Ein Neues Fenster öffnet sich bei Firefox
 

Ich habe folgendes Problem, seit ein paar Tagen öffnet sich hin und wieder ein fenster bei meinen mozilla firefox habe auch einen screenshot gemacht und bei directupload hochgeladen um zu zeigen wie das fenster aussieht.
hxxp://s1.directupload.net/file/d/3167/9pet6mcy_jpg.htm

Weiss jemand wie man so etwas entfernen kann es ist sehr nervig.
Habe schon meinen Spybot and Destroy durchlaufen lassen und so findet nichts.

Ich bedanke mich schon im voraus das sich jemand mein problem annimmt

Hallo und :hallo:

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

• Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
  
  
• Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  
  
• Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
  
  
• Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
  
  
• Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Setze oben mittig den Haken bei Scanne alle Benutzer
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles in CODE-Tags hier in den Thread.

Wow das war eine schnelle antwort ich werde mich gleich dahintersetzten und alles machen was sie mir beschrieben haben

AdwCleaner Logfile:
--- --- ---

hoffe es passt das ich es hier eingefügt habe.
dazu muss ich noch sagen ich habs auf den anderen computer auch soll ich ihnen von dem auch die Berichte hier einfügen?

Nein!! Stell dir vor du postest Logs von verschiedenen Computern hier rein, da kommt doch jeder durcheinander welche Anweisung sich auf welchen Rechner genau bezieht!
Mach für jeden Rechnern einen separaten Strang bitte auf

TL logfile created on: 15.02.2013 13:19:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chrisi\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,19 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 57,60% Memory free
6,58 Gb Paging File | 5,28 Gb Available in Paging File | 80,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 49,68 Gb Total Space | 6,47 Gb Free Space | 13,02% Space Free | Partition Type: NTFS
Drive F: | 881,83 Gb Total Space | 289,68 Gb Free Space | 32,85% Space Free | Partition Type: NTFS

Computer Name: CHRISI-PC | User Name: Chrisi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Chrisi\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - F:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe (SteelSeries)
PRC - F:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - F:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\vdhidwdm.dll ()


========== Services (SafeList) ==========

SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (CTUPnPSv) -- C:\Programme\Creative\Creative Centrale\CTUPnPSv.exe (Creative Technology Ltd)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (CTDevice_Srv) -- C:\Programme\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found
DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found
DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found
DRV - (XDva401) -- C:\Windows\system32\XDva401.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (massfilter) -- system32\drivers\massfilter.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (EverestDriver) -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (Mo3Fltr) -- C:\Windows\System32\drivers\Mo3Fltr.sys ()
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (SNP325) -- C:\Windows\System32\drivers\snp325.sys (Sonix Co. Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\..\SearchScopes\{2E0B013F-F488-47C1-BEB6-E3B848E1ADB5}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: aWQzX%40a6z4gWdPu8FF.com:11
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Chrisi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Chrisi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.09.26 12:17:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.02.04 14:42:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 14:49:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.09.26 12:17:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Chrisi\AppData\Roaming\Mozilla\Firefox\Profiles\cin1attw.default\extensions\firejump@firejump.net [2012.02.25 00:48:24 | 000,000,000 | ---D | M]

[2011.09.21 21:25:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chrisi\AppData\Roaming\mozilla\Extensions
[2013.02.14 19:17:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chrisi\AppData\Roaming\mozilla\Firefox\Profiles\cin1attw.default\extensions
[2012.02.25 00:48:24 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Chrisi\AppData\Roaming\mozilla\Firefox\Profiles\cin1attw.default\extensions\firejump@firejump.net
[2012.09.26 17:14:56 | 000,003,684 | ---- | M] () (No name found) -- C:\Users\Chrisi\AppData\Roaming\mozilla\firefox\profiles\cin1attw.default\extensions\aWQzX@a6z4gWdPu8FF.com.xpi
[2013.02.14 19:17:10 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Chrisi\AppData\Roaming\mozilla\firefox\profiles\cin1attw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.08.07 18:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.04 10:29:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.02.06 14:49:46 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.03 01:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 08:49:18 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.03 01:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.03 01:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.03 01:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.03 01:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========


