Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Sirfef-Problem von selber gelöst? (https://www.trojaner-board.de/121976-sirfef-problem-selber-geloest.html)

sphagnicola 13.08.2012 11:48
Sirfef-Problem von selber gelöst?
 
Hallo, ich brauche Hilfe von Euch.
Ich habe einen Dell PC, bei dem ein McAfee Abo dabei war, was inzwischen abgelaufen ist. Ich hatte drei Tage sozusagen keinen Schutz, war aber auch kaum online in der Zeit. Nachdem ich heute aber meinen Rechner gestartet habe, waren alle Verknüpfungsicons verschoben und auch das richtige Anordnen und "aktualisieren" verschob die immer wieder. Also wollte ich McAfee deinstallieren, die Windows Firewall aktivieren und Microsoft Security Essentials runterladen. Nach der Deinstallation von McAfee ging die Firewall aber nicht zu starten ("Einige der Einstellungen konnten von der Windows-Firewall nicht geändert werden. Fehlercode: 0x8007042c"). Darauf hin habe ich mir Microsoft Security Essentials runtergeladen und versucht einen Übeltäter dafür auszumachen. Nach der Installation wurde die Schnellüberprüfung gestartet und immer wieder kam dann die Meldung "Ein kritischer Fehler ist aufgetreten , Windows wird in einer Minute neugestartet!" Ich hatte nach dem Neustart immer nur 1 Minute. Zwischendurch kam dann auch die Fundmeldung von einem Virus und einen Trojaner "Sirfef..." (jeweils mit einem Buchstaben dazu). Selisch drauf vorbereitet habe ich also die Windows 7 CD rausgesucht und mich (halbwegs) damit abgefunden das System neu aufzusetzen. Nach einlegen kam die Windows Starthilfe und hat das System scheinbar repariert und zu einem früheren Punkt zurückgesetzt. Der aktuelle Stand danach war:
- alle Verknüpfung auf dem Desktop waren da wo sie hinsollen
- McAfee war noch installiert
- nach der Deinstallation lief die Windows Firewall problemlos
- Microsoft Security Essentials läuft problemlos durch und findet nichts mehr.

Kann ich davon ausgehen, dass alles wieder okay ist? Kann ich hier irgendso einen log posten (hab ich aber noch nie gemacht), anhand derer Ihr seht, ob alles okay ist?

Hilfe wäre echt lieb!!!

LG
sphagnicola

sphagnicola 13.08.2012 15:00
Liste der Anhänge anzeigen (Anzahl: 1)
Nachdem der vollständige Scan von Microsoft Security Essentials durch ist, hat er noch 12 Bedrohungen angezeigt, die er danach entfernt hat...

t'john 13.08.2012 16:29
:hallo:

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

sphagnicola 13.08.2012 18:47
Hier die logs:

sphagnicola 13.08.2012 18:48
OTL.txt war zu groß als Dateianhang:OTL Logfile:
Code:
OTL logfile created on: 13.08.2012 19:32:22 - Run 1
OTL by OldTimer - Version 3.2.57.0    Folder = C:\Users\Sebastian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 4,77 Gb Available Physical Memory | 59,70% Memory free
15,96 Gb Paging File | 12,49 Gb Available in Paging File | 78,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1384,85 Gb Total Space | 669,02 Gb Free Space | 48,31% Space Free | Partition Type: NTFS
Drive D: | 5,23 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive Y: | 12,25 Gb Total Space | 5,43 Gb Free Space | 44,36% Space Free | Partition Type: NTFS
 
