BKA ähnlicher Trojaner "Der Computer ist für die Verletzung"

Brax · 27.08.2012, 19:53

Hi, Ich bekam heute ein Screen präsentiert dass mich stark an den BKA trojaner erinnerte.
Die Aufschrift war in etwa "Computer ist Infiziert" irgendwas in gebrochenem Deutsch.

nachdem ich mit meinem Easy clean programm mein system abbild mir gegen das vor 5 Tagen vergleichen lassen hab kam raus, dass die dateien

Trojan.Ransom.FGen File C:\Users\Manuel\AppData\Roaming\hellomoto\TujP.dat

Trojan.Ransom.FGen Folder C:\Users\Manuel\AppData\Roaming\hellomoto

Trojan.Ransom.FGen File C:\Users\Manuel\AppData\Roaming\hellomoto\BukF.dat

neu erstellt worden sind.

Malwarebytes scan ergab auch diese drei dateien

Nach einem neustart ist bis jetzt alles ok.

hab den defogger und den OTL nun durch. Hier die ergebnisse. Ich hoffe es ergibt sich daraus für euch etwas :-/

Danke

OTL

Code:

ATTFilter

OTL logfile created on: 27.08.2012 20:05:46 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\AlphaMedia\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,83 Gb Total Physical Memory | 6,11 Gb Available Physical Memory | 78,11% Memory free
7,83 Gb Paging File | 6,17 Gb Available in Paging File | 78,79% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 11,03 Gb Free Space | 9,26% Space Free | Partition Type: NTFS
Drive D: | 539,07 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 1863,01 Gb Total Space | 967,79 Gb Free Space | 51,95% Space Free | Partition Type: NTFS
 
