Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Rootkit? Werbeeinblendungen und Wiederkehrende Änderung der Host-Datei (https://www.trojaner-board.de/127490-rootkit-werbeeinblendungen-wiederkehrende-aenderung-host-datei.html)

B29Korn 25.11.2012 01:02
Rootkit? Werbeeinblendungen und Wiederkehrende Änderung der Host-Datei
 
Guten Abend liebes Board, wie es ausschaut hat es meinen Laptop erwischt und das auch noch recht Böse. Hatte das Teil einem Kumpel geliehen als sein PC defekt war und merke heute, dass da was nicht stimmt. Er hat nach eigenen Angaben nichts gedownloaded und tippt auf 'ne Infektion via Java-Script, da er auch nicht meinen FireFox mit NoScript genutzt hat sondern Chrome weil er den Browser bevorzugt.

Nun gut, bemerkt habe ich das ganze durch 'ne Werbeeinblendung die recht aggressiv in jedem Webbrowser und sogar in Steamaufpoppt, das ganze Links unten im entsprechenden Browser.
Hab sofort mit MSConfig den Autostart gecheckt aber nichts gefunden.
Ein Blick in die Registry ergab auch nichts verdächtiges, auch im Taskmanager sah alles sauber aus.
Hab danach Malwarebytes Anti-Malware, den Eset Online Scanner sowie Super-Antispyware laufen lassen. Nicht ein Fund. Komisch dachte ich mir, hab HiJackThis angeschmissen und dann auch schon eine Meldung, dass nicht auf die Hosts-Datei zugegriffen werden kann. Hmm.
Ein Blick in den Ordner der Hosts-Datei ergab.. nichts. Sie war nicht mehr für mich sichtbar.

Die Einträge der Host-Datei sind im HiJackThis Log trotzdem sichtbar.
Wenn ich mich nicht irre hat man es da sogar auf meinen Facebook Account abgesehen?

Anschließend hab ich das Tool RogueKiller angeschmissen und eine Datei gefunden und gekillt. Werbung hat dann sogar aufgehört.
Pc neugestartet und peng die Werbung war wieder da, die gefundene Datei aber nichtmehr.

Ich hab wirklich keine Ahnung mehr wo das ganze stecken könnte und tippe mal auf ein RootKit?

Nachfolgend alle Logs, manche editiere ich später noch rein.
Und ja, ich habe meinen Namen bewusst nicht rauseditiert, ist nix bei und so oder so schon falsch geschrieben :pfeiff:

HiJackThis
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:23:51, on 25.11.2012
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
 
Running processes:
C:\Users\Chis\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
C:\Users\Chis\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Chis\Downloads\HiJackThis204.exe
C:\Windows\SysWOW64\DllHost.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O1 - Hosts: 66.197.194.232 www.google-analytics.com.
O1 - Hosts: 66.197.194.232 ad-emea.doubleclick.net.
O1 - Hosts: 66.197.194.232 www.statcounter.com.
O1 - Hosts: 66.197.194.232 connect.facebook.net.
O1 - Hosts: 93.115.241.27 www.google-analytics.com.
O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net.
O1 - Hosts: 93.115.241.27 www.statcounter.com.
O1 - Hosts: 93.115.241.27 connect.facebook.net.
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Chis\AppData\Local\Akamai\netsession_win.exe"
O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Launcher.lnk = C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ALDITALKVerbindungsassistent_Service - Unknown owner - C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 7516 bytes
Super AntiSpyware
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
 
Generated 11/25/2012 at 00:27 AM
 
Application Version : 5.6.1010
 
Core Rules Database Version : 9633
Trace Rules Database Version: 7445
 
Scan type      : Complete Scan
Total Scan Time : 00:54:07
 
Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Limited User
 
Memory items scanned      : 521
Memory threats detected  : 0
Registry items scanned    : 75710
Registry threats detected : 2
File items scanned        : 53814
File threats detected    : 9
 
Security.HiJack[ImageFileExecutionOptions]
    (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UTILMAN.EXE
    (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UTILMAN.EXE#Debugger
 
Adware.Tracking Cookie
    .toplist.cz [ C:\USERS\CHIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HA2UBE1I.DEFAULT\COOKIES.SQLITE ]
    .xiti.com [ C:\USERS\CHIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HA2UBE1I.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\CHIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HA2UBE1I.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\CHIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HA2UBE1I.DEFAULT\COOKIES.SQLITE ]
    stats.computecmedia.de [ C:\USERS\CHIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HA2UBE1I.DEFAULT\COOKIES.SQLITE ]
    .flagcounter.com [ C:\USERS\CHIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HA2UBE1I.DEFAULT\COOKIES.SQLITE ]
    www.elitepvpers.com [ C:\USERS\CHIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HA2UBE1I.DEFAULT\COOKIES.SQLITE ]
    www.elitepvpers.com [ C:\USERS\CHIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HA2UBE1I.DEFAULT\COOKIES.SQLITE ]
    .tracker.vinsight.de [ C:\USERS\CHIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HA2UBE1I.DEFAULT\COOKIES.SQLITE ]
Die "Entführung" der Utilman.exe war ich selber, nicht wundern. Hab mir da die CMD rein, falls mal GVU-Virus o.Ä..
Mbam
Code:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
 
Datenbank Version: v2012.11.24.05
 
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Chis :: CHRIS [Administrator]
 
24.11.2012 23:32:50
mbam-log-2012-11-24 (23-32-50).txt
 
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 346087
Laufzeit: 56 Minute(n), 57 Sekunde(n)
 
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
 
(Ende)
RogueKiller
Code:
RogueKiller V8.3.1 [Nov 23 2012] durch Tigzy
mail: tigzyRK<at>gmail<dot>com
 
mail : tigzyRK<at>gmail<dot>com
Kommentare : hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Webseite : hxxp://tigzy.geekstogo.com/roguekiller.php
Blog : hxxp://tigzyrk.blogspot.com/
 
Betriebssystem : Windows 7 (6.1.7600 ) 64 bits version
Gestartet in : Normaler Modus
Benutzer : Chis [Admin Rechte]
Funktion : Scannen -- Datum : 11/24/2012 21:49:04
 
¤¤¤ Böswillige Prozesse : 0 ¤¤¤
 
¤¤¤ Registry-Einträge : 5 ¤¤¤
[TASK][Rans.Gendarm] task3297003 : C:\Users\Chis\AppData\Local\Temp\0.3747498198157567.exe  -> GEFUNDEN
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{6D90BCB2-3105-4204-91E9-30BDB6994391} : NameServer (212.23.115.148 212.23.97.3) -> GEFUNDEN
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{6D90BCB2-3105-4204-91E9-30BDB6994391} : NameServer (212.23.115.148 212.23.97.3) -> GEFUNDEN
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN
 
¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤
 
¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤
 
¤¤¤ Infektion : Rans.Gendarm ¤¤¤
 
¤¤¤ Hosts-Datei: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
127.0.0.1      localhost
::1            localhost
66.197.194.232 www.google-analytics.com.
66.197.194.232 ad-emea.doubleclick.net.
66.197.194.232 www.statcounter.com.
66.197.194.232 connect.facebook.net.
93.115.241.27 www.google-analytics.com.
93.115.241.27 ad-emea.doubleclick.net.
93.115.241.27 www.statcounter.com.
93.115.241.27 connect.facebook.net.
 
 
¤¤¤ MBR überprüfen: ¤¤¤
 
+++++ PhysicalDrive0: ST9500325AS ATA Device +++++
--- User ---
[MBR] aabde65b904df61a8f4a882d518a2a56
[BSP] 5ae74f563822d94b622db51fa75c6b64 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 2048 | Size: 13000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 26626048 | Size: 231966 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 501692416 | Size: 228352 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 969357312 | Size: 3620 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Abgeschlossen : << RKreport[1]_S_11242012_02d2149.txt >>
RKreport[1]_S_11242012_02d2149.txt
Eset Online Scanner
Code:
C:\Users\Chis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\385d250e-67e65529    Win32/Simda.B Trojaner    Gesäubert durch Löschen - in Quarantäne kopiert
AdwCleaner
Code:
# AdwCleaner v2.009 - Datei am 25/11/2012 um 01:06:45 erstellt
# Aktualisiert am 24/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : Chis - CHRIS
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Chis\Downloads\adwcleaner.exe
# Option [Suche]
 
 
**** [Dienste] ****
 
 
***** [Dateien / Ordner] *****
 
 
***** [Registrierungsdatenbank] *****
 
 
***** [Internet Browser] *****
 
-\\ Internet Explorer v8.0.7600.16385
 
[OK] Die Registrierungsdatenbank ist sauber.
 
-\\ Mozilla Firefox v17.0 (de)
 
Profilname : default
Datei : C:\Users\Chis\AppData\Roaming\Mozilla\Firefox\Profiles\ha2ube1i.default\prefs.js
 
[OK] Die Datei ist sauber.
 
-\\ Google Chrome v [Version kann nicht ermittelt werden]
 
Datei : C:\Users\Chis\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] Die Datei ist sauber.
 
*************************
 
AdwCleaner[R1].txt - [900 octets] - [25/11/2012 01:06:45]
 
########## EOF - C:\AdwCleaner[R1].txt - [959 octets] ##########
Bild
hxxp://epvpimg.com/I9vtb

UPDATE: Eset-Scanner hat dieses mal doch etwas gefunden!
Siehe Log!
Anmerkung zum Eset-Fund:
hxxp://www.virusradar.com/Win32_Simda.B/description

Weiterer Nachtrag:
Habe schon fast vergessen, dass es auch Weiterleitung auf andere Websites wie hxxp://www2.beinhome.com/ gibt.


Danke schonmal für Hilfe!
Gruß Korn

Jetzt noch OTL-Logfiles gemacht, Werbung ist immernoch da.

