Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: bizcoahing

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.07.2013, 19:53   #1
milkit54
 
bizcoahing - Standard

bizcoahing



wir kann ich biz coaCHING VON MEINEM RECHNER bekommen?

Alt 01.07.2013, 20:54   #2
aharonov
/// TB-Ausbilder
 
bizcoahing - Standard

bizcoahing



Ich hab keine Ahnung, was das sein soll...
Wenn du deinen Rechner nach Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die entsprechenden Logfiles hier.
__________________

__________________

Alt 02.07.2013, 16:38   #3
milkit54
 
bizcoahing - Standard

bizcoahing



Hallo,
sorry ich habe wirklich keine Ahnung hatte den 2ten thread (was ist das eigentlich?) wohl irrtümlich gestartet, da ich den ersten nicht mehr gefunden habe.
Mein Drucker ist leider auch defekt faher kann ich nur mit mehreren Tabs oder Fenstern arbeiten wenn ich deinem link folge geht das in Ordnung oder gibt es eine bessere Lösungsmöglichkeit?
danke für den ersten Hinweis und Gruß Michael
__________________

Alt 02.07.2013, 17:05   #4
aharonov
/// TB-Ausbilder
 
bizcoahing - Standard

bizcoahing



Hallo Michael,

ich schreib dir die Anleitung am besten grad hier rein:


Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
  • Doppelklick auf die OTL.exe.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Setze den Haken bei Scan all Users.
  • Klicke nun auf Run Scan.
  • Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
  • Poste den Inhalt dieser Logfiles hier in den Thread.
__________________
cheers,
Leo