Computer Name: ALPHAMEDIA-PC | User Name: AlphaMedia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.27 19:34:00 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\AlphaMedia\Desktop\OTL.exe
PRC - [2012.03.15 20:33:51 | 000,336,896 | ---- | M] (AVM Berlin) -- C:\Users\AlphaMedia\AppData\Local\Apps\2.0\EO0HRNWC.H88\TXARMO50.3YV\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
PRC - [2012.03.15 07:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2012.02.09 13:44:10 | 000,531,328 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 15:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.10.26 20:48:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011.09.24 18:22:18 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.08.22 17:57:30 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2011.08.22 17:52:46 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2011.08.17 09:28:14 | 003,120,448 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2011.07.12 17:14:24 | 000,331,776 | ---- | M] (VIA Technologies, Inc.) -- C:\VIA_XHCI\usb3Monitor.exe
PRC - [2011.06.28 01:45:40 | 005,587,672 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011.05.10 18:57:28 | 002,570,688 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2011.02.01 13:17:16 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 13:17:12 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.12.28 19:44:54 | 000,294,912 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009.10.01 13:44:44 | 001,748,992 | ---- | M] (NETGEAR) -- C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
PRC - [2000.01.01 00:00:00 | 000,271,360 | ---- | M] () -- C:\Program Files (x86)\DTProTS\DTProTS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.16 12:42:04 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012.06.16 12:41:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.16 12:41:50 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.16 12:41:49 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll
MOD - [2012.06.16 12:41:48 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012.05.18 19:52:56 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012.05.18 19:52:13 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.18 19:52:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.18 19:52:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.18 19:52:06 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.18 19:52:02 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.03.15 20:33:34 | 000,368,640 | ---- | M] () -- C:\Users\AlphaMedia\AppData\Local\Apps\2.0\EO0HRNWC.H88\TXARMO50.3YV\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.07.21 20:02:30 | 000,207,872 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2011.06.28 01:45:26 | 011,204,400 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 19:58:23 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2006.06.09 20:20:04 | 000,003,072 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIGER.DLL
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.08.11 18:28:03 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe -- (Creative Dolby Digital Live Pack Licensing Service)
SRV - [2012.08.11 17:57:20 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.03.20 20:45:38 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.03.15 07:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.09 13:44:10 | 000,531,328 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.10.27 11:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.09.24 18:22:18 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.06.28 01:46:22 | 001,114,280 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011.05.11 12:21:26 | 000,415,616 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Programme\cFosSpeed\spd.exe -- (cFosSpeedS)
SRV - [2011.03.21 17:19:16 | 001,845,248 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Programme\NetLimiter 3\nlsvc.exe -- (nlsvc)
SRV - [2011.02.01 13:17:16 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.01 13:17:12 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.12.28 19:44:54 | 000,294,912 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.02.29 02:07:18 | 000,942,080 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
SRV - [2000.01.01 00:00:00 | 000,271,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DTProTS\DTProTS.exe -- (DTProTS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.16 02:05:15 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.15 20:33:45 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio)
DRV:64bit: - [2012.03.09 10:57:36 | 000,023,816 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.17 10:28:54 | 014,692,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.01.18 08:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 08:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.12.10 16:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.11.14 20:01:22 | 000,204,800 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB)
DRV:64bit: - [2011.11.14 20:01:12 | 000,256,000 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xhcdrv.sys -- (xhcdrv)
DRV:64bit: - [2011.11.04 13:37:00 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.09.24 18:22:18 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011.09.24 18:22:17 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273)
DRV:64bit: - [2011.09.24 18:22:17 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011.09.24 18:22:17 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.08.22 19:26:46 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2011.08.22 19:26:34 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2011.08.22 19:26:24 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2011.08.22 19:26:12 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2011.08.22 19:26:02 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2011.08.22 19:25:50 | 000,687,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2011.08.22 19:25:40 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2011.08.22 19:25:30 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2011.08.22 19:25:30 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2011.08.22 19:25:16 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2011.08.22 19:25:16 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2011.08.22 19:25:06 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2011.08.22 19:25:06 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2011.08.17 13:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.08.17 13:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.08.17 13:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.08.17 13:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.07.20 09:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011.05.25 00:25:16 | 000,052,736 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\applebmt.sys -- (applebmt)
DRV:64bit: - [2011.05.11 12:21:30 | 001,261,440 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed)
DRV:64bit: - [2011.04.28 22:18:04 | 000,053,080 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tscusb2a.sys -- (TASCAM_US122L_MK2_WDM)
DRV:64bit: - [2011.04.28 22:18:04 | 000,031,576 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tscusb2m.sys -- (TASCAM_US122L_MK2_MIDI)
DRV:64bit: - [2011.04.28 22:18:02 | 000,419,160 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tascusb2.sys -- (TASCAM_US122144)
DRV:64bit: - [2011.03.21 17:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisPT)
DRV:64bit: - [2011.03.21 17:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisMP)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.16 15:29:46 | 000,017,008 | ---- | M] (VIA Labs, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vl810filter.sys -- (vl810filter)
DRV:64bit: - [2011.01.31 23:10:10 | 000,012,288 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\applemtm.sys -- (applemtm)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 01:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.04.27 21:02:24 | 000,783,360 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WN111v2w7x.sys -- (WN111v2)
DRV:64bit: - [2010.04.27 21:02:24 | 000,783,360 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arusb_win7x.sys -- (arusb_win7x)
DRV:64bit: - [2009.12.25 15:28:50 | 000,657,696 | ---- | M] (TechnoTrend Goerler GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ttBudget2_amd64.sys -- (ttBudget2_NTAMD64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.10.01 16:44:06 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2008.08.28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2006.11.28 21:46:20 | 000,043,328 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCAMp50a64.sys -- (PCAMp50a64)
DRV:64bit: - [2006.11.28 21:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCASp50a64.sys -- (PCASp50a64)
DRV - [2011.08.23 09:06:56 | 000,029,568 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Programme\HWiNFO64\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2011.03.21 17:44:28 | 000,088,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Programme\NetLimiter 3\nltdi.sys -- (nltdi)
DRV - [2010.07.01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.09.25 16:59:52 | 000,018,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\MediaCoder\SysInfoX64.sys -- (CrystalSysInfo)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 11 CE D7 D8 90 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {00E4A876-4397-4104-B22B-4A8A94B2A198}
IE - HKCU\..\SearchScopes\{00E4A876-4397-4104-B22B-4A8A94B2A198}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{45FFB264-F681-4C66-860F-2A2A05C3ECE7}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{AE9D6AD6-74F8-4753-8A12-B231958F58E8}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{E5E526FC-CA25-4493-9CAF-A96ECEFED8E1}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "google.de PWS"
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\pwdbank@authentec.com: C:\Users\AlphaMedia\AppData\Roaming\Mozilla\Firefox\Profiles\vxpq1fzh.default\extensions\passwordbank@authentec.com\plugins\5.9.6.7134\nppbff.dll (Authentec Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 20:49:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011.12.17 06:01:57 | 000,000,000 | ---D | M]
 
