Seite 1 von 2 12 LetzteLetzte
Ergebnis 1 bis 10 von 17
  1. #1
    Einsteiger
    Registriert seit
    27.04.2013
    Beiträge
    9

    diverse Schadware

    Habe einiges an Schadware auf dem Laptop und bitte um Eure Hilfe.

    Code:
    Malwarebytes Anti-Malware (Test) 1.75.0.1300
    www.malwarebytes.org
    
    Datenbank Version: v2013.04.26.08
    
    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Julia :: PDOG-PC [Administrator]
    
    Schutz: Aktiviert
    
    27.04.2013 02:25:01
    mbam-log-2013-04-27 (02-25-01).txt
    
    Art des Suchlaufs: Quick-Scan
    Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
    Deaktivierte Suchlaufeinstellungen: P2P
    Durchsuchte Objekte: 232781
    Laufzeit: 11 Minute(n), 34 Sekunde(n)
    
    Infizierte Speicherprozesse: 1
    C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.InstallBrain) -> 2064 -> Löschen bei Neustart.
    
    Infizierte Speichermodule: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Registrierungsschlüssel: 2
    HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    
    Infizierte Registrierungswerte: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Dateiobjekte der Registrierung: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Verzeichnisse: 1
    C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Löschen bei Neustart.
    
    Infizierte Dateien: 2
    C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.InstallBrain) -> Löschen bei Neustart.
    C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    
    (Ende)
    OTL

    Code:
    OTL logfile created on: 27.04.2013 20:41:12 - Run 2
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Julia\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    3,00 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 48,13% Memory free
    6,19 Gb Paging File | 4,28 Gb Available in Paging File | 69,11% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 223,86 Gb Total Space | 109,09 Gb Free Space | 48,73% Space Free | Partition Type: NTFS
    Drive D: | 232,88 Gb Total Space | 217,37 Gb Free Space | 93,34% Space Free | Partition Type: NTFS
    Drive E: | 9,03 Gb Total Space | 1,65 Gb Free Space | 18,28% Space Free | Partition Type: NTFS
     
    Computer Name: PDOG-PC | User Name: Julia | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - C:\Users\Julia\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
    PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.)
    PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
    PRC - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
    PRC - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
    PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    PRC - C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.)
    PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Winamp\winampa.exe ()
    PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (Andrea Electronics Corporation)
    PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
    PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    PRC - C:\Windows\SMINST\BLService.exe ()
    PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
    MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dae1b2e49e240e879a6523025cc306fb\Microsoft.VisualBasic.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
    MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
    MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll ()
    MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll ()
    MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll ()
    MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll ()
    MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll ()
    MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll ()
    MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
    MOD - C:\Program Files\ipla\MediaFileScanner.dll ()
    MOD - C:\Program Files\ipla\jabberoo.dll ()
    MOD - C:\Program Files\ipla\lua.dll ()
    MOD - C:\Program Files\ipla\ziplib.dll ()
    MOD - C:\Windows\System32\dossec.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
    MOD - C:\Program Files\Winamp\winampa.exe ()
    MOD - C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()
    MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
    MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
    MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
    MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
     
     
    ========== Services (SafeList) ==========
     
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
    SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
    SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)
    SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (Andrea Electronics Corporation)
    SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()
    SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
    DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
    DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
    DRV - (hwusbdev) -- system32\DRIVERS\ewusbdev.sys File not found
    DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
    DRV - (gtstusbser) -- system32\DRIVERS\gtstusbser.sys File not found
    DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found
    DRV - (cmnsusbser) -- system32\DRIVERS\cmnsusbser.sys File not found
    DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (A2DDA) -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys (Emsisoft GmbH)
    DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
    DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
    DRV - (a2acc) -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys (Emsisoft GmbH)
    DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
    DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
    DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
    DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
    DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
    DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
    DRV - (AVerAF15) -- C:\Windows\System32\drivers\AVerAF15.sys (AVerMedia TECHNOLOGIES, Inc.)
    DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
    DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
    DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
    DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
    DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Corporation)
    DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
    DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
    DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
    DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
    DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope = 
    IE - HKLM\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
     
     
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
     
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
     
    IE - HKU\S-1-5-21-2125760910-1227203439-2855933728-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
    IE - HKU\S-1-5-21-2125760910-1227203439-2855933728-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-21-2125760910-1227203439-2855933728-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2125760910-1227203439-2855933728-1001\..\SearchScopes,DefaultScope = 
    IE - HKU\S-1-5-21-2125760910-1227203439-2855933728-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-2125760910-1227203439-2855933728-1001\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
    IE - HKU\S-1-5-21-2125760910-1227203439-2855933728-1001\..\SearchScopes\{5AC41F67-6533-445F-9161-73D2048D0837}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=6108CF77-D51F-4519-A24D-3141154E58C7&apn_sauid=F18838D4-7E51-42DD-B4D9-B694F3543E2B
    IE - HKU\S-1-5-21-2125760910-1227203439-2855933728-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-2125760910-1227203439-2855933728-1001\..\SearchScopes\{9ED201DE-07E0-448B-BE8A-3315F00F083D}: "URL" = http://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=798
    IE - HKU\S-1-5-21-2125760910-1227203439-2855933728-1001\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
    IE - HKU\S-1-5-21-2125760910-1227203439-2855933728-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
     
    ========== FireFox ==========
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Julia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.29 13:30:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.29 13:30:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.29 13:30:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.11.14 21:55:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.27 04:53:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.14 21:55:41 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.27 04:53:32 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.14 21:55:41 | 000,000,000 | ---D | M]
     
    [2013.02.26 20:25:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012.04.13 14:42:49 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013.04.27 04:53:32 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2013.04.27 04:53:28 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
    [2013.04.27 04:53:28 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2013.04.27 04:53:28 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
    [2013.04.27 04:53:28 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
    [2013.04.27 04:53:28 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
    [2013.04.27 04:53:28 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
     
    ========== Chrome  ==========
     
    CHR - default_search_provider: WebSearch (Enabled)
    CHR - default_search_provider: search_url = http://websearch.helpmefindyour.info/?l=1&q={searchTerms}&pid=658&r=2013/04/11&hid=487201673&lg=EN&cc=DE
    CHR - default_search_provider: suggest_url = http://websearch.helpmefindyour.info/?l=1&q={searchTerms}&pid=658&r=2013/04/11&hid=487201673&lg=EN&cc=DE
    CHR - homepage: http://websearch.helpmefindyour.info/?pid=658&r=2013/04/11&hid=487201673&lg=EN&cc=DE
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\system32\npDeployJava1.dll
    CHR - Extension: Google Docs = C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google-Suche = C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_1\
    CHR - Extension: Battlefield Play4Free = C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.96.0_1\
    CHR - Extension: Virtuelle Tastatur = C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_1\
    CHR - Extension: Skype Click to Call = C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
    CHR - Extension: Mehr Leistung und Videoformate fr dein HTML5 video = C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Bitdefender QuickScan = C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\
    CHR - Extension: Google Mail = C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
    CHR - Extension: Anti-Banner = C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
     