Computer Name: SEBASTIAN-PC | User Name: Sebastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Sebastian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe ()
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
PRC - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\09557e6c5a83a1cb68c7c50a841c8064\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\220b0516e45e7f9bbf6a631490c1243a\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu ()
MOD - C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\LIBMYSQLD.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Symlib.dll ()
MOD - c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\BBEngineAS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe ()
MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\RBScript.dll ()
MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\XML.dll ()
MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\CGamma.dll ()
MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\RegEx.dll ()
MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\Appearance Pak.dll ()
MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\CSensor.dll ()
MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\Shell.dll ()
MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\MBSRegistrationPlugin16042.dll ()
MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\MBSPluginVersionPlugin16042.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (EPSON_EB_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (SafeNet Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (SafeNet Inc.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (Spyder3) -- C:\Windows\SysNative\drivers\Spyder3.sys ()
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "google.de PWS"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.04.15 14:49:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.08.13 11:10:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 00:32:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.15 16:35:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 00:32:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.15 16:35:48 | 000,000,000 | ---D | M]
 
[2011.05.10 20:04:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Extensions
[2012.08.04 10:50:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\1d1dkcct.default\extensions
[2011.06.09 14:06:02 | 000,001,742 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\1d1dkcct.default\searchplugins\googlede-pws.xml
[2012.03.17 04:22:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.19 00:32:38 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012.02.22 15:49:22 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.18 02:27:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.18 02:27:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.18 02:27:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 02:27:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 02:27:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 02:27:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.12 13:09:56 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 sams.nikonimaging.com
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20120701140422.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120701140422.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C65ED75B-DF41-43D3-9164-8B07E2084D59}: DhcpNameServer = 10.72.0.72 10.72.0.73
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4BB49B4-1A18-4980-B879-47C5F1F05D47}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.21 10:33:27 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2004.04.30 17:01:00 | 000,000,053 | -HS- | M] () - Y:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{f315c5c8-77f8-11e0-8d51-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f315c5c8-77f8-11e0-8d51-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.13 19:30:59 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe
[2012.08.13 17:36:31 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\Malwarebytes
[2012.08.13 17:36:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.13 17:36:15 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.13 17:36:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.13 17:36:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.13 12:21:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012.08.13 11:20:15 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{B82E7FB4-46EC-4833-B0D0-0A29E34E3B1A}