[2011.09.25 22:07:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AlphaMedia\AppData\Roaming\mozilla\Extensions
[2012.08.26 10:14:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AlphaMedia\AppData\Roaming\mozilla\Firefox\Profiles\vxpq1fzh.default\extensions
[2012.05.18 19:52:48 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\AlphaMedia\AppData\Roaming\mozilla\Firefox\Profiles\vxpq1fzh.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
[2012.04.10 06:54:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\AlphaMedia\AppData\Roaming\mozilla\Firefox\Profiles\vxpq1fzh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.12.19 00:01:19 | 000,000,000 | ---D | M] (Aviary) -- C:\Users\AlphaMedia\AppData\Roaming\mozilla\Firefox\Profiles\vxpq1fzh.default\extensions\{d5eeb813-935a-435d-b01e-b3a02f2cb408}
[2012.03.26 19:18:05 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Users\AlphaMedia\AppData\Roaming\mozilla\Firefox\Profiles\vxpq1fzh.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2011.12.18 19:16:50 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\AlphaMedia\AppData\Roaming\mozilla\Firefox\Profiles\vxpq1fzh.default\extensions\DeviceDetection@logitech.com
[2012.05.16 00:12:20 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\AlphaMedia\AppData\Roaming\mozilla\Firefox\Profiles\vxpq1fzh.default\extensions\fb_add_on@avm.de
[2012.08.02 22:56:38 | 000,000,000 | ---D | M] (YTshowRating) -- C:\Users\AlphaMedia\AppData\Roaming\mozilla\Firefox\Profiles\vxpq1fzh.default\extensions\jid1-m7xzZLMj29zzjA@jetpack
[2012.04.29 12:50:37 | 000,000,000 | ---D | M] (Password Bank) -- C:\Users\AlphaMedia\AppData\Roaming\mozilla\Firefox\Profiles\vxpq1fzh.default\extensions\passwordbank@authentec.com
[2011.12.26 17:08:51 | 000,011,417 | ---- | M] () -- C:\Users\AlphaMedia\AppData\Roaming\Mozilla\Firefox\Profiles\vxpq1fzh.default\searchplugins\ebay-durchsuchen.xml
[2011.12.19 01:19:30 | 000,001,742 | ---- | M] () -- C:\Users\AlphaMedia\AppData\Roaming\Mozilla\Firefox\Profiles\vxpq1fzh.default\searchplugins\googlede-pws.xml
[2012.01.22 18:02:31 | 000,004,140 | ---- | M] () -- C:\Users\AlphaMedia\AppData\Roaming\Mozilla\Firefox\Profiles\vxpq1fzh.default\searchplugins\youtube.xml
[2012.01.14 17:48:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.01 00:37:55 | 000,505,801 | ---- | M] () (No name found) -- C:\USERS\ALPHAMEDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPQ1FZH.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
[2012.07.07 13:04:02 | 000,007,433 | ---- | M] () (No name found) -- C:\USERS\ALPHAMEDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPQ1FZH.DEFAULT\EXTENSIONS\{3869B071-0FAE-4C75-948A-60D9C56EA02B}.XPI
[2012.03.05 03:57:15 | 000,097,169 | ---- | M] () (No name found) -- C:\USERS\ALPHAMEDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPQ1FZH.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
[2011.11.26 23:09:04 | 000,013,074 | ---- | M] () (No name found) -- C:\USERS\ALPHAMEDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPQ1FZH.DEFAULT\EXTENSIONS\{B0D70E72-2FC1-4B9F-A3D4-5921C854D906}.XPI
[2012.05.17 19:42:47 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\ALPHAMEDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPQ1FZH.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.08.26 10:14:06 | 000,270,021 | ---- | M] () (No name found) -- C:\USERS\ALPHAMEDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPQ1FZH.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2012.01.15 09:28:40 | 000,122,406 | ---- | M] () (No name found) -- C:\USERS\ALPHAMEDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPQ1FZH.DEFAULT\EXTENSIONS\GIORGIO@GILESTRO.TK.XPI
[2011.10.01 10:09:31 | 000,008,001 | ---- | M] () (No name found) -- C:\USERS\ALPHAMEDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPQ1FZH.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI
[2012.07.19 20:49:58 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.07 22:12:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.07 22:12:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.07 22:12:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.07 22:12:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.07 22:12:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.07 22:12:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.04.14 22:25:54 | 000,001,265 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 secure.disc-soft.com 
O1 - Hosts: 127.0.0.1 flashfxp.com
O1 - Hosts: 127.0.0.1 flashfxp.org
O1 - Hosts: 127.0.0.1 flashfxp.ws
O1 - Hosts: 127.0.0.1 www.flashfxp.com
O1 - Hosts: 127.0.0.1 www.flashfxp.org
O1 - Hosts: 127.0.0.1 www.flashfxp.ws
O1 - Hosts: 127.0.0.1 liveupdate.inicom.net/verify.php
O1 - Hosts: 127.0.0.1 liveupdate.inicom.net
O1 - Hosts: 127.0.0.1 liveupdate.flashfxp.com
O1 - Hosts: 127.0.0.1 update.inicom.net
O1 - Hosts: 127.0.0.1 update.flashfxp.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [cFosSpeed] C:\Programme\cFosSpeed\cfosspeed.exe (cFos Software GmbH)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (Authentec Inc.)
O4:64bit: - HKLM..\Run: [VIAxHCUtl] C:\VIA_XHCI\usb3Monitor.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WN111v2\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\AlphaMedia\AppData\Local\Apps\2.0\EO0HRNWC.H88\TXARMO50.3YV\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKCU..\Run: [C:\Program Files (x86)\NetMeter\NetMeter.exe] C:\Program Files (x86)\NetMeter\NetMeter.exe ()
O4 - HKCU..\Run: [ClipMate7] C:\Program Files (x86)\ClipMate7\ClipMate.exe (Thornsoft Development, Inc.)
O4 - HKCU..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe (Locktime Software)