    O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O1 - Hosts: ::1             localhost
    O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
    O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
    O3 - HKU\S-1-5-21-2125760910-1227203439-2855933728-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-2125760910-1227203439-2855933728-1001\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
    O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2125760910-1227203439-2855933728-1001..\Run: [ChomikBox] C:\Program Files\ChomikBox\chomikbox.exe File not found
    O4 - HKU\S-1-5-21-2125760910-1227203439-2855933728-1001..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 32
    O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
    O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
    O13 - gopher Prefix: missing
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-2125760910-1227203439-2855933728-1001\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.179.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08FDAAA6-F813-4500-BCF8-7D07657B9DB3}: DhcpNameServer = 192.168.179.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D19993E-BE24-4F64-889D-01EFF9CF1BD1}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - AppInit_DLLs: (c:\progra~1\browse~1\sprote~1.dll) -  File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
    O24 - Desktop WallPaper: C:\Users\Julia\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Julia\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
    O32 - HKLM CDRom: AutoRun - 0
    O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{3e8c5b38-cfe6-11e0-a359-001e101fb4df}\Shell - "" = AutoRun
    O33 - MountPoints2\{3e8c5b38-cfe6-11e0-a359-001e101fb4df}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{5a1b0b25-e4f8-11df-b2bd-001eecb87f09}\Shell - "" = AutoRun
    O33 - MountPoints2\{5a1b0b25-e4f8-11df-b2bd-001eecb87f09}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{656dd48c-e4fc-11df-bfac-001e101f63cf}\Shell - "" = AutoRun
    O33 - MountPoints2\{656dd48c-e4fc-11df-bfac-001e101f63cf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{7145a3bc-eb61-11df-9ba8-001e101f34ad}\Shell - "" = AutoRun
    O33 - MountPoints2\{7145a3bc-eb61-11df-9ba8-001e101f34ad}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{aae1f521-dfbb-11e0-81c7-001eecb87f09}\Shell - "" = AutoRun
    O33 - MountPoints2\{aae1f521-dfbb-11e0-81c7-001eecb87f09}\Shell\AutoRun\command - "" = G:\QsSetup.exe
    O33 - MountPoints2\{ab089f7d-3421-11e0-b151-001e101f1f81}\Shell - "" = AutoRun
    O33 - MountPoints2\{ab089f7d-3421-11e0-b151-001e101f1f81}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{ac14f6f9-2a49-11e0-a217-001e101f82a0}\Shell - "" = AutoRun
    O33 - MountPoints2\{ac14f6f9-2a49-11e0-a217-001e101f82a0}\Shell\AutoRun\command - "" = I:\NPSAI.exe
    O33 - MountPoints2\{cf077f2c-6b72-11e1-9784-d1d66262c354}\Shell - "" = AutoRun
    O33 - MountPoints2\{cf077f2c-6b72-11e1-9784-d1d66262c354}\Shell\AutoRun\command - "" = G:\autorun.exe
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\QsSetup.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2013.04.27 04:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2013.04.27 04:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2013.04.27 03:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2013.04.27 03:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2013.04.27 03:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
    [2013.04.27 03:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
    [2013.04.27 03:43:14 | 000,000,000 | ---D | C] -- C:\Users\Julia\Documents\Anti-Malware
    [2013.04.27 02:55:03 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
    [2013.04.27 02:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
    [2013.04.27 02:54:55 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
    [2013.04.27 02:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013.04.27 02:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013.04.27 02:22:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2013.04.27 02:22:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013.04.25 20:53:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ipla
    [2013.04.11 21:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
    [2013.04.11 21:50:41 | 000,018,952 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
    [2013.04.10 18:23:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2013.04.10 18:23:52 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2013.04.10 18:23:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2013.04.10 18:23:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2013.04.10 18:23:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2013.04.10 18:23:51 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2013.04.10 18:23:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2013.04.10 18:23:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2013.04.10 18:06:55 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2013.04.10 18:06:55 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2013.04.10 18:06:55 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
    [2013.04.10 18:06:53 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
    [2013.04.10 18:06:50 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2013.04.05 21:21:38 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\Macromedia
    [2013.04.05 18:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2013.04.05 11:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\OpenFM
    [2013.04.04 17:57:57 | 000,000,000 | ---D | C] -- C:\Users\Julia\.gstreamer-0.10
    [2013.04.04 17:56:10 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\ChomikBox
    [2013.04.02 13:54:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dBpoweramp Music Converter
    [2013.03.30 17:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
    [2013.03.29 20:31:01 | 000,000,000 | ---D | C] -- C:\Users\Julia\Documents\CyberLink
    [2008.12.13 21:09:40 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
    [2008.12.13 21:09:40 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
    [2008.12.13 21:09:39 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
    [2008.12.13 21:09:39 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
    [2008.12.13 21:09:39 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
     
    ========== Files - Modified Within 30 Days ==========
     
    [2013.04.27 20:09:01 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2125760910-1227203439-2855933728-1001UA.job
    [2013.04.27 20:09:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2125760910-1227203439-2855933728-1001Core.job
    [2013.04.27 20:07:15 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
    [2013.04.27 20:03:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013.04.27 19:59:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013.04.27 19:53:37 | 000,214,157 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2013.04.27 19:53:37 | 000,214,157 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2013.04.27 19:53:35 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
    [2013.04.27 19:53:29 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013.04.27 19:53:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013.04.27 19:53:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013.04.27 19:53:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013.04.27 19:53:17 | 3218,042,880 | -HS- | M] () -- C:\hiberfil.sys
    [2013.04.27 19:51:47 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2013.04.27 19:44:16 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
    [2013.04.27 04:39:24 | 000,007,680 | ---- | M] () -- C:\Windows\3104341.exe
    [2013.04.27 04:39:24 | 000,001,060 | ---- | M] () -- C:\Windows\3104341.dat
    [2013.04.27 03:58:36 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013.04.27 03:49:06 | 000,007,808 | ---- | M] () -- C:\Users\Julia\AppData\Local\d3d9caps.dat
    [2013.04.27 03:43:58 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
    [2013.04.27 02:22:47 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013.04.27 00:30:46 | 000,628,914 | ---- | M] () -- C:\Windows\System32\perfh007.dat
    [2013.04.27 00:30:46 | 000,596,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013.04.27 00:30:46 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc007.dat
    [2013.04.27 00:30:46 | 000,104,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013.04.25 20:54:02 | 000,000,710 | ---- | M] () -- C:\Users\Public\Desktop\ipla.lnk
    [2013.04.25 14:00:27 | 000,001,011 | ---- | M] () -- C:\Windows\Mobile Partner Manager.INI
    [2013.04.25 12:40:51 | 000,075,264 | ---- | M] () -- C:\Users\Julia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013.04.11 22:26:51 | 109,108,002 | ---- | M] () -- C:\Users\Julia\Desktop\DDK_RPK-Slowo_Dla_Ludzi_Cz.2-PL-2011-EMPiK.rar
    [2013.04.11 21:51:26 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
    [2013.04.10 19:02:17 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013.04.10 18:55:35 | 000,327,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2013.04.08 19:19:03 | 000,131,072 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
    [2013.04.06 19:13:47 | 003,690,496 | ---- | M] () -- C:\Users\Julia\s-1-5-21-2125760910-1227203439-2855933728-1001.rrr
    [2013.04.04 18:24:54 | 000,000,494 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
    [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2013.04.03 12:44:59 | 000,001,796 | ---- | M] () -- C:\Users\Julia\Desktop\Skype.lnk
    [2013.04.02 14:28:27 | 000,003,762 | ---- | M] () -- C:\Users\Julia\Documents\config.cfg
    [2013.04.02 13:54:55 | 000,017,840 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
    [2013.04.02 13:50:57 | 007,261,768 | ---- | M] () -- C:\Windows\System32\SpoonUninstall.exe
    [2013.03.30 17:59:18 | 000,001,604 | ---- | M] () -- C:\Users\Julia\Desktop\UseNeXT.lnk
     