Extra.txt
Code:
OTL Extras logfile created on: 25.11.2012 11:43:06 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Chis\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 61,35% Memory free
7,99 Gb Paging File | 5,93 Gb Available in Paging File | 74,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226,53 Gb Total Space | 146,48 Gb Free Space | 64,66% Space Free | Partition Type: NTFS
Drive E: | 7,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: CHRIS | User Name: Chis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0635CC38-A831-4D97-9C7B-9E4CCB527914}" = lport=445 | protocol=6 | dir=in | app=system |
"{1895D173-509E-4967-926F-41A8B5E70D3B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3AA6598E-8E7C-4070-8771-B38CBDE877F4}" = rport=137 | protocol=17 | dir=out | app=system |
"{4BBFB9F1-40D1-44AF-B2B7-9EFE19EDE874}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{53ED5CC9-ACE3-475C-8234-F881AC34BEF2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A24BDB2-2FAF-4A53-9DC2-11FAFFFB3AC8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5DB10EC1-40C5-468A-AE84-CE84962AC698}" = rport=138 | protocol=17 | dir=out | app=system |
"{5DFD7216-4914-4E6D-A106-1311EC39B363}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5FD9DFC5-6D83-4C43-8897-D237FFA14989}" = lport=139 | protocol=6 | dir=in | app=system |
"{649175A3-D97B-4BAC-A841-87C57DB136C8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8511A323-084A-47C0-81A2-01F0B44DFB77}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8F08DBA7-F361-48A5-B137-B654AC096B8B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{900819FD-C7B5-4DDD-8E34-C4661356F23A}" = lport=137 | protocol=17 | dir=in | app=system |
"{9A1EE742-162E-4A20-9228-961070433264}" = lport=138 | protocol=17 | dir=in | app=system |
"{9AB256FA-9D2A-49FC-9FC3-E74AFA7F4CD9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A9B549C4-2E43-44F0-9E95-A7F4A6837FC7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B82BFA6F-0DC5-4F05-A453-C65BF8BAC0AB}" = rport=139 | protocol=6 | dir=out | app=system |
"{C71F537A-B9BF-4364-83DA-9D078A7DC08A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D3CB7560-C37E-4901-B42E-81B2A92772B9}" = rport=445 | protocol=6 | dir=out | app=system |
"{E2EB5F47-3968-4188-8507-4624BC257F53}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E74B0476-DF6A-42A5-8823-0F12FFB7F417}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03519D90-1CF7-4C30-9547-077250194A45}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{1A66982B-AB30-484E-A25A-C71B1BEB0861}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1EBF703B-882E-484D-8D32-F3A04C885E6C}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{229BA63D-757D-4B4D-8277-108994F38435}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{248BAC2C-D67F-4133-8931-718D5A73C33F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{30F5E948-83E6-4DBE-BA4D-9ED40457ADBC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{31007061-29C0-45B5-9528-17791DA1FF53}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{317E7528-BD58-4AD7-B341-9C4EBFBECA1E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3D46E912-BAE0-4380-A8E0-5754B9DA3CB2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman 2 silent assassin\config.exe |
"{477CD583-877F-4D6E-9F2F-8183E7AD557F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{4F3253BF-2E1E-4FA5-B73D-7CB067C1F033}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{6211B194-AB86-422F-9D98-D31E6E978186}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{63988B83-CE9E-4825-BCB1-BD9EE6B2B993}" = protocol=6 | dir=out | app=system |
"{6CDC8301-D9FD-487C-8C69-41D9DF2904A9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D94B4B0-67AC-4C57-ABB8-4F896FF108C5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{7D5B9FFB-0525-4A2C-BA63-B24998158B68}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7D8B34A6-2C22-44A3-89EB-9E160158FAA0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8708CD7A-0352-4B7C-97F8-3B949065B34F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{95A82BA5-F9F0-4C1C-9E0D-176A0650D253}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{99890560-4A45-4A1B-86F0-8893F1673E2D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{A103D495-0E30-4F85-BF58-C24592C04543}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A9D8E3F2-12B5-4269-B2B4-C9F07AC736D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman 2 silent assassin\hitman2.exe |
"{B5220BEF-3FAD-462F-A94C-3B979845ACE5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{BA1887E9-F069-41B3-98BA-D83AB028513D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman 2 silent assassin\hitman2.exe |
"{BACF2C85-4F1E-4A06-8041-9F9748AD2231}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman 2 silent assassin\config.exe |
"{C2813BD9-4FFD-4771-8D3E-76D77263C956}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C4AEACEB-55EB-41DD-B599-3C0044C25A6F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D52AE436-CB4C-4F38-B2E8-D437ADFAB126}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D8B772A7-655C-476D-AE6F-6FB8FBEBC186}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DAA81589-5FB0-4B54-8C01-66EA66286EBA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E0FFCD5C-CD0F-413B-BAA6-A010277A2075}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{EAC10EC7-D2A3-466E-90AE-8C86BCBF8CB4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EDC9795D-6003-4EA8-AB87-28CA4DBBD4FA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F52789AE-CC0E-4C5F-8B6A-D73D703A6033}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{F8EBB1EC-AE7A-406B-9D77-E61B2E2C5155}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FBD01B46-4943-4FA8-9A49-3BEECD7E78F2}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"TCP Query User{049AAFED-9BBF-44AA-B8A2-FA553837162C}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"TCP Query User{0EBC5B52-4103-4C52-BC09-59177779CF6D}C:\program files (x86)\steam\steamapps\livingfail\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\livingfail\counter-strike source\hl2.exe |
"TCP Query User{160BE8EE-BD62-4F51-8039-597A78A77F83}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{194FC448-302F-4F02-AB09-52E31CD12FE9}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{4D84F85C-4B70-412F-978D-87FF7A75A786}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{9B5ACF86-CACF-4F08-9DB0-2812F9137A42}C:\program files (x86)\steam\steamapps\livingfail\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\livingfail\team fortress 2\hl2.exe |
"TCP Query User{A5E48CFF-B32F-4528-BAFC-40624D14DDA6}C:\users\chis\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\chis\appdata\local\akamai\netsession_win.exe |
"TCP Query User{F5B47925-6F07-4CED-8154-3179C78BEAA4}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{173D9E96-B00F-48BA-A71E-967240397E8F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{1C873950-E86D-470E-80EC-AAA08B7A48E9}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{3105DD6F-D9B1-4279-B74B-C3ED950E3651}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{41895E38-0B07-4E87-B7EB-9ACDC9019407}C:\users\chis\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\chis\appdata\local\akamai\netsession_win.exe |
"UDP Query User{82932E0D-47CE-423D-85CC-EF6D30806605}C:\program files (x86)\steam\steamapps\livingfail\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\livingfail\team fortress 2\hl2.exe |
"UDP Query User{8BE68294-B180-4B39-ACD1-79C701D5CA79}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{BCEE97BE-85E1-4FBA-866B-76D173E69B0F}C:\program files (x86)\steam\steamapps\livingfail\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\livingfail\counter-strike source\hl2.exe |
"UDP Query User{CAE74E85-FCA3-4DDC-85EA-F7007E8750ED}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"CCleaner" = CCleaner
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{C8DFDC1C-88EC-482D-9279-1E909C1552F1}" = Aeria Ignite
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aeria Ignite" = Aeria Ignite
"Aeria Ignite 1.10.1721" = Aeria Ignite
"ALDITALKVerbindungsassistent" = ALDI TALK Verbindungsassistent
"ESET Online Scanner" = ESET Online Scanner v3
"Last Chaos" = Last Chaos
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"StarCraft II" = StarCraft II
"Steam App 240" = Counter-Strike: Source
"Steam App 440" = Team Fortress 2
"Steam App 6850" = Hitman 2: Silent Assassin
"Steam App 730" = Counter-Strike: Global Offensive
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.8.3 (64-bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.11.2012 04:57:14 | Computer Name = Chris | Source = ESENT | ID = 455
Description = Windows (2744) Windows: Fehler -1811 beim Öffnen von Protokolldatei
 C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00008.log.
 
Error - 25.11.2012 04:57:15 | Computer Name = Chris | Source = Windows Search Service | ID = 9000
Description =
 
Error - 25.11.2012 04:57:15 | Computer Name = Chris | Source = Windows Search Service | ID = 7040
Description =
 
Error - 25.11.2012 04:57:15 | Computer Name = Chris | Source = Windows Search Service | ID = 7042
Description =
 
Error - 25.11.2012 04:57:15 | Computer Name = Chris | Source = Windows Search Service | ID = 9002
Description =
 
Error - 25.11.2012 04:57:15 | Computer Name = Chris | Source = Windows Search Service | ID = 3029
Description =
 
Error - 25.11.2012 04:57:15 | Computer Name = Chris | Source = Windows Search Service | ID = 3029
Description =
 
Error - 25.11.2012 04:57:15 | Computer Name = Chris | Source = Windows Search Service | ID = 3028
Description =
 
Error - 25.11.2012 04:57:15 | Computer Name = Chris | Source = Windows Search Service | ID = 3058
Description =
 
Error - 25.11.2012 04:57:15 | Computer Name = Chris | Source = Windows Search Service | ID = 7010
Description =
 
[ System Events ]
Error - 18.11.2012 07:03:59 | Computer Name = Chris | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 23.11.2012 11:34:19 | Computer Name = Chris | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?11.?2012 um 12:40:45 unerwartet heruntergefahren.
 
Error - 23.11.2012 12:32:13 | Computer Name = Chris | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?23.?11.?2012 um 17:31:10 unerwartet heruntergefahren.
 
Error - 24.11.2012 18:04:49 | Computer Name = Chris | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 24.11.2012 18:04:49 | Computer Name = Chris | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 24.11.2012 18:05:16 | Computer Name = Chris | Source = DCOM | ID = 10005
Description =
 
Error - 24.11.2012 18:05:16 | Computer Name = Chris | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 24.11.2012 18:05:16 | Computer Name = Chris | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1053
 
Error - 25.11.2012 04:57:15 | Computer Name = Chris | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 25.11.2012 04:57:15 | Computer Name = Chris | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
 
< End of report >
OTL.txt
Code:
OTL logfile created on: 25.11.2012 11:43:06 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Chis\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 61,35% Memory free
7,99 Gb Paging File | 5,93 Gb Available in Paging File | 74,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226,53 Gb Total Space | 146,48 Gb Free Space | 64,66% Space Free | Partition Type: NTFS
Drive E: | 7,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: CHRIS | User Name: Chis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Chis\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\USERS\CHIS\APPDATA\LOCAL\TEMP\TEMP1_PROCESS1523EXPLORER.ZIP\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Users\Chis\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
PRC - C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\8ea4f2a14f034a52843ddf37991c9f6d\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\fedb1433422296012c8ce48902458bf1\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\b6d5fa75e3cc493fa9d509124d5962ba\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\293cfe2c05a8ee921726927fd00ea81c\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\48576847f23080832be66e93d8e964bf\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\48576847f23080832be66e93d8e964bf\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\dcf2b1a7011858156e5b759de2e5e598\PresentationFramework-SystemXml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\0dbb2348461d98c3319e8a3fa729eb68\PresentationFramework-SystemData.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9ba07396ae369d010c5c3927a82ef426\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cc4d9093563dadee370788bbc3ecf4fb\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\22ae167d586450ad3a9b9a9ee43ebc86\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\1aea3525c318ac7218966d7b91c52ff1\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\95623e12dc6a64d28bad5b85f4c730ae\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\72269ea7cc6281139e4d155e7c57dc67\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9a6093eb864d6729de75ec4b955dddb1\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\28586400bcaf94c13a9fd0dff4a1e090\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\e7d92730b571b31e62c2cf257f04a974\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\97e6b67983d07a066b68b3ae8be2f53d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b52bc540630c3aa5de542c382af35c20\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\cd235caf797fb017f140016be88f33b7\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b9f7adbc90a2bcbe8eb9e6e8d2bb975b\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e40da7a49f8c3f0108e7c835b342f382\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\51e2934144ba15628ba5a31be2dae7dc\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (ALDITALKVerbindungsassistent_Service) -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (ewusbnet) -- C:\Windows\SysWOW64\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\SysWOW64\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C B0 C2 2E C0 C9 CD 01  [binary data]
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.2
FF - prefs.js..extensions.enabledAddons: stefanvandamme%40stefanvd.net:2.1.0.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.24 15:53:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.07.03 14:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\Extensions
[2012.11.24 16:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\Firefox\Profiles\ha2ube1i.default\extensions
[2012.11.24 16:01:17 | 000,634,131 | ---- | M] () (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\firefox\profiles\ha2ube1i.default\extensions\stefanvandamme@stefanvd.net.xpi
[2012.11.24 16:01:17 | 000,530,519 | ---- | M] () (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\firefox\profiles\ha2ube1i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.11.24 15:54:28 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\firefox\profiles\ha2ube1i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.24 15:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.20 07:17:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Chis\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
 
O1 HOSTS File: ([2012.11.24 14:14:44 | 000,001,473 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 66.197.194.232 www.google-analytics.com.
O1 - Hosts: 66.197.194.232 ad-emea.doubleclick.net.
O1 - Hosts: 66.197.194.232 www.statcounter.com.
O1 - Hosts: 66.197.194.232 connect.facebook.net.
O1 - Hosts: 93.115.241.27 www.google-analytics.com.
O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net.
O1 - Hosts: 93.115.241.27 www.statcounter.com.
O1 - Hosts: 93.115.241.27 connect.facebook.net.
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1525606088-1403732290-800922509-1000..\Run: [Akamai NetSession Interface] C:\Users\Chis\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1525606088-1403732290-800922509-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1525606088-1403732290-800922509-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1525606088-1403732290-800922509-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Chis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05218312-76DA-4793-BBF9-3A306F064BE8}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8CD4DB1-850C-478E-8029-8CEC3557DAAC}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\CHIS\APPDATA\LOCAL\TEMP\TEMP1_PROCESS1523EXPLORER.ZIP\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O27:64bit: - HKLM IFEO\utilman.exe: Debugger - C:\Windows\SysNative\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\CHIS\APPDATA\LOCAL\TEMP\TEMP1_PROCESS1523EXPLORER.ZIP\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O27 - HKLM IFEO\utilman.exe: Debugger - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{74e1ea67-c5ee-11e1-883a-00a0d1ae0de0}\Shell - "" = AutoRun
O33 - MountPoints2\{74e1ea67-c5ee-11e1-883a-00a0d1ae0de0}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{74e1ea93-c5ee-11e1-883a-00a0d1ae0de0}\Shell - "" = AutoRun
O33 - MountPoints2\{74e1ea93-c5ee-11e1-883a-00a0d1ae0de0}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.25 00:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.11.24 23:45:25 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Wireshark
[2012.11.24 23:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012.11.24 23:43:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012.11.24 23:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2012.11.24 23:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.11.24 23:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.11.24 21:48:22 | 000,000,000 | ---D | C] -- C:\Users\Chis\Desktop\RK_Quarantine
[2012.11.24 21:39:44 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Local\Aeria Games
[2012.11.24 21:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2012.11.24 21:37:07 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012.11.24 21:22:47 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012.11.24 21:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012.11.24 21:22:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aeria Games
[2012.11.24 21:22:41 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Aeria Games & Entertainment
[2012.11.24 21:10:26 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Local\Akamai
[2012.11.24 21:10:25 | 000,000,000 | ---D | C] -- C:\AeriaGames
[2012.11.24 17:08:41 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\SUPERAntiSpyware.com
[2012.11.24 17:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.11.24 17:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.11.24 17:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.11.24 15:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.11.24 15:53:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.11.24 14:24:16 | 000,000,000 | ---D | C] -- C:\Users\Chis\Pc SAFE
[2012.11.17 18:19:20 | 000,000,000 | ---D | C] -- C:\Users\Chis\Desktop\BonezMC
[2012.11.17 18:19:16 | 000,000,000 | ---D | C] -- C:\Users\Chis\Desktop\Imbiss_Bronko-Fettsack_4_Life-DE-2012-VOiCE
[2012.11.04 11:28:46 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\Users\Chis\Documents\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012.11.04 11:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.11.04 11:21:23 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\wargaming.net
[2012.11.04 11:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2012.11.04 11:20:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012.11.04 11:20:47 | 000,000,000 | ---D | C] -- C:\Games
[2012.10.27 15:18:30 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Malwarebytes
[2012.10.27 15:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.27 15:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.27 15:18:24 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.27 15:18:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.25 11:25:16 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.25 11:25:16 | 000,698,926 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.25 11:25:16 | 000,653,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.25 11:25:16 | 000,149,034 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.25 11:25:16 | 000,121,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.25 11:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.25 10:04:09 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.25 10:04:09 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.25 09:56:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.25 09:56:45 | 3218,837,504 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.25 00:40:18 | 001,120,018 | ---- | M] () -- C:\Users\Chis\Desktop\Unbenannt222.png
[2012.11.25 00:40:16 | 000,002,120 | ---- | M] () -- C:\scu.dat
[2012.11.24 23:45:25 | 000,637,588 | ---- | M] () -- C:\Users\Chis\Desktop\dds.pcapng
[2012.11.24 21:37:07 | 000,001,707 | ---- | M] () -- C:\Users\Chis\Desktop\Last Chaos.lnk
[2012.11.24 21:22:46 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Aeria Ignite.lnk
[2012.11.24 20:06:34 | 000,275,070 | ---- | M] () -- C:\Users\Chis\Desktop\IMG_0255.JPG
[2012.11.24 17:06:37 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.11.24 15:53:12 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.24 14:14:44 | 000,001,473 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.23 17:38:24 | 923,795,456 | ---- | M] () -- C:\Users\Chis\Desktop\linuxmint-14-cinnamon-dvd-64bit.iso
[2012.11.17 16:20:03 | 000,262,039 | ---- | M] () -- C:\Users\Chis\Desktop\ChristianWUHU.jpg
[2012.11.04 18:33:51 | 002,062,526 | ---- | M] () -- C:\Users\Chis\Desktop\Unbenannt.png
[2012.11.04 11:25:26 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012.10.27 15:19:20 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.25 00:40:17 | 001,120,018 | ---- | C] () -- C:\Users\Chis\Desktop\Unbenannt222.png
[2012.11.25 00:40:16 | 000,002,120 | ---- | C] () -- C:\scu.dat
[2012.11.24 23:45:25 | 000,637,588 | ---- | C] () -- C:\Users\Chis\Desktop\dds.pcapng
[2012.11.24 23:42:18 | 000,001,541 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2012.11.24 21:37:07 | 000,001,707 | ---- | C] () -- C:\Users\Chis\Desktop\Last Chaos.lnk
[2012.11.24 21:22:46 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Aeria Ignite.lnk
[2012.11.24 20:08:05 | 000,275,070 | ---- | C] () -- C:\Users\Chis\Desktop\IMG_0255.JPG
[2012.11.24 17:06:37 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.11.24 15:53:12 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.24 15:53:11 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.23 17:38:50 | 923,795,456 | ---- | C] () -- C:\Users\Chis\Desktop\linuxmint-14-cinnamon-dvd-64bit.iso
[2012.11.17 16:19:58 | 000,262,039 | ---- | C] () -- C:\Users\Chis\Desktop\ChristianWUHU.jpg
[2012.11.04 18:33:51 | 002,062,526 | ---- | C] () -- C:\Users\Chis\Desktop\Unbenannt.png
[2012.11.04 11:25:22 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012.10.27 15:18:25 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.27 12:31:06 | 001,559,112 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.08 11:27:19 | 000,000,680 | RHS- | C] () -- C:\Users\Chis\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009.07.14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.10 07:28:26 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\.minecraft
[2012.11.24 21:22:41 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\Aeria Games & Entertainment
[2012.07.13 08:56:51 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\ALDITALKVerbindungsassistent
[2012.08.21 10:54:50 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\LolClient
[2012.09.10 12:11:50 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\OpenOffice.org
[2012.07.05 16:18:48 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\ProtectDisc
[2012.11.24 18:21:54 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\TS3Client
[2012.11.04 16:08:42 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\wargaming.net
[2012.11.24 23:45:25 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\Wireshark
 
