Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bundestrojaner Ukash (https://www.trojaner-board.de/121539-bundestrojaner-ukash.html)

Roman R 08.08.2012 07:28
Bundestrojaner Ukash
 
Hallo hier mein OTL Log. Ich habe leider schon den 3. Run ich hoffe das geht auch so. Die Extra Datei habe ich auch nicht.
Ich habe zu spät von diesem Forum erfahren. Ich habe schon alles mögliche probiert alle gängigen Virenscanner aus dem abgesicherten Modus raus laufen lassen aber keiner hat den Virus entfernt. Desktop Unlocker von Kasperky und Avira haben auch nicht funktioniert, bzw habe sie nicht zum laufen gebracht. Ich hoffe hier wird mir geholfen. DankeOTL Logfile:
Code:
OTL logfile created on: 08.08.2012 08:10:43 - Run 3
OTL by OldTimer - Version 3.2.56.0    Folder = C:\Users\isa\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,67 Gb Total Physical Memory | 3,05 Gb Available Physical Memory | 83,04% Memory free
7,34 Gb Paging File | 6,76 Gb Available in Paging File | 92,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287,73 Gb Total Space | 175,94 Gb Free Space | 61,15% Space Free | Partition Type: NTFS
 
Computer Name: ISA-VAIO | User Name: isa | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.08 07:36:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\isa\Downloads\OTL.exe
PRC - [2012.08.08 07:34:45 | 000,050,477 | ---- | M] () -- C:\Users\isa\Downloads\Defogger.exe
PRC - [2012.07.19 13:26:41 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.08 07:34:45 | 000,050,477 | ---- | M] () -- C:\Users\isa\Downloads\Defogger.exe
MOD - [2012.07.19 13:26:41 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.01.29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV - [2012.07.19 13:26:41 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.01.13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2010.11.30 19:08:30 | 002,222,376 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.05.28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.02.19 19:19:28 | 000,115,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2010.02.19 19:19:24 | 000,529,776 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009.12.14 22:06:24 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.12.14 22:06:08 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.11.30 20:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2009.11.25 20:06:06 | 000,821,760 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2009.11.21 01:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.10.24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009.10.15 17:34:36 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009.10.15 17:34:36 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009.10.15 17:34:36 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009.10.15 17:34:34 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009.10.15 17:34:34 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009.09.14 20:24:08 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009.09.14 20:24:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009.09.14 19:53:48 | 000,642,416 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009.09.04 23:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.09.01 22:42:00 | 000,361,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2009.08.31 02:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009.08.31 02:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008.07.09 15:43:14 | 000,131,072 | ---- | M] (AccSys GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AccSys\AccVSSvc.exe -- (accvssvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.13 12:15:48 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.08.12 06:07:46 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.12.24 22:06:08 | 006,106,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.12.16 22:03:59 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009.12.16 22:03:04 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.12.14 22:06:07 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.11.21 01:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.11.18 06:30:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.11.18 06:30:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.11.18 06:30:32 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.11.18 06:30:21 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.11.18 06:23:46 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.11.13 22:08:21 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.11.12 22:16:19 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.11.12 22:06:44 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.11.06 22:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009.11.04 11:59:59 | 000,253,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.09.15 22:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2009.08.19 22:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 15:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.05.02 10:59:08 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2008.05.02 10:58:50 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2008.05.02 10:58:48 | 000,023,552 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2008.05.02 10:58:48 | 000,018,432 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2007.01.25 19:31:38 | 000,040,208 | ---- | M] (CACE Technologies) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
IE - HKLM\..\SearchScopes,DefaultScope = {47379DEE-6FCC-4A14-8195-6E56AB7E8604}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{47379DEE-6FCC-4A14-8195-6E56AB7E8604}: "URL" = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {92DC3383-EEAC-4245-94F8-F004A51B59DD}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{21E95DEF-69E2-46AD-B455-AAF504D3327B}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363
IE - HKCU\..\SearchScopes\{2A5D8926-4BEF-4668-8978-37C6C42B979D}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{47379DEE-6FCC-4A14-8195-6E56AB7E8604}: "URL" = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
IE - HKCU\..\SearchScopes\{92DC3383-EEAC-4245-94F8-F004A51B59DD}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
IE - HKCU\..\SearchScopes\{CC9CCE2D-790C-4B05-9047-D6622F2C45AB}: "URL" = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( )
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\isa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.26 12:07:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 13:26:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.26 11:56:10 | 000,000,000 | ---D | M]
 