    ========== Files Created - No Company Name ==========
     
    [2013.04.27 04:39:24 | 000,007,680 | ---- | C] () -- C:\Windows\3104341.exe
    [2013.04.27 04:39:24 | 000,001,060 | ---- | C] () -- C:\Windows\3104341.dat
    [2013.04.27 03:58:36 | 000,000,766 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013.04.27 03:43:58 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
    [2013.04.27 02:22:47 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013.04.25 20:54:02 | 000,000,710 | ---- | C] () -- C:\Users\Public\Desktop\ipla.lnk
    [2013.04.11 21:51:26 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
    [2013.04.11 21:51:22 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe
    [2013.04.11 21:50:51 | 109,108,002 | ---- | C] () -- C:\Users\Julia\Desktop\DDK_RPK-Slowo_Dla_Ludzi_Cz.2-PL-2011-EMPiK.rar
    [2013.04.08 19:18:19 | 000,131,072 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
    [2013.04.06 19:13:47 | 003,690,496 | ---- | C] () -- C:\Users\Julia\s-1-5-21-2125760910-1227203439-2855933728-1001.rrr
    [2013.04.04 18:24:54 | 000,000,494 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
    [2013.04.03 12:44:59 | 000,001,796 | ---- | C] () -- C:\Users\Julia\Desktop\Skype.lnk
    [2013.04.02 14:29:00 | 000,003,762 | ---- | C] () -- C:\Users\Julia\Documents\config.cfg
    [2013.04.02 13:54:55 | 007,261,768 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
    [2013.04.02 13:54:55 | 000,017,840 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
    [2013.03.30 17:59:18 | 000,001,604 | ---- | C] () -- C:\Users\Julia\Desktop\UseNeXT.lnk
    [2012.11.15 01:09:52 | 000,038,560 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
    [2012.10.17 17:43:33 | 000,017,408 | ---- | C] () -- C:\Users\Julia\AppData\Local\WebpageIcons.db
    [2012.10.17 17:41:25 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
    [2012.10.17 17:41:25 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
    [2011.09.15 19:04:14 | 000,001,011 | ---- | C] () -- C:\Windows\Mobile Partner Manager.INI
    [2010.11.25 15:44:19 | 000,075,264 | ---- | C] () -- C:\Users\Julia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010.11.02 21:14:15 | 000,007,808 | ---- | C] () -- C:\Users\Julia\AppData\Local\d3d9caps.dat
    [2010.03.09 21:55:51 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
    [2010.03.09 21:55:51 | 000,000,000 | RHS- | C] () -- \IO.SYS
    [2008.12.13 19:25:42 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
    [2008.12.12 19:17:35 | 000,000,375 | -H-- | C] () -- \IPH.PH
    [2008.12.12 19:17:10 | 000,214,157 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2008.12.12 19:15:10 | 000,214,157 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2008.10.05 08:38:20 | 000,000,249 | ---- | C] () -- C:\ProgramData\hpqp.ini
    [2008.10.05 07:50:58 | 3218,042,880 | -HS- | C] () -- \hiberfil.sys
    [2008.02.08 08:49:06 | 000,333,257 | RHS- | C] () -- \bootmgr
    [2006.11.02 12:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
    [2006.11.02 08:25:08 | 000,000,010 | ---- | C] () -- \config.sys
     
    ========== ZeroAccess Check ==========
     
    [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    ========== LOP Check ==========
     
