FBA1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{72E4368C-3747-4A55-BCE5-6AB1597D555C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{769F8914-96BC-422B-98C3-338921C1A5AC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8783D96B-13D1-47BF-BA1E-60A5CD04C82C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B4118985-07A7-4723-93E5-67AC3CC5E7F4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B8C64A64-088D-441C-87C2-1FD2527A1548}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{BCF745C0-1C29-45AC-82D4-F4B6A15BE17E}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server | 
"{C61921E5-4E3C-4B71-9BFC-8858AEE47D19}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C83273F6-10DA-4A32-AB4A-0E2931E3D348}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D7D85808-E747-4F87-81D3-14E28DC69C45}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E304ED96-7E9F-41C6-BD44-F02FCE65053F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E6CCD5A7-2F25-4742-A7B8-4CC2E8E9394A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{FE048DDD-2726-41D4-80B1-4B292F4F4ECD}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14F651D9-AAA3-4874-A74B-999E523F0671}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{2E4DC274-68B5-4703-AB89-D8A2740E69FB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{325E52A9-72F2-45B3-97F3-2375704A0BF7}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{52733A88-A04B-4B21-AD91-6DFD04FFD29F}" = protocol=17 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | 
"{8146763B-4E0D-4ADE-9FAC-EA3D4C7A62F9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{83D68802-329C-4E83-A223-D7A5E3306D89}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8DC3C739-0B3C-4EE4-8100-F07A8F58FC51}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{9868F1CF-0712-4F4D-8D6E-5FBDBBDA7DB8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9CD49C33-6C55-4F3A-A539-DAA9D9D21507}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{A7FFE30C-7E9A-4E39-BBE8-59AAAEC7AF96}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A9EB14C7-7E68-4EF9-A51F-7A48E9117097}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AC1930B7-4747-4602-8322-0F10DA745ED1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AE0001D3-221A-4852-BC78-EBA774B2071E}" = protocol=6 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | 
"{D21B1B05-C88D-4738-A7D3-99852993EC0B}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{E1F01EB4-6B5C-41F9-BC75-99D21909F65F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E4C2BADF-ECAE-4298-9619-E9B6BCDD8CEB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{630F4783-5DE1-4318-A04A-A8B52C8796FD}C:\users\alopolosmann\appdata\roaming\mail.ru\agent\magent.exe" = protocol=6 | dir=in | app=c:\users\alopolosmann\appdata\roaming\mail.ru\agent\magent.exe | 
"TCP Query User{F6A58D04-65DA-44DC-A2E1-04C024C73048}C:\program files\mail.ru\agent\magent.exe" = protocol=6 | dir=in | app=c:\program files\mail.ru\agent\magent.exe | 
"UDP Query User{E3A03FAA-814E-4E82-AA71-6A19B27B04A6}C:\program files\mail.ru\agent\magent.exe" = protocol=17 | dir=in | app=c:\program files\mail.ru\agent\magent.exe | 
"UDP Query User{E55D5BD9-EA44-4E94-ADA4-BDC97E20236F}C:\users\alopolosmann\appdata\roaming\mail.ru\agent\magent.exe" = protocol=17 | dir=in | app=c:\users\alopolosmann\appdata\roaming\mail.ru\agent\magent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D9DD45B-E79A-4F04-898E-B2C3769AB729}" = Serif DrawPlus X2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C4D233-4F03-4A5D-8EFE-C651D221146D}" = Serif Digital Scrapbook Artist
"{760B29F2-8663-419B-A025-5A55066E130B}" = Ulead Photo Express 6