[2012.08.13 11:20:04 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{C2370CFF-B66B-4DDA-81B1-FA8742AF09E0}
[2012.08.13 10:41:54 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\Mails
[2012.08.13 10:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.08.12 23:38:18 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{BF7969B3-5623-49C6-B5E4-49A6A1F14C54}
[2012.08.12 23:38:06 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{2A7BF953-3B22-4CC6-869E-9327C280EEC6}
[2012.08.12 11:37:37 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{D63BE3F5-1DFF-479D-9339-9EAFA3036589}
[2012.08.12 11:37:25 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{7E3AB75A-9615-4C0B-B592-B836C7931D13}
[2012.08.11 23:36:55 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{936DC4BF-B6A5-4026-835F-CB13CAC1A34A}
[2012.08.11 23:36:43 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{F6EED1AB-18F5-4130-A93A-EF287A685037}
[2012.08.11 15:25:35 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012.08.11 15:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2012.08.11 11:36:12 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{295DC01E-D18F-4FA9-9CDF-8550866DB7DD}
[2012.08.11 11:36:01 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{2DF85812-7A82-4202-B740-5A6A260BC7CD}
[2012.08.10 20:37:06 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{F215514C-1EE5-47A5-A4C0-F1982F0B3187}
[2012.08.10 20:36:53 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{9BCE6477-62D5-4CB7-9243-DE5061A622E9}
[2012.08.09 23:38:03 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{D93FE2A6-B680-43ED-9BB9-0F7E1F033AE9}
[2012.08.09 23:37:52 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{F2FEF7FC-4901-4B9A-8F7B-BA4026EA53EE}
[2012.08.09 11:37:14 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{7F7319EF-7676-4962-AD53-BC403036679E}
[2012.08.09 11:37:02 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{8E29C9F5-9F02-4E49-98B1-E80CD4AE38F6}
[2012.08.08 15:28:15 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{7C45F013-312F-429B-B089-F3853ABABBD0}
[2012.08.08 15:28:03 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{8F3A9E20-2DD3-47AC-9EE1-F559CCFB2EA0}
[2012.08.07 22:44:43 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{23EB75CD-9012-473E-ACB9-2DA5A9E39921}
[2012.08.07 22:44:32 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{81865CB6-521C-4822-8028-1C866DCAD8BA}
[2012.08.07 10:12:08 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{29AEB8C4-7AF4-4562-B512-A948A7CC0FD0}
[2012.08.07 10:11:56 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{6DC337ED-38EA-4906-9FC2-78D2F427ABC7}
[2012.08.06 21:49:50 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{42B494F8-64C5-4913-990A-DF430F2D31A9}
[2012.08.06 21:49:38 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{9F39FBA3-967A-475E-9F41-8EA89C368F9A}
[2012.08.06 09:49:08 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{561D2015-6CD6-4D0E-BD69-52D382D0F5F8}
[2012.08.06 09:48:56 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{59D19114-9C15-439B-A3B1-C670DF2EAC18}
[2012.08.05 13:29:48 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{F9C01A0D-E68B-4BFF-BA7E-6EC6F318C1F0}
[2012.08.05 13:29:37 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{EEAA8C23-2C8A-4815-ACAE-26DAD13D2ABD}
[2012.08.04 11:17:15 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{0CE8CF3E-2EFA-4111-BA8E-7A13AF595520}
[2012.08.04 11:17:04 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{E5122944-F563-44E5-8E94-16B29948D018}
[2012.08.03 11:30:19 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{359A1292-5979-4975-9021-B682072E53FC}
[2012.08.03 11:30:07 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{156B9A9D-F041-4755-9374-5A00610B463A}
[2012.08.02 23:29:40 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{EE31B1C8-A06B-4CEF-9BD1-87F26553FF77}
[2012.08.02 23:29:29 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{635E0CA2-A5AF-415C-A6A4-A1B3AFF83EDD}
[2012.08.02 11:29:01 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{71E04AF4-D8C8-447F-80C5-FA955F1F24B9}