    [2010.04.25 09:51:25 | 000,000,000 | ---D | M] -- C:\Users\All Users\Acoustica
    [2008.12.12 19:11:07 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
    [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
    [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
    [2008.12.13 21:09:38 | 000,000,000 | ---D | M] -- C:\Users\All Users\DEU
    [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
    [2008.12.12 19:11:07 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
    [2010.04.24 23:37:21 | 000,000,000 | ---D | M] -- C:\Users\All Users\FarmFrenzy3_Arctica
    [2008.12.12 19:11:07 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
    [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
    [2013.03.26 12:33:12 | 000,000,000 | ---D | M] -- C:\Users\All Users\Gadu-Gadu 10
    [2012.02.25 01:46:18 | 000,000,000 | ---D | M] -- C:\Users\All Users\ipla
    [2011.08.20 21:10:04 | 000,000,000 | ---D | M] -- C:\Users\All Users\LightScribe
    [2009.04.26 09:46:53 | 000,000,000 | ---D | M] -- C:\Users\All Users\MAGIX
    [2013.04.05 11:05:21 | 000,000,000 | ---D | M] -- C:\Users\All Users\OpenFM
    [2010.05.22 21:14:39 | 000,000,000 | ---D | M] -- C:\Users\All Users\PlayFirst
    [2011.09.06 19:59:04 | 000,000,000 | ---D | M] -- C:\Users\All Users\RDRM
    [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
    [2008.12.12 19:11:07 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
    [2013.04.11 21:51:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\Systweak
    [2013.04.27 19:53:34 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP
    [2006.11.02 15:02:04 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
    [2010.02.04 23:51:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\Vodafone
    [2008.12.12 19:11:07 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
    [2011.12.23 12:20:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\WildTangent
    [2008.08.01 00:18:32 | 000,000,000 | ---D | M] -- C:\Users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    [2008.12.12 19:11:07 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
    [2006.11.02 13:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
    [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
    [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
    [2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
    [2008.12.12 19:11:07 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
    [2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
    [2008.12.12 19:11:07 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
    [2008.12.12 19:11:07 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
    [2008.12.12 19:17:23 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
    [2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
    [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
    [2008.12.12 19:11:07 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
    [2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
    [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
    [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
    [2008.12.12 19:11:07 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
    [2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
    [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
    [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
    [2006.11.02 12:23:35 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
    [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
    [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
    [2008.12.12 19:11:07 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
    [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
    [2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
    [2008.12.12 19:11:07 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
    [2013.04.27 16:02:34 | 000,000,000 | ---D | M] -- C:\Users\Julia\.gstreamer-0.10
    [2009.01.21 16:40:02 | 000,000,000 | -HSD | M] -- C:\Users\Julia\Anwendungsdaten
    [2009.01.21 16:40:36 | 000,000,000 | -H-D | M] -- C:\Users\Julia\AppData
    [2011.07.31 16:35:31 | 000,000,000 | ---D | M] -- C:\Users\Julia\Bluetooth Software
    [2012.04.27 00:50:14 | 000,000,000 | R--D | M] -- C:\Users\Julia\Contacts
    [2009.01.21 16:40:02 | 000,000,000 | -HSD | M] -- C:\Users\Julia\Cookies
    [2013.04.27 03:42:07 | 000,000,000 | R--D | M] -- C:\Users\Julia\Desktop
    [2013.04.27 03:43:14 | 000,000,000 | R--D | M] -- C:\Users\Julia\Documents
    [2013.04.27 20:39:23 | 000,000,000 | R--D | M] -- C:\Users\Julia\Downloads
    [2009.01.21 16:40:02 | 000,000,000 | -HSD | M] -- C:\Users\Julia\Druckumgebung
    [2009.01.21 16:40:02 | 000,000,000 | -HSD | M] -- C:\Users\Julia\Eigene Dateien
    [2012.03.21 21:28:51 | 000,000,000 | R--D | M] -- C:\Users\Julia\Favorites
    [2009.01.21 16:40:37 | 000,000,000 | R--D | M] -- C:\Users\Julia\Links
    [2009.01.21 16:40:02 | 000,000,000 | -HSD | M] -- C:\Users\Julia\Lokale Einstellungen
    [2009.01.21 16:40:36 | 000,000,000 | R--D | M] -- C:\Users\Julia\Music
    [2009.01.21 16:40:02 | 000,000,000 | -HSD | M] -- C:\Users\Julia\Netzwerkumgebung
    [2013.04.09 21:36:30 | 000,000,000 | R--D | M] -- C:\Users\Julia\Pictures
    [2009.01.21 16:40:02 | 000,000,000 | -HSD | M] -- C:\Users\Julia\Recent
    [2010.07.04 23:32:56 | 000,000,000 | R--D | M] -- C:\Users\Julia\Saved Games
    [2009.01.21 16:40:37 | 000,000,000 | R--D | M] -- C:\Users\Julia\Searches
    [2009.01.21 16:40:02 | 000,000,000 | -HSD | M] -- C:\Users\Julia\SendTo
    [2009.01.21 16:40:02 | 000,000,000 | -HSD | M] -- C:\Users\Julia\Startmenü
    [2013.03.16 16:54:46 | 000,000,000 | ---D | M] -- C:\Users\Julia\Tracing
    [2011.06.14 14:46:23 | 000,000,000 | R--D | M] -- C:\Users\Julia\Videos
    [2009.01.21 16:40:02 | 000,000,000 | -HSD | M] -- C:\Users\Julia\Vorlagen
    [2008.12.12 19:15:06 | 000,000,000 | -HSD | M] -- C:\Users\pdog\Anwendungsdaten
    [2008.12.12 19:15:21 | 000,000,000 | -H-D | M] -- C:\Users\pdog\AppData
    [2009.10.23 11:54:19 | 000,000,000 | ---D | M] -- C:\Users\pdog\Application Data
    [2008.12.12 19:33:31 | 000,000,000 | ---D | M] -- C:\Users\pdog\Bluetooth Software
    [2009.04.26 06:24:09 | 000,000,000 | R--D | M] -- C:\Users\pdog\Contacts
    [2008.12.12 19:15:06 | 000,000,000 | -HSD | M] -- C:\Users\pdog\Cookies
    [2011.09.15 19:40:29 | 000,000,000 | R--D | M] -- C:\Users\pdog\Downloads
    [2008.12.12 19:15:06 | 000,000,000 | -HSD | M] -- C:\Users\pdog\Druckumgebung
    [2009.04.26 09:17:14 | 000,000,000 | ---D | M] -- C:\Users\pdog\DSS DJ Data
    [2008.12.12 19:15:06 | 000,000,000 | -HSD | M] -- C:\Users\pdog\Eigene Dateien
    [2011.06.18 23:24:27 | 000,000,000 | R--D | M] -- C:\Users\pdog\Links
    [2008.12.12 19:15:06 | 000,000,000 | -HSD | M] -- C:\Users\pdog\Lokale Einstellungen
    [2008.12.12 19:15:06 | 000,000,000 | -HSD | M] -- C:\Users\pdog\Netzwerkumgebung
    [2008.12.12 19:15:06 | 000,000,000 | -HSD | M] -- C:\Users\pdog\Recent
    [2008.12.12 19:42:08 | 000,000,000 | R--D | M] -- C:\Users\pdog\Saved Games
    [2011.10.15 04:27:58 | 000,000,000 | R--D | M] -- C:\Users\pdog\Searches
    [2008.12.12 19:15:06 | 000,000,000 | -HSD | M] -- C:\Users\pdog\SendTo
    [2009.10.23 11:54:19 | 000,000,000 | ---D | M] -- C:\Users\pdog\Start Menu
    [2008.12.12 19:15:06 | 000,000,000 | -HSD | M] -- C:\Users\pdog\Startmenü
    [2008.12.12 19:15:06 | 000,000,000 | -HSD | M] -- C:\Users\pdog\Vorlagen
    [2013.04.27 03:58:36 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
    [2012.04.27 00:57:53 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
    [2006.11.02 14:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
    [2006.11.02 12:23:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
    [2011.11.05 19:02:37 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
    [2006.11.02 14:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
    [2011.10.15 04:29:35 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
    [2006.11.02 14:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
     
    ========== Purity Check ==========
     
     
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 122 bytes -> C:\Users\All Users\TEMP:B902F888
    @Alternate Data Stream - 122 bytes -> C:\Users\All Users\TEMP:AC0528D9
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B902F888
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:AC0528D9
    @Alternate Data Stream - 121 bytes -> C:\Users\All Users\TEMP:93B0BB6F
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:93B0BB6F
    @Alternate Data Stream - 118 bytes -> C:\Users\All Users\TEMP:D354012D
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:D354012D
    @Alternate Data Stream - 112 bytes -> C:\Users\All Users\TEMP:D1B5B4F1
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
    @Alternate Data Stream - 107 bytes -> C:\Users\All Users\TEMP:D4D38596
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:D4D38596
    
    < End of report >
    Vielen Dank im Voraus für die Hilfe!
    Geändert von john.doe (28.04.2013 um 08:20 Uhr) Grund: Code-Tags...

  2. #2
    Gesperrt
    Registriert seit
    11.03.2012
    Beiträge
    10.169
    Hallo Mato und

    Wegen der Funde von Malwarebytes musst du dir keine Sorgen machen.

    => PUP = http://en.wikipedia.org/wiki/Potenti...wanted_Program

    Doch gibt es leider Hinweise auf mehr.