O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SteelSeries World of Warcraft MMO Gaming Mouse] F:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe (SteelSeries)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000..\Run: [DAEMON Tools Lite] F:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000..\Run: [Facebook Update] "C:\Users\Chrisi\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6D32D1B-3934-4A7A-A96C-E1F3216F5F5C}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\24897~1.175\{61d8b~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{530a3b5d-e4e4-11e0-af18-002522dbe937}\Shell - "" = AutoRun
O33 - MountPoints2\{530a3b5d-e4e4-11e0-af18-002522dbe937}\Shell\AutoRun\command - "" = L:\AutoRunLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.02.15 09:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.02.15 09:33:24 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013.02.15 09:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.02.15 09:13:51 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Chrisi\Desktop\HiJackThis.exe
[2013.02.14 08:51:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.02.14 08:51:11 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.02.14 08:51:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.02.14 08:51:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.02.14 08:51:11 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.02.14 08:51:10 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.02.14 08:51:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.02.14 08:51:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.02.13 17:57:48 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.13 17:57:47 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013.02.13 17:57:44 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.13 17:57:44 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.07 13:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrickForce
[2013.02.07 13:00:36 | 000,000,000 | ---D | C] -- C:\BrickForce
[2013.02.05 19:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\TERA
[2013.02.05 19:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2013.02.03 23:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
[2013.02.03 23:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.02.03 23:10:32 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.02.03 23:10:32 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.03 23:10:19 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.03 23:10:19 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.03 23:10:19 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.03 21:46:23 | 000,000,000 | ---D | C] -- C:\Windows\Noslip
[2013.02.03 21:45:41 | 000,317,440 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2013.01.28 20:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.01.28 20:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.01.25 18:51:28 | 000,000,000 | ---D | C] -- C:\Users\Chrisi\AppData\Roaming\Little Inferno
[2013.01.25 13:55:12 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2013.01.25 13:55:12 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2013.01.25 13:55:12 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcm80.dll