[2012.08.02 11:28:50 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{ED1AFA56-3E45-4DC3-9E6D-3DFAB6AB435B}
[2012.08.01 22:33:35 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{1495CF9B-D882-4C25-9124-49B25FBB3DA6}
[2012.08.01 22:33:24 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{0B764BA2-A538-4983-8FA0-E5704A6C9A49}
[2012.08.01 10:33:09 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{065E8507-5F5E-4325-B5F1-5948B9D9CA95}
[2012.08.01 10:32:58 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{EEA0953C-0ECE-44F5-893E-5ECA406CEE9E}
[2012.07.31 22:32:09 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{A55965D2-B1B4-411E-93A5-0614767F27E8}
[2012.07.31 22:31:55 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{5DA6F9BB-5A57-4BF5-8F90-13FB2D3095E4}
[2012.07.30 07:10:49 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{B6C8DBF0-EE44-4CD4-826F-74D7F6B67C8F}
[2012.07.30 07:10:36 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{7CBF2153-1053-40C5-BAE2-2F2CB9F53F69}
[2012.07.29 13:33:27 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{BAE189BE-67EB-4799-9520-6251B2BF4DAB}
[2012.07.29 13:33:16 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{0D37B6FA-CC35-45BC-8D45-573A934C4D06}
[2012.07.29 01:32:47 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{8D3C3725-DEC1-4D18-AEE3-E8B645D86931}
[2012.07.29 01:32:35 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{8ED2EFEF-906B-428D-A82E-AAB5EF6E2321}
[2012.07.28 11:39:13 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{E029659E-D055-4172-9491-291F9EEA75C0}
[2012.07.28 11:39:01 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{E740FECC-F5F6-4981-B26E-6563A2607FA3}
[2012.07.27 23:34:29 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{3CBC90FD-0D22-43A8-BF0D-0BDC35D1DDFA}
[2012.07.27 23:34:18 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{733A442C-0E68-4CD9-B6D7-E74CE349E88B}
[2012.07.27 11:33:45 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{35F22A8F-0BFE-424C-A7B3-C12FC1BC9D02}
[2012.07.27 11:33:33 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{7D83CC15-D22E-436F-8B24-EDC3748257D3}
[2012.07.26 23:33:03 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{C02CA5B8-01F3-442C-87B0-D30EEBBC789C}
[2012.07.26 23:32:51 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{45CD42BC-448C-4858-AAD6-48C9B294057B}
[2012.07.26 11:31:48 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{2E3BD052-086A-417B-A36E-758DA9DF2D4E}
[2012.07.26 11:31:35 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{B549DAC3-1311-4DF1-9469-35518F35A78C}
[2012.07.25 22:10:10 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{67204EBE-E107-48AD-B594-F8E7508A212E}
[2012.07.25 22:09:58 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{9662FB47-D550-46C2-B787-FC45F9B4410E}
[2012.07.25 10:09:29 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{E35196CF-8C94-491B-AD8D-A26FF29E29BA}
[2012.07.25 10:09:17 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{0E468E2B-B4CB-4A60-A993-77980AE9F8D4}
[2012.07.24 13:48:31 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{5AB040FA-A538-453C-8D99-CD66C95F51B4}
[2012.07.24 13:48:20 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{E97D35FC-4646-4711-BBFB-152506C40523}
[2012.07.24 01:47:53 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{E33350D0-C5A2-42AF-83AC-6E67A8EB3D96}
[2012.07.24 01:47:42 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{8C9EF325-BEC6-48DB-AEA2-C9BDA94E9CA5}
[2012.07.23 13:33:27 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{F35B280E-BC27-44FE-B0AF-A910F4BF9703}
[2012.07.23 13:33:16 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{C3F342E3-3852-4477-AFDA-0A8A52B0F475}
[2012.07.23 01:32:48 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{1F523A7C-471C-4266-8A91-D56D0518D568}
[2012.07.23 01:32:36 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{1B549A65-8174-47F2-B914-BADA05F7E07F}
[2012.07.20 10:13:18 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{A454B62C-1C7E-407B-B19C-1FD9CE1C3CE6}
[2012.07.20 10:13:04 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{F12D58DA-DBC6-453E-8023-D613DE77C769}
[2012.07.19 20:39:23 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{AC620C1E-BF27-421B-B5C4-69D3FC248C62}
