Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 07.06.2013, 06:50   #1
pulloverscha
 
IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc. - Standard

IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc.



Moin Gemeinde,

ich benötige glaub unterstützung von euch, ich bzw. mein Computer hat sich irgendwas eingefangen.

Wenn ich IE oder Firefox öffne öffnen sich meist folgende Seiten mit:

hxxp://serve.bannersdontwork.com
hxxp://survey-central.yamahaonlinestore.com/?sov=62570201&hid=gmmwukwismmqgu&id=XNSX.nodl&ctrl1=nodl

Aber diese sind es nicht immer auch mal andere Seiten.

Auserdem wird seit kurzem immer komische Werbung angezeigt (Wortverlinkungen) welche auf meinen anderen Rechner nicht da sind.

Könnt ihr mir sagen wie ich diese Plage entfernen kann?

Alt 07.06.2013, 07:28   #2
schrauber
/// the machine
/// TB-Ausbilder
 

IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc. - Standard

IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc.



Hi,

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
  • Doppelklick auf die OTL.exe
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal Ausgabe
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 07.06.2013, 17:20   #3
pulloverscha
 
IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc. - Standard

IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc.



Hallo anbei die Logs:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.06.2013 17:11:59 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Eddy\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 42,84% Memory free
3,87 Gb Paging File | 2,49 Gb Available in Paging File | 64,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 86,10 Gb Free Space | 36,99% Space Free | Partition Type: NTFS
Drive D: | 3,76 Gb Total Space | 3,47 Gb Free Space | 92,46% Space Free | Partition Type: FAT32
 
Computer Name: SHUTTLE | User Name: Eddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Eddy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\PDF Architect\HelperService.exe (pdfforge GbR)
PRC - C:\Programme\PDF Architect\ConversionService.exe (pdfforge GbR)
PRC - C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Programme\ORICOHWRaidManager\XSrvSetup.exe ()
PRC - C:\Programme\ORICOHWRaidManager\HWRaidManager.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Windows\System32\sistray.exe (Silicon Integrated Systems Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Notepad++\NppShell_05.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Programme\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - \\?\globalroot\systemroot\system32\mswsock.DLL ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (PDF Architect Helper Service) -- C:\Programme\PDF Architect\HelperService.exe (pdfforge GbR)
SRV - (PDF Architect Service) -- C:\Programme\PDF Architect\ConversionService.exe (pdfforge GbR)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (ORICOHWRaidManager) -- C:\Programme\ORICOHWRaidManager\XSrvSetup.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (ALCXWDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)
DRV - (SiSkp) -- C:\Windows\System32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\Windows\System32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1722215542-1266371712-1660511483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1722215542-1266371712-1660511483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1722215542-1266371712-1660511483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1722215542-1266371712-1660511483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1722215542-1266371712-1660511483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1722215542-1266371712-1660511483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D 64 95 0F D7 76 CD 01  [binary data]
IE - HKU\S-1-5-21-1722215542-1266371712-1660511483-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1722215542-1266371712-1660511483-1000\..\SearchScopes,DefaultScope = {EAB715EC-1076-4D4C-AD7D-20AA820C40F9}
IE - HKU\S-1-5-21-1722215542-1266371712-1660511483-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1722215542-1266371712-1660511483-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1722215542-1266371712-1660511483-1000\..\SearchScopes\{EAB715EC-1076-4D4C-AD7D-20AA820C40F9}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1722215542-1266371712-1660511483-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Eddy\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2012.12.03 22:10:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.08.08 18:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddy\AppData\Roaming\mozilla\Extensions
[2013.01.23 17:18:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddy\AppData\Roaming\mozilla\Firefox\Profiles\hv50txi8.default\extensions
[2013.01.23 17:18:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddy\AppData\Roaming\mozilla\Firefox\Profiles\hv50txi8.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2013.05.18 12:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\Extensions
[2013.05.17 20:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.17 20:18:17 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013.06.06 20:42:47 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programme\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1722215542-1266371712-1660511483-1000\..\Toolbar\WebBrowser: (no name) - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [SiSPower] C:\Windows\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1722215542-1266371712-1660511483-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [StartUC] C:\Program Files\Common Files\DATA BECKER Shared\DATA BECKER Update Service.exe (DATA BECKER GmbH & Co KG)
O4 - HKU\S-1-5-18..\RunOnce: [StartUC] C:\Program Files\Common Files\DATA BECKER Shared\DATA BECKER Update Service.exe (DATA BECKER GmbH & Co KG)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E64A43AD-4947-4B91-8947-066942BD49E4}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.06 17:32:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.06.06 17:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.06.06 17:23:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.06 17:22:53 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.06 17:20:19 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Eddy\Desktop\esetsmartinstaller_enu.exe
[2013.06.06 17:17:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Eddy\Desktop\OTL.exe
[2013.06.06 17:16:39 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Eddy\Desktop\JRT.exe
[2013.06.05 21:48:58 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.06.05 19:11:26 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\InfraRecorder
[2013.06.05 19:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfraRecorder
[2013.06.05 19:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\InfraRecorder
[2013.06.03 17:28:28 | 000,000,000 | ---D | C] -- C:\Users\Eddy\Desktop\Alte Firefox-Daten
[2013.06.02 20:05:46 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\Malwarebytes
[2013.06.02 20:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.02 20:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.02 20:05:14 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.06.02 20:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.30 18:00:37 | 000,000,000 | ---D | C] -- C:\Users\Eddy\Desktop\FO8344019913
[2013.05.30 17:00:07 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec
[2013.05.30 17:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\x264 Video Codec
[2013.05.19 16:03:42 | 000,000,000 | ---D | C] -- C:\Users\Eddy\Desktop\iphone4
[2013.05.17 20:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.17 16:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.05.17 16:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.05.17 16:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.05.17 16:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.05.09 19:42:54 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wiki Bomber
[2013.05.09 19:40:22 | 000,000,000 | ---D | C] -- C:\Users\Eddy\Desktop\Wiki Bomber.1.5.16.0
[2013.05.09 19:13:33 | 000,000,000 | ---D | C] -- C:\Users\Eddy\Desktop\AddMeFastBot Update
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.07 16:48:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.07 16:32:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.07 07:06:52 | 000,700,130 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.07 07:06:52 | 000,654,842 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.07 07:06:52 | 000,148,926 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.07 07:06:52 | 000,121,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.07 06:45:46 | 000,018,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.07 06:45:45 | 000,018,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.07 06:38:36 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.07 06:38:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.07 06:38:22 | 1559,928,832 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.07 06:36:07 | 000,640,135 | ---- | M] () -- C:\Users\Eddy\Desktop\AdwCleaner.exe
[2013.06.06 20:42:47 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013.06.06 19:38:31 | 000,009,762 | ---- | M] () -- C:\Users\Eddy\Desktop\BEAUTY2u_neu.fdb
[2013.06.06 17:21:02 | 000,139,264 | ---- | M] () -- C:\Users\Eddy\Desktop\SystemLook.exe
[2013.06.06 17:20:10 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Eddy\Desktop\esetsmartinstaller_enu.exe
[2013.06.06 17:17:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eddy\Desktop\OTL.exe
[2013.06.06 17:16:28 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Eddy\Desktop\JRT.exe
[2013.06.05 19:11:26 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\InfraRecorder.lnk
[2013.06.04 16:29:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013.06.04 16:29:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013.06.03 09:05:32 | 000,104,951 | ---- | M] () -- C:\Users\Eddy\bookmarks-2013-06-03.json
[2013.06.02 20:05:16 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.02 17:00:13 | 000,024,094 | ---- | M] () -- C:\Users\Eddy\Desktop\Produkttester-gesucht-für-FILORGA-Pflege-500x333.jpg
[2013.05.30 18:00:31 | 000,791,285 | ---- | M] () -- C:\Users\Eddy\Desktop\FO8344019913.zip
[2013.05.22 14:21:24 | 000,041,123 | ---- | M] () -- C:\Users\Eddy\Desktop\Secret-dEssences-Neroli-Yves-Rocher-for-women.jpg
[2013.05.22 08:31:07 | 000,049,110 | ---- | M] () -- C:\Users\Eddy\Desktop\CIN-CIN-Box-500x333.jpg
[2013.05.19 16:11:44 | 000,000,933 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.umbrella
[2013.05.17 16:57:30 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.15 17:45:06 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.14 22:32:06 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.14 22:32:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.09 19:53:51 | 000,000,000 | ---- | M] () -- C:\Users\Eddy\Desktop\43392 unique wiki.zip
[2013.05.09 19:10:41 | 026,196,680 | ---- | M] () -- C:\Users\Eddy\Desktop\SENukeX.rar
[2013.05.09 19:10:04 | 003,459,903 | ---- | M] () -- C:\Users\Eddy\Desktop\seknuke_3.0.95.rar
[2013.05.09 19:07:30 | 004,903,522 | ---- | M] () -- C:\Users\Eddy\Desktop\WB.1.5.16.0_hackingway.net.rar
 