[2010.05.03 08:00:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\isa\AppData\Roaming\mozilla\Extensions
[2010.05.03 08:00:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\isa\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.08.04 22:11:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\isa\AppData\Roaming\mozilla\Firefox\Profiles\m6qbdun4.default\extensions
[2011.11.20 02:04:01 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\isa\AppData\Roaming\mozilla\Firefox\Profiles\m6qbdun4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.31 12:46:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\isa\AppData\Roaming\mozilla\Firefox\Profiles\m6qbdun4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.02.28 11:28:24 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\isa\AppData\Roaming\mozilla\Firefox\Profiles\m6qbdun4.default\extensions\2020Player@2020Technologies.com
[2011.12.11 23:10:08 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\isa\AppData\Roaming\mozilla\Firefox\Profiles\m6qbdun4.default\extensions\2020Player_IKEA@2020Technologies.com
[2011.11.11 18:19:58 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\isa\AppData\Roaming\mozilla\Firefox\Profiles\m6qbdun4.default\extensions\plugin@yontoo.com
[2011.11.29 23:00:43 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\isa\AppData\Roaming\mozilla\Firefox\Profiles\m6qbdun4.default\extensions\welcome@toolmin.com
[2012.04.11 08:22:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.04.26 20:12:22 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.07.18 21:15:55 | 000,339,888 | ---- | M] () (No name found) -- C:\USERS\ISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M6QBDUN4.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2012.07.08 09:29:14 | 000,061,705 | ---- | M] () (No name found) -- C:\USERS\ISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M6QBDUN4.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
[2012.08.04 22:11:31 | 000,314,397 | ---- | M] () (No name found) -- C:\USERS\ISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M6QBDUN4.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.XPI
[2012.07.19 13:26:41 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.26 11:52:47 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.04.11 08:22:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.11 08:22:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.11 08:22:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.11 08:22:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.29 23:00:43 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2012.04.11 08:22:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.11 08:22:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.28 21:33:57 | 000,443,881 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 127.0.0.1    www.123fporn.info
O1 - Hosts: 15244 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [noaffvhujpjdcdy] C:\ProgramData\noaffvhu.exe ()
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKCU..\Run: [EPSON Stylus Photo RX585 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICLE.EXE /FU "C:\Windows\TEMP\E_SCA24.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [noaffvhujpjdcdy] C:\ProgramData\noaffvhu.exe ()
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [phonostar-PlayerTimer] C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe ()
O4 - HKCU..\Run: [phonostarTimer] C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\isa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\isa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {4A0F5286-01EE-4345-B553-8902A9251E02} hxxp://webgisrz03.kivbf.de/buehl/com/sp_ingweb_extern.cab (sp_ingweb.Extern)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} hxxp://webgisrz03.kivbf.de/buehl/com/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C5DBAE84-700E-42B6-B93F-BC319F910573} hxxp://webgisrz03.kivbf.de/buehl/com/sp_ingweb_crypt.cab (sp_ingweb.Crypt)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DD0B22D-C026-4940-9700-1362E8BA5673}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB67E911-867D-4C13-AE00-E3C7ECA0A89B}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{22e970f6-f236-11df-95c1-0024bec68b1b}\Shell - "" = AutoRun
O33 - MountPoints2\{22e970f6-f236-11df-95c1-0024bec68b1b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.hta
O33 - MountPoints2\{22e970fb-f236-11df-95c1-0024bec68b1b}\Shell - "" = AutoRun
O33 - MountPoints2\{22e970fb-f236-11df-95c1-0024bec68b1b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.hta
O33 - MountPoints2\{8d753ff6-9cd5-11e1-8ae2-0024bebc934c}\Shell - "" = AutoRun
O33 - MountPoints2\{8d753ff6-9cd5-11e1-8ae2-0024bebc934c}\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.08 08:01:02 | 000,000,000 | -HSD | C] -- C:\found.003
[2012.08.03 21:28:49 | 000,000,000 | ---D | C] -- C:\Quarantine
[2012.07.28 23:31:41 | 000,000,000 | ---D | C] -- C:\Users\isa\Desktop\sardu
[2012.07.28 21:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.07.25 19:05:30 | 000,000,000 | ---D | C] -- C:\bcada991d0db960ebeace0c7af
[2012.07.23 14:38:15 | 000,000,000 | ---D | C] -- C:\Users\isa\Desktop\booking.aspx-Dateien
[2012.07.15 10:51:17 | 000,000,000 | -HSD | C] -- C:\found.002
[2012.07.14 21:26:03 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2012.07.14 21:26:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.07.14 21:26:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.07.14 12:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\mbujnipyjkcgjzx
[2012.07.14 11:57:52 | 000,000,000 | ---D | C] -- C:\Users\isa\AppData\Local\DDMSettings
[2012.07.12 20:15:17 | 000,000,000 | ---D | C] -- C:\Users\isa\AppData\Local\{D28422F9-5A5D-4D6C-AB41-6B69B2917183}
[2012.07.12 20:14:55 | 000,000,000 | ---D | C] -- C:\Users\isa\AppData\Local\{85B075EC-BA02-42BF-9198-C26CA7AEBD5E}
[2012.07.12 20:14:55 | 000,000,000 | ---D | C] -- C:\Users\isa\AppData\Local\{2F13E742-5EBF-49D1-89C9-A4EA8816FAF3}
[4 C:\Users\isa\Documents\*.tmp files -> C:\Users\isa\Documents\*.tmp -> ]
[3 C:\Users\isa\Desktop\*.tmp files -> C:\Users\isa\Desktop\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.08 08:07:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.08 08:07:03 | 2955,485,184 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.08 08:05:16 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.08 07:35:04 | 000,000,168 | ---- | M] () -- C:\Users\isa\defogger_reenable
[2012.08.05 21:32:26 | 001,513,832 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.05 21:32:26 | 000,659,574 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.05 21:32:26 | 000,620,470 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.05 21:32:26 | 000,132,920 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.05 21:32:26 | 000,108,652 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.05 17:16:02 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 17:16:02 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.04 22:07:11 | 000,009,992 | ---- | M] () -- C:\bootsqm.dat
[2012.08.03 20:57:34 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.08.03 07:19:42 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.03 07:19:34 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.07.29 12:05:51 | 547,608,576 | ---- | M] () -- C:\Users\isa\Desktop\sardu.iso
[2012.07.29 11:29:44 | 000,406,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.28 21:47:02 | 141,819,832 | ---- | M] () -- C:\Users\isa\Desktop\setup_11.0.0.1245.x01_2012_07_28_23_03.exe
[2012.07.28 21:33:57 | 000,443,881 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.07.26 14:55:53 | 000,017,408 | ---- | M] () -- C:\Users\isa\AppData\Local\WebpageIcons.db
[2012.07.23 14:38:20 | 000,035,853 | ---- | M] () -- C:\Users\isa\Desktop\booking.aspx.htm
[2012.07.17 21:16:53 | 001,331,906 | ---- | M] () -- C:\Users\isa\Desktop\attachment1.pdf
[2012.07.17 21:10:51 | 000,023,478 | ---- | M] () -- C:\Users\isa\Desktop\Angebot Rau-1.pdf
[2012.07.15 11:06:25 | 210,292,736 | ---- | M] () -- C:\Users\isa\Desktop\KWU_1.0.3.upd.iso
[2012.07.14 22:33:10 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.14 12:50:18 | 000,000,051 | ---- | M] () -- C:\ProgramData\ptqegnndbxhhiaf
[2012.07.14 12:21:43 | 000,049,152 | ---- | M] () -- C:\ProgramData\noaffvhu.exe
[2012.07.14 11:59:43 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.14 08:15:51 | 000,280,039 | ---- | M] () -- C:\Users\isa\Desktop\photo.php
[2012.07.09 17:45:43 | 000,029,924 | ---- | M] () -- C:\Windows\SysNative\s000002.dat
[2012.07.09 17:45:36 | 000,000,204 | ---- | M] () -- C:\Windows\SysNative\sstates.sdt
[2012.07.09 17:45:36 | 000,000,040 | ---- | M] () -- C:\Windows\SysNative\sstate_prev.sdt
[4 C:\Users\isa\Documents\*.tmp files -> C:\Users\isa\Documents\*.tmp -> ]
[3 C:\Users\isa\Desktop\*.tmp files -> C:\Users\isa\Desktop\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.08 07:35:04 | 000,000,168 | ---- | C] () -- C:\Users\isa\defogger_reenable
[2012.08.04 22:07:11 | 000,009,992 | ---- | C] () -- C:\bootsqm.dat
[2012.08.01 20:17:29 | 006,631,501 | ---- | C] () -- C:\Users\isa\Desktop\SDC16268.JPG
[2012.07.29 12:05:46 | 547,608,576 | ---- | C] () -- C:\Users\isa\Desktop\sardu.iso
[2012.07.28 21:45:03 | 141,819,832 | ---- | C] () -- C:\Users\isa\Desktop\setup_11.0.0.1245.x01_2012_07_28_23_03.exe
[2012.07.23 14:38:14 | 000,035,853 | ---- | C] () -- C:\Users\isa\Desktop\booking.aspx.htm
[2012.07.17 21:16:53 | 001,331,906 | ---- | C] () -- C:\Users\isa\Desktop\attachment1.pdf
[2012.07.17 21:10:51 | 000,023,478 | ---- | C] () -- C:\Users\isa\Desktop\Angebot Rau-1.pdf
[2012.07.16 13:40:17 | 210,292,736 | ---- | C] () -- C:\Users\isa\Desktop\KWU_1.0.3.upd.iso
[2012.07.14 12:50:18 | 000,049,152 | ---- | C] () -- C:\ProgramData\noaffvhu.exe
[2012.07.14 12:49:30 | 000,000,051 | ---- | C] () -- C:\ProgramData\ptqegnndbxhhiaf
[2012.07.14 11:58:27 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.14 08:15:51 | 000,280,039 | ---- | C] () -- C:\Users\isa\Desktop\photo.php
[2012.07.11 12:55:26 | 000,001,696 | ---- | C] () -- C:\Users\isa\AppData\Local\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\U\00000001.@
[2012.07.09 17:45:43 | 000,029,924 | ---- | C] () -- C:\Windows\SysNative\s000002.dat
[2012.07.02 13:31:11 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\U\00000001.@
[2012.06.23 20:03:45 | 000,003,584 | ---- | C] () -- C:\Users\isa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.31 21:02:19 | 000,017,408 | ---- | C] () -- C:\Users\isa\AppData\Local\WebpageIcons.db
[2012.03.08 17:22:05 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.02.14 18:06:37 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012.01.29 10:32:47 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2012.01.11 13:43:04 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\@
[2012.01.11 13:43:04 | 000,002,048 | -HS- | C] () -- C:\Users\isa\AppData\Local\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\@
[2012.01.06 22:50:00 | 000,034,936 | ---- | C] () -- C:\Windows\SysWow64\uninstHelixYUV.exe
[2011.11.14 17:52:56 | 000,000,086 | ---- | C] () -- C:\Windows\WIWWI.ini
[2011.11.07 22:46:10 | 000,001,590 | ---- | C] () -- C:\Users\isa\AppData\Roaming\MyMicroBalanceConfig.ini
[2011.07.24 09:48:41 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2011.07.24 09:48:41 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2011.07.24 09:48:40 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011.06.18 10:35:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010.12.09 19:48:21 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.11.19 19:20:18 | 000,000,000 | ---- | C] () -- C:\Users\isa\AppData\Roaming\wklnhst.dat
[2010.08.18 20:03:46 | 000,204,857 | ---- | C] () -- C:\Windows\SysWow64\InstallHelp.dll
[2010.08.18 20:03:45 | 000,111,308 | ---- | C] () -- C:\Windows\SysWow64\GMTUninstall.exe
[2010.05.13 18:27:36 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml
 
