Iminent wurde automatisch heruntergeladen und installiert - Wie kann ich es wieder deinstallieren?

markusg · 15.06.2013, 18:42

acrobat reader instaliert? welche fehlermeldun ggibts?

nightflight · 15.06.2013, 20:40

Oh mann wie peinlich

Habe den Adobe Flash Player und nicht den Adobe Reader installiert.

Funktioniert jetzt natürlich wieder.

Bin ich jetzt wieder soweit sauber oder gibts noch weitere Schritte die ich jetzt noch machen muss?

Vielen Dank für die Hilfe bis hier her auf jeden Fall schon mal.
Super Forum, super schnelle und kompetente Hilfe!!

Grüße nightflight

markusg · 17.06.2013, 12:42

Hi frisches otl log bitte.

nightflight · 19.06.2013, 21:37

hier der log von otl:

AcroRd32kAcroRd32k
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.11.9
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPlgn\ [2013/06/15 12:44:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\coFFPlgn_2011_7_13_2 [2013/06/15 12:44:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/15 21:33:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/15 21:33:30 | 000,000,000 | ---D | M]

[2010/08/10 23:27:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nightflight\AppData\Roaming\mozilla\Extensions
[2013/06/14 21:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nightflight\AppData\Roaming\mozilla\Firefox\Profiles\ewgkopok.default\extensions
[2012/12/12 19:25:40 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\nightflight\AppData\Roaming\mozilla\firefox\profiles\ewgkopok.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013/06/02 20:13:05 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\nightflight\AppData\Roaming\mozilla\firefox\profiles\ewgkopok.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/24 19:40:57 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\nightflight\AppData\Roaming\mozilla\firefox\profiles\ewgkopok.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2010/12/31 08:12:59 | 000,001,218 | ---- | M] () -- C:\Users\nightflight\AppData\Roaming\mozilla\firefox\profiles\ewgkopok.default\searchplugins\kikin-search.xml
[2013/05/24 20:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions
[2013/05/24 20:39:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/06/12 20:17:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Realtime Audio Engine] C:\windows\System32\mmrtkrnl.exe (AlcaTech)
O4 - HKCU..\Run: [Intermediate] C:\Users\nightflight\AppData\Roaming\Intermediate\Intermediate.exe ()
O4 - HKCU..\Run: [Personal ID] C:\PROGRA~1\COOLSP~1\PERSON~1\PID.EXE (coolspot AG, Düsseldorf)
O4 - HKCU..\Run: [SCheck] C:\Users\nightflight\AppData\Roaming\SCheck\SCheck.exe ()
O4 - HKCU..\Run: [SSync] C:\Users\nightflight\AppData\Roaming\SSync\SSync.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} hxxp://esupport.epson-europe.com/selftest/de/Prg/ESTPTest.cab (EPSON Web Printer-SelfTest Control Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6740F581-8B96-4B73-9C1B-74E80ABB4E31}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FDA3D46-535B-4CBC-8179-3B7BAD411078}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACFAC4C8-7E04-4795-B689-B2AF31876156}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/15 21:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/06/15 21:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013/06/15 19:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/06/15 19:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/06/15 19:29:37 | 009,171,472 | ---- | C] (SurfRight B.V.) -- C:\Users\nightflight\Desktop\HitmanPro.exe
[2013/06/15 19:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/06/15 19:20:51 | 000,000,000 | ---D | C] -- C:\Users\nightflight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/06/15 19:18:26 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\nightflight\Desktop\revosetup194.exe
[2013/06/14 21:37:14 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013/06/14 21:37:14 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013/06/13 19:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/06/13 19:42:19 | 004,378,864 | ---- | C] (Piriform Ltd) -- C:\Users\nightflight\Desktop\ccsetup402.exe
[2013/06/12 23:32:24 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/06/12 23:32:23 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/06/12 23:28:05 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/06/12 23:28:05 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/06/12 23:28:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2013/06/12 23:28:02 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/06/12 23:28:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2013/06/12 23:28:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2013/06/12 23:28:02 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2013/06/12 23:28:02 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2013/06/12 21:11:23 | 000,000,000 | ---D | C] -- C:\Users\nightflight\AppData\Roaming\Malwarebytes
[2013/06/12 21:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/12 21:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/12 21:10:59 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/06/12 21:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/12 21:08:25 | 000,000,000 | ---D | C] -- C:\Users\nightflight\AppData\Local\Programs
[2013/06/12 20:23:13 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/06/12 20:23:13 | 000,000,000 | ---D | C] -- C:\Users\nightflight\AppData\Local\temp
[2013/06/12 20:04:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/06/12 20:04:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/06/12 20:04:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/06/12 20:04:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/12 20:04:00 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/06/12 19:51:06 | 005,078,680 | R--- | C] (Swearware) -- C:\Users\nightflight\Desktop\ComboFix.exe
[2013/06/12 19:25:11 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d11.dll
[2013/06/12 19:25:06 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cryptdlg.dll
[2013/06/12 19:25:00 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certutil.exe
[2013/06/12 19:25:00 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certenc.dll
[2013/06/12 19:22:09 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2013/06/12 19:22:09 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2013/06/12 19:04:47 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\nightflight\Desktop\tdsskiller.exe
[2013/06/11 22:18:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\nightflight\Desktop\OTL.exe
[2013/06/11 21:43:37 | 000,000,000 | ---D | C] -- C:\Users\nightflight\AppData\Roaming\SSync