========== Files Created - No Company Name ==========
 
[2013.06.07 06:36:19 | 000,640,135 | ---- | C] () -- C:\Users\Eddy\Desktop\AdwCleaner.exe
[2013.06.06 19:38:26 | 000,009,762 | ---- | C] () -- C:\Users\Eddy\Desktop\BEAUTY2u_neu.fdb
[2013.06.06 17:21:12 | 000,139,264 | ---- | C] () -- C:\Users\Eddy\Desktop\SystemLook.exe
[2013.06.05 19:11:26 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\InfraRecorder.lnk
[2013.06.04 16:29:56 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013.06.04 16:29:56 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013.06.03 17:28:32 | 000,104,951 | ---- | C] () -- C:\Users\Eddy\bookmarks-2013-06-03.json
[2013.06.02 20:05:16 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.02 17:00:11 | 000,024,094 | ---- | C] () -- C:\Users\Eddy\Desktop\Produkttester-gesucht-für-FILORGA-Pflege-500x333.jpg
[2013.05.30 18:00:29 | 000,791,285 | ---- | C] () -- C:\Users\Eddy\Desktop\FO8344019913.zip
[2013.05.22 14:21:23 | 000,041,123 | ---- | C] () -- C:\Users\Eddy\Desktop\Secret-dEssences-Neroli-Yves-Rocher-for-women.jpg
[2013.05.22 08:31:06 | 000,049,110 | ---- | C] () -- C:\Users\Eddy\Desktop\CIN-CIN-Box-500x333.jpg
[2013.05.17 16:57:30 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.09 19:52:27 | 000,000,000 | ---- | C] () -- C:\Users\Eddy\Desktop\43392 unique wiki.zip
[2013.05.09 19:10:27 | 026,196,680 | ---- | C] () -- C:\Users\Eddy\Desktop\SENukeX.rar
[2013.05.09 19:09:46 | 003,459,903 | ---- | C] () -- C:\Users\Eddy\Desktop\seknuke_3.0.95.rar
[2013.05.09 19:07:01 | 004,903,522 | ---- | C] () -- C:\Users\Eddy\Desktop\WB.1.5.16.0_hackingway.net.rar
[2013.04.15 14:20:49 | 000,000,600 | ---- | C] () -- C:\Users\Eddy\AppData\Local\PUTTY.RND
[2012.11.30 17:03:42 | 000,993,792 | ---- | C] () -- C:\ProgramData\MSRecovery.exe
[2012.11.30 17:03:42 | 000,000,691 | ---- | C] () -- C:\ProgramData\settings.ini
[2012.08.10 17:40:45 | 000,007,605 | ---- | C] () -- C:\Users\Eddy\AppData\Local\Resmon.ResmonCfg
[2012.08.09 13:48:49 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012.08.09 13:46:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.08.09 09:23:28 | 000,000,766 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.08.09 09:23:28 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.08.09 09:23:03 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.08.09 09:23:03 | 000,000,065 | ---- | C] () -- C:\Windows\System32\BD7420.DAT
[2012.08.09 09:22:34 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2012.08.09 09:22:33 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.08.09 09:22:33 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.08.08 19:38:29 | 000,092,985 | ---- | C] () -- C:\Windows\VGAsetup.ini
[2012.08.08 19:38:27 | 000,208,896 | ---- | C] () -- C:\Windows\Progress.exe
[2012.08.08 19:38:27 | 000,049,152 | ---- | C] () -- C:\Windows\InstFunc.exe
[2012.08.08 19:38:13 | 000,077,181 | ---- | C] () -- C:\Windows\System32\VGAunistlog.ini
 
========== ZeroAccess Check ==========
 
[2013.01.23 21:54:53 | 000,000,082 | ---- | M] () -- C:\Windows\$NtUninstallKB13953$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XNAWMEBR\t.cxt.ms\lso.swf\u.sol
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB13953$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
         
--- --- ---


---------------------------------------OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.06.2013 17:11:59 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Eddy\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 42,84% Memory free
3,87 Gb Paging File | 2,49 Gb Available in Paging File | 64,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 86,10 Gb Free Space | 36,99% Space Free | Partition Type: NTFS
Drive D: | 3,76 Gb Total Space | 3,47 Gb Free Space | 92,46% Space Free | Partition Type: FAT32
 
Computer Name: SHUTTLE | User Name: Eddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1722215542-1266371712-1660511483-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = UltraEdit.ini] -- Reg Error: Key error. File not found
.js [@ = UltraEdit.js] -- Reg Error: Key error. File not found
.txt [@ = UltraEdit.txt] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{09501774-0E0A-4A22-BE03-E37D7037E80B}" = Mega Robot Bomber
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6535CE4-6135-4BDF-BDC7-67C74A2BC59D}" = MacroSoft Email Spider Full
"{A6F5703D-A4B1-4857-9EDD-DC0ABBBB0D96}" = TuneUp Utilities Language Pack (en-US)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBBA179E-593A-46CB-8915-669E7A7F6076}" = Tweet Adder 3
"{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}" = Brother MFL-Pro Suite MFC-7420
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB3D588C-6BB4-427A-A716-40D82310E1A6}" = Video Marketing Blaster
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitTorrent" = BitTorrent
"Blog Blaster" = Blog Blaster
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"Feed Blaster" = Feed Blaster
"FileZilla Client" = FileZilla Client 3.6.0.2
"HDClone.Free.4.1.3.1031-{D64B3231-D653-467F-ABC0-3F8AED11D5CA}" = HDClone 4.1 Free Edition
"IMAPSize_is1" = IMAPSize 0.3.7
"InfraRecorder" = InfraRecorder
"iNSTANT BOOSTER" = iNSTANT BOOSTER
"IrfanView" = IrfanView (remove only)
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"No Hands SEO" = No Hands SEO
"Notepad++" = Notepad++
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"ORICOHWRaidManager" = ORICO HW RAID Manager
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Rechnungsdruckerei 2012_is1" = DATA BECKER Rechnungsdruckerei 2012
"SiS VGA Driver" = SiS VGA Utilities
"WebClicker" = HeadStrong WebClicker v2.56
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1722215542-1266371712-1660511483-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"319c26e2ee1f7c8f" = Wiki Bomber
"5c5e826202f580b7" = Backlink Cloner
"a10c648895c21ba6" = Update or Uninstall SENukeX
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.06.2013 12:29:11 | Computer Name = Shuttle | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Kobo\drivers\dpinst64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 06.06.2013 12:31:11 | Computer Name = Shuttle | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 06.06.2013 18:00:13 | Computer Name = Shuttle | Source = Windows Backup | ID = 4103
Description = 
 
Error - 06.06.2013 18:31:26 | Computer Name = Shuttle | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Kobo\drivers\dpinst64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 06.06.2013 18:32:59 | Computer Name = Shuttle | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 07.06.2013 05:29:24 | Computer Name = Shuttle | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: mshtml.dll, Version: 9.0.8112.16457,
 Zeitstempel: 0x50a30507  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001d9ac6  ID des fehlerhaften
 Prozesses: 0xe7c  Startzeit der fehlerhaften Anwendung: 0x01ce63615a792cee  Pfad der
 fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\System32\mshtml.dll  Berichtskennung: bd67ce5a-cf54-11e2-9e17-00301b42b4cf
 
[ System Events ]
Error - 06.06.2013 14:44:28 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 07.06.2013 00:26:22 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
Error - 07.06.2013 00:26:22 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 07.06.2013 00:38:30 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 07.06.2013 00:38:30 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 07.06.2013 00:38:30 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7003
Description = Der Dienst "SBSD Security Center Service" ist von folgendem Dienst
 abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.
 
Error - 07.06.2013 00:38:33 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 07.06.2013 00:38:43 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 07.06.2013 00:38:54 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 07.06.2013 00:38:54 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
 
< End of report >
         
--- --- ---
__________________

Alt 07.06.2013, 18:58   #4
schrauber
/// the machine
/// TB-Ausbilder
 

IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc. - Standard

IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc.



Hi,

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches OTL log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.06.2013, 21:40   #5
pulloverscha
 
IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc. - Standard

IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc.



Moin @ Schrauber,

hier die logs dazu:AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.302 - Datei am 07/06/2013 um 21:15:28 erstellt
# Aktualisiert am 06/06/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : Eddy - SHUTTLE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Eddy\Desktop\AdwCleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\355d2luw.default-1370273302479\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [883 octets] - [02/06/2013 20:06:28]
AdwCleaner[R2].txt - [988 octets] - [03/06/2013 17:21:19]
AdwCleaner[R3].txt - [1047 octets] - [03/06/2013 17:23:03]
AdwCleaner[R4].txt - [1181 octets] - [04/06/2013 06:57:33]
AdwCleaner[R5].txt - [1105 octets] - [04/06/2013 16:27:54]
AdwCleaner[S1].txt - [808 octets] - [03/06/2013 17:06:45]
AdwCleaner[S2].txt - [1123 octets] - [04/06/2013 06:54:49]
AdwCleaner[S3].txt - [1291 octets] - [06/06/2013 17:08:21]
AdwCleaner[S4].txt - [1351 octets] - [06/06/2013 17:51:49]
AdwCleaner[S5].txt - [1443 octets] - [07/06/2013 06:36:30]
AdwCleaner[S6].txt - [1326 octets] - [07/06/2013 21:15:28]

########## EOF - C:\AdwCleaner[S6].txt - [1386 octets] ##########
         
--- --- ---


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x86
Ran by Eddy on 07.06.2013 at 21:20:44,53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Eddy\AppData\Roaming\mozilla\firefox\profiles\355d2luw.default-1370273302479\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.06.2013 at 21:22:24,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.06.2013 21:22:47 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Eddy\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 59,84% Memory free
3,87 Gb Paging File | 2,91 Gb Available in Paging File | 75,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 85,64 Gb Free Space | 36,79% Space Free | Partition Type: NTFS
Drive D: | 3,76 Gb Total Space | 3,47 Gb Free Space | 92,46% Space Free | Partition Type: FAT32
 