========== LOP Check ==========
 
[2012.04.21 09:30:17 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\Aquamarin Haushaltsbuch
[2010.05.27 09:56:21 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\Auslogics
[2010.08.18 19:45:56 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\Bombermaaan
[2012.04.25 17:19:51 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\Canneverbe Limited
[2012.05.13 15:09:43 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012.06.25 17:29:52 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\concept design
[2012.05.13 12:19:59 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\DAEMON Tools Lite
[2012.08.08 08:06:02 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\Dropbox
[2011.11.20 02:04:10 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\DVDVideoSoft
[2011.11.20 02:04:01 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.12.27 14:47:05 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\IrfanView
[2011.08.20 21:31:59 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\Leadertech
[2012.01.06 22:43:04 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\mresreg
[2012.05.31 20:59:01 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\ooVoo Details
[2010.06.17 22:31:31 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\oovooinstaller
[2011.06.12 21:39:53 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\phonostar GmbH
[2011.11.20 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\SoundSpectrum
[2012.07.14 23:27:08 | 000,000,000 | RHSD | M] -- C:\Users\isa\AppData\Roaming\System32
[2010.12.03 17:48:53 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\TeamViewer
[2012.07.28 22:01:28 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\toolplugin
[2012.05.17 19:44:17 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\TS3Client
[2012.05.17 19:43:57 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\ts3overlay
[2010.08.10 14:16:17 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\Unity
[2012.07.22 20:15:32 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

t'john 08.08.2012 16:27
:hallo:

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {47379DEE-6FCC-4A14-8195-6E56AB7E8604}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{47379DEE-6FCC-4A14-8195-6E56AB7E8604}: "URL" = http://downloads.phpnuke.org/de/index.php?rvs=google
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes,DefaultScope = {92DC3383-EEAC-4245-94F8-F004A51B59DD}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{21E95DEF-69E2-46AD-B455-AAF504D3327B}: "URL" = http://de.shopping.com/?linkin_id=8056363
IE - HKCU\..\SearchScopes\{2A5D8926-4BEF-4668-8978-37C6C42B979D}: "URL" = http://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{47379DEE-6FCC-4A14-8195-6E56AB7E8604}: "URL" = http://downloads.phpnuke.org/de/index.php?rvs=google
IE - HKCU\..\SearchScopes\{92DC3383-EEAC-4245-94F8-F004A51B59DD}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
IE - HKCU\..\SearchScopes\{CC9CCE2D-790C-4B05-9047-D6622F2C45AB}: "URL" = http://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [noaffvhujpjdcdy] C:\ProgramData\noaffvhu.exe ()
O4 - HKCU..\Run: [EPSON Stylus Photo RX585 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICLE.EXE /FU "C:\Windows\Temp\E_SCA24.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [noaffvhujpjdcdy] C:\ProgramData\noaffvhu.exe ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{22e970f6-f236-11df-95c1-0024bec68b1b}\Shell - "" = AutoRun
O33 - MountPoints2\{22e970f6-f236-11df-95c1-0024bec68b1b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.hta
O33 - MountPoints2\{22e970fb-f236-11df-95c1-0024bec68b1b}\Shell - "" = AutoRun
O33 - MountPoints2\{22e970fb-f236-11df-95c1-0024bec68b1b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.hta
O33 - MountPoints2\{8d753ff6-9cd5-11e1-8ae2-0024bebc934c}\Shell - "" = AutoRun
O33 - MountPoints2\{8d753ff6-9cd5-11e1-8ae2-0024bebc934c}\Shell\AutoRun\command - "" = G:\autorun.exe
 