[2013/06/11 21:43:37 | 000,000,000 | ---D | C] -- C:\Users\nightflight\AppData\Roaming\Intermediate
[2013/06/11 21:43:36 | 000,000,000 | ---D | C] -- C:\Users\nightflight\AppData\Roaming\SCheck
[2013/06/11 21:43:35 | 000,000,000 | ---D | C] -- C:\Users\nightflight\AppData\Roaming\Common
[2013/06/11 21:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFTK Builder
[2013/06/11 21:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\PDFTK Builder
[2013/06/09 19:50:56 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2013/06/09 19:50:56 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MsSpellCheckingFacility.exe
[2013/06/09 19:50:56 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2013/06/09 19:50:56 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2013/06/09 19:50:56 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2013/06/09 19:50:56 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2013/06/09 19:50:56 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\elshyph.dll
[2013/06/09 19:50:56 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2013/06/09 19:50:56 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2013/06/09 19:50:56 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2013/06/09 19:50:56 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2013/06/09 19:50:56 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2013/06/09 19:50:56 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2013/06/09 19:50:56 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2013/06/09 19:50:56 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2013/06/09 19:50:56 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2013/06/09 19:50:56 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2013/06/09 19:50:56 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2013/06/09 19:50:56 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2013/06/09 19:50:56 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2013/06/09 19:50:56 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2013/06/09 19:50:55 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2013/06/09 19:50:55 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmlmedia.dll
[2013/06/09 19:50:55 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2013/06/09 19:50:55 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2013/06/09 19:50:55 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2013/06/09 19:48:26 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll
[2013/06/09 19:48:26 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msmpeg2vdec.dll
[2013/06/09 19:48:26 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll
[2013/06/09 19:48:26 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2013/06/09 19:48:26 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll
[2013/06/09 19:48:26 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10.dll
[2013/06/09 19:48:26 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll
[2013/06/09 19:48:26 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPhoto.dll
[2013/06/09 19:48:26 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2013/06/09 19:48:26 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxgi.dll
[2013/06/09 19:48:26 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2013/06/09 19:48:26 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10core.dll
[2013/06/09 19:48:26 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WindowsCodecsExt.dll
[2013/06/09 19:48:26 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIAnimation.dll
[2013/06/09 19:48:26 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2013/06/09 19:48:26 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/06/09 19:48:26 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/06/09 19:48:26 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/06/09 19:48:26 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/06/09 19:48:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/06/09 19:48:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/06/09 19:48:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/06/09 19:48:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/06/09 19:48:26 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/05/29 09:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013/05/29 09:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013/05/29 09:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2013/05/24 20:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/10/01 23:22:44 | 000,247,120 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\nightflight\RdLang32k
[1 C:\Users\nightflight\Desktop\*.tmp files -> C:\Users\nightflight\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/19 22:08:43 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013/06/19 22:08:43 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013/06/19 21:59:34 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/19 21:59:15 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/06/19 20:20:34 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/18 17:55:26 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/18 17:55:26 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/15 21:33:31 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/06/15 19:32:25 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/06/15 19:31:16 | 009,171,472 | ---- | M] (SurfRight B.V.) -- C:\Users\nightflight\Desktop\HitmanPro.exe
[2013/06/15 19:20:51 | 000,001,226 | ---- | M] () -- C:\Users\nightflight\Desktop\Revo Uninstaller.lnk
[2013/06/15 19:18:53 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\nightflight\Desktop\revosetup194.exe
[2013/06/15 12:44:07 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/14 21:14:44 | 000,648,201 | ---- | M] () -- C:\Users\nightflight\Desktop\adwcleaner.exe
[2013/06/14 20:21:10 | 000,000,862 | ---- | M] () -- C:\windows\System32\InstallUtil.InstallLog
[2013/06/14 20:13:10 | 000,008,284 | ---- | M] () -- C:\windows\System32\eps_icon.avi
[2013/06/13 19:45:11 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/06/13 19:43:09 | 004,378,864 | ---- | M] (Piriform Ltd) -- C:\Users\nightflight\Desktop\ccsetup402.exe
[2013/06/12 21:11:01 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/06/12 20:32:34 | 000,654,400 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/06/12 20:32:34 | 000,616,242 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/06/12 20:32:34 | 000,130,240 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/06/12 20:32:34 | 000,106,622 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/06/12 20:17:24 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2013/06/12 19:52:04 | 005,078,680 | R--- | M] (Swearware) -- C:\Users\nightflight\Desktop\ComboFix.exe