========== Files - Modified Within 30 Days ==========

[2013.02.15 13:18:18 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.15 13:18:18 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.15 13:18:18 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.15 13:18:18 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.15 13:11:00 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.02.15 13:10:58 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.15 13:10:58 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.15 13:10:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.15 13:01:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.15 12:55:31 | 000,000,098 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.15 11:33:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3644773473-1287165813-3723838049-1000UA.job
[2013.02.15 09:53:06 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.02.15 09:53:06 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.02.15 09:33:29 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.02.15 09:20:17 | 000,234,454 | ---- | M] () -- C:\Users\Chrisi\Desktop\Unbenannt.jpg
[2013.02.15 09:15:36 | 000,318,369 | ---- | M] () -- C:\Users\Chrisi\Desktop\HiJackThis.zip
[2013.02.15 09:13:51 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Chrisi\Desktop\HiJackThis.exe
[2013.02.14 23:09:43 | 000,000,574 | ---- | M] () -- C:\Windows\wininit.ini
[2013.02.14 10:44:19 | 000,080,351 | ---- | M] () -- C:\Users\Chrisi\Desktop\425991_10200709951371138_1845902280_n.jpg
[2013.02.14 10:21:03 | 000,031,094 | ---- | M] () -- C:\Users\Chrisi\Desktop\valentinstag5.jpg
[2013.02.14 10:20:25 | 000,045,692 | ---- | M] () -- C:\Users\Chrisi\Desktop\valentinstag7.jpg
[2013.02.14 09:40:55 | 000,267,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.13 23:11:54 | 000,195,072 | ---- | M] () -- C:\Users\Chrisi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.13 14:33:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3644773473-1287165813-3723838049-1000Core.job
[2013.02.09 20:25:33 | 000,719,671 | ---- | M] () -- C:\Users\Chrisi\Desktop\XinZhao_WarringKingdoms_Comic.jpg
[2013.02.09 20:25:23 | 000,837,114 | ---- | M] () -- C:\Users\Chrisi\Desktop\Jarvan_WarringKingdoms_Comic.jpg
[2013.02.08 19:01:59 | 000,147,306 | ---- | M] () -- C:\Users\Chrisi\Desktop\banndurchtribanal.jpg
[2013.02.07 13:14:45 | 000,000,582 | ---- | M] () -- C:\Users\Public\Desktop\BrickForce.lnk
[2013.02.04 14:42:38 | 000,000,851 | ---- | M] () -- C:\Users\Chrisi\Desktop\Free YouTube Download.lnk
[2013.02.03 23:16:19 | 000,000,631 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2013.02.03 23:10:09 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.03 23:10:06 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.02.03 23:10:06 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.02.03 23:10:06 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.03 23:10:06 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.03 23:10:06 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.03 21:46:29 | 000,000,024 | ---- | M] () -- C:\Windows\System32\Kene32.uns
[2013.02.03 21:40:03 | 008,773,687 | ---- | M] () -- C:\Users\Chrisi\Desktop\sim53.zip
[2013.01.25 18:45:49 | 000,000,202 | ---- | M] () -- C:\Users\Chrisi\Desktop\Little Inferno.url
[2013.01.22 21:07:42 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.01.22 21:07:42 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.01.21 02:21:07 | 000,021,702 | ---- | M] () -- C:\Users\Chrisi\Desktop\filme.ods
[2013.01.17 01:28:58 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2013.02.15 12:54:34 | 000,000,098 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.15 09:33:36 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.02.15 09:33:35 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.02.15 09:33:35 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.02.15 09:33:29 | 000,001,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.02.15 09:33:29 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.02.15 09:20:17 | 000,234,454 | ---- | C] () -- C:\Users\Chrisi\Desktop\Unbenannt.jpg
[2013.02.15 09:15:35 | 000,318,369 | ---- | C] () -- C:\Users\Chrisi\Desktop\HiJackThis.zip
[2013.02.14 10:44:19 | 000,080,351 | ---- | C] () -- C:\Users\Chrisi\Desktop\425991_10200709951371138_1845902280_n.jpg
[2013.02.14 10:21:02 | 000,031,094 | ---- | C] () -- C:\Users\Chrisi\Desktop\valentinstag5.jpg
[2013.02.14 10:20:24 | 000,045,692 | ---- | C] () -- C:\Users\Chrisi\Desktop\valentinstag7.jpg
[2013.02.09 20:25:33 | 000,719,671 | ---- | C] () -- C:\Users\Chrisi\Desktop\XinZhao_WarringKingdoms_Comic.jpg
[2013.02.09 20:25:21 | 000,837,114 | ---- | C] () -- C:\Users\Chrisi\Desktop\Jarvan_WarringKingdoms_Comic.jpg
[2013.02.08 19:01:59 | 000,147,306 | ---- | C] () -- C:\Users\Chrisi\Desktop\banndurchtribanal.jpg
[2013.02.07 13:00:44 | 000,000,582 | ---- | C] () -- C:\Users\Public\Desktop\BrickForce.lnk