[2012.07.14 12:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\mbujnipyjkcgjzx
[2012.08.03 07:19:34 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.07.14 12:50:18 | 000,000,051 | ---- | M] () -- C:\ProgramData\ptqegnndbxhhiaf
[2012.07.14 12:21:43 | 000,049,152 | ---- | M] () -- C:\ProgramData\noaffvhu.exe
[2012.07.14 11:59:43 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad

[2012.08.08 08:05:16 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.08.03 07:19:42 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.11 12:55:26 | 000,001,696 | ---- | C] () -- C:\Users\isa\AppData\Local\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\U\00000001.@
[2012.07.02 13:31:11 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\U\00000001.@
[2012.01.11 13:43:04 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\@
[2012.01.11 13:43:04 | 000,002,048 | -HS- | C] () -- C:\Users\isa\AppData\Local\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\@
:Files


ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Roman R 08.08.2012 21:52
Wow ich bin echt platt. Es hat funktioniert vielen lieben Danke.
Was genau hab ich denn gerade gemacht? Ist der Trojaner jetzt total entfernt, waren noch andere Viren oder Trojaner drauf die ich dadurch entfernt habe.

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{47379DEE-6FCC-4A14-8195-6E56AB7E8604}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47379DEE-6FCC-4A14-8195-6E56AB7E8604}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{21E95DEF-69E2-46AD-B455-AAF504D3327B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21E95DEF-69E2-46AD-B455-AAF504D3327B}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2A5D8926-4BEF-4668-8978-37C6C42B979D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A5D8926-4BEF-4668-8978-37C6C42B979D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{47379DEE-6FCC-4A14-8195-6E56AB7E8604}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47379DEE-6FCC-4A14-8195-6E56AB7E8604}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{92DC3383-EEAC-4245-94F8-F004A51B59DD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92DC3383-EEAC-4245-94F8-F004A51B59DD}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC9CCE2D-790C-4B05-9047-D6622F2C45AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC9CCE2D-790C-4B05-9047-D6622F2C45AB}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Search the web" removed from browser.search.defaultenginename
Prefs.js: "Search the web" removed from browser.search.order.1
Prefs.js: "Search the web" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll moved successfully.
127.0.0.1 www.007guard.com removed from HOSTS file successfully
127.0.0.1 008k.com removed from HOSTS file successfully
127.0.0.1 00hq.com removed from HOSTS file successfully
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\noaffvhujpjdcdy deleted successfully.
C:\ProgramData\noaffvhu.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON Stylus Photo RX585 Series deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\noaffvhujpjdcdy deleted successfully.
File C:\ProgramData\noaffvhu.exe not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22e970f6-f236-11df-95c1-0024bec68b1b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22e970f6-f236-11df-95c1-0024bec68b1b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22e970f6-f236-11df-95c1-0024bec68b1b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22e970f6-f236-11df-95c1-0024bec68b1b}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.hta not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22e970fb-f236-11df-95c1-0024bec68b1b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22e970fb-f236-11df-95c1-0024bec68b1b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22e970fb-f236-11df-95c1-0024bec68b1b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22e970fb-f236-11df-95c1-0024bec68b1b}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.hta not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d753ff6-9cd5-11e1-8ae2-0024bebc934c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d753ff6-9cd5-11e1-8ae2-0024bebc934c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d753ff6-9cd5-11e1-8ae2-0024bebc934c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d753ff6-9cd5-11e1-8ae2-0024bebc934c}\ not found.
File G:\autorun.exe not found.
C:\ProgramData\mbujnipyjkcgjzx folder moved successfully.
C:\ProgramData\ntuser.pol moved successfully.
C:\ProgramData\ptqegnndbxhhiaf moved successfully.
File C:\ProgramData\noaffvhu.exe not found.
C:\ProgramData\to_r0tsef.pad moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Users\isa\AppData\Local\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\U\00000001.@ moved successfully.
C:\Windows\Installer\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\U\00000001.@ moved successfully.
C:\Windows\Installer\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\@ moved successfully.
C:\Users\isa\AppData\Local\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\@ moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\isa\Desktop\cmd.bat deleted successfully.
C:\Users\isa\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: isa
->Temp folder emptied: 1414361251 bytes
->Temporary Internet Files folder emptied: 175638649 bytes
->Java cache emptied: 24479766 bytes
->FireFox cache emptied: 50765611 bytes
->Flash cache emptied: 59560737 bytes

User: Mcx1-ISA-VAIO
->Temp folder emptied: 66532 bytes
->Temporary Internet Files folder emptied: 75817 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3745828 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 110453448 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.754,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: isa
->Flash cache emptied: 0 bytes

User: Mcx1-ISA-VAIO

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08082012_223822

Files\Folders moved on Reboot...
C:\Users\isa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\isa\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

t'john 09.08.2012 07:34
Nein, wir sind noch nicht ferig, ich sage bescheid :)

Sehr gut! :daumenhoc

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Roman R 10.08.2012 09:24
Hallo hier die beiden Logs:
Vielen Danke nochmal

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.10.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
isa :: ISA-VAIO [Administrator]

Schutz: Aktiviert

10.08.2012 09:10:53
mbam-log-2012-08-10 (09-10-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 363914
Laufzeit: 38 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

# AdwCleaner v1.800 - Logfile created 08/10/2012 at 10:14:35
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : isa - ISA-VAIO
# Running from : C:\Users\isa\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\isa\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\isa\AppData\Roaming\Mozilla\Firefox\Profiles\m6qbdun4.default\extensions\plugin@yontoo.com
Folder Found : C:\Users\isa\AppData\Roaming\Mozilla\Firefox\Profiles\m6qbdun4.default\extensions\welcome@toolmin.com
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Program Files (x86)\Yontoo Layers Runtime