    1.) Deinstalliere vorab:
    • Emsisoft Antimalware
    • Systweak-Gelumpe


    2.) Fixen mit OTL

    Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
    • Starte die OTL.exe.
      Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und waehlen "Als Administrator ausfuehren".
    • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
    Code:
    :OTL
    @Alternate Data Stream - 122 bytes -> C:\Users\All Users\TEMP:B902F888
    @Alternate Data Stream - 122 bytes -> C:\Users\All Users\TEMP:AC0528D9
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B902F888
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:AC0528D9
    @Alternate Data Stream - 121 bytes -> C:\Users\All Users\TEMP:93B0BB6F
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:93B0BB6F
    @Alternate Data Stream - 118 bytes -> C:\Users\All Users\TEMP:D354012D
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:D354012D
    @Alternate Data Stream - 112 bytes -> C:\Users\All Users\TEMP:D1B5B4F1
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
    @Alternate Data Stream - 107 bytes -> C:\Users\All Users\TEMP:D4D38596
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:D4D38596
    [2013.04.11 21:51:22 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe
    [2013.04.27 19:44:16 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
    [2013.04.27 04:39:24 | 000,007,680 | ---- | M] () -- C:\Windows\3104341.exe
    [2013.04.27 04:39:24 | 000,001,060 | ---- | M] () -- C:\Windows\3104341.dat
    [2013.04.27 19:53:35 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
    [2013.04.27 19:53:29 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013.04.27 19:59:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013.04.27 20:09:01 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2125760910-1227203439-2855933728-1001UA.job
    [2013.04.27 20:09:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2125760910-1227203439-2855933728-1001Core.job
    [2013.04.27 20:07:15 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
    [2013.04.11 21:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
    [2013.04.11 21:50:41 | 000,018,952 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
    O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exxe (PC Tools)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exxe (IDT, Inc.)
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exxe ()
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exxe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dlxl (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dlxl (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2125760910-1227203439-2855933728-1001..\Run: [ChomikBox] C:\Program Files\ChomikBox\chomikbox.exe File not found
    O4 - HKU\S-1-5-21-2125760910-1227203439-2855933728-1001..\Run: [IPLA!] C:\Program Files\ipla\ipla.exxe (Redefine Sp z o.o.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 32
    O32 - HKLM CDRom: AutoRun - 0
    O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{3e8c5b38-cfe6-11e0-a359-001e101fb4df}\Shell - "" = AutoRun
    O33 - MountPoints2\{3e8c5b38-cfe6-11e0-a359-001e101fb4df}\Shell\AutoRun\command - "" = G:\AutoRun.exex
    O33 - MountPoints2\{5a1b0b25-e4f8-11df-b2bd-001eecb87f09}\Shell - "" = AutoRun
    O33 - MountPoints2\{5a1b0b25-e4f8-11df-b2bd-001eecb87f09}\Shell\AutoRun\command - "" = G:\AutoRun.exex
    O33 - MountPoints2\{656dd48c-e4fc-11df-bfac-001e101f63cf}\Shell - "" = AutoRun
    O33 - MountPoints2\{656dd48c-e4fc-11df-bfac-001e101f63cf}\Shell\AutoRun\command - "" = G:\AutoRun.exex
    O33 - MountPoints2\{7145a3bc-eb61-11df-9ba8-001e101f34ad}\Shell - "" = AutoRun
    O33 - MountPoints2\{7145a3bc-eb61-11df-9ba8-001e101f34ad}\Shell\AutoRun\command - "" = G:\AutoRun.exex
    O33 - MountPoints2\{aae1f521-dfbb-11e0-81c7-001eecb87f09}\Shell - "" = AutoRun
    O33 - MountPoints2\{aae1f521-dfbb-11e0-81c7-001eecb87f09}\Shell\AutoRun\command - "" = G:\QsSetup.exex
    O33 - MountPoints2\{ab089f7d-3421-11e0-b151-001e101f1f81}\Shell - "" = AutoRun
    O33 - MountPoints2\{ab089f7d-3421-11e0-b151-001e101f1f81}\Shell\AutoRun\command - "" = G:\AutoRun.exex
    O33 - MountPoints2\{ac14f6f9-2a49-11e0-a217-001e101f82a0}\Shell - "" = AutoRun
    O33 - MountPoints2\{ac14f6f9-2a49-11e0-a217-001e101f82a0}\Shell\AutoRun\command - "" = I:\NPSAI.exex
    O33 - MountPoints2\{cf077f2c-6b72-11e1-9784-d1d66262c354}\Shell - "" = AutoRun
    O33 - MountPoints2\{cf077f2c-6b72-11e1-9784-d1d66262c354}\Shell\AutoRun\command - "" = G:\autorun.exex
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\QsSetup.exex
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
    O3 - HKU\S-1-5-21-2125760910-1227203439-2855933728-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-2125760910-1227203439-2855933728-1001\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
    
    :Files
    C:\Windows\Temp
    C:\ProgramData\TEMP
    C:\Users\Temp
    C:\Users\Julia\*.exe
    C:\Users\Julia\*.dll
    C:\Users\Julia\AppData\Local\Temp\*.exe
    C:\Users\Julia\AppData\Local\Temp\*.dll
    C:\Users\Julia\AppData\LocalLow\Sun\Java\Deployment\cache
    C:\Users\Default\*.exe
    C:\Users\Default\*.dll
    C:\Users\Default\AppData\Local\Temp\*.exe
    C:\Users\Default\AppData\Local\Temp\*.dll
    C:\Users\Default\AppData\LocalLow\Sun\Java\Deployment\cache
    C:\Users\pdog\*.exe
    C:\Users\pdog\*.dll
    C:\Users\pdog\AppData\Local\Temp\*.exe
    C:\Users\pdog\AppData\Local\Temp\*.dll
    C:\Users\pdog\AppData\LocalLow\Sun\Java\Deployment\cache
    
    :Commands
    [emptytemp]
    • Schliesse alle Programme.
    • Klicke auf Fix.
    • Wenn OTL einen Neustart verlangt, bitte zulassen.
    • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
      Nachtraeglich kannst Du das Logfile hier einsehen
      => C:\_OTL\MovedFiles\<datum_nummer.log>

    Hinweis fuer Mitleser: Obiges OTL-Script ist ausschliesslich fuer diesen User in dieser Situtation erstellt worden.
    Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schaedigen!

    3.) Rogue- und FakeAV-Programme mit RogueKiller suchen

    Lade RogueKiller herunter und speichere das Programm auf Deinem Desktop.

    • Beende alle laufenden Programme.
    • Vista- und Windows7-User starten die RogueKiller.exe per Rechtsklick als Administrator
      XP-User einfach per Doppelklick.
    • Klicke Scan, um den Suchlauf zu starten.

    • Klicke auf den Button Bericht, um den Bericht zu sehen.
      Der Bericht RKreport.txt wird nach der Ausführung auf Deinem Desktop zu finden sein.
    • Wenn das Programm nicht läuft, benenne die roguekiller.exe um in MirDochEgal.exe.

    Poste mir bitte den Inhalt von RKreport.txt in Deine nächste Antwort.

    ciao, andreas
    Geändert von john.doe (28.04.2013 um 10:22 Uhr) Grund: Petra hat es drauf.