[2013.02.04 14:42:38 | 000,000,851 | ---- | C] () -- C:\Users\Chrisi\Desktop\Free YouTube Download.lnk
[2013.02.03 23:21:26 | 010,306,912 | ---- | C] () -- C:\Users\Chrisi\Desktop\sim53.swf
[2013.02.03 23:16:19 | 000,000,631 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2013.02.03 21:46:29 | 000,000,024 | ---- | C] () -- C:\Windows\System32\Kene32.uns
[2013.02.03 21:39:35 | 008,773,687 | ---- | C] () -- C:\Users\Chrisi\Desktop\sim53.zip
[2013.01.25 18:45:49 | 000,000,202 | ---- | C] () -- C:\Users\Chrisi\Desktop\Little Inferno.url
[2013.01.20 22:54:13 | 000,021,702 | ---- | C] () -- C:\Users\Chrisi\Desktop\filme.ods
[2012.12.09 23:52:12 | 001,527,650 | ---- | C] () -- C:\Windows\System32\libfftw3f-3.dll
[2012.12.09 23:52:12 | 001,527,650 | ---- | C] () -- C:\Windows\System32\fftw3.dll
[2012.12.09 23:52:12 | 000,140,288 | ---- | C] () -- C:\Windows\System32\avsfilter.dll
[2012.12.09 23:52:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\avisynth_c.dll
[2012.12.09 23:52:12 | 000,004,608 | ---- | C] () -- C:\Windows\System32\AvsRecursion.dll
[2012.10.28 00:37:18 | 000,002,292 | ---- | C] () -- C:\Users\Chrisi\AppData\Roaming\ASSDraw3.cfg
[2012.09.25 16:27:32 | 000,000,691 | ---- | C] () -- C:\Users\Chrisi\World of Warcraft.lnk
[2012.08.05 14:38:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012.08.05 14:31:30 | 004,503,728 | ---- | C] () -- C:\ProgramData\rat_0ybba.pad
[2012.07.07 13:56:22 | 000,000,992 | ---- | C] () -- C:\Windows\eReg.dat
[2012.07.04 19:42:09 | 000,000,310 | ---- | C] () -- C:\Users\Chrisi\Öffentlich - Verknüpfung.lnk
[2012.03.19 19:59:46 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2012.03.19 19:59:45 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe
[2012.03.19 19:59:45 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe
[2012.03.19 19:59:45 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini
[2012.03.19 19:59:44 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\rsnp325.dll
[2012.03.19 19:59:44 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnp325.dll
[2012.03.19 19:59:44 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll
[2012.02.25 00:48:25 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.02.05 02:54:24 | 000,000,356 | ---- | C] () -- C:\Users\Chrisi\Download - Verknüpfung (2).lnk
[2012.02.05 02:54:16 | 000,000,356 | ---- | C] () -- C:\Users\Chrisi\Download - Verknüpfung.lnk
[2011.11.04 15:42:43 | 000,000,574 | ---- | C] () -- C:\Windows\wininit.ini
[2011.10.03 18:13:42 | 000,001,024 | ---- | C] () -- C:\Users\Chrisi\.rnd
[2011.09.26 12:07:43 | 000,181,733 | ---- | C] () -- C:\Windows\hpoins44.dat
[2011.09.23 12:13:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.09.23 12:13:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.09.23 12:13:04 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.09.21 23:51:11 | 000,195,072 | ---- | C] () -- C:\Users\Chrisi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.21 23:06:44 | 000,011,136 | ---- | C] () -- C:\Windows\System32\drivers\Mo3Fltr.sys
[2011.09.21 21:08:03 | 000,001,356 | ---- | C] () -- C:\Users\Chrisi\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Computer Name: CHRISI-PC | User Name: Chrisi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3644773473-1287165813-3723838049-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "F:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{572D14CD-E937-4B0A-8A0F-E7B84C991F94}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5931C3EA-91DA-4666-8625-A58031182C99}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0019B3C3-0BD4-4D3A-A486-66B709EA7064}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{01B83E72-B2C3-4FED-A879-28ED80F59FB1}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\gotham city impostors f2p\engine.exe |
"{03E91573-1B3E-42F2-8405-D96ED69C7705}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{073DA792-7903-47BA-AF30-388979F5967F}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\wormsxhd\launcher.exe |
"{0978285E-3045-4071-9112-85057DA574E5}" = protocol=6 | dir=in | app=f:\steam\steam.exe |
"{0A0942A3-ED02-4F09-A76B-6B37C74E8C49}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{0EC16D13-3066-4A1A-BBF9-30475DF74EBB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{10C6DE66-3178-44E2-AD38-E61F806729EE}" = protocol=6 | dir=in | app=f:\steam\steamapps\adriano2003\condition zero\hl.exe |
"{11553C9E-A96D-4805-A4A5-24FAA543AB57}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\gotham city impostors f2p\impostors.exe |
"{12BC57D3-BCF0-43C9-A748-9E873C378EB5}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\wormsxhd\launcher.exe |