Computer Name: SHUTTLE | User Name: Eddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Eddy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\PDF Architect\HelperService.exe (pdfforge GbR)
PRC - C:\Programme\PDF Architect\ConversionService.exe (pdfforge GbR)
PRC - C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Programme\ORICOHWRaidManager\XSrvSetup.exe ()
PRC - C:\Programme\ORICOHWRaidManager\HWRaidManager.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Windows\System32\sistray.exe (Silicon Integrated Systems Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\x264 Video Codec\Filters\Haali\mmdinfo.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Programme\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (PDF Architect Helper Service) -- C:\Programme\PDF Architect\HelperService.exe (pdfforge GbR)
SRV - (PDF Architect Service) -- C:\Programme\PDF Architect\ConversionService.exe (pdfforge GbR)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (ORICOHWRaidManager) -- C:\Programme\ORICOHWRaidManager\XSrvSetup.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (ALCXWDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)
DRV - (SiSkp) -- C:\Windows\System32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\Windows\System32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D 64 95 0F D7 76 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{EAB715EC-1076-4D4C-AD7D-20AA820C40F9}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Eddy\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2012.12.03 22:10:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.08.08 18:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddy\AppData\Roaming\mozilla\Extensions
[2013.01.23 17:18:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddy\AppData\Roaming\mozilla\Firefox\Profiles\hv50txi8.default\extensions
[2013.01.23 17:18:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddy\AppData\Roaming\mozilla\Firefox\Profiles\hv50txi8.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2013.05.18 12:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\Extensions
[2013.05.17 20:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.17 20:18:17 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013.06.06 20:42:47 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programme\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [SiSPower] C:\Windows\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E64A43AD-4947-4B91-8947-066942BD49E4}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.06 17:32:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.06.06 17:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.06.06 17:23:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.06 17:22:53 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.06 17:20:19 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Eddy\Desktop\esetsmartinstaller_enu.exe
[2013.06.06 17:17:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Eddy\Desktop\OTL.exe
[2013.06.06 17:16:39 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Eddy\Desktop\JRT.exe
[2013.06.05 21:48:58 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.06.05 19:11:26 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\InfraRecorder
[2013.06.05 19:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfraRecorder
[2013.06.05 19:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\InfraRecorder
[2013.06.03 17:28:28 | 000,000,000 | ---D | C] -- C:\Users\Eddy\Desktop\Alte Firefox-Daten
[2013.06.02 20:05:46 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\Malwarebytes
[2013.06.02 20:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.02 20:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.02 20:05:14 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.06.02 20:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.30 18:00:37 | 000,000,000 | ---D | C] -- C:\Users\Eddy\Desktop\FO8344019913
[2013.05.30 17:00:07 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec
[2013.05.30 17:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\x264 Video Codec
[2013.05.19 16:03:42 | 000,000,000 | ---D | C] -- C:\Users\Eddy\Desktop\iphone4
[2013.05.17 20:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.17 16:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.05.17 16:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.05.17 16:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.05.17 16:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.05.09 19:42:54 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wiki Bomber
[2013.05.09 19:40:22 | 000,000,000 | ---D | C] -- C:\Users\Eddy\Desktop\Wiki Bomber.1.5.16.0
[2013.05.09 19:13:33 | 000,000,000 | ---D | C] -- C:\Users\Eddy\Desktop\AddMeFastBot Update
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.07 21:25:32 | 000,018,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.07 21:25:32 | 000,018,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.07 21:18:14 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.07 21:18:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.07 21:17:58 | 1559,928,832 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.07 20:48:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.07 20:32:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.07 07:06:52 | 000,700,130 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.07 07:06:52 | 000,654,842 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.07 07:06:52 | 000,148,926 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.07 07:06:52 | 000,121,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.07 06:36:07 | 000,640,135 | ---- | M] () -- C:\Users\Eddy\Desktop\AdwCleaner.exe
[2013.06.06 20:42:47 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013.06.06 19:38:31 | 000,009,762 | ---- | M] () -- C:\Users\Eddy\Desktop\BEAUTY2u_neu.fdb
[2013.06.06 17:21:02 | 000,139,264 | ---- | M] () -- C:\Users\Eddy\Desktop\SystemLook.exe
[2013.06.06 17:20:10 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Eddy\Desktop\esetsmartinstaller_enu.exe
[2013.06.06 17:17:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eddy\Desktop\OTL.exe
[2013.06.06 17:16:28 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Eddy\Desktop\JRT.exe
[2013.06.05 19:11:26 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\InfraRecorder.lnk
[2013.06.04 16:29:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013.06.04 16:29:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013.06.03 09:05:32 | 000,104,951 | ---- | M] () -- C:\Users\Eddy\bookmarks-2013-06-03.json
[2013.06.02 20:05:16 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.02 17:00:13 | 000,024,094 | ---- | M] () -- C:\Users\Eddy\Desktop\Produkttester-gesucht-für-FILORGA-Pflege-500x333.jpg
[2013.05.30 18:00:31 | 000,791,285 | ---- | M] () -- C:\Users\Eddy\Desktop\FO8344019913.zip
[2013.05.22 14:21:24 | 000,041,123 | ---- | M] () -- C:\Users\Eddy\Desktop\Secret-dEssences-Neroli-Yves-Rocher-for-women.jpg
[2013.05.22 08:31:07 | 000,049,110 | ---- | M] () -- C:\Users\Eddy\Desktop\CIN-CIN-Box-500x333.jpg
[2013.05.19 16:11:44 | 000,000,933 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.umbrella
[2013.05.17 16:57:30 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.15 17:45:06 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.14 22:32:06 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.14 22:32:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.09 19:53:51 | 000,000,000 | ---- | M] () -- C:\Users\Eddy\Desktop\43392 unique wiki.zip
[2013.05.09 19:10:41 | 026,196,680 | ---- | M] () -- C:\Users\Eddy\Desktop\SENukeX.rar
[2013.05.09 19:10:04 | 003,459,903 | ---- | M] () -- C:\Users\Eddy\Desktop\seknuke_3.0.95.rar
[2013.05.09 19:07:30 | 004,903,522 | ---- | M] () -- C:\Users\Eddy\Desktop\WB.1.5.16.0_hackingway.net.rar
 
========== Files Created - No Company Name ==========
 
[2013.06.07 06:36:19 | 000,640,135 | ---- | C] () -- C:\Users\Eddy\Desktop\AdwCleaner.exe
[2013.06.06 19:38:26 | 000,009,762 | ---- | C] () -- C:\Users\Eddy\Desktop\BEAUTY2u_neu.fdb
[2013.06.06 17:21:12 | 000,139,264 | ---- | C] () -- C:\Users\Eddy\Desktop\SystemLook.exe
[2013.06.05 19:11:26 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\InfraRecorder.lnk
[2013.06.04 16:29:56 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013.06.04 16:29:56 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013.06.03 17:28:32 | 000,104,951 | ---- | C] () -- C:\Users\Eddy\bookmarks-2013-06-03.json
[2013.06.02 20:05:16 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.02 17:00:11 | 000,024,094 | ---- | C] () -- C:\Users\Eddy\Desktop\Produkttester-gesucht-für-FILORGA-Pflege-500x333.jpg
[2013.05.30 18:00:29 | 000,791,285 | ---- | C] () -- C:\Users\Eddy\Desktop\FO8344019913.zip
[2013.05.22 14:21:23 | 000,041,123 | ---- | C] () -- C:\Users\Eddy\Desktop\Secret-dEssences-Neroli-Yves-Rocher-for-women.jpg
[2013.05.22 08:31:06 | 000,049,110 | ---- | C] () -- C:\Users\Eddy\Desktop\CIN-CIN-Box-500x333.jpg
[2013.05.17 16:57:30 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.09 19:52:27 | 000,000,000 | ---- | C] () -- C:\Users\Eddy\Desktop\43392 unique wiki.zip
[2013.05.09 19:10:27 | 026,196,680 | ---- | C] () -- C:\Users\Eddy\Desktop\SENukeX.rar
[2013.05.09 19:09:46 | 003,459,903 | ---- | C] () -- C:\Users\Eddy\Desktop\seknuke_3.0.95.rar
[2013.05.09 19:07:01 | 004,903,522 | ---- | C] () -- C:\Users\Eddy\Desktop\WB.1.5.16.0_hackingway.net.rar
[2013.04.15 14:20:49 | 000,000,600 | ---- | C] () -- C:\Users\Eddy\AppData\Local\PUTTY.RND
[2012.11.30 17:03:42 | 000,993,792 | ---- | C] () -- C:\ProgramData\MSRecovery.exe
[2012.11.30 17:03:42 | 000,000,691 | ---- | C] () -- C:\ProgramData\settings.ini
[2012.08.10 17:40:45 | 000,007,605 | ---- | C] () -- C:\Users\Eddy\AppData\Local\Resmon.ResmonCfg
[2012.08.09 13:48:49 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012.08.09 13:46:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.08.09 09:23:28 | 000,000,766 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.08.09 09:23:28 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.08.09 09:23:03 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.08.09 09:23:03 | 000,000,065 | ---- | C] () -- C:\Windows\System32\BD7420.DAT
[2012.08.09 09:22:34 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2012.08.09 09:22:33 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.08.09 09:22:33 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.08.08 19:38:29 | 000,092,985 | ---- | C] () -- C:\Windows\VGAsetup.ini
[2012.08.08 19:38:27 | 000,208,896 | ---- | C] () -- C:\Windows\Progress.exe
[2012.08.08 19:38:27 | 000,049,152 | ---- | C] () -- C:\Windows\InstFunc.exe
[2012.08.08 19:38:13 | 000,077,181 | ---- | C] () -- C:\Windows\System32\VGAunistlog.ini
 
========== ZeroAccess Check ==========
 
[2013.01.23 21:54:53 | 000,000,082 | ---- | M] () -- C:\Windows\$NtUninstallKB13953$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XNAWMEBR\t.cxt.ms\lso.swf\u.sol
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB13953$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.06.2013 21:22:47 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Eddy\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 59,84% Memory free
3,87 Gb Paging File | 2,91 Gb Available in Paging File | 75,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 85,64 Gb Free Space | 36,79% Space Free | Partition Type: NTFS
Drive D: | 3,76 Gb Total Space | 3,47 Gb Free Space | 92,46% Space Free | Partition Type: FAT32
 
Computer Name: SHUTTLE | User Name: Eddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = UltraEdit.ini] -- Reg Error: Key error. File not found
.js [@ = UltraEdit.js] -- Reg Error: Key error. File not found
.txt [@ = UltraEdit.txt] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{09501774-0E0A-4A22-BE03-E37D7037E80B}" = Mega Robot Bomber
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6535CE4-6135-4BDF-BDC7-67C74A2BC59D}" = MacroSoft Email Spider Full
"{A6F5703D-A4B1-4857-9EDD-DC0ABBBB0D96}" = TuneUp Utilities Language Pack (en-US)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBBA179E-593A-46CB-8915-669E7A7F6076}" = Tweet Adder 3
"{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}" = Brother MFL-Pro Suite MFC-7420
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB3D588C-6BB4-427A-A716-40D82310E1A6}" = Video Marketing Blaster
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitTorrent" = BitTorrent
"Blog Blaster" = Blog Blaster
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"Feed Blaster" = Feed Blaster
"FileZilla Client" = FileZilla Client 3.6.0.2
"HDClone.Free.4.1.3.1031-{D64B3231-D653-467F-ABC0-3F8AED11D5CA}" = HDClone 4.1 Free Edition
"IMAPSize_is1" = IMAPSize 0.3.7
"InfraRecorder" = InfraRecorder
"iNSTANT BOOSTER" = iNSTANT BOOSTER
"IrfanView" = IrfanView (remove only)
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"No Hands SEO" = No Hands SEO
"Notepad++" = Notepad++
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"ORICOHWRaidManager" = ORICO HW RAID Manager
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Rechnungsdruckerei 2012_is1" = DATA BECKER Rechnungsdruckerei 2012
"SiS VGA Driver" = SiS VGA Utilities
"WebClicker" = HeadStrong WebClicker v2.56
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"319c26e2ee1f7c8f" = Wiki Bomber
"5c5e826202f580b7" = Backlink Cloner
"a10c648895c21ba6" = Update or Uninstall SENukeX
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
< End of report >
         
--- --- ---


Alt 08.06.2013, 10:30   #6
schrauber
/// the machine
/// TB-Ausbilder
 

IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc. - Standard

IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches OTL log bitte. Noch Probleme?
__________________
--> IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc.