O4 - HKCU..\Run: [SVPMgr] C:\Program Files (x86)\SVP\SVPMgr.exe ()
O4 - Startup: C:\Users\AlphaMedia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A6BAEFE-6BD2-446D-9A5E-708413ED1C84}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (Authentec Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.04.18 10:23:00 | 000,000,041 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{adf1f559-e6bf-11e0-9e9e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{adf1f559-e6bf-11e0-9e9e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2001.04.30 12:33:00 | 000,032,768 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.27 19:39:26 | 000,000,000 | ---D | C] -- C:\Users\AlphaMedia\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board-Dateien
[2012.08.27 19:33:56 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\AlphaMedia\Desktop\OTL.exe
[2012.08.20 18:57:11 | 000,000,000 | ---D | C] -- C:\Users\AlphaMedia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp
[2012.08.18 10:19:16 | 000,000,000 | ---D | C] -- C:\Users\AlphaMedia\AppData\Roaming\hellomoto
[2012.08.11 18:15:19 | 000,000,000 | ---D | C] -- C:\Users\AlphaMedia\AppData\Roaming\Creative
[2012.08.11 18:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2012.08.11 18:14:41 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.08.11 18:14:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012.08.11 18:14:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\data
[2012.08.11 18:14:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\data
[2012.08.11 17:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative
[2012.08.11 17:59:13 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Creative Installation Information
[2012.08.11 17:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2012.08.11 17:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
[2012.08.11 17:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2012.08.11 17:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2012.08.11 17:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012.08.11 17:56:06 | 000,077,824 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\eaxac3.dll
[2012.08.11 17:55:49 | 000,809,560 | ---- | C] (Creative Labs Inc.) -- C:\Windows\SysWow64\oalinst.exe
[2012.08.11 14:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Sweeper
[2012.08.11 14:41:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Sweeper
[2012.08.11 13:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative Labs
[2012.08.05 20:28:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RockboxUtility-v1.2.14
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.27 20:07:28 | 000,014,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.27 20:07:28 | 000,014,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.27 20:04:17 | 001,618,600 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.27 20:04:17 | 000,673,754 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.27 20:04:17 | 000,644,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.27 20:04:17 | 000,165,930 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.27 20:04:17 | 000,136,752 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.27 20:00:06 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.08.27 20:00:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012.08.27 20:00:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.27 19:59:57 | 2009,227,263 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.27 19:39:51 | 000,062,028 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000001-00001102-00000005-002F1102}.rfx
[2012.08.27 19:39:51 | 000,062,028 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000001-00001102-00000005-002F1102}.rfx
[2012.08.27 19:39:51 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000001-00001102-00000005-002F1102}.rfx
[2012.08.27 19:39:27 | 000,065,586 | ---- | M] () -- C:\Users\AlphaMedia\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.htm
[2012.08.27 19:38:48 | 000,000,198 | ---- | M] () -- C:\Users\AlphaMedia\defogger_reenable
[2012.08.27 19:36:14 | 000,050,477 | ---- | M] () -- C:\Users\AlphaMedia\Desktop\Defogger.exe
[2012.08.27 19:34:00 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\AlphaMedia\Desktop\OTL.exe
[2012.08.27 19:19:59 | 002,370,614 | ---- | M] () -- C:\Users\AlphaMedia\Documents\ClipMate7_DB_My Clips_2012-08-27_1919.ZIP
[2012.08.26 12:15:42 | 000,056,832 | ---- | M] () -- C:\Users\AlphaMedia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.18 13:55:10 | 000,001,451 | ---- | M] () -- C:\Users\Public\Desktop\Urban Terror 4.2.lnk
[2012.08.12 02:11:30 | 000,001,094 | ---- | M] () -- C:\Users\AlphaMedia\Desktop\D2MultiResGame.exe - Verknüpfung.lnk
[2012.08.11 18:28:55 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.08.11 18:28:55 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.08.11 18:28:54 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2012.08.11 18:28:01 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\DDL und DTS Connect-Lizenzaktivierung.lnk
[2012.08.06 18:28:50 | 002,377,226 | ---- | M] () -- C:\Users\AlphaMedia\Documents\ClipMate7_DB_My Clips_2012-08-06_1828.ZIP
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.27 19:39:26 | 000,065,586 | ---- | C] () -- C:\Users\AlphaMedia\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.htm
[2012.08.27 19:38:48 | 000,000,198 | ---- | C] () -- C:\Users\AlphaMedia\defogger_reenable
[2012.08.27 19:36:14 | 000,050,477 | ---- | C] () -- C:\Users\AlphaMedia\Desktop\Defogger.exe
[2012.08.27 19:19:58 | 002,370,614 | ---- | C] () -- C:\Users\AlphaMedia\Documents\ClipMate7_DB_My Clips_2012-08-27_1919.ZIP