***** [Registry] *****

Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
[x64] Key Found : HKLM\SOFTWARE\Tarma Installer

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\isa\AppData\Roaming\Mozilla\Firefox\Profiles\m6qbdun4.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "Search the web");
Found : user_pref("browser.search.order.1", "Search the web");
Found : user_pref("browser.search.selectedEngine", "Search the web");

*************************

AdwCleaner[R1].txt - [5139 octets] - [10/08/2012 10:14:35]

########## EOF - C:\AdwCleaner[R1].txt - [5267 octets] ##########

t'john 10.08.2012 12:23
Sehr gut! :daumenhoc


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

Roman R 10.08.2012 19:25
Hier die beiden logs

# AdwCleaner v1.800 - Logfile created 08/10/2012 at 13:56:54
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : isa - ISA-VAIO
# Running from : C:\Users\isa\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\isa\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\isa\AppData\Roaming\Mozilla\Firefox\Profiles\m6qbdun4.default\extensions\plugin@yontoo.com
Folder Deleted : C:\Users\isa\AppData\Roaming\Mozilla\Firefox\Profiles\m6qbdun4.default\extensions\welcome@toolmin.com
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Yontoo Layers Runtime

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
[x64] Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\isa\AppData\Roaming\Mozilla\Firefox\Profiles\m6qbdun4.default\prefs.js

C:\Users\isa\AppData\Roaming\Mozilla\Firefox\Profiles\m6qbdun4.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "Search the web");
Deleted : user_pref("browser.search.order.1", "Search the web");
Deleted : user_pref("browser.search.selectedEngine", "Search the web");

*************************

AdwCleaner[R1].txt - [5232 octets] - [10/08/2012 10:14:35]
AdwCleaner[R2].txt - [5292 octets] - [10/08/2012 10:25:12]
AdwCleaner[S1].txt - [264 octets] - [10/08/2012 10:25:21]
AdwCleaner[S2].txt - [264 octets] - [10/08/2012 13:56:34]
AdwCleaner[S3].txt - [4295 octets] - [10/08/2012 13:56:55]

########## EOF - C:\AdwCleaner[S3].txt - [4423 octets] ##########

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 10.08.2012 14:08:15

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 10.08.2012 14:09:31

C:\_OTL\MovedFiles\08082012_223822\C_ProgramData\noaffvhu.exe gefunden: Trojan.Win32.Weelsof.AMN!E1
C:\_OTL\MovedFiles\08082012_223822\C_Users\isa\AppData\Local\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\U\00000001.@ gefunden: Trojan.Win32.Agent.AMN!E1
C:\_OTL\MovedFiles\08082012_223822\C_Windows\Installer\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\U\00000001.@ gefunden: Trojan.Win32.Agent.AMN!E1
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1BCA.tmp\System.Web.Abstractions.dll gefunden: Trojan-Spy.Win32.Zbot!E2

Gescannt 595556
Gefunden 4

Scan Ende: 10.08.2012 15:20:22
Scan Zeit: 1:10:51

t'john 10.08.2012 19:32
Sehr gut! :daumenhoc

Lasse die Funde loeschen, dann:

Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Roman R 11.08.2012 15:14
Hier der Log, musste ihn 2 mal drüberlaufen lassen hatte beim 1. Mal das Programm deinstalliert und der Log war auch weg. So leider hier der 2.Log.:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3758dcc1ea45a4478fe52992755e92b5
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-11 11:51:12
# local_time=2012-08-11 01:51:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 66 94 3438959 96297484 0 0
# compatibility_mode=8192 67108863 100 0 36741 36741 0 0
# scanned=158829
# found=0
# cleaned=0
# scan_time=18239

t'john 11.08.2012 15:21
Scan durchfuehren: http://www.trojaner-board.de/114276-...s-remover.html