Alt 08.06.2013, 14:39   #7
pulloverscha
 
IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc. - Standard

IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc.



Hey Schrauber,

hier die nächsten Logs, mir ist auch aufgefallen das wir so ein "Ads" werbung scheiß eingefangen haben der wandelt alles möglich in Werbung um.

Egal ob Facebook oder auch hier im Board

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9ed8c4a4a22c6747b9b3f64b5a76f1ad
# engine=14013
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-06 03:49:05
# local_time=2013-06-06 05:49:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 2306 141205050 0 0
# compatibility_mode=5893 16776574 66 29 25752459 27299243 0 0
# scanned=3661
# found=0
# cleaned=0
# scan_time=303
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9ed8c4a4a22c6747b9b3f64b5a76f1ad
# engine=14015
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-07 07:29:11
# local_time=2013-06-07 09:29:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 15820 141261456 8604 0
# compatibility_mode=5893 16776574 66 29 25808865 27355649 0 0
# scanned=217252
# found=2
# cleaned=2
# scan_time=8440
sh=873ABE52F3898794E3E6962DAF94F61FDC708109 ft=0 fh=0000000000000000 vn="probably unknown NewHeur_PE virus (deleted - quarantined)" ac=C fn="C:\Users\Eddy\Desktop\E-Mail\Software\fpsetup.msi"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Sirefef.EZ trojan" ac=C fn="${Memory}"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9ed8c4a4a22c6747b9b3f64b5a76f1ad
# engine=14023
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-08 10:16:37
# local_time=2013-06-08 12:16:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 47455 141357902 18661 0
# compatibility_mode=5893 16776574 66 29 25905311 27452095 0 0
# scanned=130890
# found=0
# cleaned=0
# scan_time=4288
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9ed8c4a4a22c6747b9b3f64b5a76f1ad
# engine=14025
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-08 12:26:13
# local_time=2013-06-08 02:26:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 12034 141365678 4812 0
# compatibility_mode=5893 16776574 66 29 25913087 27459871 0 0
# scanned=213714
# found=1
# cleaned=0
# scan_time=7552
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="multiple threats" ac=I fn="${Memory}"



Bei Ausführen bei SecurityCheck kommt folgende meldung: UNSUPPORTED OPERATING SYSTEM! ABORTED!


Aktuelles OTLOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.06.2013 14:35:51 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Eddy\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 0,49 Gb Available Physical Memory | 25,25% Memory free
3,87 Gb Paging File | 2,02 Gb Available in Paging File | 52,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 85,79 Gb Free Space | 36,85% Space Free | Partition Type: NTFS
Drive D: | 3,76 Gb Total Space | 3,47 Gb Free Space | 92,46% Space Free | Partition Type: FAT32
 
Computer Name: SHUTTLE | User Name: Eddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Eddy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\PDF Architect\HelperService.exe (pdfforge GbR)
PRC - C:\Programme\PDF Architect\ConversionService.exe (pdfforge GbR)
PRC - C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Programme\ORICOHWRaidManager\XSrvSetup.exe ()
PRC - C:\Programme\ORICOHWRaidManager\HWRaidManager.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Windows\System32\sistray.exe (Silicon Integrated Systems Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Programme\x264 Video Codec\Filters\Haali\mmdinfo.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Notepad++\NppShell_05.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Programme\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (PDF Architect Helper Service) -- C:\Programme\PDF Architect\HelperService.exe (pdfforge GbR)
SRV - (PDF Architect Service) -- C:\Programme\PDF Architect\ConversionService.exe (pdfforge GbR)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (ORICOHWRaidManager) -- C:\Programme\ORICOHWRaidManager\XSrvSetup.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (ALCXWDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)
DRV - (SiSkp) -- C:\Windows\System32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\Windows\System32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D 64 95 0F D7 76 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{EAB715EC-1076-4D4C-AD7D-20AA820C40F9}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Eddy\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2012.12.03 22:10:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.08.08 18:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddy\AppData\Roaming\mozilla\Extensions
[2013.01.23 17:18:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddy\AppData\Roaming\mozilla\Firefox\Profiles\hv50txi8.default\extensions
[2013.01.23 17:18:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddy\AppData\Roaming\mozilla\Firefox\Profiles\hv50txi8.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2013.05.18 12:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\Extensions
[2013.05.17 20:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.17 20:18:17 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013.06.06 20:42:47 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programme\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [SiSPower] C:\Windows\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E64A43AD-4947-4B91-8947-066942BD49E4}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.08 14:30:10 | 000,726,464 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\Eddy\Desktop\SpyHunter-Installer.exe
[2013.06.06 17:32:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.06.06 17:23:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.06 17:22:53 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.06 17:20:19 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Eddy\Desktop\esetsmartinstaller_enu.exe
[2013.06.06 17:17:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Eddy\Desktop\OTL.exe
[2013.06.06 17:16:39 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Eddy\Desktop\JRT.exe
[2013.06.05 21:48:58 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.06.05 19:11:26 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\InfraRecorder
[2013.06.05 19:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfraRecorder
[2013.06.03 17:28:28 | 000,000,000 | ---D | C] -- C:\Users\Eddy\Desktop\Alte Firefox-Daten
[2013.06.02 20:05:46 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\Malwarebytes
[2013.06.02 20:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.02 20:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.02 20:05:14 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.06.02 20:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.30 18:00:37 | 000,000,000 | ---D | C] -- C:\Users\Eddy\Desktop\FO8344019913
[2013.05.30 17:00:07 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec
[2013.05.30 17:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\x264 Video Codec
[2013.05.19 16:03:42 | 000,000,000 | ---D | C] -- C:\Users\Eddy\Desktop\iphone4
[2013.05.17 20:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.17 16:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.05.17 16:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.05.17 16:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.05.17 16:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.05.09 19:42:54 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wiki Bomber
[2013.05.09 19:40:22 | 000,000,000 | ---D | C] -- C:\Users\Eddy\Desktop\Wiki Bomber.1.5.16.0
[2013.05.09 19:13:33 | 000,000,000 | ---D | C] -- C:\Users\Eddy\Desktop\AddMeFastBot Update
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.08 14:32:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.08 14:30:11 | 000,726,464 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\Eddy\Desktop\SpyHunter-Installer.exe
[2013.06.08 13:48:06 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.08 11:05:19 | 000,890,839 | ---- | M] () -- C:\Users\Eddy\Desktop\SecurityCheck.exe
[2013.06.07 22:58:50 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.07 21:25:32 | 000,018,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.07 21:25:32 | 000,018,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.07 21:18:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.07 21:17:58 | 1559,928,832 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.07 07:06:52 | 000,700,130 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.07 07:06:52 | 000,654,842 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.07 07:06:52 | 000,148,926 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.07 07:06:52 | 000,121,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.07 06:36:07 | 000,640,135 | ---- | M] () -- C:\Users\Eddy\Desktop\AdwCleaner.exe
[2013.06.06 20:42:47 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013.06.06 19:38:31 | 000,009,762 | ---- | M] () -- C:\Users\Eddy\Desktop\BEAUTY2u_neu.fdb
[2013.06.06 17:21:02 | 000,139,264 | ---- | M] () -- C:\Users\Eddy\Desktop\SystemLook.exe
[2013.06.06 17:20:10 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Eddy\Desktop\esetsmartinstaller_enu.exe
[2013.06.06 17:17:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eddy\Desktop\OTL.exe
[2013.06.06 17:16:28 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Eddy\Desktop\JRT.exe
[2013.06.05 19:11:26 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\InfraRecorder.lnk
[2013.06.04 16:29:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013.06.04 16:29:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013.06.03 09:05:32 | 000,104,951 | ---- | M] () -- C:\Users\Eddy\bookmarks-2013-06-03.json
[2013.06.02 20:05:16 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.02 17:00:13 | 000,024,094 | ---- | M] () -- C:\Users\Eddy\Desktop\Produkttester-gesucht-für-FILORGA-Pflege-500x333.jpg
[2013.05.30 18:00:31 | 000,791,285 | ---- | M] () -- C:\Users\Eddy\Desktop\FO8344019913.zip
[2013.05.22 14:21:24 | 000,041,123 | ---- | M] () -- C:\Users\Eddy\Desktop\Secret-dEssences-Neroli-Yves-Rocher-for-women.jpg
[2013.05.22 08:31:07 | 000,049,110 | ---- | M] () -- C:\Users\Eddy\Desktop\CIN-CIN-Box-500x333.jpg
[2013.05.19 16:11:44 | 000,000,933 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.umbrella
[2013.05.17 16:57:30 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.15 17:45:06 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.14 22:32:06 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.14 22:32:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.09 19:53:51 | 000,000,000 | ---- | M] () -- C:\Users\Eddy\Desktop\43392 unique wiki.zip
[2013.05.09 19:10:41 | 026,196,680 | ---- | M] () -- C:\Users\Eddy\Desktop\SENukeX.rar
[2013.05.09 19:10:04 | 003,459,903 | ---- | M] () -- C:\Users\Eddy\Desktop\seknuke_3.0.95.rar
[2013.05.09 19:07:30 | 004,903,522 | ---- | M] () -- C:\Users\Eddy\Desktop\WB.1.5.16.0_hackingway.net.rar
 