  3. #3
    Einsteiger
    Registriert seit
    27.04.2013
    Beiträge
    9
    Vielen Dank john.doe

    Hier nun der Bericht:

    HTML-Code:
    RogueKiller V8.5.4 [Mar 18 2013] durch Tigzy
    mail: tigzyRK<at>gmail<dot>com
    
    mail : tigzyRK<at>gmail<dot>com
    Kommentare : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Webseite : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    
    Betriebssystem : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Gestartet in : Normaler Modus
    Benutzer : Julia [Admin Rechte]
    Funktion : Scannen -- Datum : 04/28/2013 23:36:35
    | ARK || FAK || MBR |
    
    ¤¤¤ Böswillige Prozesse : 0 ¤¤¤
    
    ¤¤¤ Registry-Einträge : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN
    
    ¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤
    
    ¤¤¤ Treiber : [GELADEN] ¤¤¤
    
    ¤¤¤ Hosts-Datei: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    
    127.0.0.1       localhost
    ::1             localhost
    
    
    ¤¤¤ MBR überprüfen: ¤¤¤
    
    +++++ PhysicalDrive0: WDC WD2500BEVS-60UST0 ATA Device +++++
    --- User ---
    [MBR] bb7e238377b070eb5d29ba3223c52f54
    [BSP] 6523c35ed546a3ba361c594e27d84a72 : MBR Code unknown
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 229228 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 469460992 | Size: 9243 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    
    +++++ PhysicalDrive1: WDC WD2500BEVS-60UST0 ATA Device +++++
    --- User ---
    [MBR] 1d7434c7534f535be11027b99ec0efed
    [BSP] 91dc250ff50b1a08e386e76801a1eb87 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    
    Abgeschlossen : << RKreport[1]_S_04282013_02d2336.txt >>
    RKreport[1]_S_04282013_02d2336.txt
    
    
    OLT

    HTML-Code:
    Files\Folders moved on Reboot...
    C:\Windows\Temp\Temporary Internet Files\Content.IE5\PZ9SAT7P folder moved successfully.
    C:\Windows\Temp\Temporary Internet Files\Content.IE5\N0SFOWHY folder moved successfully.
    C:\Windows\Temp\Temporary Internet Files\Content.IE5\8K0M785V folder moved successfully.
    C:\Windows\Temp\Temporary Internet Files\Content.IE5\75H3GEKF folder moved successfully.
    C:\Windows\Temp\Temporary Internet Files\Content.IE5 folder moved successfully.
    C:\Windows\Temp\Temporary Internet Files folder moved successfully.
    C:\Windows\Temp\History\History.IE5 folder moved successfully.
    C:\Windows\Temp\History folder moved successfully.
    C:\Windows\Temp\Cookies folder moved successfully.
    C:\Windows\Temp folder moved successfully.
    C:\Users\Julia\AppData\Local\Temp\ehmsas.txt moved successfully.
    
    PendingFileRenameOperations files...
    
    Registry entries deleted on Reboot...
    Leider ist OTL das Programm kurz vorm Ende abgebrochen und wurde beendet.

  4. #4
    Gesperrt
    Registriert seit
    11.03.2012
    Beiträge
    10.169
    Hallo Mato,

    Leider ist OTL das Programm kurz vorm Ende abgebrochen und wurde beendet.
    Dann lasse den gleichen Fix erneut laufen.

    Danach weiter mit:

    1.) Packe den Ordner C:\_OTL\MovedFiles als Zip- oder Rar-Archiv.

    Anleitung mit Bildern ist hier.

    2.) Lade das Archiv bei einem Filehoster hoch (z.B. www.zippyshare.com)

    3.) Schicke mir den Link als private Nachricht.

    4.) Welcher Browser wird benutzt?

    5.) ESET Online Scanner
    • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
    • Lade und starte Eset Smartinstaller
      Vista/Win7-User: Bitte das Programm unbedingt als Administrator starten.
    • Haken setzen bei YES, I accept the Terms of Use.
    • Klick auf Start.
    • Haken setzen bei Remove found threads und Scan archives.
    • Klick auf Start.
    • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
    • Finish drücken.
    • Windows Explorer öffnen.
    • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
      Auf 64bit Rechnern ist der Pfad C:\Programme (x86)\Eset
    • Logfile hier posten.
    • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.


    ciao, andreas

  5. #5
    Einsteiger
    Registriert seit
    27.04.2013
    Beiträge
    9
    OK hab neu gefixt und alles ging glatt