[2012.08.18 13:55:10 | 000,001,451 | ---- | C] () -- C:\Users\Public\Desktop\Urban Terror 4.2.lnk
[2012.08.12 02:10:27 | 000,001,094 | ---- | C] () -- C:\Users\AlphaMedia\Desktop\D2MultiResGame.exe - Verknüpfung.lnk
[2012.08.12 01:58:25 | 000,033,792 | ---- | C] () -- C:\Windows\SysNative\D2MultiRes.dll
[2012.08.11 18:28:56 | 000,062,028 | ---- | C] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000001-00001102-00000005-002F1102}.rfx
[2012.08.11 18:28:56 | 000,062,028 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000001-00001102-00000005-002F1102}.rfx
[2012.08.11 18:28:56 | 000,000,788 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000001-00001102-00000005-002F1102}.rfx
[2012.08.11 18:28:31 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2012.08.11 18:28:31 | 000,003,072 | ---- | C] () -- C:\Windows\SysNative\CTXFIGER.DLL
[2012.08.11 18:14:41 | 000,272,384 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2012.08.11 18:14:41 | 000,207,872 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.08.11 18:14:41 | 000,089,600 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2012.08.11 18:14:41 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.08.11 18:14:41 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2012.08.11 17:58:56 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\DDL und DTS Connect-Lizenzaktivierung.lnk
[2012.08.11 17:58:49 | 000,006,002 | ---- | C] () -- C:\Windows\SysWow64\CTOPT352.cat
[2012.08.11 17:58:38 | 000,005,498 | ---- | C] () -- C:\Windows\SysWow64\CTOPT399.cat
[2012.08.11 17:56:05 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2012.08.11 17:56:05 | 000,002,560 | ---- | C] () -- C:\Windows\SysNative\CtxfiRes.dll
[2012.08.11 17:56:00 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2012.08.11 17:55:49 | 000,018,432 | ---- | C] () -- C:\Windows\SysNative\regplib.exe
[2012.08.11 17:55:48 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2012.08.11 17:55:47 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2012.08.11 17:55:31 | 002,167,684 | ---- | C] () -- C:\Windows\SysWow64\CT2MGM.SF2
[2012.08.11 17:55:31 | 002,167,684 | ---- | C] () -- C:\Windows\SysNative\CT2MGM.SF2
[2012.08.11 17:55:31 | 001,048,576 | ---- | C] () -- C:\Windows\SysWow64\CT1MGM.ROM
[2012.08.11 17:55:31 | 001,048,576 | ---- | C] () -- C:\Windows\SysNative\CT1MGM.ROM
[2012.08.11 17:55:31 | 000,011,073 | ---- | C] () -- C:\Windows\SysWow64\UDAAPO64.UDA
[2012.08.11 17:55:31 | 000,005,530 | ---- | C] () -- C:\Windows\SysWow64\CTMLFX64.UDA
[2012.08.11 17:55:31 | 000,000,059 | ---- | C] () -- C:\Windows\SysWow64\default8.sfm
[2012.08.11 17:55:31 | 000,000,059 | ---- | C] () -- C:\Windows\SysNative\default8.sfm
[2012.08.11 17:55:31 | 000,000,059 | ---- | C] () -- C:\Windows\SysWow64\default4.sfm
[2012.08.11 17:55:31 | 000,000,059 | ---- | C] () -- C:\Windows\SysNative\default4.sfm
[2012.08.11 17:55:31 | 000,000,059 | ---- | C] () -- C:\Windows\SysWow64\default.sfm
[2012.08.11 17:55:31 | 000,000,059 | ---- | C] () -- C:\Windows\SysNative\default.sfm
[2012.08.11 17:55:29 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2012.08.11 17:55:29 | 000,321,512 | ---- | C] () -- C:\Windows\SysNative\ctdlang.dat
[2012.08.11 17:55:29 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2012.08.11 17:55:29 | 000,056,509 | ---- | C] () -- C:\Windows\SysNative\ctdnlstr.dat
[2012.08.11 17:55:29 | 000,021,266 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2012.08.11 17:55:29 | 000,021,266 | ---- | C] () -- C:\Windows\SysNative\instwdm.ini
[2012.08.11 17:55:29 | 000,001,688 | ---- | C] () -- C:\Windows\SysNative\XFi.bmp
[2012.08.11 17:55:29 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2012.08.11 17:55:29 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2012.08.11 17:55:29 | 000,000,054 | ---- | C] () -- C:\Windows\SysNative\ctzapxx.ini
[2012.08.06 18:28:49 | 002,377,226 | ---- | C] () -- C:\Users\AlphaMedia\Documents\ClipMate7_DB_My Clips_2012-08-06_1828.ZIP
[2012.07.07 11:41:49 | 000,001,456 | ---- | C] () -- C:\Users\AlphaMedia\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.04.29 13:15:17 | 000,200,203 | ---- | C] () -- C:\Users\AlphaMedia\AppData\Local\backup.vtp
[2012.04.15 18:09:35 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.04.15 18:09:33 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.04.15 18:09:32 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.04.15 18:09:30 | 013,209,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.04.15 00:10:44 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\ldf252.dll
[2012.04.14 23:23:32 | 000,000,132 | ---- | C] () -- C:\Users\AlphaMedia\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.02.25 21:17:36 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.01.21 22:44:18 | 000,138,844 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.01.18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012.01.17 02:51:35 | 000,000,042 | ---- | C] () -- C:\Users\AlphaMedia\RoomEQWizardV5-Path
[2011.11.12 00:28:53 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2011.10.09 13:25:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.10.05 22:19:32 | 000,007,607 | ---- | C] () -- C:\Users\AlphaMedia\AppData\Local\resmon.resmoncfg
[2011.10.02 11:57:42 | 000,056,832 | ---- | C] () -- C:\Users\AlphaMedia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.01 21:04:53 | 000,081,408 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.09.28 21:26:23 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2011.09.27 03:46:45 | 001,598,250 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.31 12:51:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
 