Alt 02.07.2013, 17:28   #5
milkit54
 
bizcoahing - Standard

bizcoahing



Hallo hier ist mein erstes Ergebnis von Schritt2OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.07.2013 18:11:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Micha\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,75% Memory free
4,22 Gb Paging File | 2,85 Gb Available in Paging File | 67,60% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 85,99 Gb Free Space | 57,69% Space Free | Partition Type: NTFS
Drive D: | 15,54 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MICHA-PC | User Name: Micha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.02 18:05:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe
PRC - [2013.07.01 23:35:14 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.07.01 23:01:00 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2013.07.01 22:49:08 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.07.01 22:48:37 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.03.24 10:00:06 | 000,592,344 | ---- | M] () -- C:\ProgramData\IBUpdaterService\ibsvc.exe
PRC - [2013.03.10 23:38:48 | 001,644,680 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.10.30 12:56:40 | 000,197,152 | ---- | M] (PC Utilities Pro) -- C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
PRC - [2012.10.04 17:34:36 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2012.08.13 12:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 12:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011.02.23 23:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2010.09.13 15:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2006.01.13 23:22:19 | 000,249,856 | ---- | M] (Nero AG / Nero Inc.) -- C:\Program Files (x86)\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2008.01.19 01:00:54 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.07.01 23:35:14 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.07.01 23:01:00 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013.07.01 22:49:08 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.06.27 17:12:28 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.12 18:08:24 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.07 16:19:12 | 001,025,408 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2013.03.24 10:00:06 | 000,592,344 | ---- | M] () [Auto | Running] -- C:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
SRV - [2012.09.05 17:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.17 23:08:54 | 000,107,256 | ---- | M] (AuthenTec, Inc) [Auto | Running] -- C:\Programme\TrueSuite\TrueSuite.Service.exe -- (FPLService)
SRV - [2009.09.15 05:32:14 | 002,697,464 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Programme\Fingerprint Sensor\ATService.exe -- (ATService)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.06 16:13:37 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.26 16:56:51 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.02.26 16:56:50 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.06.22 12:01:32 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\EsgScanner.sys -- (EsgScanner)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.12.08 21:19:34 | 000,135,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.12.07 20:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.10.12 16:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.07.07 09:34:26 | 000,734,720 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009.02.09 18:25:10 | 000,022,568 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2009.02.09 18:25:10 | 000,016,936 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2009.02.09 18:25:04 | 000,333,864 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Si3531.sys -- (Si3531)
DRV:64bit: - [2008.02.11 20:48:28 | 007,709,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008.01.05 04:22:50 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
DRV:64bit: - [2006.11.30 16:17:56 | 000,033,048 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\x10ufx2.sys -- (XUIF)
DRV:64bit: - [2006.10.03 04:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2006.09.18 23:38:10 | 001,074,688 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV - [2011.03.02 18:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^Y6^xdm043^YY^de&ptb=1F11A9F5-A6B2-48DE-9C57-80073E2A2911&si=swissconverter
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {012A1949-82A6-4C34-9F50-85A7CF7EC628}
IE - HKCU\..\SearchScopes\{012A1949-82A6-4C34-9F50-85A7CF7EC628}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=428
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=120519&babsrc=SP_ss&mntrId=0aea01ae000000000000001e101fb4df
IE - HKCU\..\SearchScopes\{BAEC4A6B-468F-4BB6-A6EC-7C422FB6925E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=2b583220-87d0-434e-be3a-1b45e3bfbbd1&apn_sauid=F47D1B36-23FB-4BB3-80D3-CADC553F0DAD
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.n-tv.de/"
FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.6.1
FF - prefs.js..extensions.enabledAddons: blyrics%40be-lyrics.net:1.116
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.n-tv.de/"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\blyrics@be-lyrics.net: C:\Program Files (x86)\bLyrics\116.xpi [2013.06.29 16:41:01 | 000,004,606 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.12.10 18:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Extensions
[2013.04.14 23:09:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\zakxkdnl.default\extensions
[2013.04.28 20:40:00 | 000,000,000 | ---D | M] (@@toolbarname@@) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\zakxkdnl.default\extensions\toolbar@ask.com
[2013.06.18 16:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\zyozo4z0.default-1357032961107\extensions
[2013.06.18 16:58:44 | 000,561,109 | ---- | M] () (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\zyozo4z0.default-1357032961107\extensions\toolbar@gmx.net.xpi
[2013.03.05 14:20:23 | 000,195,205 | ---- | M] () (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\zyozo4z0.default-1357032961107\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013.03.05 14:55:25 | 000,001,294 | ---- | M] () -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\zyozo4z0.default-1357032961107\searchplugins\delta.xml
[2013.03.05 13:04:19 | 000,009,619 | ---- | M] () -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\zyozo4z0.default-1357032961107\searchplugins\my-web-search.xml
[2013.03.05 14:20:33 | 000,003,993 | ---- | M] () -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\zyozo4z0.default-1357032961107\searchplugins\sweetim.xml
[2013.06.27 17:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.06.27 17:12:18 | 000,000,000 | ---D | M] (TrueSuite Website Log On) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com
[2013.06.27 17:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.06.27 17:12:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.06.27 17:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2013.06.27 17:12:16 | 000,000,000 | ---D | M] (GMX MailCheck) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
[2013.06.29 16:41:01 | 000,004,606 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\BLYRICS\116.XPI
[2013.03.05 14:54:47 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (B Lyrics) - {4CE9C24E-7AFE-4486-A923-138D2C3F0B1E} - C:\Program Files (x86)\bLyrics\116.dll (Be-Lyrics)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
O3 - HKLM\..\Toolbar: (TrueSuite Web Log On) - {A28EC2CC-FD38-40d9-9E75-657D1E0B4686} - C:\Programme\TrueSuite\TrueSuite.IEToolBar.dll (AuthenTec Inc.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [ClientAppLogon] C:\Programme\TrueSuite\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SystemTray] C:\Programme\TrueSuite\TrueSuite.SysTray.exe (AuthenTec, Inc)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Users\Micha\AppData\Local\Temp\E_SAFAF.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [EPSON Stylus DX4400 Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Users\Micha\AppData\Local\Temp\E_SE18E.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Nero PhotoShow Media Manager] C:\Program Files (x86)\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe (Nero AG / Nero Inc.)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKCU..\Run: [Video Performer63862.exe] "C:\Users\Micha\AppData\Local\Temp\Video Performer63862.exe" /XML="C:\Users\Micha\AppData\Local\Temp\F7A2.tmp" /ROS /STP=1:2 File not found
O4 - Startup: C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23720F7B-3626-4A2A-8965-BA8C0BBEE03A}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D4A8F71-CDDF-4F84-AD66-C9E4AEA99B84}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFDAF5FC-DAC4-4ADB-ABBF-F050BD828A7D}: DhcpNameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFBEEDF4-BF56-47FD-8355-A1F9A36A7C3A}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDEAA796-34F8-49A7-88B3-1D468AD1BE13}: DhcpNameServer = 193.189.244.225 193.189.244.206
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.07.01 23:40:32 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.03.11 02:26:10 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3752f1b3-b73b-11e2-8d3e-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{3752f1b3-b73b-11e2-8d3e-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{4299f0fb-58bd-11e2-9f45-001e101f7fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{4299f0fb-58bd-11e2-9f45-001e101f7fb6}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{44f12c07-492d-11e2-a18a-001e101f2c0e}\Shell - "" = AutoRun
O33 - MountPoints2\{44f12c07-492d-11e2-a18a-001e101f2c0e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{459f8e08-4080-11e2-8759-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{459f8e08-4080-11e2-8759-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{459f8e13-4080-11e2-8759-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{459f8e13-4080-11e2-8759-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{470cc676-49d1-11e2-b6af-0016d3868ca9}\Shell - "" = AutoRun
O33 - MountPoints2\{470cc676-49d1-11e2-b6af-0016d3868ca9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{757efc16-5a7d-11e2-8402-001e101f4da1}\Shell - "" = AutoRun
O33 - MountPoints2\{757efc16-5a7d-11e2-8402-001e101f4da1}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a5c0eca6-4224-11e2-a877-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{a5c0eca6-4224-11e2-a877-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d0ef7d2a-4b65-11e2-a530-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{d0ef7d2a-4b65-11e2-a530-001b77ac59a8}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d0ef7d65-4b65-11e2-a530-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{d0ef7d65-4b65-11e2-a530-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{fbe9b0eb-576d-11e2-b3b3-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{fbe9b0eb-576d-11e2-b3b3-001e101f8aaa}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.02 18:04:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe
[2013.07.01 23:39:28 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.07.01 23:39:27 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.07.01 23:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.07.01 23:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.06.29 16:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bLyrics
[2013.06.27 17:12:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.02 18:07:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.02 18:06:18 | 000,698,996 | ---- | M] () -- C:\Users\Micha\Desktop\troja1.pdf
[2013.07.02 18:05:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe
[2013.07.02 18:02:45 | 000,000,000 | ---- | M] () -- C:\Users\Micha\defogger_reenable
[2013.07.02 17:56:31 | 000,050,477 | ---- | M] () -- C:\Users\Micha\Desktop\Defogger.exe
[2013.07.02 16:51:12 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\B Lyrics Update.job
[2013.07.02 16:49:22 | 000,001,386 | ---- | M] () -- C:\Users\Micha\Desktop\Registry kostenlos entrümpeln!.lnk
[2013.07.02 16:45:30 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.02 16:45:29 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.02 16:44:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.02 16:44:17 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.01 23:40:32 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.07.01 23:39:29 | 000,002,089 | ---- | M] () -- C:\Users\Micha\Desktop\SpyHunter.lnk
[2013.07.01 21:00:45 | 000,711,605 | ---- | M] () -- C:\Users\Micha\Desktop\Entfernen Spyware.pdf
[2013.07.01 15:02:27 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2013.06.29 13:25:38 | 000,084,668 | ---- | M] () -- C:\Users\Micha\Desktop\KF Roco.pdf
[2013.06.26 08:22:45 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2013.06.24 19:19:13 | 000,565,152 | ---- | M] () -- C:\Users\Micha\Desktop\Kleintier Ossweil.pdf
[2013.06.16 23:23:12 | 000,015,720 | ---- | M] () -- C:\Users\Micha\Documents\Berechnung Jan 2013.ods
[2013.06.16 03:07:26 | 001,468,532 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.16 03:07:26 | 000,628,744 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.16 03:07:26 | 000,595,998 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.16 03:07:26 | 000,126,262 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.16 03:07:26 | 000,104,072 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.14 05:52:02 | 000,050,176 | ---- | M] () -- C:\Users\Micha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.06.11 17:28:00 | 000,083,537 | ---- | M] () -- C:\Users\Micha\Desktop\KF Förder.pdf
[2013.06.07 08:35:30 | 301,136,108 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.06.06 15:50:34 | 000,115,579 | ---- | M] () -- C:\Users\Micha\Desktop\Mein eBay  Nachricht einstellung.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.02 18:06:14 | 000,698,996 | ---- | C] () -- C:\Users\Micha\Desktop\troja1.pdf
[2013.07.02 18:02:45 | 000,000,000 | ---- | C] () -- C:\Users\Micha\defogger_reenable
[2013.07.02 17:56:12 | 000,050,477 | ---- | C] () -- C:\Users\Micha\Desktop\Defogger.exe
[2013.07.01 23:40:32 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.07.01 23:39:37 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys
[2013.07.01 23:39:29 | 000,002,089 | ---- | C] () -- C:\Users\Micha\Desktop\SpyHunter.lnk
[2013.07.01 21:00:41 | 000,711,605 | ---- | C] () -- C:\Users\Micha\Desktop\Entfernen Spyware.pdf
[2013.06.29 16:41:01 | 000,000,368 | ---- | C] () -- C:\Windows\tasks\B Lyrics Update.job
[2013.06.29 13:25:35 | 000,084,668 | ---- | C] () -- C:\Users\Micha\Desktop\KF Roco.pdf
[2013.06.24 19:19:09 | 000,565,152 | ---- | C] () -- C:\Users\Micha\Desktop\Kleintier Ossweil.pdf
[2013.06.11 17:27:56 | 000,083,537 | ---- | C] () -- C:\Users\Micha\Desktop\KF Förder.pdf
[2013.06.07 08:49:19 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2013.06.06 15:50:32 | 000,115,579 | ---- | C] () -- C:\Users\Micha\Desktop\Mein eBay  Nachricht einstellung.pdf
[2013.05.11 10:18:30 | 000,118,692 | ---- | C] () -- C:\Users\Micha\- Kurzfassung Persönliche Wendezeit 2013,.pdf
[2013.03.09 07:40:43 | 000,002,138 | ---- | C] () -- C:\Users\Micha\AppData\Local\recently-used.xbel
[2012.12.25 19:04:20 | 000,023,888 | ---- | C] () -- C:\Users\Micha\AppData\Roaming\UserTile.png
[2012.12.21 07:17:59 | 000,050,176 | ---- | C] () -- C:\Users\Micha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.19 06:42:54 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.12.19 06:42:13 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.12.19 06:41:35 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.12.16 09:00:55 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2012.12.07 15:46:48 | 000,000,732 | ---- | C] () -- C:\Users\Micha\AppData\Local\d3d9caps64.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.19 01:04:28 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.05 14:54:39 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Babylon
[2013.03.28 18:46:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\File Scout
[2013.03.01 05:27:54 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\FreePDF
[2013.03.28 18:46:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\IrfanView
[2012.12.29 10:04:47 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\OpenOffice.org
[2013.03.05 14:55:33 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Optimizer Pro
[2012.12.25 19:04:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\PeerNetworking
[2013.03.28 18:46:21 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\PhotoScape
[2013.03.05 14:48:28 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Simple Star
[2012.12.17 08:45:51 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Systweak
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >
         