[2013/06/12 19:05:10 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\nightflight\Desktop\tdsskiller.exe
[2013/06/11 22:46:27 | 000,377,856 | ---- | M] () -- C:\Users\nightflight\Desktop\gmer_2.1.19163.exe
[2013/06/11 22:18:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nightflight\Desktop\OTL.exe
[2013/06/11 22:16:18 | 000,000,000 | ---- | M] () -- C:\Users\nightflight\defogger_reenable
[2013/06/11 22:13:52 | 000,050,477 | ---- | M] () -- C:\Users\nightflight\Desktop\Defogger.exe
[2013/06/11 21:42:46 | 002,790,572 | ---- | M] ( ) -- C:\Users\nightflight\Desktop\pdftkb_setup_3.6.exe
[2013/06/09 19:50:56 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2013/06/09 19:50:56 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MsSpellCheckingFacility.exe
[2013/06/09 19:50:56 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2013/06/09 19:50:56 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2013/06/09 19:50:56 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2013/06/09 19:50:56 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2013/06/09 19:50:56 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\elshyph.dll
[2013/06/09 19:50:56 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2013/06/09 19:50:56 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2013/06/09 19:50:56 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2013/06/09 19:50:56 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2013/06/09 19:50:56 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2013/06/09 19:50:56 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2013/06/09 19:50:56 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2013/06/09 19:50:56 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2013/06/09 19:50:56 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2013/06/09 19:50:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2013/06/09 19:50:56 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2013/06/09 19:50:56 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2013/06/09 19:50:56 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2013/06/09 19:50:56 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2013/06/09 19:50:55 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2013/06/09 19:50:55 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmlmedia.dll
[2013/06/09 19:50:55 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2013/06/09 19:50:55 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2013/06/09 19:50:55 | 000,025,185 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2013/06/09 19:50:55 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2013/06/09 19:48:26 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll
[2013/06/09 19:48:26 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msmpeg2vdec.dll
[2013/06/09 19:48:26 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll
[2013/06/09 19:48:26 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2013/06/09 19:48:26 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll
[2013/06/09 19:48:26 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10.dll
[2013/06/09 19:48:26 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll
[2013/06/09 19:48:26 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\WMPhoto.dll
[2013/06/09 19:48:26 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2013/06/09 19:48:26 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxgi.dll
[2013/06/09 19:48:26 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2013/06/09 19:48:26 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10core.dll
[2013/06/09 19:48:26 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\WindowsCodecsExt.dll
[2013/06/09 19:48:26 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\UIAnimation.dll
[2013/06/09 19:48:26 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2013/06/09 19:48:26 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/06/09 19:48:26 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/06/09 19:48:26 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/06/09 19:48:26 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/06/09 19:48:26 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/06/09 19:48:26 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/06/09 19:48:26 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/06/09 19:48:26 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/06/09 19:48:26 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/06/08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/06/08 13:13:19 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/05/29 09:44:21 | 000,001,360 | ---- | M] () -- C:\Users\nightflight\Desktop\Free YouTube to MP3 Converter.lnk
[1 C:\Users\nightflight\Desktop\*.tmp files -> C:\Users\nightflight\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/15 21:33:31 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/06/15 21:33:30 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/06/15 19:32:25 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/06/15 19:20:51 | 000,001,226 | ---- | C] () -- C:\Users\nightflight\Desktop\Revo Uninstaller.lnk
[2013/06/14 21:14:38 | 000,648,201 | ---- | C] () -- C:\Users\nightflight\Desktop\adwcleaner.exe
[2013/06/13 19:45:11 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/06/12 21:11:01 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/06/12 20:04:44 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/06/12 20:04:44 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/06/12 20:04:44 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/06/12 20:04:44 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/06/12 20:04:44 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/06/11 22:46:25 | 000,377,856 | ---- | C] () -- C:\Users\nightflight\Desktop\gmer_2.1.19163.exe
[2013/06/11 22:16:18 | 000,000,000 | ---- | C] () -- C:\Users\nightflight\defogger_reenable
[2013/06/11 22:13:52 | 000,050,477 | ---- | C] () -- C:\Users\nightflight\Desktop\Defogger.exe
[2013/06/11 21:50:47 | 000,000,862 | ---- | C] () -- C:\windows\System32\InstallUtil.InstallLog
[2013/06/11 21:42:06 | 002,790,572 | ---- | C] ( ) -- C:\Users\nightflight\Desktop\pdftkb_setup_3.6.exe
[2013/06/09 19:50:55 | 000,025,185 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2013/05/29 09:44:21 | 000,001,360 | ---- | C] () -- C:\Users\nightflight\Desktop\Free YouTube to MP3 Converter.lnk
[2010/12/03 19:17:47 | 001,310,720 | ---- | C] () -- C:\Users\nightflight\AcroRd32k
[2010/08/12 19:50:53 | 000,001,501 | ---- | C] () -- C:\Users\nightflight\AppData\Local\RecConfig.xml