========== LOP Check ==========
 
[2012.04.21 18:58:22 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\.Tribler
[2012.04.15 00:12:15 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\ACD Systems
[2011.09.25 01:52:08 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Acronis
[2012.08.27 19:19:23 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Azureus
[2012.08.27 20:01:36 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\BOM
[2012.06.10 22:02:28 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Braid
[2012.04.20 02:41:43 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Broad Intelligence
[2011.10.02 09:37:01 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\DAEMON Tools Pro
[2012.06.10 19:56:35 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\fltk.org
[2011.11.23 01:05:59 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\FLV Extract
[2012.07.27 00:27:03 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\foobar2000
[2012.06.12 21:25:44 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Foxit Software
[2012.04.10 16:32:13 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\FRITZ!
[2012.06.05 00:36:36 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\HD Tune Pro
[2012.08.27 08:52:10 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\hellomoto
[2011.10.16 12:49:22 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\ImgBurn
[2011.09.28 21:53:41 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\JAM Software
[2011.12.18 20:13:06 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Leadertech
[2012.06.10 22:40:10 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\LoneSurvivor
[2011.10.09 20:19:45 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\MetaGeek
[2011.10.02 08:46:02 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\mkvtoolnix
[2011.09.27 03:37:44 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\NetMeter
[2011.12.17 07:00:03 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Nokia
[2011.12.17 07:00:03 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Nokia Suite
[2011.12.17 06:15:09 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\PC Suite
[2012.04.29 13:15:16 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Protector Suite
[2011.11.27 03:03:35 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Publish Providers
[2012.02.06 03:42:00 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\redsn0w
[2011.11.07 04:13:56 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\rockbox.org
[2011.11.27 03:03:32 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Sony
[2012.04.29 20:06:02 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\SVP 3.1
[2012.01.22 17:51:11 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\TeamViewer
[2012.01.22 03:24:13 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Thornsoft Development
[2012.04.16 02:15:11 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\TrueCrypt
[2012.05.17 14:41:53 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\uTorrent
[2012.03.11 02:59:11 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Waves
[2012.03.11 02:58:44 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Waves Audio
[2012.03.11 02:59:29 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Waves Preferences
[2012.03.13 03:49:25 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:8887C1DE9CBCCB0B
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:B0D4D817

< End of report >

P.s. was meint ihr immer mit "Schliesse alle Programme"

alle die nur so sichtbar sind oder ALLE prozesse auch im taskmanager ?

t'john · 28.08.2012, 14:15

Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKCU\..\SearchScopes,DefaultScope = {00E4A876-4397-4104-B22B-4A8A94B2A198} 
IE - HKCU\..\SearchScopes\{00E4A876-4397-4104-B22B-4A8A94B2A198}: "URL" = http://www.google.de/search?q={searchTerms} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{45FFB264-F681-4C66-860F-2A2A05C3ECE7}: "URL" = http://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} 
IE - HKCU\..\SearchScopes\{AE9D6AD6-74F8-4753-8A12-B231958F58E8}: "URL" = http://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms} 
IE - HKCU\..\SearchScopes\{E5E526FC-CA25-4493-9CAF-A96ECEFED8E1}: "URL" = http://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.search.selectedEngine: "google.de PWS" 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) 
O4 - HKCU..\Run: [] File not found 
O4 - HKCU..\Run: [AdobeBridge] File not found 
O4 - Startup: C:\Users\AlphaMedia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) 
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2001.04.18 10:23:00 | 000,000,041 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] 
O33 - MountPoints2\{adf1f559-e6bf-11e0-9e9e-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{adf1f559-e6bf-11e0-9e9e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2001.04.30 12:33:00 | 000,032,768 | R--- | M] () 
 
@Alternate Data Stream - 24 bytes -> C:\Windows:8887C1DE9CBCCB0B 
@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:B0D4D817 
 