--- --- ---


Sorry hier ist die 2te Textdatei danke für die Unterstützung leider bin ich nicht fit und mein Rechner auch nicht.OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 02.07.2013 18:11:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Micha\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,75% Memory free
4,22 Gb Paging File | 2,85 Gb Available in Paging File | 67,60% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 85,99 Gb Free Space | 57,69% Space Free | Partition Type: NTFS
Drive D: | 15,54 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MICHA-PC | User Name: Micha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = B8 40 4E 40 9E 6A C8 01  [binary data]
"VistaSp2" = C4 4D 4F 0D 13 DE CD 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DF6E4D0-8BE0-4F88-AE03-BE9502B9F007}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3D2B4C31-8647-4135-8A6E-370D9D607FF0}" = rport=137 | protocol=17 | dir=out | app=system | 
"{567B128C-F62D-4D0B-AE8D-AF99516DCE66}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7CD2C799-B945-4B61-8BEE-7CCF6A1C5034}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7D96FFAA-5B11-406C-AE84-07FAD99B4C1E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{88035A89-40C0-4C55-A79D-D5A36171A33D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9B931AE8-C93C-4EB1-94C4-638E99EE13BD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BE599DD2-DD95-4B2D-9CF6-C8DC54999F7A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D7D0CAAF-48DF-42C8-A67E-D1C661E12822}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E75BB3F0-3F0A-4D6B-844F-21BEB819B9A4}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{865AD8F1-2E9F-4727-BA42-FCBCCB167CE6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C24512DC-DAAF-4A7F-B894-BEE81D615C91}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C379B6CB-9C50-4A1D-A30C-8ADB81550F54}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C60B8943-C5AF-45F0-9A8A-E688246EF330}" = dir=out | app=c:\users\micha\downloads\videoperformersetup.exe | 
"{F4CE2EA2-630D-4943-9980-2C17CAE7B0C3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F5D147DA-98E2-456B-8AC4-05D8EB1259A9}" = dir=in | app=c:\users\micha\downloads\videoperformersetup.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{A3EE0691-195A-4863-BDCB-0E51A0BE47B1}" = AuthenTec TrueSuite
"{BCD55450-77AC-4347-B24F-654B1189F8D4}" = SpyHunter
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"GIMP-2_is1" = GIMP 2.8.4
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{EEE6C374-6118-11DC-9C72-001320C79847}" = SweetPacks Toolbar For Firefox 1.11.0.2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced File Optimizer_is1" = Advanced File Optimizer
"Avira AntiVir Desktop" = Avira Free Antivirus
"bi_uninstaller" = Bundled software uninstaller
"blyrics@be-lyrics.net" = B Lyrics
"DomaIQ Uninstaller" = DomaIQ
"EPSON Scanner" = EPSON Scan
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.04" = GPL Ghostscript
"IrfanView" = IrfanView (remove only)
"McAfee Security Scan" = McAfee Security Scan Plus
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero PhotoShow Express 4" = Nero PhotoShow Express 4
"Optimizer Pro_is1" = Optimizer Pro v3.0
"PhotoScape" = PhotoScape
"PricePeep" = PricePeep
"RegClean Pro_is1" = RegClean Pro
"Sweepi_is1" = Sweepi 5.4.00
"SweetIM Bundle by SweetPacks" = SweetIM Bundle by SweetPacks
"Updater Service" = Updater Service
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.05.2013 13:51:23 | Computer Name = Micha-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 30.05.2013 16:01:47 | Computer Name = Micha-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 21.0.0.4879, Zeitstempel
 0x518ec3cc, fehlerhaftes Modul xul.dll, Version 21.0.0.4879, Zeitstempel 0x518ec306,
 Ausnahmecode 0xc0000005, Fehleroffset 0x001c9789,  Prozess-ID 0xd80, Anwendungsstartzeit
 01ce5cfee12e1e72.
 
Error - 02.06.2013 15:32:21 | Computer Name = Micha-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 06.06.2013 13:23:34 | Computer Name = Micha-PC | Source = Application Hang | ID = 1002
Description = Programm Mobile Partner.exe, Version 1.0.0.1 arbeitet nicht mehr mit
 Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: ac0  Anfangszeit: 01ce62d810a9275a  Zeitpunkt
 der Beendigung: 16
 
Error - 06.06.2013 15:13:47 | Computer Name = Micha-PC | Source = Application Hang | ID = 1002
Description = Programm Sweepi.exe, Version 5.4.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1c4  Anfangszeit: 01ce62e26abaf84a  Zeitpunkt der Beendigung:
 0
 
Error - 06.06.2013 15:18:26 | Computer Name = Micha-PC | Source = Application Hang | ID = 1002
Description = Programm Sweepi.exe, Version 5.4.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 390  Anfangszeit: 01ce62ea01900182  Zeitpunkt der Beendigung:
 15
 
Error - 06.06.2013 15:27:25 | Computer Name = Micha-PC | Source = Application Hang | ID = 1002
Description = Programm Sweepi.exe, Version 5.4.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 10fc  Anfangszeit: 01ce62eba7e386e3  Zeitpunkt der Beendigung:
 6
 
Error - 06.06.2013 15:28:00 | Computer Name = Micha-PC | Source = Application Hang | ID = 1002
Description = Programm RegCleanPro.exe, Version 6.21.65.2506 arbeitet nicht mehr
 mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 208  Anfangszeit: 01ce62eaf866d823  Zeitpunkt
 der Beendigung: 804
 
Error - 07.06.2013 02:38:16 | Computer Name = Micha-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 12.06.2013 00:48:12 | Computer Name = Micha-PC | Source = Application Hang | ID = 1002
Description = Programm RegCleanPro.exe, Version 6.21.65.2506 arbeitet nicht mehr
 mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: b4c  Anfangszeit: 01ce67276045f576  Zeitpunkt
 der Beendigung: 0
 
Error - 16.06.2013 11:01:48 | Computer Name = Micha-PC | Source = Application Hang | ID = 1002
Description = Programm Mobile Partner.exe, Version 1.0.0.1 arbeitet nicht mehr mit
 Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 12cc  Anfangszeit: 01ce6aa08f3e00c0  Zeitpunkt
 der Beendigung: 15
 
[ System Events ]
Error - 30.06.2013 01:23:55 | Computer Name = Micha-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 30.06.2013 09:20:52 | Computer Name = Micha-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.52.3.32 für die Netzwerkkarte mit der Netzwerkadresse
 001E101F7FB6 wurde durch den DHCP-Server 10.51.3.13 abgelehnt (der DHCP-Server 
hat eine DHCPNACK-Meldung gesendet).
 
Error - 30.06.2013 14:45:00 | Computer Name = Micha-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 01.07.2013 10:47:40 | Computer Name = Micha-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 01.07.2013 10:50:45 | Computer Name = Micha-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 01.07.2013 12:58:40 | Computer Name = Micha-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.50.196.193 für die Netzwerkkarte mit der Netzwerkadresse
 001E101F2B52 wurde durch den DHCP-Server 10.38.155.65 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 02.07.2013 01:35:48 | Computer Name = Micha-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 02.07.2013 01:36:11 | Computer Name = Micha-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 02.07.2013 01:46:44 | Computer Name = Micha-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.38.155.67 für die Netzwerkkarte mit der Netzwerkadresse
 001E101F4DA1 wurde durch den DHCP-Server 10.42.227.57 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 02.07.2013 10:45:57 | Computer Name = Micha-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---


Alt 02.07.2013, 17:39   #6
aharonov
/// TB-Ausbilder
 
bizcoahing - Standard

bizcoahing



Hallo Michael,

dann entrümpeln wir deinen Rechner ein wenig:


Schritt 1
  • Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
  • Suche und deinstalliere dort der Reihe nach folgende Einträge:
    • SpyHunter
    • Ask Toolbar
    • SweetIM for Messenger 3.7
    • SweetPacks Toolbar For Firefox 1.11.0.2
    • Advanced File Optimizer
    • B Lyrics
    • DomaIQ
    • Optimizer Pro v3.0
    • PricePeep
    • RegClean Pro
    • Sweepi 5.4.00
    • SweetIM Bundle by SweetPacks
  • Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.