========== ZeroAccess Check ==========

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE

< End of report >

Hab gerade gesehn das du ab morgen im Urlaub bist, soll ich den irgendwas besonderes beachten?

Sonst viel Spaß im Urlaub!

Grüße nightflight

markusg · 04.07.2013, 13:41

unvollständigess otl log, bitte noch mal erstellen und posten

nightflight · 04.07.2013, 19:23

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 7/4/2013 8:08:10 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\nightflight\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 56.72% Memory free
5.93 Gb Paging File | 4.18 Gb Available in Paging File | 70.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.33 Gb Total Space | 100.96 Gb Free Space | 44.80% Space Free | Partition Type: NTFS
Drive D: | 225.33 Gb Total Space | 52.47 Gb Free Space | 23.29% Space Free | Partition Type: NTFS
 
Computer Name: NIGHTFLIGHT-PC | User Name: nightflight | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/19 22:08:43 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013/06/11 22:18:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nightflight\Desktop\OTL.exe
PRC - [2013/05/24 20:39:51 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/04/17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/29 22:12:38 | 000,070,144 | ---- | M] (AlcaTech) -- C:\Windows\System32\mmrtkrnl.exe
PRC - [2010/04/16 14:11:02 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE
PRC - [2010/01/19 11:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/11/04 06:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/26 13:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/10/13 12:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/06/19 22:08:43 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013/05/24 20:39:51 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/04/16 14:11:02 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE
MOD - [2010/04/16 14:11:02 | 000,155,648 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\HMXML.dll
MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/05/24 20:39:51 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/04/17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\NIGHTF~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/05/31 18:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20130702.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/05/22 19:15:37 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20130704.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/05/22 19:15:37 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20130704.002\NAVENG.SYS -- (NAVENG)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/27 22:54:34 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/02/27 22:54:34 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/02/27 22:10:58 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/02/26 17:47:50 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20130703.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/04/21 03:37:49 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symnets.sys -- (SymNetS)
DRV - [2011/03/31 05:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/31 05:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/15 04:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 08:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symds.sys -- (SymDS)
DRV - [2011/01/27 07:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\ironx86.sys -- (SymIRON)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/11/06 22:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/11/06 06:07:10 | 009,923,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/09/28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/27 16:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_deDE392
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.11.9
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPlgn\ [2013/06/25 21:08:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\coFFPlgn_2011_7_13_2 [2013/06/25 21:08:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/15 21:33:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/15 21:33:30 | 000,000,000 | ---D | M]
 