"{17D28232-D817-440B-A946-B4F603A2E0C0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{1D66058B-D46D-4817-8901-5A2E4FF6D786}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{1E1B9B6F-360A-4237-BF2A-F47A6C76A2DE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{1E74C2CB-9547-4DE9-AC50-3AE6F19C3231}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{2224E7C7-A6E7-4F7B-9DCA-55BA76BDCEBD}" = dir=in | app=c:\brickforce\bflauncher.exe |
"{22EDC1C1-1079-418A-854F-CFF444E61082}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{2951E3C5-BE57-489F-883E-D2F7D794390C}" = dir=in | app=c:\users\chrisi\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{2C24E2B9-EC85-482A-B20E-C5419B03CE8F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{2D389102-2EB6-4997-8651-AC3AEE4B60AC}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{41FBD74D-954B-4950-9A1E-2BC18E3E6D41}" = protocol=17 | dir=in | app=f:\steam\steamapps\sephiroth19\condition zero\hl.exe |
"{47177E2C-89CA-46E2-9DA9-D6D2D013E55F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{4C01C461-0680-4D21-84AB-D914BC53A73F}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{54F8DAFF-FB57-4681-8D09-1722F56D2BDE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{5C22CD21-4F39-404D-AB89-A656D6B6D750}" = protocol=17 | dir=in | app=f:\steam\steamapps\sephiroth19\condition zero\hl.exe |
"{5C4270F6-92A9-4A27-8191-F5C208A5601B}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{61ACC356-DE4C-4C10-808D-21D3B1BF33A7}" = dir=in | app=c:\brickforce\brickforce.exe |
"{638DC779-D0AF-45C1-93D9-EEA608D6607F}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{64D5C01B-59FE-4CBE-883A-37183DA99578}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\gotham city impostors f2p\impostors.exe |
"{6B75A8C1-014F-49E2-B9A2-3EB68FFC34D0}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\wormsxhd\launcher.exe |
"{6ED1FD8B-2592-4F9A-A9B7-57291EA6AB90}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{734976DD-0D51-4FBE-A112-36BE21078637}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{739A4824-3EB4-47EF-9BF5-2DC3F5943CF4}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{865533CE-1B92-4DC0-A18D-BEAFE331F7F3}" = protocol=17 | dir=in | app=f:\steam\steam.exe |
"{87704A5B-0285-4F19-BCCE-F8EE15D5EA18}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{8DFB3EBB-53B2-4CC5-9C7D-95A903B0688F}" = protocol=6 | dir=in | app=f:\steam\steamapps\sephiroth19\condition zero\hl.exe |
"{8FF47138-6B3D-4067-B2AC-EC31590D9638}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{90BD7CB6-AFC1-4AC0-8D3E-AAB09A946BE1}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{92147873-706D-4A8D-B36C-389E8C5FA42F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{92CC7B23-6153-46F9-9E2F-601BF6BC7734}" = protocol=6 | dir=in | app=f:\steam\steamapps\sephiroth19\condition zero\hl.exe |
"{92ED2C0D-B592-4DB9-AFF5-BE414208497A}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\little inferno beta\little inferno.exe |
"{93EE909A-452C-4E18-AA0D-10F234433BA3}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{963F2FE4-0DD4-46D7-B6E5-04E9EC861EE7}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{976A3818-4B13-4A4B-8825-D89083C4F744}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{9ED2FFFC-6645-4134-865B-90998822A41F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{A418CCA1-BD51-4C1D-92B9-222E3653859A}" = protocol=6 | dir=in | app=f:\steam\steam.exe |
"{A4FA24D6-9DA6-42AB-A2D7-C1810BF0F40B}" = protocol=17 | dir=in | app=f:\steam\steam.exe |
"{AACC63A8-C109-492E-80AB-4CE78EC02757}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{AD63EDE2-E6A0-4AFA-8BA6-DBAF93CF13D6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{B06CE38C-ECDD-4E09-9754-3970F7F0772C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{B09D88E0-0DB5-4BFF-ABE7-35C9C617BD37}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{B3CACB23-85C6-4BFB-A8DF-E5DF1E2EB677}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{B4E663F3-E848-4D29-BA4D-DD634B036E40}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{C2FD8B3D-168B-4BCB-A98B-D2A3F33C7FE2}" = protocol=17 | dir=in | app=f:\steam\steamapps\adriano2003\condition zero\hl.exe |
"{C4DC6E1A-6108-4DA0-8279-FA9D16E74E2F}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{C7921031-1201-4047-8EAF-021E3BD58B23}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{C89DBF20-B5AB-4D89-BB67-D9F4A6D69056}" = protocol=6 | dir=in | app=f:\steam\steamapps\sephiroth19\counter-strike\hl.exe |
"{CACC782D-35E6-4EA9-9F2B-EA2BC7FCC070}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{D1AD840F-1B98-4BCB-96C3-9E186DE6D1FE}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\little inferno beta\little inferno.exe |
"{D5CACE7F-BC7E-4989-AE94-2EC7FE892C40}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\wormsxhd\launcher.exe |
"{D5F8CE7D-060A-4ABF-AFA1-D003D8953B0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D8D2F0DB-5322-42C7-981E-FA7CD7FCD4ED}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{DC12E4A3-9260-43C3-AC66-A729D550A2A9}" = protocol=6 | dir=in | app=f:\steam\steam.exe |