Schritt 2

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 3

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Log von OTL
__________________
--> bizcoahing

Alt 03.07.2013, 20:35   #7
milkit54
 
bizcoahing - Standard

bizcoahing



Hallo Leo,
erst enmal vielen herzlichen Dank für die Hilfe bis hierher. Ich hoffe ich habe nicht allzuviel "mist" gebaut. beim Löschen habe ich in der Systemsteuerung nicht gefunden
1. * *Ask Toolbar*
2. * *SweetPacks Toolbar For Firefox 1.11.0.2*

nachstehend die
adwCleaner[S1].txtAdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.304 - Datei am 03/07/2013 um 20:42:53 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Ultimate Service Pack 2 (64 bits)
# Benutzer : Micha - MICHA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Micha\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : IBUpdaterService

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\zyozo4z0.default-1357032961107\searchplugins\delta.xml
Datei Gelöscht : C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\zyozo4z0.default-1357032961107\searchplugins\my-web-search.xml
Gelöscht mit Neustart : C:\Program Files (x86)\Advanced System Protector
Gelöscht mit Neustart : C:\Program Files (x86)\Ask.com
Gelöscht mit Neustart : C:\Program Files (x86)\Optimizer Pro
Gelöscht mit Neustart : C:\Program Files (x86)\SweetIM
Gelöscht mit Neustart : C:\Program Files (x86)\XingHaoLyrics
Gelöscht mit Neustart : C:\ProgramData\Babylon
Gelöscht mit Neustart : C:\ProgramData\IBUpdaterService
Gelöscht mit Neustart : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Gelöscht mit Neustart : C:\ProgramData\Tarma Installer
Gelöscht mit Neustart : C:\Users\Micha\AppData\Local\AskToolbar
Gelöscht mit Neustart : C:\Users\Micha\AppData\LocalLow\AskToolbar
Gelöscht mit Neustart : C:\Users\Micha\AppData\Roaming\Babylon
Gelöscht mit Neustart : C:\Users\Micha\AppData\Roaming\file scout
Gelöscht mit Neustart : C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\zakxkdnl.default\extensions\toolbar@ask.com
Gelöscht mit Neustart : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\bLyrics
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\lrcspal@xinghao.net
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4CE9C24E-7AFE-4486-A923-138D2C3F0B1E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4CE9C24E-7AFE-4486-A923-138D2C3F0B1E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\5b578b88b43dbd14
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5b578b88b43dbd14
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16490

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^Y6^xdm043^YY^de&ptb=1F11A9F5-A6B2-48DE-9C57-80073E2A2911&si=swissconverter --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\zyozo4z0.default-1357032961107\prefs.js

C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\zyozo4z0.default-1357032961107\user.js ... Gelöscht !

Gelöscht : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=120519&babsrc=HP_ss&mntr[...]
Gelöscht : user_pref("avg.install.userSPSettings", "Delta Search");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=120519&babsrc[...]
Gelöscht : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
Gelöscht : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Gelöscht : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jht[...]
Gelöscht : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
Gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]

*************************

AdwCleaner[S1].txt - [12213 octets] - [03/07/2013 20:42:53]