Roman R 11.08.2012 17:47
Hier der Log

C:\Windows\system32\ntoskrnl.exe OK
C:\Windows\system32\hal.dll OK
C:\Windows\system32\kdcom.dll OK
C:\Windows\system32\mcupdate_GenuineIntel.dll OK
C:\Windows\system32\PSHED.dll OK
C:\Windows\system32\CLFS.SYS OK
C:\Windows\system32\CI.dll OK
C:\Windows\system32\drivers\Wdf01000.sys OK
C:\Windows\system32\drivers\WDFLDR.SYS OK
C:\Windows\system32\drivers\ACPI.sys OK
C:\Windows\system32\drivers\WMILIB.SYS OK
C:\Windows\system32\drivers\msisadrv.sys OK
C:\Windows\system32\drivers\pci.sys OK
C:\Windows\system32\drivers\vdrvroot.sys OK
C:\Windows\System32\drivers\partmgr.sys OK
C:\Windows\system32\drivers\compbatt.sys OK
C:\Windows\system32\drivers\BATTC.SYS OK
C:\Windows\system32\drivers\volmgr.sys OK
C:\Windows\System32\drivers\volmgrx.sys OK
C:\Windows\System32\drivers\mountmgr.sys OK
C:\Windows\system32\drivers\iaStor.sys OK
C:\Windows\system32\drivers\amdxata.sys OK
C:\Windows\system32\drivers\fltmgr.sys OK
C:\Windows\system32\drivers\fileinfo.sys OK
C:\Windows\System32\Drivers\PxHlpa64.sys OK
C:\Windows\System32\Drivers\Ntfs.sys OK
C:\Windows\System32\Drivers\msrpc.sys OK
C:\Windows\System32\Drivers\ksecdd.sys OK
C:\Windows\System32\Drivers\cng.sys OK
C:\Windows\System32\drivers\pcw.sys OK
C:\Windows\System32\Drivers\Fs_Rec.sys OK
C:\Windows\system32\drivers\ndis.sys OK
C:\Windows\system32\drivers\NETIO.SYS OK
C:\Windows\System32\Drivers\ksecpkg.sys OK
C:\Windows\System32\drivers\tcpip.sys OK
C:\Windows\System32\drivers\fwpkclnt.sys OK
C:\Windows\system32\drivers\volsnap.sys OK
C:\Windows\System32\Drivers\spldr.sys OK
C:\Windows\System32\drivers\rdyboost.sys OK
C:\Windows\System32\Drivers\mup.sys OK
C:\Windows\System32\drivers\hwpolicy.sys OK
C:\Windows\System32\DRIVERS\fvevol.sys OK
C:\Windows\system32\drivers\disk.sys OK
C:\Windows\system32\drivers\CLASSPNP.SYS OK
C:\Windows\system32\DRIVERS\dtsoftbus01.sys OK
C:\Windows\system32\drivers\cdrom.sys OK
C:\Windows\System32\Drivers\Null.SYS OK
C:\Windows\System32\Drivers\Beep.SYS OK
C:\Windows\System32\drivers\vga.sys OK
C:\Windows\System32\drivers\VIDEOPRT.SYS OK
C:\Windows\System32\drivers\watchdog.sys OK
C:\Windows\System32\DRIVERS\RDPCDD.sys OK
C:\Windows\system32\drivers\rdpencdd.sys OK
C:\Windows\system32\drivers\rdprefmp.sys OK
C:\Windows\System32\Drivers\Msfs.SYS OK
C:\Windows\System32\Drivers\Npfs.SYS OK
C:\Windows\system32\DRIVERS\tdx.sys OK
C:\Windows\system32\DRIVERS\TDI.SYS OK
C:\Windows\system32\drivers\afd.sys OK
C:\Windows\System32\DRIVERS\netbt.sys OK
C:\Windows\system32\DRIVERS\wfplwf.sys OK
C:\Windows\system32\DRIVERS\pacer.sys OK
C:\Windows\system32\DRIVERS\vwififlt.sys OK
C:\Windows\system32\DRIVERS\netbios.sys OK
C:\Windows\system32\DRIVERS\wanarp.sys OK
C:\Windows\system32\drivers\termdd.sys OK
C:\Windows\system32\DRIVERS\rdbss.sys OK
C:\Windows\system32\drivers\nsiproxy.sys OK
C:\Windows\system32\drivers\mssmbios.sys OK
C:\Windows\System32\drivers\discache.sys OK
C:\Windows\System32\Drivers\dfsc.sys OK
C:\Windows\system32\drivers\blbdrive.sys OK
C:\Windows\system32\DRIVERS\tunnel.sys OK
C:\Windows\system32\DRIVERS\igdkmd64.sys OK
C:\Windows\System32\drivers\dxgkrnl.sys OK
C:\Windows\System32\drivers\dxgmms1.sys OK
C:\Windows\system32\drivers\HECIx64.sys OK
C:\Windows\system32\drivers\usbehci.sys OK
C:\Windows\system32\drivers\USBPORT.SYS OK
C:\Windows\system32\drivers\HDAudBus.sys OK
C:\Windows\system32\DRIVERS\athrx.sys OK
C:\Windows\system32\DRIVERS\vwifibus.sys OK
C:\Windows\system32\drivers\sdbus.sys OK
C:\Windows\system32\drivers\rimssne64.sys OK
C:\Windows\system32\drivers\risdsne64.sys OK
C:\Windows\system32\DRIVERS\yk62x64.sys OK
C:\Windows\system32\drivers\i8042prt.sys OK
C:\Windows\system32\drivers\kbdclass.sys OK
C:\Windows\system32\drivers\Apfiltr.sys OK
C:\Windows\system32\drivers\mouclass.sys OK
C:\Windows\system32\drivers\SFEP.sys OK
C:\Windows\SysWOW64\drivers\Afc.sys OK
C:\Windows\system32\drivers\Impcd.sys OK
C:\Windows\system32\drivers\intelppm.sys OK
C:\Windows\system32\drivers\CmBatt.sys OK
C:\Windows\system32\drivers\CompositeBus.sys OK
C:\Windows\system32\DRIVERS\AgileVpn.sys OK
C:\Windows\system32\DRIVERS\rasl2tp.sys OK
C:\Windows\system32\DRIVERS\ndistapi.sys OK
C:\Windows\system32\DRIVERS\ndiswan.sys OK
C:\Windows\system32\DRIVERS\raspppoe.sys OK
C:\Windows\system32\DRIVERS\raspptp.sys OK
C:\Windows\system32\DRIVERS\rassstp.sys OK
C:\Windows\system32\DRIVERS\hamachi.sys OK
C:\Windows\system32\drivers\swenum.sys OK
C:\Windows\system32\drivers\ks.sys OK
C:\Windows\system32\drivers\umbus.sys OK