========== Purity Check ==========
 
 
 
< End of report >
MBAM AntiRootKit

Code:
Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org
 
Database version: v2012.11.25.01
 
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Chis :: CHRIS [administrator]
 
25.11.2012 12:08:56
mbar-log-2012-11-25 (12-08-56).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 26868
Time elapsed: 8 minute(s), 8 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)

So genug Infos? ;)

Lg Korn

M-K-D-B 26.11.2012 12:14
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.




Bisher sieht es nicht nach einem Rootkit aus. ;)





Poste bitte die Logdatei von ESET:
Bitte alle Logs mit Funden posten

B29Korn 26.11.2012 13:13
Hallo Matthias,
Geht klar, hab letzes mal leider den Fehler gemacht und nur den Fund gepostet. Lass das ganze gerade nochmal neu durchlaufen, hoffe du kannst mit den anderen Logs was anfangen. Hast du noch irgendwelche Frage?
Noch anzumerken ist, dass ich gerne mal auf die Seite beinheim.com umgeleitet werde wenn ich auf Links klicke. Glaube das kam davor nicht gerade zur Geltung!
Vielen Dank schonmal, dass du dich meiner annimmst!

Edit: Diesmal wurde wohl garkein LogFile erstellt?
Kam keine Option dafür. Letztes mal gab es glaub ich aber auch nicht mehr Infos als von mir schon gespostet :/
Ich denke wir sprechen beide vom Eset Online Scanner oder?^^
Gruß

M-K-D-B 26.11.2012 14:43
Servus,


schon ok wegen ESET.


Warum ist kein Service Pack 1 für Windows 7 installiert?





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

B29Korn 26.11.2012 15:37
Hier der Combo FIx Log.
Code:
ComboFix 12-11-26.01 - Chis 26.11.2012  15:15:32.2.2 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.4093.2702 [GMT 1:00]
ausgeführt von:: c:\users\Chis\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-10-26 bis 2012-11-26  ))))))))))))))))))))))))))))))
.
.
2012-11-26 14:19 . 2012-11-26 14:19        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-11-26 14:19 . 2012-11-26 14:19        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-11-26 14:15 . 2012-11-26 14:15        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{289E000F-899B-43A1-9F8F-E6508D14931E}\offreg.dll
2012-11-24 23:07 . 2012-11-24 23:07        --------        d-----w-        c:\program files (x86)\ESET
2012-11-24 22:45 . 2012-11-24 22:45        --------        d-----w-        c:\users\Chis\AppData\Roaming\Wireshark
2012-11-24 22:43 . 2012-11-24 22:43        --------        d-----w-        c:\program files (x86)\WinPcap
2012-11-24 22:41 . 2012-11-24 22:43        --------        d-----w-        c:\program files\Wireshark
2012-11-24 22:20 . 2012-11-24 22:20        --------        d-----w-        c:\program files (x86)\7-Zip
2012-11-24 20:39 . 2012-11-24 20:39        --------        d-----w-        c:\users\Chis\AppData\Local\Aeria Games
2012-11-24 20:38 . 2012-11-24 20:38        --------        d-----w-        c:\programdata\Aeria Games
2012-11-24 20:22 . 2012-11-24 20:22        --------        d-sh--w-        c:\windows\SysWow64\AI_RecycleBin
2012-11-24 20:22 . 2012-11-24 20:22        --------        d-----w-        c:\program files (x86)\Aeria Games
2012-11-24 20:22 . 2012-11-24 20:22        --------        d-----w-        c:\users\Chis\AppData\Roaming\Aeria Games & Entertainment
2012-11-24 20:10 . 2012-11-24 20:10        --------        d-----w-        c:\users\Chis\AppData\Local\Akamai
2012-11-24 16:08 . 2012-11-24 16:08        --------        d-----w-        c:\users\Chis\AppData\Roaming\SUPERAntiSpyware.com
2012-11-24 16:06 . 2012-11-24 16:08        --------        d-----w-        c:\program files\SUPERAntiSpyware
2012-11-24 16:06 . 2012-11-24 16:06        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2012-11-24 15:01 . 2012-11-19 00:01        9125352        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{289E000F-899B-43A1-9F8F-E6508D14931E}\mpengine.dll
2012-11-24 14:53 . 2012-11-24 14:53        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
2012-11-24 13:24 . 2012-11-24 13:24        --------        d-----w-        c:\users\Chis\Pc SAFE
2012-11-04 10:25 . 2012-11-17 16:41        --------        d-----w-        c:\program files (x86)\StarCraft II
2012-11-04 10:25 . 2012-11-04 10:25        --------        d-----w-        c:\programdata\Blizzard Entertainment
2012-11-04 10:25 . 2012-11-04 10:25        --------        d-----w-        c:\program files (x86)\Common Files\Blizzard Entertainment
2012-11-04 10:24 . 2012-11-04 10:24        --------        d-----w-        c:\programdata\Battle.net
2012-11-04 10:21 . 2012-11-04 15:08        --------        d-----w-        c:\users\Chis\AppData\Roaming\wargaming.net
2012-11-04 10:20 . 2012-11-04 10:20        --------        d--h--w-        c:\windows\msdownld.tmp
2012-11-04 10:20 . 2012-11-04 10:20        --------        d-----w-        C:\Games
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 07:10 . 2012-07-03 13:19        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 07:10 . 2012-07-03 13:19        696760        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-29 17:54 . 2012-10-27 14:18        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-15 5628800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-07-04 117248]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2012-07-04 138752]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 ALDITALKVerbindungsassistent_Service;ALDITALKVerbindungsassistent_Service;c:\program files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [2011-09-13 342984]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-03 07:10]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Chis\AppData\Roaming\Mozilla\Firefox\Profiles\ha2ube1i.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-24 15:54; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Chis\AppData\Roaming\Mozilla\Firefox\Profiles\ha2ube1i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-11-24 16:01; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Chis\AppData\Roaming\Mozilla\Firefox\Profiles\ha2ube1i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2012-11-24 16:01; stefanvandamme@stefanvd.net; c:\users\Chis\AppData\Roaming\Mozilla\Firefox\Profiles\ha2ube1i.default\extensions\stefanvandamme@stefanvd.net.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Last Chaos - c:\aeriagames\LastChaosUSA\Uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-26  15:21:21
ComboFix-quarantined-files.txt  2012-11-26 14:21
ComboFix.txt  2012-11-26 14:12
.
Vor Suchlauf: 10 Verzeichnis(se), 160.958.791.680 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 160.904.351.744 Bytes frei
.
- - End Of File - - 9D170E11D3E049C78CAE2B2E9C882A7D
Das mit SP!, gute Frage :rolleyes:
Hatte den Laptop ja lange verliehen, vorher nur kurz Eingerichtet aber dafür war ich dann wohl zu faul oder habs vergessen, Sorry :S
Hab die Kiste momentan auch nur da, weil mein Tower-Pc nen Hardwaredefekt hat.
Kümmer ich mich dann bei Gelegenheit drum!


Gruß und Danke
Korn

M-K-D-B 26.11.2012 16:23
Servus,


gibt es immer noch unerwünschte Werbung?
Wenn ja, in welchem Browser?




Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.

B29Korn 26.11.2012 16:40
Ja gibt immernoch Werbung.
Sowohl im IE, als beim FireFox und sogar in Steam.
Beim FireFox aber nur wenn ich die Seite bei NoScript zulasse.
Das ganze schreibt sich in den Quellcode der Seite, kanns dir Zeigen wenn ich wieder 'ne nicht geblockte Werbung habe. Ansonsten ist das Fenster dank NoScript unsichtbar und ich kann auf der Stelle nicht klicken.

Code:
OTL logfile created on: 26.11.2012 16:40:37 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Chis\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 49,73% Memory free
7,99 Gb Paging File | 5,68 Gb Available in Paging File | 71,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226,53 Gb Total Space | 149,77 Gb Free Space | 66,12% Space Free | Partition Type: NTFS
Drive E: | 7,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: CHRIS | User Name: Chis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Chis\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (ALDITALKVerbindungsassistent_Service) -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (ewusbnet) -- C:\Windows\SysWOW64\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\SysWOW64\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 65 AA 43 EB CB CD 01  [binary data]
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.2
FF - prefs.js..extensions.enabledAddons: stefanvandamme%40stefanvd.net:2.1.0.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.24 15:53:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.07.03 14:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\Extensions
[2012.11.24 16:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\Firefox\Profiles\ha2ube1i.default\extensions
[2012.11.24 16:01:17 | 000,634,131 | ---- | M] () (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\firefox\profiles\ha2ube1i.default\extensions\stefanvandamme@stefanvd.net.xpi
[2012.11.24 16:01:17 | 000,530,519 | ---- | M] () (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\firefox\profiles\ha2ube1i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.11.24 15:54:28 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\firefox\profiles\ha2ube1i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.24 15:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.20 07:17:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Chis\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
 