[2012.08.18 10:19:16 | 000,000,000 | ---D | C] -- C:\Users\AlphaMedia\AppData\Roaming\hellomoto 

:Files

C:\Users\AlphaMedia\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\AlphaMedia\AppData\Local\Temp\*.exe
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

2. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

4. Schritt

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Brax · 29.08.2012, 07:59

ok,danke schonmal, hier die logs

1. Schritt:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{00E4A876-4397-4104-B22B-4A8A94B2A198}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00E4A876-4397-4104-B22B-4A8A94B2A198}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{45FFB264-F681-4C66-860F-2A2A05C3ECE7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45FFB264-F681-4C66-860F-2A2A05C3ECE7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AE9D6AD6-74F8-4753-8A12-B231958F58E8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE9D6AD6-74F8-4753-8A12-B231958F58E8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E5E526FC-CA25-4493-9CAF-A96ECEFED8E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5E526FC-CA25-4493-9CAF-A96ECEFED8E1}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "google.de PWS" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 deleted successfully.
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
C:\Users\AlphaMedia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. D:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{adf1f559-e6bf-11e0-9e9e-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{adf1f559-e6bf-11e0-9e9e-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{adf1f559-e6bf-11e0-9e9e-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{adf1f559-e6bf-11e0-9e9e-806e6f6e6963}\ not found.
File move failed. D:\SETUP.EXE scheduled to be moved on reboot.
ADS C:\Windows:8887C1DE9CBCCB0B deleted successfully.
ADS C:\ProgramData\Temp:B0D4D817 deleted successfully.
C:\Users\AlphaMedia\AppData\Roaming\hellomoto folder moved successfully.
========== FILES ==========
C:\Users\AlphaMedia\AppData\Local\{FFFA2FB9-4857-4475-8379-F36343DA5801} folder moved successfully.
File\Folder C:\ProgramData\*.exe not found.
C:\ProgramData\TEMP folder moved successfully.
C:\Users\AlphaMedia\AppData\Local\Temp\2jfuweif.exe moved successfully.
C:\Users\AlphaMedia\AppData\Local\Temp\Foxit Updater.exe moved successfully.
C:\Users\AlphaMedia\AppData\Local\Temp\i4j5194834640290951545.exe moved successfully.
C:\Users\AlphaMedia\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe moved successfully.
C:\Users\AlphaMedia\AppData\Local\Temp\SkypeSetup.exe moved successfully.
C:\Users\AlphaMedia\AppData\Local\Temp\~tmp1344191186410.exe moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\AlphaMedia\Desktop\cmd.bat deleted successfully.
C:\Users\AlphaMedia\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AlphaMedia
->Temp folder emptied: 245802059 bytes
->Temporary Internet Files folder emptied: 621398737 bytes
->FireFox cache emptied: 108370032 bytes
->Flash cache emptied: 89095 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Mcx1-ALPHAMEDIA-PC
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 67241 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 393566202 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 101740943208 bytes
 
Total Files Cleaned = 98.334,00 mb
 
 
OTL by OldTimer - Version 3.2.59.1 log created on 08282012_222440

Files\Folders moved on Reboot...
File move failed. D:\AUTORUN.INF scheduled to be moved on reboot.
File move failed. D:\SETUP.EXE scheduled to be moved on reboot.
C:\Users\AlphaMedia\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

2. Schritt:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (PRO) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.28.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
AlphaMedia :: ALPHAMEDIA-PC [Administrator]

Schutz: Aktiviert

28.08.2012 22:34:34
mbam-log-2012-08-28 (22-34-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 441504
Laufzeit: 16 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1

C:\Users\AlphaMedia\Downloads\!SYSTEM\coretemp_1236.exe (PUP.BundleOffers.IIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

3. Schritt:

Code:

ATTFilter

# AdwCleaner v1.801 - Logfile created 08/29/2012 at 07:10:03
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : AlphaMedia - ALPHAMEDIA-PC
# Boot Mode : Normal
# Running from : C:\Users\AlphaMedia\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\splashtop
Folder Found : C:\Program Files (x86)\splashtop

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\AlphaMedia\AppData\Roaming\Mozilla\Firefox\Profiles\vxpq1fzh.default\prefs.js

Found : user_pref("extensions.mediaplayerconnectivity.activityViewPoint", false);
Found : user_pref("extensions.mediaplayerconnectivity.enableAutoplayViewPoint", false);
Found : user_pref("extensions.mediaplayerconnectivity.enableContextMenuViewPoint", true);
Found : user_pref("extensions.mediaplayerconnectivity.enableEmbedViewPoint", false);
Found : user_pref("extensions.mediaplayerconnectivity.enableFileViewPoint", false);
Found : user_pref("extensions.mediaplayerconnectivity.playerparamsviewpoint", "%f");
Found : user_pref("extensions.mediaplayerconnectivity.playerviewpoint", "");

*************************

AdwCleaner[R1].txt - [1927 octets] - [29/08/2012 07:10:03]