########## EOF - C:\AdwCleaner[S1].txt - [12274 octets] ##########
         
--- --- ---


und die OTL.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.07.2013 20:56:45 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Micha\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 37,56% Memory free
4,22 Gb Paging File | 2,64 Gb Available in Paging File | 62,65% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 89,84 Gb Free Space | 60,28% Space Free | Partition Type: NTFS
Drive D: | 15,54 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MICHA-PC | User Name: Micha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.02 18:05:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe
PRC - [2013.07.01 23:35:14 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.07.01 23:01:00 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2013.07.01 22:49:08 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.07.01 22:48:37 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.06.27 17:12:28 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.06.12 18:08:24 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013.05.10 09:57:24 | 001,465,920 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.08.13 12:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 12:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011.02.23 23:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2010.09.13 15:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.01.08 16:59:24 | 000,540,672 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
PRC - [2006.01.13 23:22:19 | 000,249,856 | ---- | M] (Nero AG / Nero Inc.) -- C:\Program Files (x86)\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.07.03 08:06:58 | 000,045,568 | ---- | M] () -- C:\Users\Micha\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_weblink.DEU
MOD - [2013.06.27 17:12:28 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.06.12 18:08:23 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013.05.23 07:50:16 | 000,014,336 | ---- | M] () -- C:\Users\Micha\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU
MOD - [2013.05.23 07:49:36 | 000,100,352 | ---- | M] () -- C:\Users\Micha\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_EScript.DEU
MOD - [2013.05.19 13:07:07 | 000,023,040 | ---- | M] () -- C:\Users\Micha\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_SendMail.DEU
MOD - [2013.05.19 13:07:03 | 002,685,440 | ---- | M] () -- C:\Users\Micha\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Annots.DEU
MOD - [2013.05.19 13:06:56 | 009,488,896 | ---- | M] () -- C:\Users\Micha\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu
MOD - [2013.05.10 09:57:36 | 000,056,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_DE\BRdlang32.DEU
MOD - [2013.05.10 09:57:24 | 000,305,728 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2012.08.10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.07.27 22:51:34 | 006,549,432 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\authplay.dll
MOD - [2010.03.04 12:27:44 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\LocaleMgrPlugin.dll
MOD - [2010.03.04 12:27:08 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\SMSPlugin.dll
MOD - [2010.03.04 12:26:24 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\NotifyServicePlugin.dll
MOD - [2010.03.04 12:24:40 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\ConfigFilePlugin.dll
MOD - [2010.03.04 12:23:36 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DeviceMgrPlugin.dll
MOD - [2010.03.04 12:21:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\NetInfoPlugin.dll
MOD - [2010.03.04 12:19:18 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DialUpPlugin.dll
MOD - [2010.03.04 12:18:20 | 000,245,760 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DeviceMgrUIPlugin.dll
MOD - [2010.03.04 12:00:52 | 000,991,232 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\NDISAPI.dll
MOD - [2010.01.15 15:53:34 | 000,598,016 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\atcomm.dll
MOD - [2010.01.15 15:53:34 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DetectDev.dll
MOD - [2010.01.15 15:53:34 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\FileManager.dll
MOD - [2010.01.15 15:53:34 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\XCodec.dll
MOD - [2010.01.15 15:53:34 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DeviceOperate.dll
MOD - [2010.01.15 15:53:34 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\isaputrace.dll
MOD - [2010.01.08 16:59:24 | 000,540,672 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2008.01.19 01:00:54 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.07.01 23:35:14 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.07.01 23:01:00 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013.07.01 22:49:08 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.06.27 17:12:28 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.12 18:08:24 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.09.05 17:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.17 23:08:54 | 000,107,256 | ---- | M] (AuthenTec, Inc) [Auto | Running] -- C:\Programme\TrueSuite\TrueSuite.Service.exe -- (FPLService)
SRV - [2009.09.15 05:32:14 | 002,697,464 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Programme\Fingerprint Sensor\ATService.exe -- (ATService)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013.03.06 16:13:37 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.26 16:56:51 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.02.26 16:56:50 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.12.08 21:19:34 | 000,135,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.12.07 20:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.10.12 16:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.07.07 09:34:26 | 000,734,720 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009.02.09 18:25:10 | 000,022,568 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2009.02.09 18:25:10 | 000,016,936 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2009.02.09 18:25:04 | 000,333,864 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Si3531.sys -- (Si3531)
DRV:64bit: - [2008.02.11 20:48:28 | 007,709,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008.01.05 04:22:50 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
DRV:64bit: - [2006.11.30 16:17:56 | 000,033,048 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\x10ufx2.sys -- (XUIF)
DRV:64bit: - [2006.10.03 04:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2006.09.18 23:38:10 | 001,074,688 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\..\SearchScopes\{012A1949-82A6-4C34-9F50-85A7CF7EC628}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=428
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\..\SearchScopes\{BAEC4A6B-468F-4BB6-A6EC-7C422FB6925E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=2b583220-87d0-434e-be3a-1b45e3bfbbd1&apn_sauid=F47D1B36-23FB-4BB3-80D3-CADC553F0DAD
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.n-tv.de/"
FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.6.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.12.10 18:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Extensions
[2013.07.03 20:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\zakxkdnl.default\extensions
[2013.07.03 07:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\zyozo4z0.default-1357032961107\extensions
[2013.06.18 16:58:44 | 000,561,109 | ---- | M] () (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\zyozo4z0.default-1357032961107\extensions\toolbar@gmx.net.xpi
[2013.06.27 17:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.06.27 17:12:18 | 000,000,000 | ---D | M] (TrueSuite Website Log On) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com
[2013.06.27 17:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.06.27 17:12:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.06.27 17:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2013.06.27 17:12:16 | 000,000,000 | ---D | M] (GMX MailCheck) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O3 - HKLM\..\Toolbar: (TrueSuite Web Log On) - {A28EC2CC-FD38-40d9-9E75-657D1E0B4686} - C:\Programme\TrueSuite\TrueSuite.IEToolBar.dll (AuthenTec Inc.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [ClientAppLogon] C:\Programme\TrueSuite\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SystemTray] C:\Programme\TrueSuite\TrueSuite.SysTray.exe (AuthenTec, Inc)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-615200554-2618334879-3151254164-1000..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Users\Micha\AppData\Local\Temp\E_SAFAF.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-615200554-2618334879-3151254164-1000..\Run: [EPSON Stylus DX4400 Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Users\Micha\AppData\Local\Temp\E_SE18E.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-615200554-2618334879-3151254164-1000..\Run: [Nero PhotoShow Media Manager] C:\Program Files (x86)\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe (Nero AG / Nero Inc.)
O4 - HKU\S-1-5-21-615200554-2618334879-3151254164-1000..\Run: [Video Performer63862.exe] "C:\Users\Micha\AppData\Local\Temp\Video Performer63862.exe" /XML="C:\Users\Micha\AppData\Local\Temp\F7A2.tmp" /ROS /STP=1:2 File not found
O4 - Startup: C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23720F7B-3626-4A2A-8965-BA8C0BBEE03A}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D4A8F71-CDDF-4F84-AD66-C9E4AEA99B84}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFDAF5FC-DAC4-4ADB-ABBF-F050BD828A7D}: DhcpNameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFBEEDF4-BF56-47FD-8355-A1F9A36A7C3A}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDEAA796-34F8-49A7-88B3-1D468AD1BE13}: DhcpNameServer = 193.189.244.206 193.189.244.225
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.07.01 23:40:32 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.03.11 02:26:10 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3752f1b3-b73b-11e2-8d3e-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{3752f1b3-b73b-11e2-8d3e-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{4299f0fb-58bd-11e2-9f45-001e101f7fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{4299f0fb-58bd-11e2-9f45-001e101f7fb6}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{44f12c07-492d-11e2-a18a-001e101f2c0e}\Shell - "" = AutoRun
O33 - MountPoints2\{44f12c07-492d-11e2-a18a-001e101f2c0e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{459f8e08-4080-11e2-8759-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{459f8e08-4080-11e2-8759-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{459f8e13-4080-11e2-8759-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{459f8e13-4080-11e2-8759-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{470cc676-49d1-11e2-b6af-0016d3868ca9}\Shell - "" = AutoRun
O33 - MountPoints2\{470cc676-49d1-11e2-b6af-0016d3868ca9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{757efc16-5a7d-11e2-8402-001e101f4da1}\Shell - "" = AutoRun
O33 - MountPoints2\{757efc16-5a7d-11e2-8402-001e101f4da1}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a5c0eca6-4224-11e2-a877-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{a5c0eca6-4224-11e2-a877-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d0ef7d2a-4b65-11e2-a530-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{d0ef7d2a-4b65-11e2-a530-001b77ac59a8}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d0ef7d65-4b65-11e2-a530-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{d0ef7d65-4b65-11e2-a530-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{fbe9b0eb-576d-11e2-b3b3-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{fbe9b0eb-576d-11e2-b3b3-001e101f8aaa}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.03 21:01:17 | 000,000,000 | ---D | C] -- C:\Users\Micha\Desktop\Troja
[2013.07.03 07:10:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.07.03 07:04:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.07.02 18:04:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe
[2013.07.01 23:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.07.01 23:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.06.27 17:12:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.03 20:46:01 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.03 20:46:01 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.03 20:45:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.03 20:45:51 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.03 20:43:48 | 000,000,951 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.07.03 20:32:18 | 000,650,027 | ---- | M] () -- C:\Users\Micha\Desktop\adwcleaner.exe
[2013.07.03 20:30:31 | 000,793,536 | ---- | M] () -- C:\Users\Micha\Desktop\ZipOpenerSetup.exe
[2013.07.03 20:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.03 17:53:38 | 000,016,276 | ---- | M] () -- C:\Users\Micha\Documents\Berechnung Jan 2013.ods
[2013.07.03 06:57:06 | 000,047,938 | ---- | M] () -- C:\Users\Micha\Desktop\troja2.pdf
[2013.07.02 20:27:16 | 565,359,212 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.07.02 18:53:30 | 000,377,856 | ---- | M] () -- C:\Users\Micha\Desktop\gmer_2.1.19163.exe
[2013.07.02 18:05:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe
[2013.07.02 18:02:45 | 000,000,000 | ---- | M] () -- C:\Users\Micha\defogger_reenable
[2013.07.02 17:56:31 | 000,050,477 | ---- | M] () -- C:\Users\Micha\Desktop\Defogger.exe
[2013.07.01 23:40:32 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.07.01 21:00:45 | 000,711,605 | ---- | M] () -- C:\Users\Micha\Desktop\Entfernen Spyware.pdf
[2013.06.29 13:25:38 | 000,084,668 | ---- | M] () -- C:\Users\Micha\Desktop\KF Roco.pdf
[2013.06.24 19:19:13 | 000,565,152 | ---- | M] () -- C:\Users\Micha\Desktop\Kleintier Ossweil.pdf
[2013.06.16 03:07:26 | 001,468,532 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.16 03:07:26 | 000,628,744 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.16 03:07:26 | 000,595,998 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.16 03:07:26 | 000,126,262 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.16 03:07:26 | 000,104,072 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.14 05:52:02 | 000,050,176 | ---- | M] () -- C:\Users\Micha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.06.11 17:28:00 | 000,083,537 | ---- | M] () -- C:\Users\Micha\Desktop\KF Förder.pdf
[2013.06.06 15:50:34 | 000,115,579 | ---- | M] () -- C:\Users\Micha\Desktop\Mein eBay  Nachricht einstellung.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.03 20:43:19 | 000,000,951 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.07.03 20:31:02 | 000,650,027 | ---- | C] () -- C:\Users\Micha\Desktop\adwcleaner.exe
[2013.07.03 20:29:06 | 000,793,536 | ---- | C] () -- C:\Users\Micha\Desktop\ZipOpenerSetup.exe
[2013.07.03 06:57:00 | 000,047,938 | ---- | C] () -- C:\Users\Micha\Desktop\troja2.pdf
[2013.07.02 18:53:25 | 000,377,856 | ---- | C] () -- C:\Users\Micha\Desktop\gmer_2.1.19163.exe
[2013.07.02 18:06:14 | 000,698,996 | ---- | C] () -- C:\Users\Micha\Desktop\troja1.pdf
[2013.07.02 18:02:45 | 000,000,000 | ---- | C] () -- C:\Users\Micha\defogger_reenable
[2013.07.02 17:56:12 | 000,050,477 | ---- | C] () -- C:\Users\Micha\Desktop\Defogger.exe
[2013.07.01 23:40:32 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.07.01 21:00:41 | 000,711,605 | ---- | C] () -- C:\Users\Micha\Desktop\Entfernen Spyware.pdf
[2013.06.29 13:25:35 | 000,084,668 | ---- | C] () -- C:\Users\Micha\Desktop\KF Roco.pdf
[2013.06.24 19:19:09 | 000,565,152 | ---- | C] () -- C:\Users\Micha\Desktop\Kleintier Ossweil.pdf
[2013.06.11 17:27:56 | 000,083,537 | ---- | C] () -- C:\Users\Micha\Desktop\KF Förder.pdf
[2013.06.07 08:49:19 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2013.06.06 15:50:32 | 000,115,579 | ---- | C] () -- C:\Users\Micha\Desktop\Mein eBay  Nachricht einstellung.pdf
[2013.05.11 10:18:30 | 000,118,692 | ---- | C] () -- C:\Users\Micha\- Kurzfassung Persönliche Wendezeit 2013,.pdf
[2013.03.09 07:40:43 | 000,002,138 | ---- | C] () -- C:\Users\Micha\AppData\Local\recently-used.xbel
[2012.12.25 19:04:20 | 000,023,888 | ---- | C] () -- C:\Users\Micha\AppData\Roaming\UserTile.png
[2012.12.21 07:17:59 | 000,050,176 | ---- | C] () -- C:\Users\Micha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.19 06:42:54 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.12.19 06:42:13 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.12.19 06:41:35 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.12.16 09:00:55 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2012.12.07 15:46:48 | 000,000,732 | ---- | C] () -- C:\Users\Micha\AppData\Local\d3d9caps64.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.19 01:04:28 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.01 05:27:54 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\FreePDF
[2013.03.28 18:46:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\IrfanView
[2012.12.29 10:04:47 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\OpenOffice.org
[2012.12.25 19:04:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\PeerNetworking
[2013.03.28 18:46:21 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\PhotoScape
[2013.03.05 14:48:28 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Simple Star
[2013.07.03 19:25:26 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Systweak
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >
         