[2012.07.19 20:39:08 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{87724C16-19B3-492A-9FA4-F76F2E56C93E}
[2012.07.19 08:28:25 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{A5944CB8-E9AE-4A77-8A2F-64A44274861D}
[2012.07.19 08:28:12 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{743557F7-3034-4B24-B19A-0FA254BFC44C}
[2012.07.18 18:59:55 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{0715AB0F-97A9-4796-B8A5-F363DF9F6E73}
[2012.07.18 18:59:44 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{78F84740-BFF9-4198-81E5-DB23363DB53F}
[2012.07.17 23:36:43 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{3821171A-FB71-4407-BAFE-ABCE39D4D3DC}
[2012.07.17 23:36:32 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{BAF145C4-6198-47E8-912B-ADA12F3812C4}
[2012.07.17 11:36:05 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{0429EEE8-56C1-4914-AAEA-1E83E02B7769}
[2012.07.17 11:35:54 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{65D95523-0A6D-452F-B746-F649301580C0}
[2012.07.16 23:35:25 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{E2BAE83E-F342-4984-9D5E-FCFB9675CAD3}
[2012.07.16 23:35:13 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{6CDF955F-B8A9-46A9-9420-8BA8413D9EE5}
[2012.07.16 11:34:52 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{806EA117-366A-4F94-A73E-77A6E2AE54E3}
[2012.07.16 11:34:40 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{D1AC3E7E-D45A-4DDE-8399-E1834B3EB7F7}
[2012.07.15 23:01:53 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{054C1A7E-9763-4E73-9BB2-1B09785CBC6A}
[2012.07.15 23:01:42 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{0FFD2E39-AC8F-4344-944E-80D21E032DDB}
[2012.07.15 11:01:14 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{22144428-33C1-4896-9E51-7D5A40F3EEB7}
[2012.07.15 11:01:02 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{AF5825BD-F5C4-45D3-B990-1C861E2185C2}
[2012.07.14 23:00:34 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{8825ED97-4D55-4EEE-B856-47B631976BAA}
[2012.07.14 23:00:23 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{3AD4DFAF-C150-4B7A-ACB3-D5FCDB238597}
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.13 19:31:00 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe
[2012.08.13 19:27:11 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.13 19:19:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.13 17:36:18 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.13 17:23:38 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbx.DAT
[2012.08.13 16:15:46 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.13 16:15:46 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.13 16:08:36 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.13 16:08:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.13 16:08:18 | 2133,676,031 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.13 13:02:17 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.08.13 12:21:11 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.08.13 12:21:04 | 001,643,190 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.08.13 12:21:04 | 000,699,412 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.13 12:21:04 | 000,654,730 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.13 12:21:04 | 000,149,350 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.13 12:21:04 | 000,122,304 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.13 11:21:00 | 001,614,956 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.12 12:59:49 | 000,377,670 | ---- | M] () -- C:\Users\Sebastian\Desktop\nigromaculatus.jpg
[2012.08.12 11:11:54 | 000,000,132 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\Adobe AIFF Format CS5 Prefs
[2012.08.08 00:20:14 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2012.08.03 09:19:29 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.03 09:19:29 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.25 14:27:11 | 000,001,456 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.07.25 12:21:17 | 000,001,296 | ---- | M] () -- C:\Users\Sebastian\Desktop\meridionaleRuhrgebiet - Verknüpfung.lnk
[2012.07.25 12:21:13 | 000,001,215 | ---- | M] () -- C:\Users\Sebastian\Desktop\Sphingonotus - Verknüpfung.lnk
 