[2010/08/10 23:27:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nightflight\AppData\Roaming\mozilla\Extensions
[2013/06/14 21:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nightflight\AppData\Roaming\mozilla\Firefox\Profiles\ewgkopok.default\extensions
[2012/12/12 19:25:40 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\nightflight\AppData\Roaming\mozilla\firefox\profiles\ewgkopok.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013/06/02 20:13:05 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\nightflight\AppData\Roaming\mozilla\firefox\profiles\ewgkopok.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/24 19:40:57 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\nightflight\AppData\Roaming\mozilla\firefox\profiles\ewgkopok.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2010/12/31 08:12:59 | 000,001,218 | ---- | M] () -- C:\Users\nightflight\AppData\Roaming\mozilla\firefox\profiles\ewgkopok.default\searchplugins\kikin-search.xml
[2013/05/24 20:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions
[2013/05/24 20:39:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/03 19:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\updated\browser\extensions
[2013/07/03 19:45:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013/06/12 20:17:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Realtime Audio Engine] C:\windows\System32\mmrtkrnl.exe (AlcaTech)
O4 - HKCU..\Run: [Intermediate] C:\Users\nightflight\AppData\Roaming\Intermediate\Intermediate.exe ()
O4 - HKCU..\Run: [Personal ID] C:\PROGRA~1\COOLSP~1\PERSON~1\PID.EXE (coolspot AG, Düsseldorf)
O4 - HKCU..\Run: [SCheck] C:\Users\nightflight\AppData\Roaming\SCheck\SCheck.exe ()
O4 - HKCU..\Run: [SSync] C:\Users\nightflight\AppData\Roaming\SSync\SSync.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} hxxp://esupport.epson-europe.com/selftest/de/Prg/ESTPTest.cab (EPSON Web Printer-SelfTest Control Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6740F581-8B96-4B73-9C1B-74E80ABB4E31}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FDA3D46-535B-4CBC-8179-3B7BAD411078}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACFAC4C8-7E04-4795-B689-B2AF31876156}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/15 21:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/06/15 21:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013/06/15 19:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/06/15 19:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/06/15 19:29:37 | 009,171,472 | ---- | C] (SurfRight B.V.) -- C:\Users\nightflight\Desktop\HitmanPro.exe
[2013/06/15 19:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/06/15 19:20:51 | 000,000,000 | ---D | C] -- C:\Users\nightflight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/06/15 19:18:26 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\nightflight\Desktop\revosetup194.exe
[2013/06/14 21:37:14 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013/06/14 21:37:14 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013/06/13 19:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/06/13 19:42:19 | 004,378,864 | ---- | C] (Piriform Ltd) -- C:\Users\nightflight\Desktop\ccsetup402.exe
[2013/06/12 23:32:24 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/06/12 23:32:23 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/06/12 23:28:05 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/06/12 23:28:05 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/06/12 23:28:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2013/06/12 23:28:02 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/06/12 23:28:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2013/06/12 23:28:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2013/06/12 23:28:02 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2013/06/12 23:28:02 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2013/06/12 21:11:23 | 000,000,000 | ---D | C] -- C:\Users\nightflight\AppData\Roaming\Malwarebytes
[2013/06/12 21:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/12 21:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/12 21:10:59 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/06/12 21:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/12 21:08:25 | 000,000,000 | ---D | C] -- C:\Users\nightflight\AppData\Local\Programs
[2013/06/12 20:23:13 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/06/12 20:23:13 | 000,000,000 | ---D | C] -- C:\Users\nightflight\AppData\Local\temp
[2013/06/12 20:04:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/06/12 20:04:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/06/12 20:04:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/06/12 20:04:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/12 20:04:00 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/06/12 19:51:06 | 005,078,680 | R--- | C] (Swearware) -- C:\Users\nightflight\Desktop\ComboFix.exe
[2013/06/12 19:25:11 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d11.dll
[2013/06/12 19:25:06 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cryptdlg.dll
[2013/06/12 19:25:00 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certutil.exe
[2013/06/12 19:25:00 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certenc.dll
[2013/06/12 19:22:09 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2013/06/12 19:22:09 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2013/06/12 19:04:47 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\nightflight\Desktop\tdsskiller.exe
[2013/06/11 22:18:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\nightflight\Desktop\OTL.exe
[2013/06/11 21:43:37 | 000,000,000 | ---D | C] -- C:\Users\nightflight\AppData\Roaming\SSync
[2013/06/11 21:43:37 | 000,000,000 | ---D | C] -- C:\Users\nightflight\AppData\Roaming\Intermediate
[2013/06/11 21:43:36 | 000,000,000 | ---D | C] -- C:\Users\nightflight\AppData\Roaming\SCheck
[2013/06/11 21:43:35 | 000,000,000 | ---D | C] -- C:\Users\nightflight\AppData\Roaming\Common
[2013/06/11 21:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFTK Builder
[2013/06/11 21:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\PDFTK Builder