"{E809E3E5-EDC0-4C9E-9D10-ADDA9ADDD7B7}" = protocol=17 | dir=in | app=f:\steam\steam.exe |
"{E9E1CEBB-5CBF-454D-BDC3-C3643AAFC2BB}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\gotham city impostors f2p\engine.exe |
"{EE48E056-62C5-433F-AC22-F35E808B770D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{EF62A453-D30A-4999-A642-867D0AA901EC}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{F24D840E-499F-4132-A5D7-D92C15AE443C}" = protocol=17 | dir=in | app=f:\steam\steamapps\sephiroth19\counter-strike\hl.exe |
"{FE585DC4-42AA-4CA2-99CE-BC0E71B86050}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"TCP Query User{0A39492D-2791-49E4-958F-DF48DCF889E4}C:\users\chrisi\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\chrisi\appdata\roaming\spotify\spotify.exe |
"TCP Query User{1553C54D-A429-4CC1-8F64-460513429D4D}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{2359F5B9-CC9F-4204-B190-299BBECB8C8C}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{41B09284-2838-498E-BB2A-9E6DA33E12CA}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{60C94F26-3FB3-4AD4-A90A-A577EA9CD763}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{64F8B2D6-E14D-432E-94B2-224E8E8AC5B6}J:\kernis ordner\netzwerk\spiele\quake iii arena\quake3.exe" = protocol=6 | dir=in | app=j:\kernis ordner\netzwerk\spiele\quake iii arena\quake3.exe |
"TCP Query User{705040F4-72CF-4197-BD03-E500B919A18A}F:\program files\tera\tera-launcher.exe" = protocol=6 | dir=in | app=f:\program files\tera\tera-launcher.exe |
"TCP Query User{9FDA3360-2303-4C02-921B-EC5097ADC185}F:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{DCC26EC0-5EB1-4435-91BC-9A3D384BE76B}F:\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=f:\diablo iii\diablo iii.exe |
"TCP Query User{EF165D6F-0349-4D58-BD49-A65E3E863DE7}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{17DDABEF-F235-4CB7-8887-71765895A195}J:\kernis ordner\netzwerk\spiele\quake iii arena\quake3.exe" = protocol=17 | dir=in | app=j:\kernis ordner\netzwerk\spiele\quake iii arena\quake3.exe |
"UDP Query User{50697E30-03CA-410F-8C35-AF5CD02E8327}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{6ADDD2A2-BE1B-4F1B-A978-9750668B7746}C:\users\chrisi\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\chrisi\appdata\roaming\spotify\spotify.exe |
"UDP Query User{8009AE83-EE37-4610-9A06-655E5DA2CD95}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{81920079-D706-44AE-8C8D-505DCD80F9D7}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{A5FE8325-F0DB-44E7-8977-AA4B6E97A410}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{D777427A-882F-4315-981E-724334E62E3E}F:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{F1D60C1A-651C-424D-A57B-E928D9B20DA0}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{FA2689BC-FABE-4F3A-AF35-6D0AE59CBFC1}F:\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=f:\diablo iii\diablo iii.exe |
"UDP Query User{FF5C06D4-A7D1-4DD2-820B-D54ED167BD10}F:\program files\tera\tera-launcher.exe" = protocol=17 | dir=in | app=f:\program files\tera\tera-launcher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1" = Aegisub 2.1.9
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E7C721D-B008-4269-A1C4-2CE7E9757983}" = BoneTown
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{726DBFE3-BE2B-4FFA-9787-D6495765CFD2}" = Microsoft LifeCam
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C9DF0468-5F31-4799-B4FE-CBAD37FFB8DE}" = World of Warcraft MMO Gaming Mouse
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump 1.0.1.8
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}" = The Simpsons Hit & Run(TM)
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = 325 USB PC Camera
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Any Video Converter_is1" = Any Video Converter 3.4.1
"Brick-Force" = Brick-Force
"Cosplay Alien_is1" = Cosplay Alien
"Creative Centrale" = Creative Centrale
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"Fraps" = Fraps (remove only)
"Free Studio_is1" = Free Studio version 5.2.1
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.15.706
"Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MKVToolNix" = MKVToolNix 5.5.0
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Recuva" = Recuva
"Sachabenteuer_is1" = Toggolino - Sachabenteuer
"Shop for HP Supplies" = Shop for HP Supplies
"Steam App 206210" = Gotham City Impostors: Free To Play
"Steam App 221260" = Little Inferno
"Steam App 440" = Team Fortress 2
"Steam App 65800" = Dungeon Defenders
"Steam App 70600" = Worms Ultimate Mayhem
"Steam App 80" = Counter-Strike: Condition Zero
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.0
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"World of Warcraft" = World of Warcraft
"XviD4PSP5_is1" = XviD4PSP 5.10.271.0
"ZENSTYLESERIESUG" = Creative ZEN Style Series Dokumentation