O1 HOSTS File: ([2012.11.24 14:14:44 | 000,001,473 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 66.197.194.232 www.google-analytics.com.
O1 - Hosts: 66.197.194.232 ad-emea.doubleclick.net.
O1 - Hosts: 66.197.194.232 www.statcounter.com.
O1 - Hosts: 66.197.194.232 connect.facebook.net.
O1 - Hosts: 93.115.241.27 www.google-analytics.com.
O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net.
O1 - Hosts: 93.115.241.27 www.statcounter.com.
O1 - Hosts: 93.115.241.27 connect.facebook.net.
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKU\S-1-5-21-1525606088-1403732290-800922509-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1525606088-1403732290-800922509-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1525606088-1403732290-800922509-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-1525606088-1403732290-800922509-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05218312-76DA-4793-BBF9-3A306F064BE8}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8CD4DB1-850C-478E-8029-8CEC3557DAAC}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.26 15:21:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.26 15:14:00 | 005,006,963 | R--- | C] (Swearware) -- C:\Users\Chis\Desktop\ComboFix.exe
[2012.11.26 15:04:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.26 15:04:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.26 15:04:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.26 15:04:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.26 15:04:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.26 09:31:09 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.11.25 11:42:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chis\Desktop\OTL.exe
[2012.11.25 00:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.11.24 23:45:25 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Wireshark
[2012.11.24 23:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012.11.24 23:43:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012.11.24 23:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2012.11.24 23:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.11.24 23:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.11.24 21:48:22 | 000,000,000 | ---D | C] -- C:\Users\Chis\Desktop\RK_Quarantine
[2012.11.24 21:39:44 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Local\Aeria Games
[2012.11.24 21:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2012.11.24 21:37:07 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012.11.24 21:22:47 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012.11.24 21:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012.11.24 21:22:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aeria Games
[2012.11.24 21:22:41 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Aeria Games & Entertainment
[2012.11.24 21:10:26 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Local\Akamai
[2012.11.24 17:08:41 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\SUPERAntiSpyware.com
[2012.11.24 17:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.11.24 17:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.11.24 17:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.11.24 15:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.11.24 15:53:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.11.24 14:24:16 | 000,000,000 | ---D | C] -- C:\Users\Chis\Pc SAFE
[2012.11.17 18:19:20 | 000,000,000 | ---D | C] -- C:\Users\Chis\Desktop\BonezMC
[2012.11.17 18:19:16 | 000,000,000 | ---D | C] -- C:\Users\Chis\Desktop\Imbiss_Bronko-Fettsack_4_Life-DE-2012-VOiCE
[2012.11.04 11:28:46 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\Users\Chis\Documents\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012.11.04 11:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.11.04 11:21:23 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\wargaming.net
[2012.11.04 11:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2012.11.04 11:20:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012.11.04 11:20:47 | 000,000,000 | ---D | C] -- C:\Games
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.26 16:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.26 15:04:16 | 005,006,963 | R--- | M] (Swearware) -- C:\Users\Chis\Desktop\ComboFix.exe
[2012.11.26 12:15:18 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.26 12:15:18 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.26 12:08:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.26 12:08:01 | 3218,837,504 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.26 09:26:33 | 000,000,512 | ---- | M] () -- C:\Users\Chis\Desktop\MBR.dat
[2012.11.25 13:30:36 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.25 13:30:36 | 000,698,926 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.25 13:30:36 | 000,653,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.25 13:30:36 | 000,149,034 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.25 13:30:36 | 000,121,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.25 11:42:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chis\Desktop\OTL.exe
[2012.11.25 11:40:50 | 000,271,101 | ---- | M] () -- C:\Users\Chis\Desktop\IMG_0257.JPG
[2012.11.25 11:18:10 | 000,309,424 | ---- | M] () -- C:\Users\Chis\Desktop\IMG_0256.JPG
[2012.11.25 00:40:18 | 001,120,018 | ---- | M] () -- C:\Users\Chis\Desktop\Unbenannt222.png
[2012.11.25 00:40:16 | 000,002,120 | ---- | M] () -- C:\scu.dat
[2012.11.24 23:45:25 | 000,637,588 | ---- | M] () -- C:\Users\Chis\Desktop\dds.pcapng
[2012.11.24 20:06:34 | 000,275,070 | ---- | M] () -- C:\Users\Chis\Desktop\IMG_0255.JPG
[2012.11.24 17:06:37 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.11.24 15:53:12 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.24 14:14:44 | 000,001,473 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.23 17:38:24 | 923,795,456 | ---- | M] () -- C:\Users\Chis\Desktop\linuxmint-14-cinnamon-dvd-64bit.iso
[2012.11.17 16:20:03 | 000,262,039 | ---- | M] () -- C:\Users\Chis\Desktop\ChristianWUHU.jpg
[2012.11.04 18:33:51 | 002,062,526 | ---- | M] () -- C:\Users\Chis\Desktop\Unbenannt.png
[2012.11.04 11:25:26 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.26 15:04:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.26 15:04:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.26 15:04:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.26 15:04:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.26 15:04:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.26 12:47:51 | 000,309,424 | ---- | C] () -- C:\Users\Chis\Desktop\IMG_0256.JPG
[2012.11.26 12:47:50 | 000,271,101 | ---- | C] () -- C:\Users\Chis\Desktop\IMG_0257.JPG
[2012.11.26 09:26:33 | 000,000,512 | ---- | C] () -- C:\Users\Chis\Desktop\MBR.dat
[2012.11.25 00:40:17 | 001,120,018 | ---- | C] () -- C:\Users\Chis\Desktop\Unbenannt222.png
[2012.11.25 00:40:16 | 000,002,120 | ---- | C] () -- C:\scu.dat
[2012.11.24 23:45:25 | 000,637,588 | ---- | C] () -- C:\Users\Chis\Desktop\dds.pcapng
[2012.11.24 23:42:18 | 000,001,541 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2012.11.24 20:08:05 | 000,275,070 | ---- | C] () -- C:\Users\Chis\Desktop\IMG_0255.JPG
[2012.11.24 17:06:37 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.11.24 15:53:12 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.24 15:53:11 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.23 17:38:50 | 923,795,456 | ---- | C] () -- C:\Users\Chis\Desktop\linuxmint-14-cinnamon-dvd-64bit.iso
[2012.11.17 16:19:58 | 000,262,039 | ---- | C] () -- C:\Users\Chis\Desktop\ChristianWUHU.jpg
[2012.11.04 18:33:51 | 002,062,526 | ---- | C] () -- C:\Users\Chis\Desktop\Unbenannt.png
[2012.11.04 11:25:22 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012.09.27 12:31:06 | 001,559,112 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.08 11:27:19 | 000,000,680 | RHS- | C] () -- C:\Users\Chis\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009.07.14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.10 07:28:26 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\.minecraft
[2012.11.24 21:22:41 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\Aeria Games & Entertainment
[2012.07.13 08:56:51 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\ALDITALKVerbindungsassistent
[2012.08.21 10:54:50 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\LolClient
[2012.09.10 12:11:50 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\OpenOffice.org
[2012.07.05 16:18:48 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\ProtectDisc
[2012.11.24 18:21:54 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\TS3Client
[2012.11.04 16:08:42 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\wargaming.net
[2012.11.24 23:45:25 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\Wireshark
 
========== Purity Check ==========
 
 

< End of report >
Edit:
EVentuell hatte ich noch ne alte Seite offen.
Bis jetzt seit deiner Frage keine Werbung mehr gehabt.
Edit2:
Und das ist sie wieder :(

Das hier wird in den Quelltest der Seite geschrieben
:
Code:
<div id="_rjkkvyjkph" style="z-index:9998;cursor:pointer;position:fixed !important;position:absolute;left:3px;bottom:3px;width:300px;height:265px;text-align:center;margin:0;overflow:hidden;vertical-align:top"></div><script async=""

M-K-D-B 26.11.2012 19:43
Servus,



das Problem liegt wohl an der infizierten hosts Datei.
Wir versuchen folgendes:






Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
http://imageshack.us/a/img841/7292/thisisujrt.gif Bitte lade Junkware Removal Tool auf Deinen Desktop.
  • Starte das Tool mit Doppelklick. Vista und 7 Nutzer bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Das Tool wird sich öffnen und mit dem Scan beginnen.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.





Schritt 3

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:Commands
[resethosts]
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread






Schritt 4
Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei des OTL-Fix,
  • die Logdatei des neuen OTL-Scans.

B29Korn 26.11.2012 20:08
ADWCleaner
Code:
# AdwCleaner v2.009 - Datei am 26/11/2012 um 19:44:02 erstellt
# Aktualisiert am 24/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : Chis - CHRIS
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Chis\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0 (de)

Profilname : default
Datei : C:\Users\Chis\AppData\Roaming\Mozilla\Firefox\Profiles\ha2ube1i.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Chis\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1027 octets] - [25/11/2012 01:06:45]
AdwCleaner[R2].txt - [1088 octets] - [25/11/2012 01:08:32]
AdwCleaner[R3].txt - [1018 octets] - [26/11/2012 19:44:02]

########## EOF - C:\AdwCleaner[R3].txt - [1078 octets] ##########
Junkware Removal
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.5.4 (11.26.2012)
OS: Windows 7 Home Premium x64
Ran by Chis on 26.11.2012 at 19:46:31,70
Blog: hxxp://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Chis\AppData\Roaming\mozilla\firefox\profiles\ha2ube1i.default\prefs.js

user_pref("capability.policy.maonoscript.sites", "1und1.de 9gag.com addons.mozilla.org adnxs.com aeriagames.com afx.ms amazon.de brealtime.com chip.de cloudfront.net elitepvpers.com epvpimg.com facebook.com facebook.net fbcdn.net fhserve.com filepony.de find-allyouneed.com firstdata.com firstdata.lv flashgot.net germandayz.de gfx.ms google-analytics.com google.com google.de googleadservices.com googleapis.com googlesyndication.com googletagservices.com gstatic.com guildox.com gutefrage.net hotmail.com informaction.com intellitxt.com jtvnw.net liftdna.com live.com liverail.com maone.net mindfactory.de mozilla.net msn.com noscript.net nuggad.net odem-gilde.de onlinewelten.com passport.com passport.net passportimages.com paypal.com paypalobjects.com persona.org phantoml0rd.com quantserve.com scorecardresearch.com securecode.com securesuite.net tf2outpost.com tfag.de torbit.com trojaner-board.de twimg.com twitch.tv twitter.com vinsight.de wieistmeineip.de wlxrs.com xtendmedia.com yahoo.com yahooapis.com yimg.com youtube.com ytimg.com about: about:addons about:blank about:blocked about:certerror about:config about:crashes about:home about:memory about:neterror about:plugins about:privatebrowsing about:sessionrestore about:support blob: chrome: hxxp://1und1.de hxxp://9gag.com hxxp://adnxs.com hxxp://aeriagames.com hxxp://afx.ms hxxp://amazon.de hxxp://brealtime.com hxxp://chip.de hxxp://cloudfront.net hxxp://elitepvpers.com hxxp://epvpimg.com hxxp://facebook.com hxxp://facebook.net hxxp://fbcdn.net hxxp://fhserve.com hxxp://filepony.de hxxp://find-allyouneed.com hxxp://firstdata.com hxxp://firstdata.lv hxxp://flashgot.net hxxp://germandayz.de hxxp://gfx.ms hxxp://google-analytics.com hxxp://google.com hxxp://google.de hxxp://googleadservices.com hxxp://googleapis.com hxxp://googlesyndication.com hxxp://googletagservices.com hxxp://gstatic.com hxxp://guildox.com hxxp://gutefrage.net hxxp://hotmail.com hxxp://informaction.com hxxp://intellitxt.com hxxp://jtvnw.net hxxp://liftdna.com hxxp://live.com hxxp://liverail.com hxxp://maone.net hxxp://mindfactory.de hxxp://mozilla.net hxxp://msn.com hxxp://noscript.net hxxp://nuggad.net hxxp://odem-gilde.de hxxp://onlinewelten.com hxxp://passport.com hxxp://passport.net hxxp://passportimages.com hxxp://paypal.com hxxp://paypalobjects.com hxxp://persona.org hxxp://phantoml0rd.com hxxp://quantserve.com hxxp://scorecardresearch.com hxxp://securecode.com hxxp://securesuite.net hxxp://tf2outpost.com hxxp://tfag.de hxxp://torbit.com hxxp://trojaner-board.de hxxp://twimg.com hxxp://twitch.tv hxxp://twitter.com hxxp://vinsight.de hxxp://wieistmeineip.de hxxp://wlxrs.com hxxp://xtendmedia.com hxxp://yahoo.com hxxp://yahooapis.com hxxp://yimg.com hxxp://youtube.com hxxp://ytimg.com https://1und1.de https://9gag.com https://adnxs.com https://aeriagames.com https://afx.ms https://amazon.de https://brealtime.com https://chip.de https://cloudfront.net https://elitepvpers.com https://epvpimg.com https://facebook.com https://facebook.net https://fbcdn.net https://fhserve.com https://filepony.de https://find-allyouneed.com https://firstdata.com https://firstdata.lv https://flashgot.net https://germandayz.de https://gfx.ms https://google-analytics.com https://google.com https://google.de https://googleadservices.com https://googleapis.com https://googlesyndication.com https://googletagservices.com https://gstatic.com https://guildox.com https://gutefrage.net https://hotmail.com https://informaction.com https://intellitxt.com https://jtvnw.net https://liftdna.com https://live.com https://liverail.com https://maone.net https://mindfactory.de https://mozilla.net https://msn.com https://noscript.net https://nuggad.net https://odem-gilde.de https://onlinewelten.com https://passport.com https://passport.net https://passportimages.com https://paypal.com https://paypalobjects.com https://persona.org https://phantoml0rd.com https://quantserve.com https://scorecardresearch.com https://securecode.com https://securesuite.net https://tf2outpost.com https://tfag.de https://torbit.com https://trojaner-board.de https://twimg.com https://twitch.tv https://twitter.com https://vinsight.de https://wieistmeineip.de https://wlxrs.com https://xtendmedia.com https://yahoo.com https://yahooapis.com https://yimg.com https://youtube.com https://ytimg.com resource:");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.11.2012 at 19:52:06,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL:
Code:
All processes killed
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
[EMPTYTEMP]
 
User: All Users
 
User: Chis
->Temp folder emptied: 117065 bytes
->Temporary Internet Files folder emptied: 11008078 bytes
->Java cache emptied: 526 bytes
->FireFox cache emptied: 453500900 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 1992 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1678 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 444,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11262012_195807

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
C:\Users\Chis\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
In meinem Temp Ordner sind übrigens schonwieder mehrere Dateien, normal? :S
Ordner "WPDNSE"
Textdok: jushed
Textdok:FXSAPIDebugLogFile