[2013/06/09 19:50:56 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2013/06/09 19:50:56 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MsSpellCheckingFacility.exe
[2013/06/09 19:50:56 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2013/06/09 19:50:56 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2013/06/09 19:50:56 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2013/06/09 19:50:56 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2013/06/09 19:50:56 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\elshyph.dll
[2013/06/09 19:50:56 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2013/06/09 19:50:56 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2013/06/09 19:50:56 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2013/06/09 19:50:56 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2013/06/09 19:50:56 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2013/06/09 19:50:56 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2013/06/09 19:50:56 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2013/06/09 19:50:56 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2013/06/09 19:50:56 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2013/06/09 19:50:56 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2013/06/09 19:50:56 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2013/06/09 19:50:56 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2013/06/09 19:50:56 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2013/06/09 19:50:56 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2013/06/09 19:50:55 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2013/06/09 19:50:55 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmlmedia.dll
[2013/06/09 19:50:55 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2013/06/09 19:50:55 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2013/06/09 19:50:55 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2013/06/09 19:48:26 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll
[2013/06/09 19:48:26 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msmpeg2vdec.dll
[2013/06/09 19:48:26 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll
[2013/06/09 19:48:26 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2013/06/09 19:48:26 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll
[2013/06/09 19:48:26 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10.dll
[2013/06/09 19:48:26 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll
[2013/06/09 19:48:26 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPhoto.dll
[2013/06/09 19:48:26 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2013/06/09 19:48:26 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxgi.dll
[2013/06/09 19:48:26 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2013/06/09 19:48:26 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10core.dll
[2013/06/09 19:48:26 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WindowsCodecsExt.dll
[2013/06/09 19:48:26 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIAnimation.dll
[2013/06/09 19:48:26 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2013/06/09 19:48:26 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/06/09 19:48:26 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/06/09 19:48:26 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/06/09 19:48:26 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/06/09 19:48:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/06/09 19:48:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/06/09 19:48:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/06/09 19:48:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/06/09 19:48:26 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2010/10/01 23:22:44 | 000,247,120 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\nightflight\RdLang32k
[1 C:\Users\nightflight\Desktop\*.tmp files -> C:\Users\nightflight\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/04 19:23:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/04 19:23:00 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/04 19:21:39 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/07/03 17:53:08 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/03 17:53:08 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/27 21:35:43 | 000,654,400 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/06/27 21:35:43 | 000,616,242 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/06/27 21:35:43 | 000,130,240 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/06/27 21:35:43 | 000,106,622 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/06/25 21:08:16 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/19 22:08:43 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013/06/19 22:08:43 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013/06/15 21:33:31 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/06/15 19:32:25 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/06/15 19:31:16 | 009,171,472 | ---- | M] (SurfRight B.V.) -- C:\Users\nightflight\Desktop\HitmanPro.exe
[2013/06/15 19:20:51 | 000,001,226 | ---- | M] () -- C:\Users\nightflight\Desktop\Revo Uninstaller.lnk
[2013/06/15 19:18:53 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\nightflight\Desktop\revosetup194.exe
[2013/06/14 21:14:44 | 000,648,201 | ---- | M] () -- C:\Users\nightflight\Desktop\adwcleaner.exe
[2013/06/14 20:21:10 | 000,000,862 | ---- | M] () -- C:\windows\System32\InstallUtil.InstallLog
[2013/06/14 20:13:10 | 000,008,284 | ---- | M] () -- C:\windows\System32\eps_icon.avi
[2013/06/13 19:45:11 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/06/13 19:43:09 | 004,378,864 | ---- | M] (Piriform Ltd) -- C:\Users\nightflight\Desktop\ccsetup402.exe
[2013/06/12 21:11:01 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/06/12 20:17:24 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2013/06/12 19:52:04 | 005,078,680 | R--- | M] (Swearware) -- C:\Users\nightflight\Desktop\ComboFix.exe
[2013/06/12 19:05:10 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\nightflight\Desktop\tdsskiller.exe
[2013/06/11 22:46:27 | 000,377,856 | ---- | M] () -- C:\Users\nightflight\Desktop\gmer_2.1.19163.exe
[2013/06/11 22:18:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nightflight\Desktop\OTL.exe