========== Files Created - No Company Name ==========
 
[2012.08.13 17:36:18 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.13 12:21:11 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.08.13 12:21:08 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.08.12 12:58:54 | 000,377,670 | ---- | C] () -- C:\Users\Sebastian\Desktop\nigromaculatus.jpg
[2012.08.12 11:11:54 | 000,000,132 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\Adobe AIFF Format CS5 Prefs
[2012.07.25 12:21:17 | 000,001,296 | ---- | C] () -- C:\Users\Sebastian\Desktop\meridionaleRuhrgebiet - Verknüpfung.lnk
[2012.07.25 12:21:13 | 000,001,215 | ---- | C] () -- C:\Users\Sebastian\Desktop\Sphingonotus - Verknüpfung.lnk
[2012.07.12 00:48:32 | 000,782,328 | ---- | C] () -- C:\Users\Sebastian\Wischer_Jasmund_130811-100.jpg
[2012.07.12 00:47:25 | 000,531,540 | ---- | C] () -- C:\Users\Sebastian\150112-002.jpg
[2012.07.12 00:45:44 | 002,349,941 | ---- | C] () -- C:\Users\Sebastian\110512-101.jpg
[2012.07.12 00:43:36 | 000,986,523 | ---- | C] () -- C:\Users\Sebastian\_DSC7309.jpg
[2012.02.02 18:48:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012.01.15 01:09:08 | 000,000,244 | ---- | C] () -- C:\Windows\mobjects.ini
[2012.01.11 10:55:06 | 000,002,048 | -HS- | C] () -- C:\Users\Sebastian\AppData\Local\{79145b63-5e27-e084-89a0-7dfa039786d8}\@
[2012.01.02 22:04:37 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2012.01.02 22:04:37 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2011.08.22 21:55:07 | 000,000,132 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.07.05 11:04:21 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Nature
[2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Multipressor
[2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Metadata Importer
[2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Master
[2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Mallets
[2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Mail
[2011.06.26 19:54:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.06.26 19:54:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.06.26 19:54:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.06.26 15:09:27 | 000,000,132 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.05.12 13:19:39 | 000,000,268 | RH-- | C] () -- C:\ProgramData\StartupItems
[2011.05.12 13:19:39 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Bass Reduction
[2011.05.12 01:47:06 | 000,001,456 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.05.11 17:36:03 | 001,371,098 | ---- | C] () -- C:\Users\Sebastian\grypus_Helgoland_291210-007.jpg
[2011.05.11 12:09:41 | 000,000,508 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.05.10 20:39:40 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Standard Tool
[2011.05.10 20:39:40 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Specifications
[2011.05.10 20:39:40 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2011.05.10 20:39:40 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Bass
[2011.05.10 20:39:33 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Speech Enhancer
[2011.05.10 20:33:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2011.05.07 02:36:33 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.05.06 18:09:38 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011.05.06 18:09:38 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011.05.06 18:09:38 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011.05.06 18:09:37 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.05.06 18:09:37 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.05.06 17:54:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.02.11 12:22:50 | 001,643,190 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 939 bytes -> C:\Users\Sebastian\Desktop\[Fwd_ D. ruthei].eml:OECustomProperty
@Alternate Data Stream - 917 bytes -> C:\Users\Sebastian\Desktop\Meconema meridionale.eml:OECustomProperty
@Alternate Data Stream - 789 bytes -> C:\Users\Sebastian\Desktop\Re_ meridionale.eml:OECustomProperty
@Alternate Data Stream - 769 bytes -> C:\Users\Sebastian\Desktop\meconema.eml:OECustomProperty

< End of report >
--- --- ---

t'john 13.08.2012 20:27
:hallo:

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKCU\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.selectedEngine: "google.de PWS"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.21 10:33:27 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2004.04.30 17:01:00 | 000,000,053 | -HS- | M] () - Y:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{f315c5c8-77f8-11e0-8d51-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f315c5c8-77f8-11e0-8d51-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
@Alternate Data Stream - 939 bytes -> C:\Users\Sebastian\Desktop\[Fwd_ D. ruthei].eml:OECustomProperty
@Alternate Data Stream - 917 bytes -> C:\Users\Sebastian\Desktop\Meconema meridionale.eml:OECustomProperty
@Alternate Data Stream - 789 bytes -> C:\Users\Sebastian\Desktop\Re_ meridionale.eml:OECustomProperty
@Alternate Data Stream - 769 bytes -> C:\Users\Sebastian\Desktop\meconema.eml:OECustomProperty
[2011.06.09 14:06:02 | 000,001,742 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\1d1dkcct.default\searchplugins\googlede-pws.xml
[2012.06.18 02:27:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.18 02:27:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.18 02:27:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 02:27:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 02:27:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 02:27:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
[2012.08.13 19:27:11 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.13 19:19:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.13 16:08:36 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.13 13:02:17 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.08.13 12:21:04 | 000,699,412 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.13 12:21:04 | 000,654,730 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.13 12:21:04 | 000,149,350 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.13 12:21:04 | 000,122,304 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.11 10:55:06 | 000,002,048 | -HS- | C] () -- C:\Users\Sebastian\AppData\Local\{79145b63-5e27-e084-89a0-7dfa039786d8}\@