OTL Scan:
Code:
OTL logfile created on: 26.11.2012 20:03:15 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Chis\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 68,25% Memory free
7,99 Gb Paging File | 6,50 Gb Available in Paging File | 81,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226,53 Gb Total Space | 149,92 Gb Free Space | 66,18% Space Free | Partition Type: NTFS
Drive E: | 7,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: CHRIS | User Name: Chis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Chis\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (ALDITALKVerbindungsassistent_Service) -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (ewusbnet) -- C:\Windows\SysWOW64\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\SysWOW64\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 65 AA 43 EB CB CD 01  [binary data]
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.24 15:53:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.07.03 14:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\Extensions
[2012.11.24 16:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\Firefox\Profiles\ha2ube1i.default\extensions
[2012.11.24 16:01:17 | 000,634,131 | ---- | M] () (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\firefox\profiles\ha2ube1i.default\extensions\stefanvandamme@stefanvd.net.xpi
[2012.11.24 16:01:17 | 000,530,519 | ---- | M] () (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\firefox\profiles\ha2ube1i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.11.24 15:54:28 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\firefox\profiles\ha2ube1i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.24 15:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.20 07:17:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Chis\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
 
O1 HOSTS File: ([2012.11.24 14:14:44 | 000,001,473 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 66.197.194.232 www.google-analytics.com.
O1 - Hosts: 66.197.194.232 ad-emea.doubleclick.net.
O1 - Hosts: 66.197.194.232 www.statcounter.com.
O1 - Hosts: 66.197.194.232 connect.facebook.net.
O1 - Hosts: 93.115.241.27 www.google-analytics.com.
O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net.
O1 - Hosts: 93.115.241.27 www.statcounter.com.
O1 - Hosts: 93.115.241.27 connect.facebook.net.
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKU\S-1-5-21-1525606088-1403732290-800922509-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1525606088-1403732290-800922509-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1525606088-1403732290-800922509-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-1525606088-1403732290-800922509-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05218312-76DA-4793-BBF9-3A306F064BE8}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8CD4DB1-850C-478E-8029-8CEC3557DAAC}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.26 19:58:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.11.26 19:46:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.26 19:46:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012.11.26 19:45:37 | 000,000,000 | ---D | C] -- C:\JRT
[2012.11.26 15:21:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.26 15:14:00 | 005,006,963 | R--- | C] (Swearware) -- C:\Users\Chis\Desktop\ComboFix.exe
[2012.11.26 15:04:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.26 15:04:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.26 15:04:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.26 15:04:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.26 15:04:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.26 09:31:09 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.11.25 11:42:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chis\Desktop\OTL.exe
[2012.11.25 00:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.11.24 23:45:25 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Wireshark
[2012.11.24 23:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012.11.24 23:43:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012.11.24 23:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2012.11.24 23:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.11.24 23:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.11.24 21:48:22 | 000,000,000 | ---D | C] -- C:\Users\Chis\Desktop\RK_Quarantine
[2012.11.24 21:39:44 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Local\Aeria Games
[2012.11.24 21:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2012.11.24 21:37:07 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012.11.24 21:22:47 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012.11.24 21:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012.11.24 21:22:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aeria Games
[2012.11.24 21:22:41 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Aeria Games & Entertainment
[2012.11.24 21:10:26 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Local\Akamai
[2012.11.24 17:08:41 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\SUPERAntiSpyware.com
[2012.11.24 17:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.11.24 17:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.11.24 17:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.11.24 15:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.11.24 15:53:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.11.24 14:24:16 | 000,000,000 | ---D | C] -- C:\Users\Chis\Pc SAFE
[2012.11.17 18:19:20 | 000,000,000 | ---D | C] -- C:\Users\Chis\Desktop\BonezMC
[2012.11.17 18:19:16 | 000,000,000 | ---D | C] -- C:\Users\Chis\Desktop\Imbiss_Bronko-Fettsack_4_Life-DE-2012-VOiCE
[2012.11.04 11:28:46 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\Users\Chis\Documents\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012.11.04 11:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.11.04 11:21:23 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\wargaming.net
[2012.11.04 11:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2012.11.04 11:20:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012.11.04 11:20:47 | 000,000,000 | ---D | C] -- C:\Games
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.26 19:59:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.26 19:59:28 | 3218,837,504 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.26 19:45:30 | 000,909,379 | ---- | M] () -- C:\Users\Chis\Desktop\JRT.exe
[2012.11.26 19:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.26 15:04:16 | 005,006,963 | R--- | M] (Swearware) -- C:\Users\Chis\Desktop\ComboFix.exe
[2012.11.26 12:15:18 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.26 12:15:18 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.26 09:26:33 | 000,000,512 | ---- | M] () -- C:\Users\Chis\Desktop\MBR.dat
[2012.11.25 13:30:36 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.25 13:30:36 | 000,698,926 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.25 13:30:36 | 000,653,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.25 13:30:36 | 000,149,034 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.25 13:30:36 | 000,121,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.25 11:42:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chis\Desktop\OTL.exe
[2012.11.25 11:40:50 | 000,271,101 | ---- | M] () -- C:\Users\Chis\Desktop\IMG_0257.JPG
[2012.11.25 11:18:10 | 000,309,424 | ---- | M] () -- C:\Users\Chis\Desktop\IMG_0256.JPG
[2012.11.25 01:06:20 | 000,480,125 | ---- | M] () -- C:\Users\Chis\Desktop\adwcleaner.exe
[2012.11.25 00:40:18 | 001,120,018 | ---- | M] () -- C:\Users\Chis\Desktop\Unbenannt222.png
[2012.11.25 00:40:16 | 000,002,120 | ---- | M] () -- C:\scu.dat
[2012.11.24 23:45:25 | 000,637,588 | ---- | M] () -- C:\Users\Chis\Desktop\dds.pcapng
[2012.11.24 20:06:34 | 000,275,070 | ---- | M] () -- C:\Users\Chis\Desktop\IMG_0255.JPG
[2012.11.24 17:06:37 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.11.24 15:53:12 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.24 14:14:44 | 000,001,473 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.23 17:38:24 | 923,795,456 | ---- | M] () -- C:\Users\Chis\Desktop\linuxmint-14-cinnamon-dvd-64bit.iso
[2012.11.17 16:20:03 | 000,262,039 | ---- | M] () -- C:\Users\Chis\Desktop\ChristianWUHU.jpg
[2012.11.04 18:33:51 | 002,062,526 | ---- | M] () -- C:\Users\Chis\Desktop\Unbenannt.png
[2012.11.04 11:25:26 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
 
========== Files Created - No Company Name ==========
 
[2012.11.26 19:45:26 | 000,909,379 | ---- | C] () -- C:\Users\Chis\Desktop\JRT.exe
[2012.11.26 19:43:50 | 000,480,125 | ---- | C] () -- C:\Users\Chis\Desktop\adwcleaner.exe
[2012.11.26 15:04:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.26 15:04:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.26 15:04:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.26 15:04:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.26 15:04:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.26 12:47:51 | 000,309,424 | ---- | C] () -- C:\Users\Chis\Desktop\IMG_0256.JPG
[2012.11.26 12:47:50 | 000,271,101 | ---- | C] () -- C:\Users\Chis\Desktop\IMG_0257.JPG
[2012.11.26 09:26:33 | 000,000,512 | ---- | C] () -- C:\Users\Chis\Desktop\MBR.dat
[2012.11.25 00:40:17 | 001,120,018 | ---- | C] () -- C:\Users\Chis\Desktop\Unbenannt222.png
[2012.11.25 00:40:16 | 000,002,120 | ---- | C] () -- C:\scu.dat
[2012.11.24 23:45:25 | 000,637,588 | ---- | C] () -- C:\Users\Chis\Desktop\dds.pcapng
[2012.11.24 23:42:18 | 000,001,541 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2012.11.24 20:08:05 | 000,275,070 | ---- | C] () -- C:\Users\Chis\Desktop\IMG_0255.JPG
[2012.11.24 17:06:37 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.11.24 15:53:12 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.24 15:53:11 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.23 17:38:50 | 923,795,456 | ---- | C] () -- C:\Users\Chis\Desktop\linuxmint-14-cinnamon-dvd-64bit.iso
[2012.11.17 16:19:58 | 000,262,039 | ---- | C] () -- C:\Users\Chis\Desktop\ChristianWUHU.jpg
[2012.11.04 18:33:51 | 002,062,526 | ---- | C] () -- C:\Users\Chis\Desktop\Unbenannt.png
[2012.11.04 11:25:22 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012.09.27 12:31:06 | 001,559,112 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.08 11:27:19 | 000,000,680 | RHS- | C] () -- C:\Users\Chis\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009.07.14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.10 07:28:26 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\.minecraft
[2012.11.24 21:22:41 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\Aeria Games & Entertainment
[2012.07.13 08:56:51 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\ALDITALKVerbindungsassistent
[2012.08.21 10:54:50 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\LolClient
[2012.09.10 12:11:50 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\OpenOffice.org
[2012.07.05 16:18:48 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\ProtectDisc
[2012.11.26 17:46:03 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\TS3Client
[2012.11.04 16:08:42 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\wargaming.net
[2012.11.24 23:45:25 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\Wireshark
 
========== Purity Check ==========
 
 

< End of report >

M-K-D-B 27.11.2012 08:33
Servus,



Dateien in temporären Ordnern sind nicht zwingend immer bösartig. ;)




Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:files
C:\Windows\SysNative\drivers\etc\hosts

:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

B29Korn 27.11.2012 09:06
Code:
All processes killed
========== FILES ==========
File move failed. C:\Windows\SysNative\drivers\etc\hosts scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Chis
->Temp folder emptied: 872548 bytes
->Temporary Internet Files folder emptied: 454770 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 148844433 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1563 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 143,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11272012_090140

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\drivers\etc\hosts scheduled to be moved on reboot.
C:\Users\Chis\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

M-K-D-B 27.11.2012 09:14
Servus,



Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

    Code:
    File::
    C:\Windows\SysNative\drivers\etc\hosts
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

B29Korn 27.11.2012 09:29
Hier der Log
Code:
ComboFix 12-11-26.02 - Chis 27.11.2012  9:22.3.2 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.4093.3082 [GMT 1:00]
ausgeführt von:: c:\users\Chis\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Chis\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\etc\hosts"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-10-27 bis 2012-11-27  ))))))))))))))))))))))))))))))
.
.
2012-11-27 08:26 . 2012-11-27 08:26        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-11-27 08:26 . 2012-11-27 08:26        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-11-26 18:58 . 2012-11-26 18:58        --------        d-----w-        C:\_OTL
2012-11-26 18:46 . 2012-11-26 18:46        --------        d-----w-        c:\windows\ERUNT
2012-11-26 18:45 . 2012-11-26 18:45        --------        d-----w-        C:\JRT
2012-11-24 23:07 . 2012-11-24 23:07        --------        d-----w-        c:\program files (x86)\ESET
2012-11-24 22:45 . 2012-11-24 22:45        --------        d-----w-        c:\users\Chis\AppData\Roaming\Wireshark
2012-11-24 22:43 . 2012-11-24 22:43        --------        d-----w-        c:\program files (x86)\WinPcap
2012-11-24 22:41 . 2012-11-24 22:43        --------        d-----w-        c:\program files\Wireshark
2012-11-24 22:20 . 2012-11-24 22:20        --------        d-----w-        c:\program files (x86)\7-Zip
2012-11-24 20:39 . 2012-11-24 20:39        --------        d-----w-        c:\users\Chis\AppData\Local\Aeria Games
2012-11-24 20:38 . 2012-11-24 20:38        --------        d-----w-        c:\programdata\Aeria Games
2012-11-24 20:22 . 2012-11-24 20:22        --------        d-sh--w-        c:\windows\SysWow64\AI_RecycleBin
2012-11-24 20:22 . 2012-11-24 20:22        --------        d-----w-        c:\program files (x86)\Aeria Games
2012-11-24 20:22 . 2012-11-24 20:22        --------        d-----w-        c:\users\Chis\AppData\Roaming\Aeria Games & Entertainment
2012-11-24 20:10 . 2012-11-24 20:10        --------        d-----w-        c:\users\Chis\AppData\Local\Akamai
2012-11-24 16:08 . 2012-11-24 16:08        --------        d-----w-        c:\users\Chis\AppData\Roaming\SUPERAntiSpyware.com
2012-11-24 16:06 . 2012-11-24 16:08        --------        d-----w-        c:\program files\SUPERAntiSpyware
2012-11-24 16:06 . 2012-11-24 16:06        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2012-11-24 15:01 . 2012-11-19 00:01        9125352        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{289E000F-899B-43A1-9F8F-E6508D14931E}\mpengine.dll
2012-11-24 14:53 . 2012-11-24 14:53        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
2012-11-24 13:24 . 2012-11-24 13:24        --------        d-----w-        c:\users\Chis\Pc SAFE
2012-11-04 10:25 . 2012-11-17 16:41        --------        d-----w-        c:\program files (x86)\StarCraft II
2012-11-04 10:25 . 2012-11-04 10:25        --------        d-----w-        c:\programdata\Blizzard Entertainment
2012-11-04 10:25 . 2012-11-04 10:25        --------        d-----w-        c:\program files (x86)\Common Files\Blizzard Entertainment
2012-11-04 10:24 . 2012-11-04 10:24        --------        d-----w-        c:\programdata\Battle.net
2012-11-04 10:21 . 2012-11-04 15:08        --------        d-----w-        c:\users\Chis\AppData\Roaming\wargaming.net
2012-11-04 10:20 . 2012-11-04 10:20        --------        d-----w-        C:\Games
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-26 19:06 . 2012-07-03 13:19        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-26 19:06 . 2012-07-03 13:19        697272        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-29 17:54 . 2012-10-27 14:18        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-15 5628800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-07-04 117248]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2012-07-04 138752]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 ALDITALKVerbindungsassistent_Service;ALDITALKVerbindungsassistent_Service;c:\program files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [2011-09-13 342984]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-03 19:06]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Chis\AppData\Roaming\Mozilla\Firefox\Profiles\ha2ube1i.default\
FF - ExtSQL: 2012-11-24 16:01; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Chis\AppData\Roaming\Mozilla\Firefox\Profiles\ha2ube1i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2012-11-26 20:32; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Chis\AppData\Roaming\Mozilla\Firefox\Profiles\ha2ube1i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Last Chaos - c:\aeriagames\LastChaosUSA\Uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-27  09:27:55
ComboFix-quarantined-files.txt  2012-11-27 08:27
ComboFix2.txt  2012-11-26 14:21
ComboFix3.txt  2012-11-26 14:12
.
Vor Suchlauf: 12 Verzeichnis(se), 159.105.777.664 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 159.043.514.368 Bytes frei
.
- - End Of File - - 42B2383A81E0E04C7E68D54DF2C4EA62

M-K-D-B 27.11.2012 09:43
Servus,



so, jetzt klappt es aber hoffentlich:



Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:Commands
[resethosts]
[reboot]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread






Schritt 2
Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei des OTL-Fix,
  • die Logdatei des neuen OTL-Scans.