========== Files Created - No Company Name ==========
 
[2013.06.08 11:05:18 | 000,890,839 | ---- | C] () -- C:\Users\Eddy\Desktop\SecurityCheck.exe
[2013.06.07 06:36:19 | 000,640,135 | ---- | C] () -- C:\Users\Eddy\Desktop\AdwCleaner.exe
[2013.06.06 19:38:26 | 000,009,762 | ---- | C] () -- C:\Users\Eddy\Desktop\BEAUTY2u_neu.fdb
[2013.06.06 17:21:12 | 000,139,264 | ---- | C] () -- C:\Users\Eddy\Desktop\SystemLook.exe
[2013.06.05 19:11:26 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\InfraRecorder.lnk
[2013.06.04 16:29:56 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013.06.04 16:29:56 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013.06.03 17:28:32 | 000,104,951 | ---- | C] () -- C:\Users\Eddy\bookmarks-2013-06-03.json
[2013.06.02 20:05:16 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.02 17:00:11 | 000,024,094 | ---- | C] () -- C:\Users\Eddy\Desktop\Produkttester-gesucht-für-FILORGA-Pflege-500x333.jpg
[2013.05.30 18:00:29 | 000,791,285 | ---- | C] () -- C:\Users\Eddy\Desktop\FO8344019913.zip
[2013.05.22 14:21:23 | 000,041,123 | ---- | C] () -- C:\Users\Eddy\Desktop\Secret-dEssences-Neroli-Yves-Rocher-for-women.jpg
[2013.05.22 08:31:06 | 000,049,110 | ---- | C] () -- C:\Users\Eddy\Desktop\CIN-CIN-Box-500x333.jpg
[2013.05.17 16:57:30 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.09 19:52:27 | 000,000,000 | ---- | C] () -- C:\Users\Eddy\Desktop\43392 unique wiki.zip
[2013.05.09 19:10:27 | 026,196,680 | ---- | C] () -- C:\Users\Eddy\Desktop\SENukeX.rar
[2013.05.09 19:09:46 | 003,459,903 | ---- | C] () -- C:\Users\Eddy\Desktop\seknuke_3.0.95.rar
[2013.05.09 19:07:01 | 004,903,522 | ---- | C] () -- C:\Users\Eddy\Desktop\WB.1.5.16.0_hackingway.net.rar
[2013.04.15 14:20:49 | 000,000,600 | ---- | C] () -- C:\Users\Eddy\AppData\Local\PUTTY.RND
[2012.11.30 17:03:42 | 000,993,792 | ---- | C] () -- C:\ProgramData\MSRecovery.exe
[2012.11.30 17:03:42 | 000,000,691 | ---- | C] () -- C:\ProgramData\settings.ini
[2012.08.10 17:40:45 | 000,007,605 | ---- | C] () -- C:\Users\Eddy\AppData\Local\Resmon.ResmonCfg
[2012.08.09 13:48:49 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012.08.09 13:46:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.08.09 09:23:28 | 000,000,766 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.08.09 09:23:28 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.08.09 09:23:03 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.08.09 09:23:03 | 000,000,065 | ---- | C] () -- C:\Windows\System32\BD7420.DAT
[2012.08.09 09:22:34 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2012.08.09 09:22:33 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.08.09 09:22:33 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.08.08 19:38:29 | 000,092,985 | ---- | C] () -- C:\Windows\VGAsetup.ini
[2012.08.08 19:38:27 | 000,208,896 | ---- | C] () -- C:\Windows\Progress.exe
[2012.08.08 19:38:27 | 000,049,152 | ---- | C] () -- C:\Windows\InstFunc.exe
[2012.08.08 19:38:13 | 000,077,181 | ---- | C] () -- C:\Windows\System32\VGAunistlog.ini
 
========== ZeroAccess Check ==========
 
[2013.01.23 21:54:53 | 000,000,082 | ---- | M] () -- C:\Windows\$NtUninstallKB13953$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XNAWMEBR\t.cxt.ms\lso.swf\u.sol
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB13953$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
         
--- --- ---

Alt 08.06.2013, 17:23   #8
schrauber
/// the machine
/// TB-Ausbilder
 

IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc. - Standard

IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc.



Hi,

AdwCleaner löschen, neu laden, laufen lassen und löschen lassen.

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - No CLSID value found.


:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Neues OTL log bitte. Immer noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.06.2013, 19:08   #9
pulloverscha
 
IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc. - Standard

IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc.



Hier die Logs:AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.302 - Datei am 08/06/2013 um 19:04:16 erstellt
# Aktualisiert am 06/06/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : Eddy - SHUTTLE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Eddy\Desktop\adwcleaner(1).exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\355d2luw.default-1370273302479\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [883 octets] - [02/06/2013 20:06:28]
AdwCleaner[R2].txt - [988 octets] - [03/06/2013 17:21:19]
AdwCleaner[R3].txt - [1047 octets] - [03/06/2013 17:23:03]
AdwCleaner[R4].txt - [1181 octets] - [04/06/2013 06:57:33]
AdwCleaner[R5].txt - [1105 octets] - [04/06/2013 16:27:54]
AdwCleaner[S1].txt - [808 octets] - [03/06/2013 17:06:45]
AdwCleaner[S2].txt - [1123 octets] - [04/06/2013 06:54:49]
AdwCleaner[S3].txt - [1291 octets] - [06/06/2013 17:08:21]
AdwCleaner[S4].txt - [1351 octets] - [06/06/2013 17:51:49]
AdwCleaner[S5].txt - [1443 octets] - [07/06/2013 06:36:30]
AdwCleaner[S6].txt - [1455 octets] - [07/06/2013 21:15:28]
AdwCleaner[S7].txt - [1518 octets] - [08/06/2013 18:56:41]
AdwCleaner[S8].txt - [1449 octets] - [08/06/2013 19:04:16]

########## EOF - C:\AdwCleaner[S8].txt - [1509 octets] ##########
         
--- --- ---


Ergebnis des OLT Fix

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B24BA06E-FB7B-4757-95C2-DC01125F750E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B24BA06E-FB7B-4757-95C2-DC01125F750E}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Eddy
->Temp folder emptied: 45331790 bytes
->Temporary Internet Files folder emptied: 424941 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5949859 bytes
->Flash cache emptied: 1554 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 180902 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 1538904 bytes

Total Files Cleaned = 51,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06082013_190121

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 08.06.2013, 21:48   #10
schrauber
/// the machine
/// TB-Ausbilder
 

IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc. - Standard

IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc.



Warum überliest jeder meine Fragen?

Immer noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.06.2013, 22:07   #11
pulloverscha
 
IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc. - Standard

IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc.



bitte entschuldige, ja ist immer noch so das werbung kommt und ab und an öffnet sich die scheiss hxxp://serve.bannersdontwork.com seiten oder hxxp://survey-central.kareokecd.com/home.html