--- --- ---

so mal sehen was nun kommt. freue mich schon auf deine Antwort. Und bitte entschuldige, dass ich solange gebraucht habe, bin sicher bei dir ginge es schneller. Gruß Michael

Alt 03.07.2013, 21:28   #8
aharonov
/// TB-Ausbilder
 
bizcoahing - Standard

bizcoahing



Hallo Michael,

das ist überhaupt kein Problem, wenn du länger brauchst. Von meiner Seite her besteht keine Eile..
Kurze Zwischenfrage: Taucht das Problem mit bizcoaching, das du zu Beginn erwähnt hast, weiterhin auf, oder nicht mehr?
__________________
cheers,
Leo

Alt 08.07.2013, 10:47   #9
aharonov
/// TB-Ausbilder
 
bizcoahing - Standard

bizcoahing



Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.
__________________
cheers,
Leo

Alt 12.07.2013, 00:08   #10
aharonov
/// TB-Ausbilder
 
bizcoahing - Standard

bizcoahing



Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.
Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________
cheers,
Leo

Alt 12.07.2013, 09:42   #11
aharonov
/// TB-Ausbilder
 
bizcoahing - Standard

bizcoahing



Hallo Michael,

wir machen weiter mit der letzten Runde.


Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:373E1720
[2013.07.01 23:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
[2013.07.01 23:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
O4 - HKU\S-1-5-21-615200554-2618334879-3151254164-1000..\Run: [Video Performer63862.exe] "C:\Users\Micha\AppData\Local\Temp\Video Performer63862.exe" /XML="C:\Users\Micha\AppData\Local\Temp\F7A2.tmp" /ROS /STP=1:2 File not found
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\..\SearchScopes\{BAEC4A6B-468F-4BB6-A6EC-7C422FB6925E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=2b583220-87d0-434e-be3a-1b45e3bfbbd1&apn_sauid=F47D1B36-23FB-4BB3-80D3-CADC553F0DAD
[2013.07.03 19:25:26 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Systweak

:commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Schritt 2


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Schritt 3

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Schritt 4

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von ESET
  • Log von SecurityCheck
  • Log von OTL
__________________
cheers,
Leo

Alt 12.07.2013, 10:43   #12
milkit54
 
bizcoahing - Standard

bizcoahing



Hallo Leo,
vielen Dank für die schnelle Antwort. der otl scan läuft.
aber für mich gibt es einige Fragen.
1. was und wo ist die "code box" deren Inhalt ich kopieren soll?
2. und wo finde ich dann die "benutzerdefnierte scans" text box?
3. soll ich jeden Schritt einzeln abrbeiten?
4. Welchen Namen soll ich mit *** ersetezn ? zwingend?

Sorry für meine "Umstandskrämerei" ich kenne mich einfach zu wenig aus, aber ich bemühe mich. Ich hoffe wirklich dass ich nicht zu nervend bin. Danke + gruß Michael

Alt 12.07.2013, 12:17   #13
aharonov
/// TB-Ausbilder
 
bizcoahing - Standard

bizcoahing



Hallo Michael,

Zitat:
1. was und wo ist die "code box" deren Inhalt ich kopieren soll?
Das ist die folgende Box, deren Inhalt du bei OTL einfügen sollst, bevor du auf den Button "Fix" drückst:
Code:
ATTFilter
:OTL
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:373E1720
[2013.07.01 23:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
[2013.07.01 23:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
O4 - HKU\S-1-5-21-615200554-2618334879-3151254164-1000..\Run: [Video Performer63862.exe] "C:\Users\Micha\AppData\Local\Temp\Video Performer63862.exe" /XML="C:\Users\Micha\AppData\Local\Temp\F7A2.tmp" /ROS /STP=1:2 File not found
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\..\SearchScopes\{BAEC4A6B-468F-4BB6-A6EC-7C422FB6925E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=2b583220-87d0-434e-be3a-1b45e3bfbbd1&apn_sauid=F47D1B36-23FB-4BB3-80D3-CADC553F0DAD
[2013.07.03 19:25:26 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Systweak

:commands
[emptytemp]
         

Zitat:
2. und wo finde ich dann die "benutzerdefnierte scans" text box?
Das ist das Textfeld ganz unten im OTL-Fenster. Dort kannst du den obigen Text aus der Codebox reinkopieren.


Zitat:
3. soll ich jeden Schritt einzeln abrbeiten?
Genau.