B29Korn 27.11.2012 10:00
Log
Code:
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 11272012_094948

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Quickscan
Code:
OTL logfile created on: 27.11.2012 09:53:15 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Chis\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,91 Gb Available Physical Memory | 72,74% Memory free
7,99 Gb Paging File | 6,66 Gb Available in Paging File | 83,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226,53 Gb Total Space | 148,12 Gb Free Space | 65,39% Space Free | Partition Type: NTFS
Drive E: | 7,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 1,79 Gb Total Space | 1,79 Gb Free Space | 99,97% Space Free | Partition Type: FAT32
 
Computer Name: CHRIS | User Name: Chis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Chis\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (ALDITALKVerbindungsassistent_Service) -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (ewusbnet) -- C:\Windows\SysWOW64\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\SysWOW64\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 75 AA 3E 11 7A CC CD 01  [binary data]
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.24 15:53:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.07.03 14:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\Extensions
[2012.11.27 07:54:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\Firefox\Profiles\ha2ube1i.default\extensions
[2012.11.24 16:01:17 | 000,530,519 | ---- | M] () (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\firefox\profiles\ha2ube1i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.11.26 20:32:25 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\firefox\profiles\ha2ube1i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.24 15:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.20 07:17:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Chis\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
 
O1 HOSTS File: ([2012.11.24 14:14:44 | 000,001,473 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 66.197.194.232 www.google-analytics.com.
O1 - Hosts: 66.197.194.232 ad-emea.doubleclick.net.
O1 - Hosts: 66.197.194.232 www.statcounter.com.
O1 - Hosts: 66.197.194.232 connect.facebook.net.
O1 - Hosts: 93.115.241.27 www.google-analytics.com.
O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net.
O1 - Hosts: 93.115.241.27 www.statcounter.com.
O1 - Hosts: 93.115.241.27 connect.facebook.net.
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKU\S-1-5-21-1525606088-1403732290-800922509-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1525606088-1403732290-800922509-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1525606088-1403732290-800922509-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1525606088-1403732290-800922509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-1525606088-1403732290-800922509-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05218312-76DA-4793-BBF9-3A306F064BE8}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8CD4DB1-850C-478E-8029-8CEC3557DAAC}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.27 09:51:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.27 09:26:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.27 09:17:44 | 005,007,135 | R--- | C] (Swearware) -- C:\Users\Chis\Desktop\ComboFix.exe
[2012.11.26 20:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.11.26 19:58:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.11.26 19:46:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012.11.26 19:45:37 | 000,000,000 | ---D | C] -- C:\JRT
[2012.11.26 15:04:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.26 15:04:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.26 15:04:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.26 15:04:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.26 15:04:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.26 09:31:09 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.11.25 11:42:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chis\Desktop\OTL.exe
[2012.11.25 00:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.11.24 23:45:25 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Wireshark
[2012.11.24 23:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012.11.24 23:43:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012.11.24 23:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2012.11.24 23:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.11.24 23:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.11.24 21:48:22 | 000,000,000 | ---D | C] -- C:\Users\Chis\Desktop\RK_Quarantine
[2012.11.24 21:39:44 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Local\Aeria Games
[2012.11.24 21:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2012.11.24 21:37:07 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012.11.24 21:22:47 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012.11.24 21:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012.11.24 21:22:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aeria Games
[2012.11.24 21:22:41 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Aeria Games & Entertainment
[2012.11.24 21:10:26 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Local\Akamai
[2012.11.24 17:08:41 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\SUPERAntiSpyware.com
[2012.11.24 17:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.11.24 17:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.11.24 17:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.11.24 15:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.11.24 15:53:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.11.24 14:24:16 | 000,000,000 | ---D | C] -- C:\Users\Chis\Pc SAFE
[2012.11.17 18:19:20 | 000,000,000 | ---D | C] -- C:\Users\Chis\Desktop\BonezMC
[2012.11.17 18:19:16 | 000,000,000 | ---D | C] -- C:\Users\Chis\Desktop\Imbiss_Bronko-Fettsack_4_Life-DE-2012-VOiCE
[2012.11.04 11:28:46 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\Users\Chis\Documents\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012.11.04 11:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.11.04 11:21:23 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\wargaming.net
[2012.11.04 11:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2012.11.04 11:20:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012.11.04 11:20:47 | 000,000,000 | ---D | C] -- C:\Games
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.27 09:50:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.27 09:50:40 | 3218,837,504 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.27 09:18:01 | 005,007,135 | R--- | M] (Swearware) -- C:\Users\Chis\Desktop\ComboFix.exe
[2012.11.27 09:10:25 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.27 09:10:25 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.27 09:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.27 08:27:00 | 1234,456,012 | ---- | M] () -- C:\Users\Chis\Desktop\TeritoriaEP2FullClient.rar
[2012.11.26 20:46:12 | 000,021,080 | ---- | M] () -- C:\Users\Chis\Desktop\rage.png
[2012.11.26 19:45:30 | 000,909,379 | ---- | M] () -- C:\Users\Chis\Desktop\JRT.exe
[2012.11.26 09:26:33 | 000,000,512 | ---- | M] () -- C:\Users\Chis\Desktop\MBR.dat
[2012.11.25 13:30:36 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.25 13:30:36 | 000,698,926 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.25 13:30:36 | 000,653,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.25 13:30:36 | 000,149,034 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.25 13:30:36 | 000,121,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.25 11:42:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chis\Desktop\OTL.exe
[2012.11.25 11:40:50 | 000,271,101 | ---- | M] () -- C:\Users\Chis\Desktop\IMG_0257.JPG
[2012.11.25 11:18:10 | 000,309,424 | ---- | M] () -- C:\Users\Chis\Desktop\IMG_0256.JPG
[2012.11.25 01:06:20 | 000,480,125 | ---- | M] () -- C:\Users\Chis\Desktop\adwcleaner.exe
[2012.11.25 00:40:18 | 001,120,018 | ---- | M] () -- C:\Users\Chis\Desktop\Unbenannt222.png
[2012.11.25 00:40:16 | 000,002,120 | ---- | M] () -- C:\scu.dat
[2012.11.24 23:45:25 | 000,637,588 | ---- | M] () -- C:\Users\Chis\Desktop\dds.pcapng
[2012.11.24 20:06:34 | 000,275,070 | ---- | M] () -- C:\Users\Chis\Desktop\IMG_0255.JPG
[2012.11.24 17:06:37 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.11.24 15:53:12 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.24 14:14:44 | 000,001,473 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.23 17:38:24 | 923,795,456 | ---- | M] () -- C:\Users\Chis\Desktop\linuxmint-14-cinnamon-dvd-64bit.iso
[2012.11.17 16:20:03 | 000,262,039 | ---- | M] () -- C:\Users\Chis\Desktop\ChristianWUHU.jpg
[2012.11.04 18:33:51 | 002,062,526 | ---- | M] () -- C:\Users\Chis\Desktop\Unbenannt.png
[2012.11.04 11:25:26 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
 
========== Files Created - No Company Name ==========
 
[2012.11.27 08:21:16 | 1234,456,012 | ---- | C] () -- C:\Users\Chis\Desktop\TeritoriaEP2FullClient.rar
[2012.11.26 20:46:12 | 000,021,080 | ---- | C] () -- C:\Users\Chis\Desktop\rage.png
[2012.11.26 19:45:26 | 000,909,379 | ---- | C] () -- C:\Users\Chis\Desktop\JRT.exe
[2012.11.26 19:43:50 | 000,480,125 | ---- | C] () -- C:\Users\Chis\Desktop\adwcleaner.exe
[2012.11.26 15:04:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.26 15:04:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.26 15:04:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.26 15:04:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.26 15:04:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.26 12:47:51 | 000,309,424 | ---- | C] () -- C:\Users\Chis\Desktop\IMG_0256.JPG
[2012.11.26 12:47:50 | 000,271,101 | ---- | C] () -- C:\Users\Chis\Desktop\IMG_0257.JPG
[2012.11.26 09:26:33 | 000,000,512 | ---- | C] () -- C:\Users\Chis\Desktop\MBR.dat
[2012.11.25 00:40:17 | 001,120,018 | ---- | C] () -- C:\Users\Chis\Desktop\Unbenannt222.png
[2012.11.25 00:40:16 | 000,002,120 | ---- | C] () -- C:\scu.dat
[2012.11.24 23:45:25 | 000,637,588 | ---- | C] () -- C:\Users\Chis\Desktop\dds.pcapng
[2012.11.24 23:42:18 | 000,001,541 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2012.11.24 20:08:05 | 000,275,070 | ---- | C] () -- C:\Users\Chis\Desktop\IMG_0255.JPG
[2012.11.24 17:06:37 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.11.24 15:53:12 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.24 15:53:11 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.23 17:38:50 | 923,795,456 | ---- | C] () -- C:\Users\Chis\Desktop\linuxmint-14-cinnamon-dvd-64bit.iso
[2012.11.17 16:19:58 | 000,262,039 | ---- | C] () -- C:\Users\Chis\Desktop\ChristianWUHU.jpg
[2012.11.04 18:33:51 | 002,062,526 | ---- | C] () -- C:\Users\Chis\Desktop\Unbenannt.png
[2012.11.04 11:25:22 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012.09.27 12:31:06 | 001,559,112 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.08 11:27:19 | 000,000,680 | RHS- | C] () -- C:\Users\Chis\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009.07.14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.10 07:28:26 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\.minecraft
[2012.11.24 21:22:41 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\Aeria Games & Entertainment
[2012.07.13 08:56:51 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\ALDITALKVerbindungsassistent
[2012.08.21 10:54:50 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\LolClient
[2012.09.10 12:11:50 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\OpenOffice.org
[2012.07.05 16:18:48 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\ProtectDisc
[2012.11.26 17:46:03 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\TS3Client
[2012.11.04 16:08:42 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\wargaming.net
[2012.11.24 23:45:25 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\Wireshark
 
========== Purity Check ==========
 
 

< End of report >

M-K-D-B 27.11.2012 10:08
Servus,


irgendwie bekommen wie die infizierte hosts Datei da nicht weg... :wtf:

Seit wann genau (Datum) hast du diese Werbeeinblendungen?



Schritt 1
Download dir bitte Hosts-perm.bat auf deinen Desktop.
  • Starte die Datei mit einem Doppelklick.
  • Bestätige ggf. die Sicherheitsabfrage.
  • Warte bis du die Meldung "The Permissions on the HOSTS file have been reset" siehst.
  • Drücke eine beliebige Taste, um die bat Datei zu beenden.





Schritt 2

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:Commands
[resethosts]
[reboot]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL.

B29Korn 27.11.2012 10:31
Also ich hab das ganze seit dem 24.11 erlebt, kann aber auch schon vorher aufgetreten sein.

OTL:
Code:
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 11272012_102639

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Batchdatei:
Code:

Zuordnung von Kontennamen und Sicherheitskennung wurden nicht durchgeführt.
Zugriff verweigert -C:\Windows\system32\drivers\etc\hosts
The Permissions on the HOSTS file have been resettet.

M-K-D-B 27.11.2012 10:49
Servus,



Starte das Tool RogueKiller.
Warte bis der Prescan abgeschlossen ist.
Klicke auf Hosts reparieren
Schließe das Programm, starte es erneut und klicke nach dem Prescan auf Scannen.
Klicke abschließend auf Bericht und poste mir die Logdatei.

B29Korn 27.11.2012 11:02
Code:
RogueKiller V8.3.1 [Nov 23 2012] durch Tigzy
mail: tigzyRK<at>gmail<dot>com

mail : tigzyRK<at>gmail<dot>com
Kommentare : hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Webseite : hxxp://tigzy.geekstogo.com/roguekiller.php
Blog : hxxp://tigzyrk.blogspot.com/

Betriebssystem : Windows 7 (6.1.7600 ) 64 bits version
Gestartet in : Normaler Modus
Benutzer : Chis [Admin Rechte]
Funktion : Scannen -- Datum : 11/27/2012 11:01:41

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> GEFUNDEN
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> GEFUNDEN

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1      localhost
::1            localhost
66.197.194.232 www.google-analytics.com.
66.197.194.232 ad-emea.doubleclick.net.
66.197.194.232 www.statcounter.com.
66.197.194.232 connect.facebook.net.
93.115.241.27 www.google-analytics.com.
93.115.241.27 ad-emea.doubleclick.net.
93.115.241.27 www.statcounter.com.
93.115.241.27 connect.facebook.net.


¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS ATA Device +++++
--- User ---
[MBR] aabde65b904df61a8f4a882d518a2a56
[BSP] 5ae74f563822d94b622db51fa75c6b64 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 2048 | Size: 13000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 26626048 | Size: 231966 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 501692416 | Size: 228352 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 969357312 | Size: 3620 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: TREK TDMINIG4 USB Device +++++
--- User ---
[MBR] 4652dfee147054531fdcd34cda881224
[BSP] c32d81b864350e013775b0d40f5188db : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 1839 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Abgeschlossen : << RKreport[17]_S_11272012_02d1101.txt >>
RKreport[10]_S_11242012_02d2312.txt ; RKreport[11]_S_11242012_02d2325.txt ; RKreport[12]_S_11242012_02d2340.txt ; RKreport[13]_S_11252012_02d0042.txt ; RKreport[14]_S_11252012_02d0049.txt ;
RKreport[15]_S_11252012_02d0118.txt ; RKreport[16]_H_11272012_02d1101.txt ; RKreport[17]_S_11272012_02d1101.txt ; RKreport[1]_S_11242012_02d2149.txt ; RKreport[2]_D_11242012_02d2155.txt ;
RKreport[3]_H_11242012_02d2156.txt ; RKreport[4]_DN_11242012_02d2157.txt ; RKreport[5]_S_11242012_02d2257.txt ; RKreport[6]_H_11242012_02d2257.txt ; RKreport[7]_DN_11242012_02d2258.txt ;
RKreport[8]_S_11242012_02d2300.txt ; RKreport[9]_S_11242012_02d2312.txt

M-K-D-B 27.11.2012 11:12
Servus,



wir werfen von "außen" einen Blick auf das System.



Schritt 1
Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror # 1
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    :filefind
    hosts

    :reg
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.





Schritt 2
Downloade dir bitte Farbar Recovery Scan Tool 64-Bit und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von SystemLook,
  • die Logdatei von FRST.

B29Korn 27.11.2012 11:45
Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 11:18 on 27/11/2012 by Chis
Administrator - Elevation successful

========== filefind ==========

Searching for "hosts"
C:\Windows\System32\drivers\etc\hosts        -rahs-- 1473 bytes        [02:34 14/07/2009]        [13:14 24/11/2012] 5C75232E052E2FE25AE3CEA1E3B9A647
C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\hosts        --a---- 824 bytes        [21:00 10/06/2009]        [21:00 10/06/2009] 3688374325B992DEF12793500307566D

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"ICSDomain"="mshome.net"
"SyncDomainWithMembership"= 0x0000000001 (1)
"NV Hostname"="Chris"
"DataBasePath"="%SystemRoot%\System32\drivers\etc"
"ForwardBroadcasts"= 0x0000000000 (0)
"IPEnableRouter"= 0x0000000000 (0)
"Domain"=""
"Hostname"="Chris"
"SearchList"=""
"UseDomainNameDevolution"= 0x0000000001 (1)
"DeadGWDetectDefault"= 0x0000000001 (1)
"DontAddDefaultGatewayDefault"= 0x0000000000 (0)
"EnableWsd"= 0x0000000001 (1)
"QualifyingDestinationThreshold"= 0x0000000003 (3)
"DhcpNameServer"="192.168.0.1"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock]


[]
Hive unrecognized.

-= EOF =-
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2012
Ran by SYSTEM at 27-11-2012 11:40:09
Running from G:\
Windows 7 Home Premium  (X64) OS Language: German Standard
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\Chis\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5628800 2012-10-16] (SUPERAntiSpyware.com)
HKU\Chis\...\Policies\system: [LogonHoursAction] 2
HKU\Chis\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com)
2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [342984 2011-09-13] ()
3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) =====================

3 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [138752 2012-07-04] (Huawei Technologies Co., Ltd.)
3 ewusbnet; C:\Windows\SysWow64\Drivers\ewusbnet.sys [138752 2012-07-04] (Huawei Technologies Co., Ltd.)
3 ew_hwusbdev; C:\Windows\SysWow64\Drivers\ew_hwusbdev.sys [117248 2012-07-04] (Huawei Technologies Co., Ltd.)
2 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2010-06-25] (CACE Technologies, Inc.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-27 11:20 - 2012-11-27 11:20 - 01461039 ____A (Farbar) C:\Users\Chis\Downloads\FRST64.exe
2012-11-27 11:18 - 2012-11-27 11:19 - 00003262 ____A C:\Users\Chis\Desktop\SystemLook.txt
2012-11-27 11:17 - 2012-11-27 11:17 - 00165376 ____A C:\Users\Chis\Desktop\SystemLook_x64.exe
2012-11-27 11:01 - 2012-11-27 11:01 - 00002819 ____A C:\Users\Chis\Desktop\RKreport[17]_S_11272012_02d1101.txt
2012-11-27 11:01 - 2012-11-27 11:01 - 00001906 ____A C:\Users\Chis\Desktop\RKreport[16]_H_11272012_02d1101.txt
2012-11-27 10:26 - 2012-11-27 10:26 - 00001504 ____A C:\Users\Chis\Desktop\beitrag.txt
2012-11-27 10:22 - 2012-11-27 10:22 - 00000194 ____A C:\Users\Chis\Desktop\hosts-perm.bat
2012-11-27 09:52 - 2012-11-27 09:52 - 00000888 ____A C:\Users\Chis\Desktop\11272012_094948.log
2012-11-27 09:27 - 2012-11-27 09:27 - 00012482 ____A C:\ComboFix.txt
2012-11-27 09:17 - 2012-11-27 09:18 - 05007135 ____R (Swearware) C:\Users\Chis\Desktop\ComboFix.exe
2012-11-27 08:21 - 2012-11-27 08:27 - 1234456012 ____A C:\Users\Chis\Desktop\TeritoriaEP2FullClient.rar
2012-11-26 20:40 - 2012-11-26 20:40 - 00065592 ____A C:\Users\Chis\Downloads\memtest86+-4.20.exe.zip
2012-11-26 20:06 - 2012-11-26 20:07 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-26 20:02 - 2012-11-26 20:02 - 00998456 ____A (Solid State Networks) C:\Users\Chis\Downloads\install_flashplayer11x32_mssd_aih(1).exe
2012-11-26 20:02 - 2012-11-26 20:02 - 00003420 ____A C:\Users\Chis\Desktop\11262012_195807.log
2012-11-26 19:59 - 2012-11-27 09:50 - 00002428 ____A C:\Windows\PFRO.log
2012-11-26 19:58 - 2012-11-26 19:58 - 00000000 ____D C:\_OTL
2012-11-26 19:52 - 2012-11-26 19:52 - 00005142 ____A C:\Users\Chis\Desktop\JRT.txt
2012-11-26 19:46 - 2012-11-26 19:46 - 00000000 ____D C:\Windows\ERUNT
2012-11-26 19:45 - 2012-11-26 19:45 - 00909379 ____A C:\Users\Chis\Desktop\JRT.exe
2012-11-26 19:45 - 2012-11-26 19:45 - 00000000 ____D C:\JRT
2012-11-26 19:44 - 2012-11-26 19:44 - 00001147 ____A C:\AdwCleaner[R3].txt
2012-11-26 19:43 - 2012-11-25 01:06 - 00480125 ____A C:\Users\Chis\Desktop\adwcleaner.exe
2012-11-26 16:43 - 2012-11-27 09:58 - 00060852 ____A C:\Users\Chis\Desktop\OTL.Txt
2012-11-26 15:04 - 2012-11-27 09:27 - 00000000 ____D C:\Qoobox
2012-11-26 15:04 - 2012-11-26 15:11 - 00000000 ____D C:\Windows\erdnt
2012-11-26 15:04 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe
2012-11-26 15:04 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe
2012-11-26 15:04 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-11-26 15:04 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-11-26 15:04 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-11-26 15:04 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe
2012-11-26 15:04 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe
2012-11-26 15:04 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe
2012-11-26 15:03 - 2012-11-26 15:04 - 05006963 ____R (Swearware) C:\Users\Chis\Downloads\ComboFix.exe
2012-11-26 13:22 - 2012-11-26 13:22 - 00685454 ____A C:\Users\Chis\Downloads\win98boot.zip
2012-11-26 13:00 - 2012-11-26 13:00 - 00000000 ____A C:\Users\Chis\Desktop\passbilder....txt
2012-11-26 09:31 - 2012-11-26 09:31 - 00000000 ____D C:\Windows\pss
2012-11-26 09:29 - 2012-11-27 11:32 - 00000672 ____A C:\Windows\setupact.log
2012-11-26 09:29 - 2012-11-26 09:29 - 00000000 ____A C:\Windows\setuperr.log
2012-11-26 09:26 - 2012-11-26 09:26 - 00001886 ____A C:\Users\Chis\Desktop\aswMBR.txt
2012-11-26 09:26 - 2012-11-26 09:26 - 00000512 ____A C:\Users\Chis\Desktop\MBR.dat
2012-11-25 17:32 - 2012-11-25 17:32 - 00098304 ____A (Hewlett-Packard Company) C:\Users\Chis\Downloads\HPUSBFW_v2.2.3(1).exe
2012-11-25 17:31 - 2012-11-25 17:31 - 00098304 ____A (Hewlett-Packard Company) C:\Users\Chis\Downloads\HPUSBFW_v2.2.3.exe
2012-11-25 17:12 - 2012-11-25 17:13 - 04732416 ____A (AVAST Software) C:\Users\Chis\Downloads\aswMBR.exe
2012-11-25 17:11 - 2012-11-25 17:12 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Chis\Downloads\tdsskiller.exe
2012-11-25 11:59 - 2012-11-25 11:59 - 00000000 ____D C:\Users\Chis\Downloads\mbar-1.01.0.1009
2012-11-25 11:58 - 2012-11-25 11:59 - 12961620 ____A C:\Users\Chis\Downloads\mbar-1.01.0.1009.zip
2012-11-25 11:49 - 2012-11-25 11:49 - 00046566 ____A C:\Users\Chis\Downloads\Extras.Txt
2012-11-25 11:48 - 2012-11-25 11:48 - 00068978 ____A C:\Users\Chis\Downloads\OTL.Txt
2012-11-25 11:42 - 2012-11-25 11:42 - 00602112 ____A (OldTimer Tools) C:\Users\Chis\Desktop\OTL.exe
2012-11-25 11:02 - 2012-11-25 11:02 - 01009763 ____A C:\Users\Chis\Downloads\gm692.zip
2012-11-25 01:18 - 2012-11-25 01:18 - 00002814 ____A C:\Users\Chis\Desktop\RKreport[15]_S_11252012_02d0118.txt
2012-11-25 01:08 - 2012-11-25 01:08 - 00001088 ____A C:\AdwCleaner[R2].txt
2012-11-25 01:06 - 2012-11-25 01:06 - 00480125 ____A C:\Users\Chis\Downloads\adwcleaner.exe
2012-11-25 01:06 - 2012-11-25 01:06 - 00480125 ____A C:\Users\Chis\Downloads\adwcleaner(1).exe
2012-11-25 01:06 - 2012-11-25 01:06 - 00001027 ____A C:\AdwCleaner[R1].txt
2012-11-25 01:01 - 2012-11-25 01:01 - 00000154 ____A C:\Users\Chis\Desktop\es.txt
2012-11-25 00:49 - 2012-11-25 00:49 - 00002776 ____A C:\Users\Chis\Desktop\RKreport[14]_S_11252012_02d0049.txt
2012-11-25 00:42 - 2012-11-25 00:42 - 00002738 ____A C:\Users\Chis\Desktop\RKreport[13]_S_11252012_02d0042.txt
2012-11-25 00:40 - 2012-11-25 00:40 - 00002120 ____A C:\scu.dat
2012-11-25 00:23 - 2012-11-25 00:23 - 00007517 ____A C:\Users\Chis\Desktop\hijackthis.log
2012-11-25 00:07 - 2012-11-25 00:07 - 00000000 ____D C:\Program Files (x86)\ESET
2012-11-25 00:06 - 2012-11-25 00:07 - 02322184 ____A (ESET) C:\Users\Chis\Downloads\esetsmartinstaller_deu(1).exe
2012-11-24 23:45 - 2012-11-24 23:45 - 00637588 ____A C:\Users\Chis\Desktop\dds.pcapng
2012-11-24 23:45 - 2012-11-24 23:45 - 00000000 ____D C:\Users\Chis\AppData\Roaming\Wireshark
2012-11-24 23:43 - 2012-11-24 23:43 - 00000000 ____D C:\Program Files (x86)\WinPcap
2012-11-24 23:41 - 2012-11-24 23:43 - 00000000 ____D C:\Program Files\Wireshark
2012-11-24 23:40 - 2012-11-24 23:40 - 00002255 ____A C:\Users\Chis\Desktop\RKreport[12]_S_11242012_02d2340.txt
2012-11-24 23:39 - 2012-11-24 23:40 - 01149932 ____A C:\Users\Chis\Downloads\Process1523Explorer.zip
2012-11-24 23:27 - 2012-07-27 03:50 - 00000304 ____A C:\Users\Chis\Downloads\Utilman-System entfernen.reg
2012-11-24 23:27 - 2012-07-27 03:49 - 00000392 ____A C:\Users\Chis\Downloads\Utilman-System.reg
2012-11-24 23:25 - 2012-11-24 23:25 - 00002133 ____A C:\Users\Chis\Desktop\RKreport[11]_S_11242012_02d2325.txt
2012-11-24 23:23 - 2012-11-24 23:24 - 26633976 ____A (Wireshark development team) C:\Users\Chis\Downloads\Wireshark-win64-1.8.3.exe
2012-11-24 23:20 - 2012-11-24 23:20 - 00000000 ____D C:\Program Files (x86)\7-Zip
2012-11-24 23:19 - 2012-11-24 23:19 - 01110476 ____A C:\Users\Chis\Downloads\7z920.exe
2012-11-24 23:19 - 2012-11-24 23:19 - 00000414 ____A C:\Users\Chis\Downloads\utilman-cmd-system.7z
2012-11-24 23:12 - 2012-11-24 23:12 - 00002093 ____A C:\Users\Chis\Desktop\RKreport[10]_S_11242012_02d2312.txt
2012-11-24 23:12 - 2012-11-24 23:12 - 00002054 ____A C:\Users\Chis\Desktop\RKreport[9]_S_11242012_02d2312.txt
2012-11-24 23:00 - 2012-11-24 23:00 - 00002017 ____A C:\Users\Chis\Desktop\RKreport[8]_S_11242012_02d2300.txt
2012-11-24 22:58 - 2012-11-24 22:58 - 00001222 ____A C:\Users\Chis\Desktop\RKreport[7]_DN_11242012_02d2258.txt
2012-11-24 22:57 - 2012-11-24 22:57 - 00002193 ____A C:\Users\Chis\Desktop\RKreport[5]_S_11242012_02d2257.txt
2012-11-24 22:57 - 2012-11-24 22:57 - 00001373 ____A C:\Users\Chis\Desktop\RKreport[6]_H_11242012_02d2257.txt
2012-11-24 21:57 - 2012-11-24 21:57 - 00001164 ____A C:\Users\Chis\Desktop\RKreport[4]_DN_11242012_02d2157.txt
2012-11-24 21:56 - 2012-11-24 21:56 - 00001301 ____A C:\Users\Chis\Desktop\RKreport[3]_H_11242012_02d2156.txt
2012-11-24 21:55 - 2012-11-24 21:55 - 00002485 ____A C:\Users\Chis\Desktop\RKreport[2]_D_11242012_02d2155.txt
2012-11-24 21:49 - 2012-11-24 21:49 - 00002377 ____A C:\Users\Chis\Desktop\RKreport[1]_S_11242012_02d2149.txt
2012-11-24 21:48 - 2012-11-27 11:01 - 00000000 ____D C:\Users\Chis\Desktop\RK_Quarantine
2012-11-24 21:46 - 2012-11-24 21:47 - 00752128 ____A C:\Users\Chis\Downloads\RogueKiller.exe
2012-11-24 21:39 - 2012-11-24 21:39 - 00000000 ____D C:\Users\Chis\AppData\Local\Aeria Games
2012-11-24 21:38 - 2012-11-24 21:38 - 00000000 ____D C:\Users\All Users\Aeria Games
2012-11-24 21:22 - 2012-11-24 21:22 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2012-11-24 21:22 - 2012-11-24 21:22 - 00000000 ____D C:\Users\Chis\AppData\Roaming\Aeria Games & Entertainment
2012-11-24 21:22 - 2012-11-24 21:22 - 00000000 ____D C:\Program Files (x86)\Aeria Games
2012-11-24 21:10 - 2012-11-24 21:10 - 00475232 ____A (Aeria Games & Entertainment) C:\Users\Chis\Downloads\lastchaos_us_downloader.exe
2012-11-24 21:10 - 2012-11-24 21:10 - 00000000 ____D C:\Users\Chis\AppData\Local\Akamai
2012-11-24 20:55 - 2012-11-24 20:55 - 02322184 ____A (ESET) C:\Users\Chis\Downloads\esetsmartinstaller_deu.exe
2012-11-24 18:20 - 2012-11-24 18:20 - 00001618 ____A C:\Users\Chis\Desktop\startup.txt
2012-11-24 17:08 - 2012-11-24 17:08 - 00000000 ____D C:\Users\Chis\AppData\Roaming\SUPERAntiSpyware.com
2012-11-24 17:06 - 2012-11-24 17:08 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-11-24 17:06 - 2012-11-24 17:06 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-11-24 17:06 - 2012-11-24 17:06 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-11-24 17:05 - 2012-11-24 17:05 - 21139592 ____A (SUPERAntiSpyware.com) C:\Users\Chis\Downloads\SUPERAntiSpyware1012.exe
2012-11-24 17:02 - 2012-11-24 21:45 - 00007502 ____A C:\Users\Chis\Downloads\hijackthis.log
2012-11-24 17:01 - 2012-11-24 17:01 - 00388608 ____A (Trend Micro Inc.) C:\Users\Chis\Downloads\HiJackThis204.exe
2012-11-24 15:53 - 2012-11-24 15:53 - 00001147 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-11-24 15:53 - 2012-11-24 15:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-11-24 15:53 - 2012-11-24 15:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-11-24 14:24 - 2012-11-24 14:24 - 00000000 ____D C:\Users\Chis\Pc SAFE
2012-11-24 14:14 - 2012-11-24 14:14 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.txt
2012-11-23 17:38 - 2012-11-23 17:38 - 923795456 ____A C:\Users\Chis\Desktop\linuxmint-14-cinnamon-dvd-64bit.iso
2012-11-17 18:19 - 2012-11-27 08:17 - 00000000 ____D C:\Users\Chis\Desktop\Imbiss_Bronko-Fettsack_4_Life-DE-2012-VOiCE
2012-11-17 18:19 - 2012-11-17 18:19 - 00000000 ____D C:\Users\Chis\Desktop\BonezMC
2012-11-04 11:25 - 2012-11-17 17:41 - 00000000 ____D C:\Users\Chis\Documents\StarCraft II
2012-11-04 11:25 - 2012-11-17 17:41 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2012-11-04 11:25 - 2012-11-04 11:25 - 00001148 ____A C:\Users\Public\Desktop\StarCraft II.lnk
2012-11-04 11:25 - 2012-11-04 11:25 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-11-04 11:24 - 2012-11-04 11:24 - 00000000 ____D C:\Users\All Users\Battle.net
2012-11-04 11:21 - 2012-11-04 16:08 - 00000000 ____D C:\Users\Chis\AppData\Roaming\wargaming.net
2012-11-04 11:20 - 2012-11-04 11:20 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-11-04 11:20 - 2012-11-04 11:20 - 00000000 ____D C:\Games