########## EOF - C:\AdwCleaner[R1].txt - [2055 octets] ##########

4. Schritt:

Code:

ATTFilter

# AdwCleaner v1.801 - Logfile created 08/29/2012 at 07:13:49
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : AlphaMedia - ALPHAMEDIA-PC
# Boot Mode : Normal
# Running from : C:\Users\AlphaMedia\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\splashtop
Deleted on reboot : C:\Program Files (x86)\splashtop

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\AlphaMedia\AppData\Roaming\Mozilla\Firefox\Profiles\vxpq1fzh.default\prefs.js

Deleted : user_pref("extensions.mediaplayerconnectivity.activityViewPoint", false);
Deleted : user_pref("extensions.mediaplayerconnectivity.enableAutoplayViewPoint", false);
Deleted : user_pref("extensions.mediaplayerconnectivity.enableContextMenuViewPoint", true);
Deleted : user_pref("extensions.mediaplayerconnectivity.enableEmbedViewPoint", false);
Deleted : user_pref("extensions.mediaplayerconnectivity.enableFileViewPoint", false);
Deleted : user_pref("extensions.mediaplayerconnectivity.playerparamsviewpoint", "%f");
Deleted : user_pref("extensions.mediaplayerconnectivity.playerviewpoint", "");

*************************

AdwCleaner[R1].txt - [2050 octets] - [29/08/2012 07:10:03]
AdwCleaner[S1].txt - [2022 octets] - [29/08/2012 07:13:49]

########## EOF - C:\AdwCleaner[S1].txt - [2150 octets] ##########

t'john · 29.08.2012, 20:14

Sehr gut!

Wie laeuft der Rechner?

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

Brax · 30.08.2012, 10:02

hm läuft soweit gut :-)
danke t'john

das wurde noch gefunden

wobei mich "C:\Program Files\WinRAR\Zip.SFX gefunden: Trojan-Spy.Win32.Delf!E1" beunruhigt. sollte ich winrar deinstallieren ?

Code:

ATTFilter

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 30.08.2012 09:48:06

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, F:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	30.08.2012 09:49:24

c:\users\alphamedia\appdata\roaming\microsoft\windows\start menu\programs\passware demo 	gefunden: Trace.File.backupkey!E1
c:\program files (x86)\passware\demos 	gefunden: Trace.File.backupkey!E1
c:\program files (x86)\passware 	gefunden: Trace.File.backupkey!E1
c:\program files (x86)\passware\demos\pk.chm 	gefunden: Trace.File.backupkey!E1
c:\program files (x86)\passware\demos\dict.txt 	gefunden: Trace.File.office key 7.0!E1
c:\program files (x86)\passware\demos\zipkey.exe 	gefunden: Trace.File.zip password recovery key!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\zip key demo --> displayname 	gefunden: Trace.Registry.zip password recovery key!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\zip key demo --> startmenu 	gefunden: Trace.Registry.zip password recovery key!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\zip key demo --> uninstallstring 	gefunden: Trace.Registry.zip password recovery key!E1
Value: hkey_current_user\software\passware\common\9 --> general 	gefunden: Trace.Registry.wordkey 9.0!E1
C:\_OTL\MovedFiles\08282012_222440\C_Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4bcef7d5-7545361e -> bkwa\bkwc.class 	gefunden: Exploit.Java.Blacole!E2
C:\_OTL\MovedFiles\08282012_222440\C_Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4bcef7d5-7545361e -> bkwa\bkwe.class 	gefunden: Exploit.Java.Blacole!E2
C:\_OTL\MovedFiles\08282012_222440\C_Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4bcef7d5-7545361e -> bkwa\bkwd.class 	gefunden: Exploit.Java.Blacole!E2
C:\_OTL\MovedFiles\08282012_222440\C_Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4bcef7d5-7545361e -> bkwa\bkwb.class 	gefunden: Exploit.Java.Blacole!E2
C:\_OTL\MovedFiles\08282012_222440\C_Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4bcef7d5-7545361e -> bkwa\bkwa.class 	gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\08282012_222440\C_Users\AlphaMedia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4bcef7d5-7545361e -> bkwa\bkwf.class 	gefunden: Exploit.Java.Blacole!E2
C:\Users\AlphaMedia\AppData\Local\Microsoft\Windows\2250\2d8f3e0a 	gefunden: Trojan.Win32.Ransom!E2
C:\Program Files\WinRAR\Zip.SFX 	gefunden: Trojan-Spy.Win32.Delf!E1

Gescannt	680186
Gefunden	18

Scan Ende:	30.08.2012 10:31:31
Scan Zeit:	0:42:07

t'john · 30.08.2012, 19:32

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

t'john · 17.10.2012, 14:56

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

BKA ähnlicher Trojaner "Der Computer ist für die Verletzung"

Plagegeister aller Art und deren Bekämpfung: BKA ähnlicher Trojaner "Der Computer ist für die Verletzung"