Zitat:
4. Welchen Namen soll ich mit *** ersetezn ? zwingend?
Das betrifft dich hier nicht. Diesen Hinweis kannst du einfach ignorieren.
__________________
cheers,
Leo

Alt 12.07.2013, 16:06   #14
milkit54
 
bizcoahing - Standard

bizcoahing



Hallo Leo ,
hoffe das ist ok
hier die DatenOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.07.2013 19:40:18 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Micha\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 40,61% Memory free
4,22 Gb Paging File | 2,13 Gb Available in Paging File | 50,55% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 89,88 Gb Free Space | 60,30% Space Free | Partition Type: NTFS
Drive D: | 15,54 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MICHA-PC | User Name: Micha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.02 18:05:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe
PRC - [2013.07.01 23:35:14 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.07.01 23:01:00 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2013.07.01 22:49:08 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.07.01 22:48:37 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.06.27 17:12:28 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.06.12 18:08:24 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013.05.10 09:57:24 | 001,465,920 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.03.24 10:00:06 | 000,592,344 | ---- | M] () -- C:\ProgramData\IBUpdaterService\ibsvc.exe
PRC - [2013.03.10 23:38:48 | 001,644,680 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.08.13 12:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 12:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011.02.23 23:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2010.01.08 16:59:24 | 000,540,672 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2006.01.13 23:22:19 | 000,249,856 | ---- | M] (Nero AG / Nero Inc.) -- C:\Program Files (x86)\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.07.03 08:06:58 | 000,045,568 | ---- | M] () -- C:\Users\Micha\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_weblink.DEU
MOD - [2013.06.27 17:12:28 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.06.12 18:08:23 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013.05.23 07:50:16 | 000,014,336 | ---- | M] () -- C:\Users\Micha\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU
MOD - [2013.05.23 07:49:36 | 000,100,352 | ---- | M] () -- C:\Users\Micha\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_EScript.DEU
MOD - [2013.05.19 13:07:07 | 000,023,040 | ---- | M] () -- C:\Users\Micha\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_SendMail.DEU
MOD - [2013.05.19 13:07:03 | 002,685,440 | ---- | M] () -- C:\Users\Micha\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Annots.DEU
MOD - [2013.05.19 13:06:56 | 009,488,896 | ---- | M] () -- C:\Users\Micha\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu
MOD - [2013.05.10 09:57:36 | 000,056,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_DE\BRdlang32.DEU
MOD - [2013.05.10 09:57:24 | 000,305,728 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2012.08.10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.08.10 17:50:56 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2012.07.27 22:51:34 | 006,549,432 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\authplay.dll
MOD - [2010.03.04 12:27:44 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\LocaleMgrPlugin.dll
MOD - [2010.03.04 12:27:08 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\SMSPlugin.dll
MOD - [2010.03.04 12:26:24 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\NotifyServicePlugin.dll
MOD - [2010.03.04 12:24:40 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\ConfigFilePlugin.dll
MOD - [2010.03.04 12:23:36 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DeviceMgrPlugin.dll
MOD - [2010.03.04 12:21:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\NetInfoPlugin.dll
MOD - [2010.03.04 12:19:18 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DialUpPlugin.dll
MOD - [2010.03.04 12:18:20 | 000,245,760 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DeviceMgrUIPlugin.dll
MOD - [2010.03.04 12:00:52 | 000,991,232 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\NDISAPI.dll
MOD - [2010.01.15 15:53:34 | 000,598,016 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\atcomm.dll
MOD - [2010.01.15 15:53:34 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DetectDev.dll
MOD - [2010.01.15 15:53:34 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\FileManager.dll
MOD - [2010.01.15 15:53:34 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\XCodec.dll
MOD - [2010.01.15 15:53:34 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DeviceOperate.dll
MOD - [2010.01.15 15:53:34 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\isaputrace.dll
MOD - [2010.01.08 16:59:24 | 000,540,672 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2008.01.19 01:00:54 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.07.01 23:35:14 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.07.01 23:01:00 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013.07.01 22:49:08 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.06.27 17:12:28 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.12 18:08:24 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.03.24 10:00:06 | 000,592,344 | ---- | M] () [Auto | Running] -- C:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
SRV - [2012.09.05 17:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.17 23:08:54 | 000,107,256 | ---- | M] (AuthenTec, Inc) [Auto | Running] -- C:\Programme\TrueSuite\TrueSuite.Service.exe -- (FPLService)
SRV - [2009.09.15 05:32:14 | 002,697,464 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Programme\Fingerprint Sensor\ATService.exe -- (ATService)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013.03.06 16:13:37 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.26 16:56:51 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.02.26 16:56:50 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.12.08 21:19:34 | 000,135,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.12.07 20:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.10.12 16:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.07.07 09:34:26 | 000,734,720 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009.02.09 18:25:10 | 000,022,568 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2009.02.09 18:25:10 | 000,016,936 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2009.02.09 18:25:04 | 000,333,864 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Si3531.sys -- (Si3531)
DRV:64bit: - [2008.02.11 20:48:28 | 007,709,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008.01.05 04:22:50 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
DRV:64bit: - [2006.11.30 16:17:56 | 000,033,048 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\x10ufx2.sys -- (XUIF)
DRV:64bit: - [2006.10.03 04:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2006.09.18 23:38:10 | 001,074,688 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^Y6^xdm043^YY^de&ptb=1F11A9F5-A6B2-48DE-9C57-80073E2A2911&si=swissconverter
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\..\SearchScopes,DefaultScope = {012A1949-82A6-4C34-9F50-85A7CF7EC628}
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\..\SearchScopes\{012A1949-82A6-4C34-9F50-85A7CF7EC628}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=428
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=120519&babsrc=SP_ss&mntrId=0aea01ae000000000000001e101fb4df
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\..\SearchScopes\{BAEC4A6B-468F-4BB6-A6EC-7C422FB6925E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=2b583220-87d0-434e-be3a-1b45e3bfbbd1&apn_sauid=F47D1B36-23FB-4BB3-80D3-CADC553F0DAD
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.n-tv.de/"
FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.6.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.12.10 18:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Extensions
[2013.04.14 23:09:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\zakxkdnl.default\extensions
[2013.04.28 20:40:00 | 000,000,000 | ---D | M] (@@toolbarname@@) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\zakxkdnl.default\extensions\toolbar@ask.com
[2013.07.03 07:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\zyozo4z0.default-1357032961107\extensions
[2013.06.18 16:58:44 | 000,561,109 | ---- | M] () (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\zyozo4z0.default-1357032961107\extensions\toolbar@gmx.net.xpi
[2013.03.05 14:55:25 | 000,001,294 | ---- | M] () -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\zyozo4z0.default-1357032961107\searchplugins\delta.xml
[2013.03.05 13:04:19 | 000,009,619 | ---- | M] () -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\zyozo4z0.default-1357032961107\searchplugins\my-web-search.xml
[2013.06.27 17:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.06.27 17:12:18 | 000,000,000 | ---D | M] (TrueSuite Website Log On) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com
[2013.06.27 17:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.06.27 17:12:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.06.27 17:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2013.06.27 17:12:16 | 000,000,000 | ---D | M] (GMX MailCheck) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