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

sphagnicola 13.08.2012 20:44
Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49606DC7-976D-4030-A74E-9FB5C842FA68}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49606DC7-976D-4030-A74E-9FB5C842FA68}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "google.de PWS" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.suggest.enabled
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. D:\autorun.inf scheduled to be moved on reboot.
Y:\AUTORUN.INF moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f315c5c8-77f8-11e0-8d51-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f315c5c8-77f8-11e0-8d51-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f315c5c8-77f8-11e0-8d51-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f315c5c8-77f8-11e0-8d51-806e6f6e6963}\ not found.
File D:\Autorun.exe not found.
ADS C:\Users\Sebastian\Desktop\[Fwd_ D. ruthei].eml:OECustomProperty deleted successfully.
ADS C:\Users\Sebastian\Desktop\Meconema meridionale.eml:OECustomProperty deleted successfully.
ADS C:\Users\Sebastian\Desktop\Re_ meridionale.eml:OECustomProperty deleted successfully.
ADS C:\Users\Sebastian\Desktop\meconema.eml:OECustomProperty deleted successfully.
C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\1d1dkcct.default\searchplugins\googlede-pws.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\SystemToolsDailyTest.job moved successfully.
C:\Windows\SysNative\perfh007.dat moved successfully.
C:\Windows\SysNative\perfh009.dat moved successfully.
C:\Windows\SysNative\perfc007.dat moved successfully.
C:\Windows\SysNative\perfc009.dat moved successfully.
C:\Users\Sebastian\AppData\Local\{79145b63-5e27-e084-89a0-7dfa039786d8}\@ moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Sebastian\Desktop\cmd.bat deleted successfully.
C:\Users\Sebastian\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Sebastian
->Temp folder emptied: 924089428 bytes
->Temporary Internet Files folder emptied: 470429373 bytes
->Java cache emptied: 5348746 bytes
->FireFox cache emptied: 181071046 bytes
->Apple Safari cache emptied: 55231488 bytes
->Opera cache emptied: 12070959 bytes
->Flash cache emptied: 58003 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 498954197 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 25372888 bytes
RecycleBin emptied: 57027 bytes
 
Total Files Cleaned = 2.072,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Sebastian
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.57.0 log created on 08132012_213555

Files\Folders moved on Reboot...
File move failed. D:\autorun.inf scheduled to be moved on reboot.
C:\Users\Sebastian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2010.11.21 10:33:27 | 000,000,122 | R--- | M] () D:\autorun.inf : MD5=B00D1EABC043412FD9CD13F6FE04202D
File C:\Users\Sebastian\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012.08.13 21:41:29 | 008,405,015 | ---- | M] () C:\Windows\temp\TmpFile1 : Unable to obtain MD5

Registry entries deleted on Reboot...

t'john 13.08.2012 21:26
Sehr gut! :daumenhoc



1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

sphagnicola 13.08.2012 23:41
Zwischendurch schon einmal Danke für die Mühe!

t'john 13.08.2012 23:56
Sehr gut! :daumenhoc


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

sphagnicola 14.08.2012 08:57
Hallo,

hier schon mal die log-Datei vom Adwcleaner.
Emisoft braucht sehr lange, musste ich gestern nach 4,5 Stunden abrechen. Hab es jetzt nochmal gestartet...

sphagnicola 14.08.2012 14:11
Hallo t'john

bis jetzt gerade ist Emisoft Anti-Malware durchgelaufen, hat aber nichts gefunden. Habe aber aus Versehen irgendwie den Bericht nicht gefunden bzw. gespeichert? Wie schlimm ist das? Ich will ungern nochmal so viele Stunden warten. Wie gesagt, er hatte nix gefunden...

Edit: oder ist das der hier:

t'john 14.08.2012 15:15
Sehr gut! :daumenhoc



Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

sphagnicola 14.08.2012 18:11
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a1be9db7170b7f468508cb17ef3820ea
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-14 05:07:02
# local_time=2012-08-14 07:07:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 101264 96584501 0 0
# compatibility_mode=8192 67108863 100 0 121 121 0 0
# scanned=438220
# found=0
# cleaned=0
# scan_time=9371

t'john 14.08.2012 18:48
Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:27 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131