hier nochmal ein aktuelles OLTOTL Logfile:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 08.06.2013 22:10:25 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Eddy\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 44,62% Memory free
3,87 Gb Paging File | 2,18 Gb Available in Paging File | 56,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 86,37 Gb Free Space | 37,10% Space Free | Partition Type: NTFS
Drive D: | 3,76 Gb Total Space | 3,47 Gb Free Space | 92,46% Space Free | Partition Type: FAT32
Drive E: | 143,74 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SHUTTLE | User Name: Eddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
PRC - C:\Users\Eddy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\PDF Architect\HelperService.exe (pdfforge GbR)
PRC - C:\Programme\PDF Architect\ConversionService.exe (pdfforge GbR)
PRC - C:\Programme\ORICOHWRaidManager\XSrvSetup.exe ()
PRC - C:\Programme\ORICOHWRaidManager\HWRaidManager.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Windows\System32\sistray.exe (Silicon Integrated Systems Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Notepad++\NppShell_05.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\Programme\Enigma Software Group\SpyHunter\ExecutionGuard.dll ()
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (PDF Architect Helper Service) -- C:\Programme\PDF Architect\HelperService.exe (pdfforge GbR)
SRV - (PDF Architect Service) -- C:\Programme\PDF Architect\ConversionService.exe (pdfforge GbR)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (ORICOHWRaidManager) -- C:\Programme\ORICOHWRaidManager\XSrvSetup.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (SpyHunter 4 Service) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (esgiguard) -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (ALCXWDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)
DRV - (SiSkp) -- C:\Windows\System32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\Windows\System32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D 64 95 0F D7 76 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {EAB715EC-1076-4D4C-AD7D-20AA820C40F9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{EAB715EC-1076-4D4C-AD7D-20AA820C40F9}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2012.12.03 22:10:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013.06.08 19:18:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddy\AppData\Roaming\mozilla\Extensions
[2013.06.08 19:24:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddy\AppData\Roaming\mozilla\Firefox\Profiles\3aybu4hd.default\extensions
[2013.06.08 19:24:10 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Eddy\AppData\Roaming\mozilla\firefox\profiles\3aybu4hd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.17 20:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.06.08 19:18:22 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013.06.08 21:19:25 | 000,000,048 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programme\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [SiSPower] C:\Windows\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E64A43AD-4947-4B91-8947-066942BD49E4}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.08 19:35:15 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.06.08 19:35:14 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.06.08 19:18:32 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\Mozilla
[2013.06.08 19:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013.06.08 19:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.06.08 19:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.06.08 19:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.06.08 19:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.06.08 19:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.06.08 14:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.06.08 14:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.06.06 17:32:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.06.06 17:23:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.06 17:22:53 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.06 17:20:19 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Eddy\Desktop\esetsmartinstaller_enu.exe
[2013.06.06 17:17:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Eddy\Desktop\OTL.exe
[2013.06.06 17:16:39 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Eddy\Desktop\JRT.exe
[2013.06.05 21:48:58 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.06.05 19:11:26 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\InfraRecorder
[2013.06.05 19:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfraRecorder
[2013.06.03 17:28:28 | 000,000,000 | ---D | C] -- C:\Users\Eddy\Desktop\Alte Firefox-Daten
[2013.06.02 20:05:46 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\Malwarebytes
[2013.06.02 20:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.02 20:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.02 20:05:14 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.06.02 20:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.30 18:00:37 | 000,000,000 | ---D | C] -- C:\Users\Eddy\Desktop\FO8344019913
[2013.05.30 17:00:07 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec
[2013.05.30 17:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\x264 Video Codec
[2013.05.19 16:03:42 | 000,000,000 | ---D | C] -- C:\Users\Eddy\Desktop\iphone4
[2013.05.17 20:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.08 21:48:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.08 21:32:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.08 21:26:17 | 000,018,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.08 21:26:17 | 000,018,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.08 21:19:25 | 000,000,048 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013.06.08 21:18:58 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.08 21:18:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.08 21:18:48 | 1559,928,832 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.08 20:09:19 | 000,000,191 | ---- | M] () -- C:\spyhunter.fix
[2013.06.08 19:35:15 | 000,002,244 | ---- | M] () -- C:\Users\Eddy\Desktop\SpyHunter.lnk
[2013.06.08 19:18:25 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.06.08 19:17:19 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.08 19:11:59 | 000,012,631 | ---- | M] () -- C:\Users\Eddy\Desktop\bookmarks-2013-06-08.json
[2013.06.08 18:55:06 | 000,640,135 | ---- | M] () -- C:\Users\Eddy\Desktop\adwcleaner(1).exe
[2013.06.08 14:52:28 | 000,002,133 | ---- | M] () -- C:\Users\Eddy\Desktop\Mass Video Blaster.lnk
[2013.06.08 11:05:19 | 000,890,839 | ---- | M] () -- C:\Users\Eddy\Desktop\SecurityCheck.exe
[2013.06.07 07:06:52 | 000,700,130 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.07 07:06:52 | 000,654,842 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.07 07:06:52 | 000,148,926 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.07 07:06:52 | 000,121,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.06 19:38:31 | 000,009,762 | ---- | M] () -- C:\Users\Eddy\Desktop\BEAUTY2u_neu.fdb
[2013.06.06 17:21:02 | 000,139,264 | ---- | M] () -- C:\Users\Eddy\Desktop\SystemLook.exe
[2013.06.06 17:20:10 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Eddy\Desktop\esetsmartinstaller_enu.exe
[2013.06.06 17:17:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eddy\Desktop\OTL.exe
[2013.06.06 17:16:28 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Eddy\Desktop\JRT.exe
[2013.06.04 16:29:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013.06.04 16:29:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013.06.03 09:05:32 | 000,104,951 | ---- | M] () -- C:\Users\Eddy\bookmarks-2013-06-03.json
[2013.06.02 20:05:16 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.02 17:00:13 | 000,024,094 | ---- | M] () -- C:\Users\Eddy\Desktop\Produkttester-gesucht-für-FILORGA-Pflege-500x333.jpg
[2013.05.30 18:00:31 | 000,791,285 | ---- | M] () -- C:\Users\Eddy\Desktop\FO8344019913.zip
[2013.05.22 14:21:24 | 000,041,123 | ---- | M] () -- C:\Users\Eddy\Desktop\Secret-dEssences-Neroli-Yves-Rocher-for-women.jpg
[2013.05.19 16:11:44 | 000,000,933 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.umbrella
[2013.05.15 17:45:06 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.14 22:32:06 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.14 22:32:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.08 20:09:19 | 000,000,191 | ---- | C] () -- C:\spyhunter.fix
[2013.06.08 19:35:15 | 000,002,244 | ---- | C] () -- C:\Users\Eddy\Desktop\SpyHunter.lnk
[2013.06.08 19:18:25 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.06.08 19:18:25 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.06.08 19:17:19 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.08 19:11:59 | 000,012,631 | ---- | C] () -- C:\Users\Eddy\Desktop\bookmarks-2013-06-08.json
[2013.06.08 18:55:20 | 000,640,135 | ---- | C] () -- C:\Users\Eddy\Desktop\adwcleaner(1).exe
[2013.06.08 11:05:18 | 000,890,839 | ---- | C] () -- C:\Users\Eddy\Desktop\SecurityCheck.exe
[2013.06.06 19:38:26 | 000,009,762 | ---- | C] () -- C:\Users\Eddy\Desktop\BEAUTY2u_neu.fdb
[2013.06.06 17:21:12 | 000,139,264 | ---- | C] () -- C:\Users\Eddy\Desktop\SystemLook.exe
[2013.06.04 16:29:56 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013.06.04 16:29:56 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013.06.03 17:28:32 | 000,104,951 | ---- | C] () -- C:\Users\Eddy\bookmarks-2013-06-03.json
[2013.06.02 20:05:16 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.02 17:00:11 | 000,024,094 | ---- | C] () -- C:\Users\Eddy\Desktop\Produkttester-gesucht-für-FILORGA-Pflege-500x333.jpg
[2013.05.30 18:00:29 | 000,791,285 | ---- | C] () -- C:\Users\Eddy\Desktop\FO8344019913.zip
[2013.05.22 14:21:23 | 000,041,123 | ---- | C] () -- C:\Users\Eddy\Desktop\Secret-dEssences-Neroli-Yves-Rocher-for-women.jpg
[2013.04.15 14:20:49 | 000,000,600 | ---- | C] () -- C:\Users\Eddy\AppData\Local\PUTTY.RND
[2012.11.30 17:03:42 | 000,000,691 | ---- | C] () -- C:\ProgramData\settings.ini
[2012.08.10 17:40:45 | 000,007,605 | ---- | C] () -- C:\Users\Eddy\AppData\Local\Resmon.ResmonCfg
[2012.08.09 13:48:49 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012.08.09 13:46:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.08.09 09:23:28 | 000,000,766 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.08.09 09:23:28 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.08.09 09:23:03 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.08.09 09:23:03 | 000,000,065 | ---- | C] () -- C:\Windows\System32\BD7420.DAT
[2012.08.09 09:22:34 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2012.08.09 09:22:33 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.08.09 09:22:33 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.08.08 19:38:29 | 000,092,985 | ---- | C] () -- C:\Windows\VGAsetup.ini
[2012.08.08 19:38:27 | 000,208,896 | ---- | C] () -- C:\Windows\Progress.exe
[2012.08.08 19:38:27 | 000,049,152 | ---- | C] () -- C:\Windows\InstFunc.exe
[2012.08.08 19:38:13 | 000,077,181 | ---- | C] () -- C:\Windows\System32\VGAunistlog.ini
 
========== ZeroAccess Check ==========
 
[2013.01.23 21:54:53 | 000,000,082 | ---- | M] () -- C:\Windows\$NtUninstallKB13953$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XNAWMEBR\t.cxt.ms\lso.swf\u.sol
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB13953$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
         
--- --- ---
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 08.06.2013 22:10:25 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Eddy\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 44,62% Memory free
3,87 Gb Paging File | 2,18 Gb Available in Paging File | 56,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 86,37 Gb Free Space | 37,10% Space Free | Partition Type: NTFS
Drive D: | 3,76 Gb Total Space | 3,47 Gb Free Space | 92,46% Space Free | Partition Type: FAT32
Drive E: | 143,74 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SHUTTLE | User Name: Eddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = UltraEdit.ini] -- Reg Error: Key error. File not found
.js [@ = UltraEdit.js] -- Reg Error: Key error. File not found
.txt [@ = UltraEdit.txt] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{09501774-0E0A-4A22-BE03-E37D7037E80B}" = Mega Robot Bomber
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}" = SpyHunter
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6535CE4-6135-4BDF-BDC7-67C74A2BC59D}" = MacroSoft Email Spider Full
"{A6F5703D-A4B1-4857-9EDD-DC0ABBBB0D96}" = TuneUp Utilities Language Pack (en-US)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBBA179E-593A-46CB-8915-669E7A7F6076}" = Tweet Adder 3
"{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}" = Brother MFL-Pro Suite MFC-7420
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB3D588C-6BB4-427A-A716-40D82310E1A6}" = Video Marketing Blaster
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitTorrent" = BitTorrent
"Blog Blaster" = Blog Blaster
"CCleaner" = CCleaner
"Feed Blaster" = Feed Blaster
"FileZilla Client" = FileZilla Client 3.6.0.2
"HDClone.Free.4.1.3.1031-{D64B3231-D653-467F-ABC0-3F8AED11D5CA}" = HDClone 4.1 Free Edition
"IMAPSize_is1" = IMAPSize 0.3.7
"iNSTANT BOOSTER" = iNSTANT BOOSTER
"IrfanView" = IrfanView (remove only)
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"No Hands SEO" = No Hands SEO
"Notepad++" = Notepad++
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"ORICOHWRaidManager" = ORICO HW RAID Manager
"Rechnungsdruckerei 2012_is1" = DATA BECKER Rechnungsdruckerei 2012
"SiS VGA Driver" = SiS VGA Utilities
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"319c26e2ee1f7c8f" = Wiki Bomber
"5c5e826202f580b7" = Backlink Cloner
"a10c648895c21ba6" = Update or Uninstall SENukeX
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.06.2013 13:12:55 | Computer Name = Shuttle | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Apple\Internet Services\ShellStreams.dll".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.06.2013 13:12:55 | Computer Name = Shuttle | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Apple\Internet Services\ShellStreams.dll".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.06.2013 13:12:55 | Computer Name = Shuttle | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Apple\Internet Services\ShellStreams.dll".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.06.2013 13:12:55 | Computer Name = Shuttle | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Apple\Internet Services\ShellStreams.dll".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.06.2013 13:12:55 | Computer Name = Shuttle | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Apple\Internet Services\ShellStreams.dll".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.06.2013 13:12:56 | Computer Name = Shuttle | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Apple\Internet Services\ShellStreams.dll".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.06.2013 13:12:56 | Computer Name = Shuttle | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Apple\Internet Services\ShellStreams.dll".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.06.2013 13:12:56 | Computer Name = Shuttle | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Apple\Internet Services\ShellStreams.dll".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.06.2013 13:12:56 | Computer Name = Shuttle | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Apple\Internet Services\ShellStreams.dll".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.06.2013 15:19:23 | Computer Name = Shuttle | Source = System Restore | ID = 8206
Description = 
 
[ System Events ]
Error - 08.06.2013 13:06:15 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7003
Description = Der Dienst "SBSD Security Center Service" ist von folgendem Dienst
 abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.
 