[2013/06/11 22:16:18 | 000,000,000 | ---- | M] () -- C:\Users\nightflight\defogger_reenable
[2013/06/11 22:13:52 | 000,050,477 | ---- | M] () -- C:\Users\nightflight\Desktop\Defogger.exe
[2013/06/11 21:42:46 | 002,790,572 | ---- | M] (                                                            ) -- C:\Users\nightflight\Desktop\pdftkb_setup_3.6.exe
[2013/06/09 19:50:56 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2013/06/09 19:50:56 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MsSpellCheckingFacility.exe
[2013/06/09 19:50:56 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2013/06/09 19:50:56 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2013/06/09 19:50:56 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2013/06/09 19:50:56 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2013/06/09 19:50:56 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\elshyph.dll
[2013/06/09 19:50:56 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2013/06/09 19:50:56 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2013/06/09 19:50:56 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2013/06/09 19:50:56 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2013/06/09 19:50:56 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2013/06/09 19:50:56 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2013/06/09 19:50:56 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2013/06/09 19:50:56 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2013/06/09 19:50:56 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2013/06/09 19:50:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2013/06/09 19:50:56 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2013/06/09 19:50:56 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2013/06/09 19:50:56 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2013/06/09 19:50:56 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2013/06/09 19:50:55 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2013/06/09 19:50:55 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmlmedia.dll
[2013/06/09 19:50:55 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2013/06/09 19:50:55 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2013/06/09 19:50:55 | 000,025,185 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2013/06/09 19:50:55 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2013/06/09 19:48:26 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll
[2013/06/09 19:48:26 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msmpeg2vdec.dll
[2013/06/09 19:48:26 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll
[2013/06/09 19:48:26 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2013/06/09 19:48:26 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll
[2013/06/09 19:48:26 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10.dll
[2013/06/09 19:48:26 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll
[2013/06/09 19:48:26 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\WMPhoto.dll
[2013/06/09 19:48:26 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2013/06/09 19:48:26 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxgi.dll
[2013/06/09 19:48:26 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2013/06/09 19:48:26 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10core.dll
[2013/06/09 19:48:26 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\WindowsCodecsExt.dll
[2013/06/09 19:48:26 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\UIAnimation.dll
[2013/06/09 19:48:26 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2013/06/09 19:48:26 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/06/09 19:48:26 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/06/09 19:48:26 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/06/09 19:48:26 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/06/09 19:48:26 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/06/09 19:48:26 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/06/09 19:48:26 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/06/09 19:48:26 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/06/09 19:48:26 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/06/08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/06/08 13:13:19 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[1 C:\Users\nightflight\Desktop\*.tmp files -> C:\Users\nightflight\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/15 21:33:31 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/06/15 21:33:30 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/06/15 19:32:25 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/06/15 19:20:51 | 000,001,226 | ---- | C] () -- C:\Users\nightflight\Desktop\Revo Uninstaller.lnk
[2013/06/14 21:14:38 | 000,648,201 | ---- | C] () -- C:\Users\nightflight\Desktop\adwcleaner.exe
[2013/06/13 19:45:11 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/06/12 21:11:01 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/06/12 20:04:44 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/06/12 20:04:44 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/06/12 20:04:44 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/06/12 20:04:44 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/06/12 20:04:44 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/06/11 22:46:25 | 000,377,856 | ---- | C] () -- C:\Users\nightflight\Desktop\gmer_2.1.19163.exe
[2013/06/11 22:16:18 | 000,000,000 | ---- | C] () -- C:\Users\nightflight\defogger_reenable
[2013/06/11 22:13:52 | 000,050,477 | ---- | C] () -- C:\Users\nightflight\Desktop\Defogger.exe
[2013/06/11 21:50:47 | 000,000,862 | ---- | C] () -- C:\windows\System32\InstallUtil.InstallLog
[2013/06/11 21:42:06 | 002,790,572 | ---- | C] (                                                            ) -- C:\Users\nightflight\Desktop\pdftkb_setup_3.6.exe
[2013/06/09 19:50:55 | 000,025,185 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2010/12/03 19:17:47 | 001,310,720 | ---- | C] () -- C:\Users\nightflight\AcroRd32k
[2010/08/12 19:50:53 | 000,001,501 | ---- | C] () -- C:\Users\nightflight\AppData\Local\RecConfig.xml
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE

< End of report >

--- --- ---

Hoffe dies ist nun vollständig.. Habe auf jeden Fall die komplette Log-Datei kopiert.
Oder an was könnte es liegen, dass die letzte Log unvollständig war?

markusg · 05.07.2013, 13:24

Hi,

otl fix

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook:  - No CLSID value found
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found
:files
:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

bitte teste, ob es im Firefox, internet explorer, und sonstigen
evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt.
Teste wie pc und programme allgemein laufen.

nightflight · 23.07.2013, 20:42

Also habe jetzt das Fixen von OTL durchgeführt.

Neustart wurde gefordert, nach dem Neustart hat sich ein Textdokument mit folgendem Inhalt geöffnet:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote s&enden\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65}\ not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: nightflight
->Temp folder emptied: 73945743 bytes
->Temporary Internet Files folder emptied: 213062 bytes
->FireFox cache emptied: 430045177 bytes
->Flash cache emptied: 2339 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 38633312 bytes
RecycleBin emptied: 384833494 bytes

Total Files Cleaned = 885.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 07232013_212138

Files\Folders moved on Reboot...
C:\Users\nightflight\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Also ich hatte in letzter Zeit ab und zu mal Probleme mit meinem Firefox. Denke aber das dies eher daran lag, dass ziemlich viele Tabs geöffnet waren, also meiner Meinung nach kein Grund zur Sorge (also Probleme im Sinne von das es etwas langsam war oder auch mal kurz "gehangen" hat). Auch die sonstigen Programme laufen wie gewohnt. Auch was Toolbars angeht sind sowohl im Firefox als auch im Internet Explorer keine ungewollten bzw überhaupt keine. Bzgl den Umleitungen weiß ich nicht wie ich solche erkennen soll. Ist mir aber auch nichts ungewöhnliches aufgefallen.

Grüße nightflight

17.06.2013, 12:42	#18
markusg /// Malware-holic	Iminent wurde automatisch heruntergeladen und installiert - Wie kann ich es wieder deinstallieren? Hi frisches otl log bitte. __________________ __________________

Iminent wurde automatisch heruntergeladen und installiert - Wie kann ich es wieder deinstallieren?

Log-Analyse und Auswertung: Iminent wurde automatisch heruntergeladen und installiert - Wie kann ich es wieder deinstallieren?