"{7613592F-B20C-4E1B-B2DD-67F0784D4373}" = Energy Settings
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{9605D5C2-F545-40F2-B39A-0462E4CD3811}" = Windows Vista Demo Screen Saver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B00B1355-DD54-4314-90B1-161C6A7D3FD3}" = Serif PagePlus X2
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B6E9A977-C2C7-4CA0-0001-98605B7C7D3E}" = MyTube Recorder
"{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload-Software
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5A716E5-6E7E-40F8-BB46-6FAEF98FB6FC}" = SystemDiagnostics
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.136
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA200000-0001-0000-0000-074957833700}" = ABBYY PDF Transformer 2.0
"{FC935397-C56E-4EE3-B9BC-1F7F3EA6CE41}" = Serif PhotoPlus X2
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DVDStyler_is1" = DVDStyler v2.4.3
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free DVD Video Burner_is1" = Free DVD Video Burner version 3.2.6.320
"Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.23.320
"Free YouTube Download_is1" = Free YouTube Download version 3.2.2.422
"Freemake Audio Converter_is1" = Freemake Audio Converter Version 1.1.0
"GIMP-2_is1" = GIMP 2.8.0
"Google Desktop" = Google Desktop
"ifolor-OrderClient21" = ifolor Designer
"Inkscape" = Inkscape 0.48.3.1
"MAGIX Foto Manager 2008 D" = MAGIX Foto Manager 2008 5.0.3.351 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX FunPix Maker D" = MAGIX FunPix Maker 1.0.0.0 (D)
"MAGIX Media Suite D" = MAGIX Media Suite 1.12.0.89 (D)
"MAGIX Music Manager 2007 D" = MAGIX Music Manager 2007 8.2.0.76 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX Ringtone Maker SE D" = MAGIX Ringtone Maker SE 3.1.0.4 (D)
"MailRuSputnik" = Mail.Ru Спутник 2.0.1.54
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MS-Buchhalter Start" = MS-Buchhalter Start 3.0
"Müller Foto" = Müller Foto
"MuseScore" = MuseScore 1.2 MuseScore score typesetter
"MyScrapNook_12bar Uninstall" = My Scrap Nook Toolbar
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Sweet Home 3D_is1" = Sweet Home 3D version 3.1
"Tobit ClipInc Server" = Tobit.Software clipinc.fx
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2100976069-891764606-4081223034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2100976069-891764606-4081223034-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MRA" = Mail.Ru Агент 5.5 (сборка 2842, для текущего пользователя)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.05.2013 00:10:51 | Computer Name = alopolo-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.05.2013 00:18:13 | Computer Name = alopolo-PC | Source = WinMgmt | ID = 10
Description = 
 
 
< End of report >
__________________
Antwort

Themen zu Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield?
andere, anderen, anhänge, ccleaner, deinstallation, deinstalliert, einzige, ergebnis, gen, herstellen, hoffe, hotspot, hotspot shield, interne, internetverbindung, internetverbindungsabriß, keine updates, laufen, malware, nicht mehr, probleme, profi, rojaner gefunden, shield, tiere, troja, trojaner, verbindung, viren, weiterhelfen, wieder herstellen


« Steinigt mich! Ich habe ihn zu den Ausnahmen hinzugefügt! | Malware-Coupon-Werbung »


Ähnliche Themen: Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield?


  1. Installation, Deinstallation, Task-Manager starten, Viren-Scan uvm. plötzlich nicht mehr möglich! WIN10
    Plagegeister aller Art und deren Bekämpfung - 05.11.2015 (27)
  2. Win 8 Office reagiert nicht mehr, reparatur mit systemsteuerung nicht möglich oder deinstallation wird abgebrochen
    Log-Analyse und Auswertung - 11.09.2015 (9)
  3. Windows 10 Update nicht mehr möglich
    Alles rund um Windows - 28.08.2015 (11)
  4. Hotspot Shield und File Shredder lassen sich nicht deinstallieren, kein WLAN mehr, PC langsam
    Log-Analyse und Auswertung - 08.06.2015 (24)
  5. Nach Avira Update keine Internetverbindung mehr möglich
    Antiviren-, Firewall- und andere Schutzprogramme - 14.08.2014 (2)
  6. AntiVirus läuft nicht mehr nach Trojaner-Befall
    Log-Analyse und Auswertung - 30.07.2014 (7)
  7. Nach Installtion v.Hotspot-Shield IP Probleme
    Netzwerk und Hardware - 10.06.2014 (9)
  8. Werde Hotspot shield extension 3.23 ADD-ON nicht wieder los
    Plagegeister aller Art und deren Bekämpfung - 02.02.2014 (5)
  9. Microsoft Office 2010 - Programme funktionieren nicht mehr - Deinstallation nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 02.11.2013 (20)
  10. Kaspersky kann nach Installation von Hotspot Shield keine Updates mehr downloaden!
    Plagegeister aller Art und deren Bekämpfung - 18.08.2013 (8)
  11. Laptop bootet nach Trojaner Meldung (Avira) nicht mehr, Start von Win XP CD nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 12.11.2012 (1)
  12. Explorer.exe funktioniert nach der Deinstallation von Mcafee nicht mehr
    Antiviren-, Firewall- und andere Schutzprogramme - 28.10.2012 (2)
  13. Antivir und Windows Defender updates nicht mehr möglich nach Trojaner
    Log-Analyse und Auswertung - 31.01.2009 (0)
  14. Windows XP und Avira Update nicht mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 05.01.2009 (1)
  15. Microsoft Update nicht mehr möglich!
    Log-Analyse und Auswertung - 05.01.2009 (1)
  16. Nach Trojaner-Beseitgung kein WinXP-Update mehr möglich!
    Alles rund um Windows - 31.10.2008 (4)
  17. Java funktioniert nicht, deinstallation nicht mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 04.09.2008 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield? - JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden. Bitte lade Junkware Removal Tool auf Deinen Desktop Starte das Tool mit Doppelklick. Ab Windows Vista - Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield?...
Archiv
Du betrachtest: Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58