    Code:
    All processes killed
    ========== OTL ==========
    Unable to delete ADS C:\Users\All Users\TEMP:B902F888 .
    Unable to delete ADS C:\Users\All Users\TEMP:AC0528D9 .
    Unable to delete ADS C:\ProgramData\TEMP:B902F888 .
    Unable to delete ADS C:\ProgramData\TEMP:AC0528D9 .
    Unable to delete ADS C:\Users\All Users\TEMP:93B0BB6F .
    Unable to delete ADS C:\ProgramData\TEMP:93B0BB6F .
    Unable to delete ADS C:\Users\All Users\TEMP:D354012D .
    Unable to delete ADS C:\ProgramData\TEMP:D354012D .
    Unable to delete ADS C:\Users\All Users\TEMP:D1B5B4F1 .
    Unable to delete ADS C:\ProgramData\TEMP:D1B5B4F1 .
    Unable to delete ADS C:\Users\All Users\TEMP:D4D38596 .
    Unable to delete ADS C:\ProgramData\TEMP:D4D38596 .
    File C:\Windows\System32\sasnative32.exe not found.
    File C:\Windows\tasks\RMSchedule.job not found.
    File C:\Windows\3104341.exe not found.
    File C:\Windows\3104341.dat not found.
    File C:\Windows\tasks\RMAutoUpdate.job not found.
    File C:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found.
    File C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found.
    File C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2125760910-1227203439-2855933728-1001UA.job not found.
    File C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2125760910-1227203439-2855933728-1001Core.job not found.
    C:\Windows\System32\drivers\etc\hosts.ics moved successfully.
    Folder C:\ProgramData\Systweak\ not found.
    File C:\Windows\System32\roboot.exe not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SSDMonitor not found.
    File C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exxe not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SysTrayApp not found.
    File C:\Program Files\IDT\WDM\sttray.exxe not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent not found.
    File C:\Program Files\Winamp\winampa.exxe not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Defender not found.
    File C:\Program Files\Windows Defender\MSASCui.exxe not found.
    Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter not found.
    File C:\Windows\System32\oobefldr.dlxl not found.
    Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter not found.
    File C:\Windows\System32\oobefldr.dlxl not found.
    Registry value HKEY_USERS\S-1-5-21-2125760910-1227203439-2855933728-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ChomikBox not found.
    Registry value HKEY_USERS\S-1-5-21-2125760910-1227203439-2855933728-1001\Software\Microsoft\Windows\CurrentVersion\Run\\IPLA! not found.
    File C:\Program Files\ipla\ipla.exxe not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
    File C:\autoexec.bat not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e8c5b38-cfe6-11e0-a359-001e101fb4df}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e8c5b38-cfe6-11e0-a359-001e101fb4df}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e8c5b38-cfe6-11e0-a359-001e101fb4df}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e8c5b38-cfe6-11e0-a359-001e101fb4df}\ not found.
    File G:\AutoRun.exex not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a1b0b25-e4f8-11df-b2bd-001eecb87f09}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a1b0b25-e4f8-11df-b2bd-001eecb87f09}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a1b0b25-e4f8-11df-b2bd-001eecb87f09}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a1b0b25-e4f8-11df-b2bd-001eecb87f09}\ not found.
    File G:\AutoRun.exex not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{656dd48c-e4fc-11df-bfac-001e101f63cf}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{656dd48c-e4fc-11df-bfac-001e101f63cf}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{656dd48c-e4fc-11df-bfac-001e101f63cf}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{656dd48c-e4fc-11df-bfac-001e101f63cf}\ not found.
    File G:\AutoRun.exex not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7145a3bc-eb61-11df-9ba8-001e101f34ad}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7145a3bc-eb61-11df-9ba8-001e101f34ad}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7145a3bc-eb61-11df-9ba8-001e101f34ad}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7145a3bc-eb61-11df-9ba8-001e101f34ad}\ not found.
    File G:\AutoRun.exex not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aae1f521-dfbb-11e0-81c7-001eecb87f09}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aae1f521-dfbb-11e0-81c7-001eecb87f09}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aae1f521-dfbb-11e0-81c7-001eecb87f09}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aae1f521-dfbb-11e0-81c7-001eecb87f09}\ not found.
    File G:\QsSetup.exex not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab089f7d-3421-11e0-b151-001e101f1f81}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab089f7d-3421-11e0-b151-001e101f1f81}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab089f7d-3421-11e0-b151-001e101f1f81}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab089f7d-3421-11e0-b151-001e101f1f81}\ not found.
    File G:\AutoRun.exex not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac14f6f9-2a49-11e0-a217-001e101f82a0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac14f6f9-2a49-11e0-a217-001e101f82a0}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac14f6f9-2a49-11e0-a217-001e101f82a0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac14f6f9-2a49-11e0-a217-001e101f82a0}\ not found.
    File I:\NPSAI.exex not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf077f2c-6b72-11e1-9784-d1d66262c354}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf077f2c-6b72-11e1-9784-d1d66262c354}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf077f2c-6b72-11e1-9784-d1d66262c354}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf077f2c-6b72-11e1-9784-d1d66262c354}\ not found.
    File G:\autorun.exex not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
    File G:\QsSetup.exex not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2125760910-1227203439-2855933728-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2125760910-1227203439-2855933728-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
    ========== FILES ==========
    C:\Windows\TEMP\Temporary Internet Files\Content.IE5\KL8WE3T7 folder moved successfully.
    C:\Windows\TEMP\Temporary Internet Files\Content.IE5\522Y8G90 folder moved successfully.
    C:\Windows\TEMP\Temporary Internet Files\Content.IE5\4EKTI0OA folder moved successfully.
    C:\Windows\TEMP\Temporary Internet Files\Content.IE5\143K1YRU folder moved successfully.
    C:\Windows\TEMP\Temporary Internet Files\Content.IE5 folder moved successfully.
    C:\Windows\TEMP\Temporary Internet Files folder moved successfully.
    C:\Windows\TEMP\History\History.IE5 folder moved successfully.
    C:\Windows\TEMP\History folder moved successfully.
    C:\Windows\TEMP\Cookies folder moved successfully.
    C:\Windows\TEMP folder moved successfully.
    File\Folder C:\ProgramData\TEMP not found.
    File\Folder C:\Users\Temp not found.
    File\Folder C:\Users\Julia\*.exe not found.
    File\Folder C:\Users\Julia\*.dll not found.
    File\Folder C:\Users\Julia\AppData\Local\Temp\*.exe not found.
    File\Folder C:\Users\Julia\AppData\Local\Temp\*.dll not found.
    File\Folder C:\Users\Julia\AppData\LocalLow\Sun\Java\Deployment\cache not found.
    File\Folder C:\Users\Default\*.exe not found.
    File\Folder C:\Users\Default\*.dll not found.
    File\Folder C:\Users\Default\AppData\Local\Temp\*.exe not found.
    File\Folder C:\Users\Default\AppData\Local\Temp\*.dll not found.
    File\Folder C:\Users\Default\AppData\LocalLow\Sun\Java\Deployment\cache not found.
    File\Folder C:\Users\pdog\*.exe not found.
    File\Folder C:\Users\pdog\*.dll not found.
    File\Folder C:\Users\pdog\AppData\Local\Temp\*.exe not found.
    File\Folder C:\Users\pdog\AppData\Local\Temp\*.dll not found.
    File\Folder C:\Users\pdog\AppData\LocalLow\Sun\Java\Deployment\cache not found.
    ========== COMMANDS ==========
     
    [EMPTYTEMP]
     
    User: All Users
     
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
     
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
     
    User: Julia
    ->Temp folder emptied: 1843162 bytes
    ->Temporary Internet Files folder emptied: 68246 bytes
    ->FireFox cache emptied: 3438671 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
     
    User: pdog
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 771794306 bytes
    ->FireFox cache emptied: 82019758 bytes
    ->Google Chrome cache emptied: 124444642 bytes
     
    User: Public
     
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    RecycleBin emptied: 816128 bytes
     
    Total Files Cleaned = 939,00 mb
     
     
    OTL by OldTimer - Version 3.2.69.0 log created on 04292013_002603
    
    Files\Folders moved on Reboot...
    C:\Users\Julia\AppData\Local\Temp\ehmsas.txt moved successfully.
    
    PendingFileRenameOperations files...
    
    Registry entries deleted on Reboot...
    Browser sind Mozilla FF und Google Chrome

    PN ist unterwegs und Eset hatte ich die Tage gemacht hat keine Funde geliefert, ich mache morgen aber einen zweiten Scan.
    Geändert von john.doe (29.04.2013 um 06:09 Uhr) Grund: Code-Tags...

  6. #6
    Einsteiger
    Registriert seit
    27.04.2013
    Beiträge
    9
    OK Eset Online Scan hat auch nichts gefunden.

  7. #7
    Gesperrt
    Registriert seit
    11.03.2012
    Beiträge
    10.169
    Hallo Mato,

    ich brauche deine Softwareliste, also Extras.txt von OTL.

    Systemscan mit OTL

    Erstelle bitte OTL-Logfiles nach dieser Anleitung. Bitte in alle Kategorien "Benutze Safelist" anhaken und oben "Scanne alle Benutzer".