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3644773473-1287165813-3723838049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13.02.2013 18:55:58 | Computer Name = Chrisi-PC | Source = WinMgmt | ID = 10
Description =

Error - 14.02.2013 03:44:30 | Computer Name = Chrisi-PC | Source = MsiInstaller | ID = 11609
Description =

Error - 14.02.2013 03:45:42 | Computer Name = Chrisi-PC | Source = WinMgmt | ID = 10
Description =

Error - 14.02.2013 04:41:31 | Computer Name = Chrisi-PC | Source = WinMgmt | ID = 10
Description =

Error - 14.02.2013 10:22:27 | Computer Name = Chrisi-PC | Source = WinMgmt | ID = 10
Description =

Error - 14.02.2013 11:32:09 | Computer Name = Chrisi-PC | Source = WinMgmt | ID = 10
Description =

Error - 14.02.2013 18:12:41 | Computer Name = Chrisi-PC | Source = WinMgmt | ID = 10
Description =

Error - 15.02.2013 03:26:18 | Computer Name = Chrisi-PC | Source = WinMgmt | ID = 10
Description =

Error - 15.02.2013 04:53:19 | Computer Name = Chrisi-PC | Source = WinMgmt | ID = 10
Description =

Error - 15.02.2013 08:11:34 | Computer Name = Chrisi-PC | Source = WinMgmt | ID = 10
Description =

[ Spybot - Search and Destroy Events ]
Error - 15.02.2013 04:51:29 | Computer Name = Chrisi-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 15.02.2013 05:21:16 | Computer Name = Chrisi-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 15.02.2013 08:23:39 | Computer Name = Chrisi-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 15.02.2013 08:23:45 | Computer Name = Chrisi-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 15.02.2013 08:23:45 | Computer Name = Chrisi-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 15.02.2013 08:23:51 | Computer Name = Chrisi-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 15.02.2013 08:23:51 | Computer Name = Chrisi-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 15.02.2013 08:23:56 | Computer Name = Chrisi-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 15.02.2013 08:23:57 | Computer Name = Chrisi-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 15.02.2013 08:23:58 | Computer Name = Chrisi-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 15.02.2013 08:23:58 | Computer Name = Chrisi-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 15.02.2013 08:23:58 | Computer Name = Chrisi-PC | Source = Service Control Manager | ID = 7001
Description =


So habe alles gemacht wie sie mir beschrieben haben leider kommt aber dieses fenster noch immer auf.

ok gut ich habe jetzt nur von einen computer die Logfiles kopiert und eingefügt muss aber dazusagen das ich es gut finde das sie mir die programme geraten haben den es ist vieles weggekommen

Ich hab auch nirgendwo geschrieben, dass wir nur nach adwCleaner und OTL schon fertig sind!

Die nächsten Logs bitte in CODE-Tags posten



Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

• Starte bitte die mbar.exe.
• Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
• Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
• Klicke auf den CleanUp Button und erlaube den Neustart.
• Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
• Nach dem Neustart starte die mbar.exe erneut.
• Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Achso dachte es wäre schon fertig, bin mit solchen programmen nicht vertraut aber gut das es solche programme gibt

Was ist mit dem anderen Tool?

mbar ergebnis war negativ also 0 resultate

Die Logs bitte trotzdem immer posten

bitte schön :daumenhoc

aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

• Starte die aswMBR.exe - (aswMBR.exe Anleitung)
  Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
• Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
  Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  
• Klicke auf Scan.
• Warte bitte bis Scan finished successfully im DOS-Fenster steht.
• Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

• Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
• Drücke Start Scan
  
• Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
  TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
  Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Setze oben mittig den Haken bei Scanne alle Benutzer
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles in CODE-Tags hier in den Thread.

Bei OTL kam diesmal nur ein Bericht habe überall gesucht für das 2te Logfile.
Die Seite die sich immer geöffnet hatte ist nun schon seit 2h nicht mehr gekommen.
Sieht gut aus.

Die seite ist wieder aufgetaucht was für ein dreck