C:\Windows\system32\DRIVERS\usbhub.sys OK
C:\Windows\System32\Drivers\NDProxy.SYS OK
C:\Windows\system32\drivers\RTKVHD64.sys OK
C:\Windows\system32\drivers\portcls.sys OK
C:\Windows\system32\drivers\drmk.sys OK
C:\Windows\system32\drivers\ksthunk.sys OK
C:\Windows\system32\DRIVERS\IntcDAud.sys OK
C:\Windows\system32\DRIVERS\usbccgp.sys OK
C:\Windows\system32\DRIVERS\USBD.SYS OK
C:\Windows\System32\win32k.sys OK
C:\Windows\System32\drivers\Dxapi.sys OK
C:\Windows\System32\Drivers\usbvideo.sys OK
C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys OK
C:\Windows\System32\Drivers\crashdmp.sys OK
C:\Windows\System32\Drivers\dump_iaStor.sys Not Found
C:\Windows\System32\Drivers\dump_dumpfve.sys Not Found
C:\Windows\system32\drivers\hidusb.sys OK
C:\Windows\system32\drivers\HIDCLASS.SYS OK
C:\Windows\system32\drivers\HIDPARSE.SYS OK
C:\Windows\system32\DRIVERS\mouhid.sys OK
C:\Windows\system32\DRIVERS\monitor.sys OK
C:\Windows\System32\TSDDD.dll OK
C:\Windows\System32\cdd.dll OK
C:\Windows\system32\drivers\luafv.sys OK
C:\Windows\system32\drivers\WudfPf.sys OK
C:\Windows\system32\DRIVERS\lltdio.sys OK
C:\Windows\system32\DRIVERS\nwifi.sys OK
C:\Windows\system32\DRIVERS\ndisuio.sys OK
C:\Windows\system32\DRIVERS\rspndr.sys OK
C:\Windows\system32\drivers\HTTP.sys OK
C:\Windows\System32\DRIVERS\srvnet.sys OK
C:\Windows\system32\DRIVERS\bowser.sys OK
C:\Windows\system32\DRIVERS\mrxsmb.sys OK
C:\Windows\system32\DRIVERS\mrxsmb10.sys OK
C:\Windows\system32\DRIVERS\mrxsmb20.sys OK
C:\Windows\System32\DRIVERS\srv2.sys OK
C:\Windows\System32\DRIVERS\srv.sys OK
C:\Windows\system32\DRIVERS\vwifimp.sys OK
C:\Windows\system32\drivers\peauth.sys OK
C:\Windows\System32\Drivers\secdrv.SYS OK
C:\Windows\System32\drivers\tcpipreg.sys OK
C:\Windows\system32\drivers\tdtcp.sys OK
C:\Windows\System32\DRIVERS\tssecsrv.sys OK
C:\Windows\System32\Drivers\RDPWD.SYS OK
C:\Windows\system32\DRIVERS\WUDFRd.sys OK
C:\Windows\system32\drivers\mbam.sys OK
C:\Windows\system32\drivers\spsys.sys OK
C:\Windows\system32\drivers\rm.sys Not Found
C:\Windows\System32\ntdll.dll OK
C:\Windows\System32\smss.exe OK
C:\Windows\System32\apisetschema.dll OK
C:\Windows\System32\autochk.exe OK
C:\Windows\System32\shell32.dll OK
C:\Windows\System32\rpcrt4.dll OK
C:\Windows\System32\advapi32.dll OK
C:\Windows\System32\kernel32.dll OK
C:\Windows\System32\wininet.dll OK
C:\Windows\System32\imagehlp.dll OK
C:\Windows\System32\comdlg32.dll OK
C:\Windows\System32\lpk.dll OK
C:\Windows\System32\usp10.dll OK
C:\Windows\System32\normaliz.dll OK
C:\Windows\System32\iertutil.dll OK
C:\Windows\System32\psapi.dll OK
C:\Windows\System32\shlwapi.dll OK
C:\Windows\System32\clbcatq.dll OK
C:\Windows\System32\user32.dll OK
C:\Windows\System32\gdi32.dll OK
C:\Windows\System32\msctf.dll OK
C:\Windows\System32\Wldap32.dll OK
C:\Windows\System32\setupapi.dll OK
C:\Windows\System32\difxapi.dll OK
C:\Windows\System32\nsi.dll OK
C:\Windows\System32\sechost.dll OK
C:\Windows\System32\oleaut32.dll OK
C:\Windows\System32\urlmon.dll OK
C:\Windows\System32\ws2_32.dll OK
C:\Windows\System32\msvcrt.dll OK
C:\Windows\System32\imm32.dll OK
C:\Windows\System32\ole32.dll OK
C:\Windows\System32\crypt32.dll OK
C:\Windows\System32\KernelBase.dll OK
C:\Windows\System32\comctl32.dll OK
C:\Windows\System32\wintrust.dll OK
C:\Windows\System32\devobj.dll OK
C:\Windows\System32\cfgmgr32.dll OK
C:\Windows\System32\msasn1.dll OK
C:\Windows\SysWOW64\normaliz.dll OK
C:\Windows\system32\basesrv.dll OK
C:\Windows\system32\winsrv.dll OK
C:\Windows\system32\winsrv.dll OK
C:\Windows\system32\sxssrv.dll OK
C:\Windows\system32\basesrv.dll OK
C:\Windows\system32\winsrv.dll OK
C:\Windows\system32\winsrv.dll OK
C:\Windows\system32\sxssrv.dll OK
{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 OK
{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 OK
{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 OK
{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 OK
{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 OK
{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 OK
{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32 OK
{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 OK
{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 OK
{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32 OK
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 OK
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 OK
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 OK
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 OK
C:\Windows\system32\services.exe