Error - 08.06.2013 13:06:29 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 08.06.2013 13:06:36 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 08.06.2013 13:06:36 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
Error - 08.06.2013 15:18:59 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 08.06.2013 15:18:59 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 08.06.2013 15:18:59 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7003
Description = Der Dienst "SBSD Security Center Service" ist von folgendem Dienst
 abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.
 
Error - 08.06.2013 15:19:02 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 08.06.2013 15:19:50 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 08.06.2013 15:19:50 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
 
< End of report >
         
--- --- ---
--- --- ---

Geändert von pulloverscha (08.06.2013 um 22:23 Uhr)

Alt 09.06.2013, 07:37   #12
schrauber
/// the machine
/// TB-Ausbilder
 

IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc. - Standard

IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc.



In jedem Browser? Nur in einem?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.06.2013, 10:29   #13
pulloverscha
 
IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc. - Standard

IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc.



in firefox und IE

Alt 09.06.2013, 11:15   #14
schrauber
/// the machine
/// TB-Ausbilder
 

IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc. - Standard

IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc.



AdwCleaner wurde noch einmal upgedatet, bitte nochmal löschen, neu laden und laufen lassen. Log zusammen mit einem frischen OTL Log posten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.06.2013, 13:31   #15
pulloverscha
 
IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc. - Standard

IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc.



Moin,

ich habe es neu runterladen und laufen lassen, hier die logs:

Vielleicht sollte ich doch alles neu installieren oder was meinst DU?AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 09/06/2013 um 13:11:36 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : Eddy - SHUTTLE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Eddy\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\3aybu4hd.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [883 octets] - [02/06/2013 20:06:28]
AdwCleaner[R2].txt - [988 octets] - [03/06/2013 17:21:19]
AdwCleaner[R3].txt - [1047 octets] - [03/06/2013 17:23:03]
AdwCleaner[R4].txt - [1181 octets] - [04/06/2013 06:57:33]
AdwCleaner[R5].txt - [1105 octets] - [04/06/2013 16:27:54]
AdwCleaner[R6].txt - [1755 octets] - [09/06/2013 10:44:44]
AdwCleaner[S10].txt - [342 octets] - [09/06/2013 10:44:38]
AdwCleaner[S11].txt - [326 octets] - [09/06/2013 13:07:44]
AdwCleaner[S12].txt - [1193 octets] - [09/06/2013 13:11:36]
AdwCleaner[S1].txt - [808 octets] - [03/06/2013 17:06:45]
AdwCleaner[S2].txt - [1123 octets] - [04/06/2013 06:54:49]
AdwCleaner[S3].txt - [1291 octets] - [06/06/2013 17:08:21]
AdwCleaner[S4].txt - [1351 octets] - [06/06/2013 17:51:49]
AdwCleaner[S5].txt - [1443 octets] - [07/06/2013 06:36:30]
AdwCleaner[S6].txt - [1455 octets] - [07/06/2013 21:15:28]
AdwCleaner[S7].txt - [1518 octets] - [08/06/2013 18:56:41]
AdwCleaner[S8].txt - [1578 octets] - [08/06/2013 19:04:16]
AdwCleaner[S9].txt - [1624 octets] - [09/06/2013 10:41:53]

########## EOF - C:\AdwCleaner[S12].txt - [1793 octets] ##########
OTL Logfile:
         
--- --- ---
Code:
ATTFilter
OTL logfile created on: 09.06.2013 13:15:32 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Eddy\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 42,36% Memory free
3,87 Gb Paging File | 2,73 Gb Available in Paging File | 70,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 84,80 Gb Free Space | 36,43% Space Free | Partition Type: NTFS
Drive E: | 143,74 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SHUTTLE | User Name: Eddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Eddy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\PDF Architect\HelperService.exe (pdfforge GbR)
PRC - C:\Programme\PDF Architect\ConversionService.exe (pdfforge GbR)
PRC - C:\Programme\ORICOHWRaidManager\XSrvSetup.exe ()
PRC - C:\Programme\ORICOHWRaidManager\HWRaidManager.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Windows\System32\sistray.exe (Silicon Integrated Systems Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Notepad++\NppShell_05.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (PDF Architect Helper Service) -- C:\Programme\PDF Architect\HelperService.exe (pdfforge GbR)
SRV - (PDF Architect Service) -- C:\Programme\PDF Architect\ConversionService.exe (pdfforge GbR)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (ORICOHWRaidManager) -- C:\Programme\ORICOHWRaidManager\XSrvSetup.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (ALCXWDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)
DRV - (SiSkp) -- C:\Windows\System32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\Windows\System32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1722215542-1266371712-1660511483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1722215542-1266371712-1660511483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1722215542-1266371712-1660511483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1722215542-1266371712-1660511483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D 64 95 0F D7 76 CD 01  [binary data]
IE - HKU\S-1-5-21-1722215542-1266371712-1660511483-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1722215542-1266371712-1660511483-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1722215542-1266371712-1660511483-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1722215542-1266371712-1660511483-1000\..\SearchScopes\{EAB715EC-1076-4D4C-AD7D-20AA820C40F9}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1722215542-1266371712-1660511483-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1722215542-1266371712-1660511483-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2012.12.03 22:10:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013.06.08 19:18:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddy\AppData\Roaming\mozilla\Extensions
[2013.06.08 19:24:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddy\AppData\Roaming\mozilla\Firefox\Profiles\3aybu4hd.default\extensions
[2013.06.08 19:24:10 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Eddy\AppData\Roaming\mozilla\firefox\profiles\3aybu4hd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.17 20:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.06.08 19:18:22 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013.06.09 12:58:21 | 000,000,048 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programme\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [SiSPower] C:\Windows\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-1722215542-1266371712-1660511483-1000..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-1722215542-1266371712-1660511483-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [StartUC] C:\Program Files\Common Files\DATA BECKER Shared\DATA BECKER Update Service.exe (DATA BECKER GmbH & Co KG)
O4 - HKU\S-1-5-18..\RunOnce: [StartUC] C:\Program Files\Common Files\DATA BECKER Shared\DATA BECKER Update Service.exe (DATA BECKER GmbH & Co KG)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E64A43AD-4947-4B91-8947-066942BD49E4}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.09 10:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.06.08 19:18:32 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\Mozilla
[2013.06.08 19:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013.06.08 19:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.06.08 19:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.06.08 19:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.06.08 19:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.06.08 19:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.06.08 14:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.06.08 14:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.06.06 17:32:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.06.06 17:23:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.06 17:22:53 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.06 17:20:19 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Eddy\Desktop\esetsmartinstaller_enu.exe
[2013.06.06 17:17:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Eddy\Desktop\OTL.exe
[2013.06.06 17:16:39 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Eddy\Desktop\JRT.exe
[2013.06.05 21:48:58 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.06.05 19:11:26 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\InfraRecorder
[2013.06.05 19:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfraRecorder
[2013.06.02 20:05:46 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\Malwarebytes
[2013.06.02 20:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.02 20:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.02 20:05:14 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.06.02 20:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.30 18:00:37 | 000,000,000 | ---D | C] -- C:\Users\Eddy\Desktop\FO8344019913
[2013.05.30 17:00:07 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec
[2013.05.30 17:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\x264 Video Codec
[2013.05.19 16:03:42 | 000,000,000 | ---D | C] -- C:\Users\Eddy\Desktop\iphone4
[2013.05.17 20:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.09 13:14:46 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.09 13:14:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.09 13:14:33 | 1559,928,832 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.09 13:07:14 | 000,648,201 | ---- | M] () -- C:\Users\Eddy\Desktop\adwcleaner.exe
[2013.06.09 13:05:24 | 000,018,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 13:05:24 | 000,018,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 12:58:21 | 000,000,048 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013.06.09 12:57:55 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.09 12:32:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.09 12:30:33 | 000,700,130 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.09 12:30:33 | 000,654,842 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.09 12:30:33 | 000,148,926 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.09 12:30:33 | 000,121,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.08 20:09:19 | 000,000,191 | ---- | M] () -- C:\spyhunter.fix
[2013.06.08 19:18:25 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.06.08 19:17:19 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.08 14:52:28 | 000,002,133 | ---- | M] () -- C:\Users\Eddy\Desktop\Mass Video Blaster.lnk
[2013.06.08 11:05:19 | 000,890,839 | ---- | M] () -- C:\Users\Eddy\Desktop\SecurityCheck.exe
[2013.06.06 17:21:02 | 000,139,264 | ---- | M] () -- C:\Users\Eddy\Desktop\SystemLook.exe
[2013.06.06 17:20:10 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Eddy\Desktop\esetsmartinstaller_enu.exe
[2013.06.06 17:17:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eddy\Desktop\OTL.exe
[2013.06.06 17:16:28 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Eddy\Desktop\JRT.exe
[2013.06.04 16:29:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013.06.04 16:29:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013.06.03 09:05:32 | 000,104,951 | ---- | M] () -- C:\Users\Eddy\bookmarks-2013-06-03.json
[2013.06.02 20:05:16 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.30 18:00:31 | 000,791,285 | ---- | M] () -- C:\Users\Eddy\Desktop\FO8344019913.zip
[2013.05.19 16:11:44 | 000,000,933 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.umbrella
[2013.05.15 17:45:06 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.14 22:32:06 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.14 22:32:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.09 13:07:12 | 000,648,201 | ---- | C] () -- C:\Users\Eddy\Desktop\adwcleaner.exe
[2013.06.08 20:09:19 | 000,000,191 | ---- | C] () -- C:\spyhunter.fix
[2013.06.08 19:18:25 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.06.08 19:18:25 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.06.08 19:17:19 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.08 11:05:18 | 000,890,839 | ---- | C] () -- C:\Users\Eddy\Desktop\SecurityCheck.exe
[2013.06.06 17:21:12 | 000,139,264 | ---- | C] () -- C:\Users\Eddy\Desktop\SystemLook.exe
[2013.06.04 16:29:56 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013.06.04 16:29:56 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013.06.03 17:28:32 | 000,104,951 | ---- | C] () -- C:\Users\Eddy\bookmarks-2013-06-03.json
[2013.06.02 20:05:16 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.30 18:00:29 | 000,791,285 | ---- | C] () -- C:\Users\Eddy\Desktop\FO8344019913.zip
[2013.04.15 14:20:49 | 000,000,600 | ---- | C] () -- C:\Users\Eddy\AppData\Local\PUTTY.RND
[2012.11.30 17:03:42 | 000,000,691 | ---- | C] () -- C:\ProgramData\settings.ini
[2012.08.10 17:40:45 | 000,007,605 | ---- | C] () -- C:\Users\Eddy\AppData\Local\Resmon.ResmonCfg
[2012.08.09 13:48:49 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012.08.09 13:46:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.08.09 09:23:28 | 000,000,766 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.08.09 09:23:28 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.08.09 09:23:03 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.08.09 09:23:03 | 000,000,065 | ---- | C] () -- C:\Windows\System32\BD7420.DAT
[2012.08.09 09:22:34 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2012.08.09 09:22:33 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.08.09 09:22:33 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.08.08 19:38:29 | 000,092,985 | ---- | C] () -- C:\Windows\VGAsetup.ini
[2012.08.08 19:38:27 | 000,208,896 | ---- | C] () -- C:\Windows\Progress.exe
[2012.08.08 19:38:27 | 000,049,152 | ---- | C] () -- C:\Windows\InstFunc.exe
[2012.08.08 19:38:13 | 000,077,181 | ---- | C] () -- C:\Windows\System32\VGAunistlog.ini
 