[2013.03.05 14:54:47 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (TrueSuite Web Log On) - {A28EC2CC-FD38-40d9-9E75-657D1E0B4686} - C:\Programme\TrueSuite\TrueSuite.IEToolBar.dll (AuthenTec Inc.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [ClientAppLogon] C:\Programme\TrueSuite\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SystemTray] C:\Programme\TrueSuite\TrueSuite.SysTray.exe (AuthenTec, Inc)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-615200554-2618334879-3151254164-1000..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Users\Micha\AppData\Local\Temp\E_SAFAF.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-615200554-2618334879-3151254164-1000..\Run: [EPSON Stylus DX4400 Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Users\Micha\AppData\Local\Temp\E_SE18E.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-615200554-2618334879-3151254164-1000..\Run: [Nero PhotoShow Media Manager] C:\Program Files (x86)\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe (Nero AG / Nero Inc.)
O4 - HKU\S-1-5-21-615200554-2618334879-3151254164-1000..\Run: [Video Performer63862.exe] "C:\Users\Micha\AppData\Local\Temp\Video Performer63862.exe" /XML="C:\Users\Micha\AppData\Local\Temp\F7A2.tmp" /ROS /STP=1:2 File not found
O4 - Startup: C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23720F7B-3626-4A2A-8965-BA8C0BBEE03A}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D4A8F71-CDDF-4F84-AD66-C9E4AEA99B84}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFDAF5FC-DAC4-4ADB-ABBF-F050BD828A7D}: DhcpNameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFBEEDF4-BF56-47FD-8355-A1F9A36A7C3A}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDEAA796-34F8-49A7-88B3-1D468AD1BE13}: DhcpNameServer = 193.189.244.225 193.189.244.206
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.07.01 23:40:32 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.03.11 02:26:10 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3752f1b3-b73b-11e2-8d3e-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{3752f1b3-b73b-11e2-8d3e-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{4299f0fb-58bd-11e2-9f45-001e101f7fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{4299f0fb-58bd-11e2-9f45-001e101f7fb6}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{44f12c07-492d-11e2-a18a-001e101f2c0e}\Shell - "" = AutoRun
O33 - MountPoints2\{44f12c07-492d-11e2-a18a-001e101f2c0e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{459f8e08-4080-11e2-8759-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{459f8e08-4080-11e2-8759-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{459f8e13-4080-11e2-8759-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{459f8e13-4080-11e2-8759-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{470cc676-49d1-11e2-b6af-0016d3868ca9}\Shell - "" = AutoRun
O33 - MountPoints2\{470cc676-49d1-11e2-b6af-0016d3868ca9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{757efc16-5a7d-11e2-8402-001e101f4da1}\Shell - "" = AutoRun
O33 - MountPoints2\{757efc16-5a7d-11e2-8402-001e101f4da1}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a5c0eca6-4224-11e2-a877-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{a5c0eca6-4224-11e2-a877-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d0ef7d2a-4b65-11e2-a530-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{d0ef7d2a-4b65-11e2-a530-001b77ac59a8}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d0ef7d65-4b65-11e2-a530-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{d0ef7d65-4b65-11e2-a530-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{fbe9b0eb-576d-11e2-b3b3-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{fbe9b0eb-576d-11e2-b3b3-001e101f8aaa}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.03 07:10:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.07.03 07:04:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.07.02 18:04:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe
[2013.07.01 23:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.07.01 23:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.06.27 17:12:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.03 19:32:18 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.03 19:32:18 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.03 19:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.03 17:53:38 | 000,016,276 | ---- | M] () -- C:\Users\Micha\Documents\Berechnung Jan 2013.ods
[2013.07.03 07:32:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.03 07:32:06 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.03 06:57:06 | 000,047,938 | ---- | M] () -- C:\Users\Micha\Desktop\troja2.pdf
[2013.07.02 20:27:16 | 565,359,212 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.07.02 18:53:30 | 000,377,856 | ---- | M] () -- C:\Users\Micha\Desktop\gmer_2.1.19163.exe
[2013.07.02 18:06:18 | 000,698,996 | ---- | M] () -- C:\Users\Micha\Desktop\troja1.pdf
[2013.07.02 18:05:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe
[2013.07.02 18:02:45 | 000,000,000 | ---- | M] () -- C:\Users\Micha\defogger_reenable
[2013.07.02 17:56:31 | 000,050,477 | ---- | M] () -- C:\Users\Micha\Desktop\Defogger.exe
[2013.07.01 23:40:32 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.07.01 21:00:45 | 000,711,605 | ---- | M] () -- C:\Users\Micha\Desktop\Entfernen Spyware.pdf
[2013.06.29 13:25:38 | 000,084,668 | ---- | M] () -- C:\Users\Micha\Desktop\KF Roco.pdf
[2013.06.24 19:19:13 | 000,565,152 | ---- | M] () -- C:\Users\Micha\Desktop\Kleintier Ossweil.pdf
[2013.06.16 03:07:26 | 001,468,532 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.16 03:07:26 | 000,628,744 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.16 03:07:26 | 000,595,998 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.16 03:07:26 | 000,126,262 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.16 03:07:26 | 000,104,072 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.14 05:52:02 | 000,050,176 | ---- | M] () -- C:\Users\Micha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.06.11 17:28:00 | 000,083,537 | ---- | M] () -- C:\Users\Micha\Desktop\KF Förder.pdf
[2013.06.06 15:50:34 | 000,115,579 | ---- | M] () -- C:\Users\Micha\Desktop\Mein eBay  Nachricht einstellung.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.03 06:57:00 | 000,047,938 | ---- | C] () -- C:\Users\Micha\Desktop\troja2.pdf
[2013.07.02 18:53:25 | 000,377,856 | ---- | C] () -- C:\Users\Micha\Desktop\gmer_2.1.19163.exe
[2013.07.02 18:06:14 | 000,698,996 | ---- | C] () -- C:\Users\Micha\Desktop\troja1.pdf
[2013.07.02 18:02:45 | 000,000,000 | ---- | C] () -- C:\Users\Micha\defogger_reenable
[2013.07.02 17:56:12 | 000,050,477 | ---- | C] () -- C:\Users\Micha\Desktop\Defogger.exe
[2013.07.01 23:40:32 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.07.01 21:00:41 | 000,711,605 | ---- | C] () -- C:\Users\Micha\Desktop\Entfernen Spyware.pdf
[2013.06.29 13:25:35 | 000,084,668 | ---- | C] () -- C:\Users\Micha\Desktop\KF Roco.pdf
[2013.06.24 19:19:09 | 000,565,152 | ---- | C] () -- C:\Users\Micha\Desktop\Kleintier Ossweil.pdf
[2013.06.11 17:27:56 | 000,083,537 | ---- | C] () -- C:\Users\Micha\Desktop\KF Förder.pdf
[2013.06.07 08:49:19 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2013.06.06 15:50:32 | 000,115,579 | ---- | C] () -- C:\Users\Micha\Desktop\Mein eBay  Nachricht einstellung.pdf
[2013.05.11 10:18:30 | 000,118,692 | ---- | C] () -- C:\Users\Micha\- Kurzfassung Persönliche Wendezeit 2013,.pdf
[2013.03.09 07:40:43 | 000,002,138 | ---- | C] () -- C:\Users\Micha\AppData\Local\recently-used.xbel
[2012.12.25 19:04:20 | 000,023,888 | ---- | C] () -- C:\Users\Micha\AppData\Roaming\UserTile.png
[2012.12.21 07:17:59 | 000,050,176 | ---- | C] () -- C:\Users\Micha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.19 06:42:54 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.12.19 06:42:13 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.12.19 06:41:35 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.12.16 09:00:55 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2012.12.07 15:46:48 | 000,000,732 | ---- | C] () -- C:\Users\Micha\AppData\Local\d3d9caps64.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.19 01:04:28 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.05 14:54:39 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Babylon
[2013.03.28 18:46:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\File Scout
[2013.03.01 05:27:54 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\FreePDF
[2013.03.28 18:46:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\IrfanView
[2012.12.29 10:04:47 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\OpenOffice.org
[2012.12.25 19:04:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\PeerNetworking
[2013.03.28 18:46:21 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\PhotoScape
[2013.03.05 14:48:28 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Simple Star
[2013.07.03 19:25:26 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Systweak
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >
         
--- --- ---

freue mich auf deine nächste Anweisung. Vielen Dank bis hierher schon einmal. Gruß Michael

Alt 12.07.2013, 19:36   #15
aharonov
/// TB-Ausbilder
 
bizcoahing - Standard

bizcoahing



Hallo Michael,

das ist nur ein ziemlich altes OTL-Log.
Es sollte für jeden dieser 4 Schritte ein separates Logfile geben. Hast du alle diese Schritte durchgeführt?
__________________
cheers,
Leo

Antwort

Themen zu bizcoahing
coachi, glaskugel, rechner



Zum Thema bizcoahing - wir kann ich biz coaCHING VON MEINEM RECHNER bekommen? - bizcoahing...
Archiv
Du betrachtest: bizcoahing auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.