-- EOF --

t'john 11.08.2012 17:49
Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
  • Windows XP (nur 32-bit)
  • Windows Vista (32-bit/64-bit)
  • Windows 7 (32-bit/64-bit)


Vorbereitung und wichtige Hinweise

  • Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
  • Liste der zu deaktivierenden Programme.
    Bei Unklarheiten bitte fragen.


  • ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
  • Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
  • Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
  • Teile uns das mit und warte auf unsere Anweisungen.


  • Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
  • Während des Laufs von Combofix nichts anderes am Computer machen!
  • Akzeptiere die Bedingungen (Disclaimer) mit "Ja".


  • Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
  • Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
  • Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
  • Bitte nicht in dieses Combofix-Fenster klicken.
  • Das könnte Dein System einfrieren oder hängen bleiben lassen.
  • Es wird ein Backup Deiner Registry erstellt.
  • Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.


  • Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
  • Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
  • Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.


  • Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
  • Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.



Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

Roman R 12.08.2012 08:17
hier der Log
Combofix Logfile:
Code:
ComboFix 12-08-10.02 - isa 12.08.2012  8:57.2.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3758.2197 [GMT 2:00]
ausgeführt von:: c:\users\isa\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\cflog\EPLog.txt
C:\install.exe
c:\program files (x86)\phonostar-Player\phonostarTimer.exe
c:\users\isa\Documents\~WRL0636.tmp
c:\users\isa\Documents\~WRL1072.tmp
c:\users\isa\Documents\~WRL1104.tmp
c:\users\isa\Documents\~WRL2769.tmp
c:\windows\iun6002.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-07-12 bis 2012-08-12  ))))))))))))))))))))))))))))))
.
.
2012-08-12 07:03 . 2012-08-12 07:03        --------        d-----w-        c:\users\Mcx1-ISA-VAIO\AppData\Local\temp
2012-08-12 07:03 . 2012-08-12 07:03        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-08-11 16:40 . 2012-08-11 16:40        328704        ----a-w-        c:\windows\system32\services.exe
2012-08-11 05:20 . 2012-08-11 05:20        --------        d-----w-        c:\users\isa\AppData\Local\Macromedia
2012-08-11 05:20 . 2012-08-11 05:27        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-10 20:34 . 2012-08-10 20:34        --------        d-----w-        c:\program files (x86)\ESET
2012-08-10 12:06 . 2012-08-11 05:07        --------        d-----w-        c:\program files (x86)\Emsisoft Anti-Malware
2012-08-08 20:38 . 2012-08-08 20:38        --------        d-----w-        C:\_OTL
2012-08-08 06:01 . 2012-08-08 06:01        --------        d-----w-        C:\found.003
2012-08-03 19:28 . 2012-08-03 19:28        --------        d-----w-        C:\Quarantine
2012-07-28 19:47 . 2012-07-28 19:47        --------        d-----w-        c:\programdata\Kaspersky Lab
2012-07-25 17:05 . 2012-07-25 17:06        --------        d-----w-        C:\bcada991d0db960ebeace0c7af
2012-07-19 16:34 . 2012-07-19 16:34        --------        d-----w-        c:\program files (x86)\GUM7A3F.tmp
2012-07-19 16:34 . 2012-07-19 16:34        4024320        ----a-w-        c:\program files (x86)\GUT7ADC.tmp
2012-07-15 08:51 . 2012-07-15 08:51        --------        d-----w-        C:\found.002
2012-07-14 19:26 . 2009-03-18 15:35        33856        ---ha-w-        c:\windows\system32\hamachi.sys
2012-07-14 19:26 . 2012-07-14 19:26        --------        d-----w-        c:\program files (x86)\LogMeIn Hamachi
2012-07-14 09:57 . 2012-07-14 09:57        --------        d-----w-        c:\users\isa\AppData\Local\DDMSettings
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-11 05:27 . 2011-12-16 09:24        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-29 18:39 . 2009-07-13 23:19        328704        ----a-w-        c:\windows\system32\services.exe.000
2012-06-21 19:18 . 2011-03-28 16:36        19736        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-16 06:03 . 2010-04-25 10:26        58957832        ----a-w-        c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-21 11:30        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 11:30        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 11:30        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 11:30        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 11:30        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 11:30        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 11:30        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 11:29        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 11:29        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-05-31 04:04 . 2012-06-29 18:56        9013136        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D97AD5D-611F-437C-82A4-EDEE62E6502F}\mpengine.dll
2012-05-19 17:02 . 2012-05-19 17:02        163048        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-18 12:31 . 2012-05-18 12:31        1409        ----a-w-        c:\windows\QTFont.for
2012-05-18 06:42 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2012-05-18 06:42 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2012-05-15 04:01 . 2012-06-14 10:33        1188864        ----a-w-        c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-14 10:33        64512        ----a-w-        c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-14 10:33        981504        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-05-15 01:32 . 2012-06-14 10:21        3146752        ----a-w-        c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49        94208        ----a-w-        c:\users\isa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49        94208        ----a-w-        c:\users\isa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49        94208        ----a-w-        c:\users\isa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49        94208        ----a-w-        c:\users\isa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2010-01-25 26624]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2006-09-01 282624]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 21:03        98304        ----a-w-        c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-25 133104]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 250056]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-25 133104]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-01 361840]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-19 115568]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-08-12 55856]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-13 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-30 2222376]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-14 2320920]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-19 529776]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2009-11-25 821760]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-12-14 56344]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-11-13 151936]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-12-16 244736]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-11-12 395264]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 05:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49        97792        ----a-w-        c:\users\isa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49        97792        ----a-w-        c:\users\isa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49        97792        ----a-w-        c:\users\isa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49        97792        ----a-w-        c:\users\isa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-16 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-16 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-16 410136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-16 9636896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-25 171520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
mLocal Page = c:\windows\SysWOW64\blank.htm
DPF: {4A0F5286-01EE-4345-B553-8902A9251E02} - hxxp://webgisrz03.kivbf.de/buehl/com/sp_ingweb_extern.cab
DPF: {C5DBAE84-700E-42B6-B93F-BC319F910573} - hxxp://webgisrz03.kivbf.de/buehl/com/sp_ingweb_crypt.cab
FF - ProfilePath - c:\users\isa\AppData\Roaming\Mozilla\Firefox\Profiles\m6qbdun4.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-phonostarTimer - c:\program files (x86)\phonostar-Player\phonostarTimer.exe
Wow6432Node-HKCU-Run-phonostar-PlayerTimer - c:\program files (x86)\phonostar-Player\phonostarTimer.exe
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
HKLM-Run-combofix - c:\combofix\CF30699.3XE
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-HelixYUVCodecs - c:\windows\system32\uninstHelixYUV.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3783095568-3784273212-1696736825-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:44,a6,6a,af,da,13,a7,53,f3,33,5d,76,12,35,b0,62,2c,3f,81,3f,00,5a,2d,
  5d,bb,f5,0e,5b,09,58,66,17,16,a2,df,d9,dd,e5,e9,00,51,7f,37,f9,b0,86,e3,20,\
"??"=hex:7e,9e,d2,e8,43,4d,09,b8,b2,a0,72,9d,e7,92,2a,0b
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-08-12  09:06:08
ComboFix-quarantined-files.txt  2012-08-12 07:06
.
Vor Suchlauf: 29 Verzeichnis(se), 228.339.400.704 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 227.939.442.688 Bytes frei
.
- - End Of File - - 7D6DDDC370C876B11BBA15BCC6D3E55F
--- --- ---

t'john 12.08.2012 14:56
Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck

Roman R 12.08.2012 16:20
Hallo Danke. Beim Plugincheck sind alle 4 aktuell und grün, musste adobe aktualisieren, jetzt aber sind alle 4 grün und aktuell.

t'john 12.08.2012 18:21
Kontrollscan:

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

Roman R 12.08.2012 21:13
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.12.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
isa :: ISA-VAIO [Administrator]

12.08.2012 20:41:58
mbam-log-2012-08-12 (20-41-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 365435
Laufzeit: 1 Stunde(n), 30 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

t'john 13.08.2012 15:04
Sehr gut! :daumenhoc

damit bist Du entlassen! :)

Du solltest trotzdem bald mal Neuaufsetzen.


Combofix deinstallieren

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking (Norton) und Anti-Malware Programme deaktivieren.

Start => Ausführen

=> dort reinschreiben

ComboFix /Uninstall => Enter drücken

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch daraus die Schädlinge verschwinden. Es wird ein neuer Systemwiederherstellungspunkt erstellt. Gleichzeitig setzt Combofix die Zeiteinstellungen wieder auf die Ursprungseinstellungen, und setzt die Systemeinstellungen wieder so zurück, dass Dateierweiterungen und Systemdateien versteckt sind, was Du bei Bedarf im Explorer unter Extras => Ordneroptionen aber wieder ändern bzw. Deinen persönlichen Vorlieben entsprechend anpassen kannst.


adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.


Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

  • Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
  • temporäre Dateien löschen.




Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
PC wird immer langsamer - was tun?


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:09 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131