========== ZeroAccess Check ==========
 
[2013.01.23 21:54:53 | 000,000,082 | ---- | M] () -- C:\Windows\$NtUninstallKB13953$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XNAWMEBR\t.cxt.ms\lso.swf\u.sol
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB13953$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 09.06.2013 13:15:32 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Eddy\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 42,36% Memory free
3,87 Gb Paging File | 2,73 Gb Available in Paging File | 70,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 84,80 Gb Free Space | 36,43% Space Free | Partition Type: NTFS
Drive E: | 143,74 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SHUTTLE | User Name: Eddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1722215542-1266371712-1660511483-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = UltraEdit.ini] -- Reg Error: Key error. File not found
.js [@ = UltraEdit.js] -- Reg Error: Key error. File not found
.txt [@ = UltraEdit.txt] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{09501774-0E0A-4A22-BE03-E37D7037E80B}" = Mega Robot Bomber
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6535CE4-6135-4BDF-BDC7-67C74A2BC59D}" = MacroSoft Email Spider Full
"{A6F5703D-A4B1-4857-9EDD-DC0ABBBB0D96}" = TuneUp Utilities Language Pack (en-US)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBBA179E-593A-46CB-8915-669E7A7F6076}" = Tweet Adder 3
"{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}" = Brother MFL-Pro Suite MFC-7420
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB3D588C-6BB4-427A-A716-40D82310E1A6}" = Video Marketing Blaster
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitTorrent" = BitTorrent
"Blog Blaster" = Blog Blaster
"CCleaner" = CCleaner
"Feed Blaster" = Feed Blaster
"FileZilla Client" = FileZilla Client 3.6.0.2
"HDClone.Free.4.1.3.1031-{D64B3231-D653-467F-ABC0-3F8AED11D5CA}" = HDClone 4.1 Free Edition
"IMAPSize_is1" = IMAPSize 0.3.7
"iNSTANT BOOSTER" = iNSTANT BOOSTER
"IrfanView" = IrfanView (remove only)
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"No Hands SEO" = No Hands SEO
"Notepad++" = Notepad++
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"ORICOHWRaidManager" = ORICO HW RAID Manager
"Rechnungsdruckerei 2012_is1" = DATA BECKER Rechnungsdruckerei 2012
"SiS VGA Driver" = SiS VGA Utilities
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1722215542-1266371712-1660511483-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"319c26e2ee1f7c8f" = Wiki Bomber
"5c5e826202f580b7" = Backlink Cloner
"a10c648895c21ba6" = Update or Uninstall SENukeX
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.06.2013 13:12:55 | Computer Name = Shuttle | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Apple\Internet Services\ShellStreams.dll".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.06.2013 13:12:56 | Computer Name = Shuttle | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Apple\Internet Services\ShellStreams.dll".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.06.2013 13:12:56 | Computer Name = Shuttle | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Apple\Internet Services\ShellStreams.dll".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.06.2013 13:12:56 | Computer Name = Shuttle | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Apple\Internet Services\ShellStreams.dll".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.06.2013 13:12:56 | Computer Name = Shuttle | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Apple\Internet Services\ShellStreams.dll".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.06.2013 15:19:23 | Computer Name = Shuttle | Source = System Restore | ID = 8206
Description = 
 
Error - 08.06.2013 18:00:10 | Computer Name = Shuttle | Source = Windows Backup | ID = 4103
Description = 
 
Error - 08.06.2013 18:36:12 | Computer Name = Shuttle | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Kobo\drivers\dpinst64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.06.2013 18:38:07 | Computer Name = Shuttle | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 09.06.2013 06:58:22 | Computer Name = Shuttle | Source = System Restore | ID = 8206
Description = 
 
[ System Events ]
Error - 09.06.2013 06:57:57 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7003
Description = Der Dienst "SBSD Security Center Service" ist von folgendem Dienst
 abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.
 
Error - 09.06.2013 06:57:59 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 09.06.2013 06:58:39 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
Error - 09.06.2013 06:58:39 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 09.06.2013 07:14:42 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 09.06.2013 07:14:42 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 09.06.2013 07:14:42 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7003
Description = Der Dienst "SBSD Security Center Service" ist von folgendem Dienst
 abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.
 
Error - 09.06.2013 07:14:45 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 09.06.2013 07:15:12 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
Error - 09.06.2013 07:15:12 | Computer Name = Shuttle | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
 
< End of report >
         
--- --- ---

Antwort

Themen zu IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc.
andere, anderen, angezeigt, bannersdontwork, benötige, compu, computer, entferne, entfernen, folgende, gemeinde, komische, kurzem, spyhunter, spyhunter entfernen, survey-central.yamahaonlinestore, trojaner firefox neue seiten, unterstützung, verlinkungen, werbung, win32/sirefef.ez



Ähnliche Themen: IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc.


  1. Probleme mit serve.bannersdontwork.com
    Log-Analyse und Auswertung - 07.12.2013 (7)
  2. Windows 8 - serve.bannersdontwork
    Plagegeister aller Art und deren Bekämpfung - 09.10.2013 (7)
  3. N°1 serve.bannersdontwork.com
    Log-Analyse und Auswertung - 26.09.2013 (7)
  4. Problem mit serve.bannersdontwork.com
    Log-Analyse und Auswertung - 25.09.2013 (4)
  5. N°2 serve.bannersdontwork.com
    Mülltonne - 25.09.2013 (1)
  6. serve.bannersdontwork.com
    Log-Analyse und Auswertung - 17.09.2013 (13)
  7. Problem mit http://serve.bannersdontwork.com
    Log-Analyse und Auswertung - 22.08.2013 (9)
  8. serve.bannersdontwork.com
    Log-Analyse und Auswertung - 15.08.2013 (15)
  9. Win7 - 64bit: Öffnen von http://serve.bannersdontwork.com/text/javascript und http://serve.bannersdontwork.com/&m=true in Firefox
    Log-Analyse und Auswertung - 14.08.2013 (17)
  10. Firefox öffnet websites wie serve.bannersdontwork
    Log-Analyse und Auswertung - 13.08.2013 (7)
  11. wieder serve.bannersdontwork.com etc.
    Plagegeister aller Art und deren Bekämpfung - 04.08.2013 (16)
  12. Wie entferne ich http://serve.bannersdontwork.com/text/javascript http://serve.bannersdontwork.com/&m=true
    Log-Analyse und Auswertung - 18.06.2013 (10)
  13. bannersdontwork und survey.central öffnen sich im Firefox - OTL Logfiles gepostet
    Mülltonne - 11.06.2013 (1)
  14. Firefox öffnet eigenständig ein Tab(http://e.ligatus.com/LigatusFallback.gif?ids=34088)
    Plagegeister aller Art und deren Bekämpfung - 07.05.2013 (1)
  15. Firefox öffnet eigenständig neuen Tab mit folgender Adresse: http://e.ligatus.com/LigatusFallback.gif?ids=34088
    Plagegeister aller Art und deren Bekämpfung - 05.04.2013 (16)
  16. Firefox öffnet eigenständig Tabs mit dem Link http://www.xn--34-jfa70azaif3a3ko249a.com/
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (2)
  17. Firefox öffnet eigenständig neuen Tab mit http://e.ligatus.com/LigatusFallback.gif?ids=34088
    Plagegeister aller Art und deren Bekämpfung - 29.03.2013 (1)

Zum Thema IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc. - Moin Gemeinde, ich benötige glaub unterstützung von euch, ich bzw. mein Computer hat sich irgendwas eingefangen. Wenn ich IE oder Firefox öffne öffnen sich meist folgende Seiten mit: hxxp://serve.bannersdontwork.com hxxp://survey-central.yamahaonlinestore.com/?sov=62570201&hid=gmmwukwismmqgu&id=XNSX.nodl&ctrl1=nodl - IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc....
Archiv
Du betrachtest: IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.