    Fuege die beiden Logfiles OTL.txt und Extras.txt als Anhang ein, indem Du unterhalb des Textfeldes auf Erweitert klickst und die Logdateien einzeln ueber Anhaenge verwalten hochlaedst.

    ciao, andreas

  8. #8
    Einsteiger
    Registriert seit
    27.04.2013
    Beiträge
    9
    Anbei die Dokumente
    Angehängte Dateien Angehängte Dateien

  9. #9
    Gesperrt
    Registriert seit
    11.03.2012
    Beiträge
    10.169
    Hallo Mato,

    1.) Deinstallation ueber Kommandozeile

    Anleitung mit Bildern ist hier zu finden.

    [Windows]r => cmd (eintippeln) => [Strg][Umschalt][Enter]

    Jetzt Zeile fuer Zeile folgendes Eintippeln oder jeweils Markieren, Kopieren und mit Mausklick rechts ins schwarze Fenster => Einfuegen und jeweils Enter druecken:

    Code:
    MsiExec.exe /X "{13F3917B56CD4C25848BDC69916971BB}"
    MsiExec.exe /X "{3FC7CBBC4C1E11DCA1A752EA55D89593}"
    MsiExec.exe /X "{582287DA-0806-4AC0-BF19-C15E3A466034}"
    MsiExec.exe /X "{B13A7C41581B411290FBC0395694E2A9}"
    MsiExec.exe /X "00212D92-C5D8-4ff4-AE50-20F0F85C40A_Systweak_Ad~B9F029BF_is1"
    exit
    Fehlermeldungen ignorieren und weiter mit der naechsten Zeile.

    2.) Deinstalliere:
    • Adobe Shockwave Player
    • Spelling Dictionaries Support For Adobe Reader 8
    • Adobe Reader 8.1.3 - Deutsch
    • Adobe Flash Player 11 ActiveX
    • Adobe Shockwave Player 11.6

    Falls nicht gebraucht, dann noch:
    • CyberLink DVD Suite
    • Microsoft Works
    • HP Customer Experience Enhancements
    • Windows Live Essentials
    • Windows Live Family Safety
    • Farm Frenzy 3: Ice Age
    • DivX-Setup
    • UseNeXT
    • HP Games


    3.) Installiere (falls erwuenscht):
    Toolbars und zus. Programme abwaehlen, immer alle Haken weg!


    4.) Lade dir Secunia PSI und nutze es, um alle deine Programme auf den aktuellen Stand zu bringen.

    5.) Adware suchen mit AdwCleaner von Xplode

    • Lade Dir bitte AdwCleaner auf deinen Desktop herunter.
      .

      .
    • Starte die adwcleaner.exe mit einem Doppelklick.
    • Klicke auf Suche.
    • Nach Ende des Suchlaufs oeffnet sich eine Textdatei.
    • Poste mir den Inhalt mit deiner naechsten Antwort.
    • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.


    ciao, andreas

  10. #10
    Einsteiger
    Registriert seit
    27.04.2013
    Beiträge
    9
    Hallo Andreas,

    hier die Logdatei

    Code:
    # AdwCleaner v2.300 - Datei am 29/04/2013 um 23:44:28 erstellt
    # Aktualisiert am 28/04/2013 von Xplode
    # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Benutzer : Julia - PDOG-PC
    # Bootmodus : Normal
    # Ausgeführt unter : C:\Users\Julia\Downloads\adwcleaner.exe
    # Option [Löschen]
    
    
    **** [Dienste] ****
    
    
    ***** [Dateien / Ordner] *****
    
    
    ***** [Registrierungsdatenbank] *****
    
    Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
    Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
    
    ***** [Internet Browser] *****
    
    -\\ Internet Explorer v9.0.8112.16476
    
    [OK] Die Registrierungsdatenbank ist sauber.
    
    -\\ Mozilla Firefox v17.0.5 (de)
    
    Datei : C:\Users\pdog\AppData\Roaming\Mozilla\Firefox\Profiles\azrc449k.default\prefs.js
    
    [OK] Die Datei ist sauber.
    
    Datei : C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\ffu4mhcv.default\prefs.js
    
    [OK] Die Datei ist sauber.
    
    -\\ Google Chrome v26.0.1410.64
    
    Datei : C:\Users\pdog\AppData\Local\Google\Chrome\User Data\Default\Preferences
    
    [OK] Die Datei ist sauber.
    
    Datei : C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Preferences
    
    Gelöscht [l.27] : icon_url = "hxxp://websearch.helpmefindyour.info/favicon.ico",
    Gelöscht [l.30] : keyword = "websearch",
    Gelöscht [l.34] : search_url = "hxxp://websearch.helpmefindyour.info/?l=1&q={searchTerms}&pid=658&r=2013/04/1[...]
    Gelöscht [l.35] : suggest_url = "hxxp://websearch.helpmefindyour.info/?l=1&q={searchTerms}&pid=658&r=2013/04/[...]
    Gelöscht [l.2408] : homepage = "hxxp://websearch.helpmefindyour.info/?pid=658&r=2013/04/11&hid=487201673&lg=EN&cc=D[...]
    Gelöscht [l.2918] : urls_to_restore_on_startup = [ "hxxp://websearch.helpmefindyour.info/?pid=658&r=2013/04/11&[...]
    
    -\\ Opera v [Version kann nicht ermittelt werden]
    
    Datei : C:\Users\Julia\AppData\Roaming\Opera\Opera\operaprefs.ini
    
    [OK] Die Datei ist sauber.
    
    *************************
    
    AdwCleaner[R1].txt - [16564 octets] - [27/04/2013 02:48:08]
    AdwCleaner[R2].txt - [16625 octets] - [27/04/2013 03:42:52]
    AdwCleaner[R3].txt - [2224 octets] - [27/04/2013 04:37:49]
    AdwCleaner[R4].txt - [2346 octets] - [27/04/2013 19:47:30]
    AdwCleaner[R5].txt - [2740 octets] - [29/04/2013 23:44:08]
    AdwCleaner[S1].txt - [16582 octets] - [27/04/2013 03:46:02]
    AdwCleaner[S2].txt - [2224 octets] - [27/04/2013 04:38:11]
    AdwCleaner[S3].txt - [2339 octets] - [27/04/2013 19:50:59]
    AdwCleaner[S4].txt - [2604 octets] - [29/04/2013 23:44:28]
    
    ########## EOF - C:\AdwCleaner[S4].txt - [2664 octets] ##########

Ähnliche Themen

  1. Antworten: 45
    Letzter Beitrag: 31.07.2013, 20:55
  2. Testdisk - diverse Bausteine
    Von Petra im Forum Anleitungen & FAQs
    Antworten: 2
    Letzter Beitrag: 23.04.2013, 11:44
  3. Schadware im Stile des BKA Trojaners
    Von taeckel im Forum Neuinstallation / Wiederherstellung
    Antworten: 52
    Letzter Beitrag: 11.04.2012, 01:03
  4. Bka 1.10 Diverse Fragen nach Erkennung
    Von Kartoffelsalat im Forum Gelöst / Rechner bereinigt
    Antworten: 13
    Letzter Beitrag: 04.04.2012, 22:25

Lesezeichen

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •  
G Data
forum.botfrei.de wird überprüft von der Initiative-S