==================== One Month Modified Files and Folders =======

2012-11-27 11:39 - 2012-11-27 11:39 - 00000000 ____D C:\FRST
2012-11-27 11:32 - 2012-11-26 09:29 - 00000672 ____A C:\Windows\setupact.log
2012-11-27 11:32 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-27 11:23 - 2012-08-10 12:52 - 01406321 ____A C:\Windows\WindowsUpdate.log
2012-11-27 11:20 - 2012-11-27 11:20 - 01461039 ____A (Farbar) C:\Users\Chis\Downloads\FRST64.exe
2012-11-27 11:19 - 2012-11-27 11:18 - 00003262 ____A C:\Users\Chis\Desktop\SystemLook.txt
2012-11-27 11:17 - 2012-11-27 11:17 - 00165376 ____A C:\Users\Chis\Desktop\SystemLook_x64.exe
2012-11-27 11:10 - 2012-07-03 14:19 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-27 11:01 - 2012-11-27 11:01 - 00002819 ____A C:\Users\Chis\Desktop\RKreport[17]_S_11272012_02d1101.txt
2012-11-27 11:01 - 2012-11-27 11:01 - 00001906 ____A C:\Users\Chis\Desktop\RKreport[16]_H_11272012_02d1101.txt
2012-11-27 11:01 - 2012-11-24 21:48 - 00000000 ____D C:\Users\Chis\Desktop\RK_Quarantine
2012-11-27 10:35 - 2009-07-14 05:45 - 00013216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-27 10:35 - 2009-07-14 05:45 - 00013216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-27 10:26 - 2012-11-27 10:26 - 00001504 ____A C:\Users\Chis\Desktop\beitrag.txt
2012-11-27 10:22 - 2012-11-27 10:22 - 00000194 ____A C:\Users\Chis\Desktop\hosts-perm.bat
2012-11-27 09:58 - 2012-11-26 16:43 - 00060852 ____A C:\Users\Chis\Desktop\OTL.Txt
2012-11-27 09:52 - 2012-11-27 09:52 - 00000888 ____A C:\Users\Chis\Desktop\11272012_094948.log
2012-11-27 09:50 - 2012-11-26 19:59 - 00002428 ____A C:\Windows\PFRO.log
2012-11-27 09:27 - 2012-11-27 09:27 - 00012482 ____A C:\ComboFix.txt
2012-11-27 09:27 - 2012-11-26 15:04 - 00000000 ____D C:\Qoobox
2012-11-27 09:26 - 2009-07-14 03:34 - 00000215 ____A C:\Windows\system.ini
2012-11-27 09:18 - 2012-11-27 09:17 - 05007135 ____R (Swearware) C:\Users\Chis\Desktop\ComboFix.exe
2012-11-27 08:27 - 2012-11-27 08:21 - 1234456012 ____A C:\Users\Chis\Desktop\TeritoriaEP2FullClient.rar
2012-11-27 08:17 - 2012-11-17 18:19 - 00000000 ____D C:\Users\Chis\Desktop\Imbiss_Bronko-Fettsack_4_Life-DE-2012-VOiCE
2012-11-26 20:40 - 2012-11-26 20:40 - 00065592 ____A C:\Users\Chis\Downloads\memtest86+-4.20.exe.zip
2012-11-26 20:08 - 2012-07-05 21:19 - 00000000 ____D C:\Program Files (x86)\Steam
2012-11-26 20:07 - 2012-11-26 20:06 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-26 20:06 - 2012-07-03 14:19 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-26 20:06 - 2012-07-03 14:19 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-26 20:02 - 2012-11-26 20:02 - 00998456 ____A (Solid State Networks) C:\Users\Chis\Downloads\install_flashplayer11x32_mssd_aih(1).exe
2012-11-26 20:02 - 2012-11-26 20:02 - 00003420 ____A C:\Users\Chis\Desktop\11262012_195807.log
2012-11-26 19:58 - 2012-11-26 19:58 - 00000000 ____D C:\_OTL
2012-11-26 19:52 - 2012-11-26 19:52 - 00005142 ____A C:\Users\Chis\Desktop\JRT.txt
2012-11-26 19:46 - 2012-11-26 19:46 - 00000000 ____D C:\Windows\ERUNT
2012-11-26 19:45 - 2012-11-26 19:45 - 00909379 ____A C:\Users\Chis\Desktop\JRT.exe
2012-11-26 19:45 - 2012-11-26 19:45 - 00000000 ____D C:\JRT
2012-11-26 19:44 - 2012-11-26 19:44 - 00001147 ____A C:\AdwCleaner[R3].txt
2012-11-26 17:46 - 2012-07-08 23:32 - 00000000 ____D C:\Users\Chis\AppData\Roaming\TS3Client
2012-11-26 15:12 - 2009-07-14 04:20 - 00000000 __RHD C:\users\Default
2012-11-26 15:11 - 2012-11-26 15:04 - 00000000 ____D C:\Windows\erdnt
2012-11-26 15:04 - 2012-11-26 15:03 - 05006963 ____R (Swearware) C:\Users\Chis\Downloads\ComboFix.exe
2012-11-26 13:22 - 2012-11-26 13:22 - 00685454 ____A C:\Users\Chis\Downloads\win98boot.zip
2012-11-26 13:00 - 2012-11-26 13:00 - 00000000 ____A C:\Users\Chis\Desktop\passbilder....txt
2012-11-26 09:31 - 2012-11-26 09:31 - 00000000 ____D C:\Windows\pss
2012-11-26 09:29 - 2012-11-26 09:29 - 00000000 ____A C:\Windows\setuperr.log
2012-11-26 09:26 - 2012-11-26 09:26 - 00001886 ____A C:\Users\Chis\Desktop\aswMBR.txt
2012-11-26 09:26 - 2012-11-26 09:26 - 00000512 ____A C:\Users\Chis\Desktop\MBR.dat
2012-11-25 17:32 - 2012-11-25 17:32 - 00098304 ____A (Hewlett-Packard Company) C:\Users\Chis\Downloads\HPUSBFW_v2.2.3(1).exe
2012-11-25 17:31 - 2012-11-25 17:31 - 00098304 ____A (Hewlett-Packard Company) C:\Users\Chis\Downloads\HPUSBFW_v2.2.3.exe
2012-11-25 17:13 - 2012-11-25 17:12 - 04732416 ____A (AVAST Software) C:\Users\Chis\Downloads\aswMBR.exe
2012-11-25 17:12 - 2012-11-25 17:11 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Chis\Downloads\tdsskiller.exe
2012-11-25 13:30 - 2009-07-14 18:58 - 00698926 ____A C:\Windows\System32\perfh007.dat
2012-11-25 13:30 - 2009-07-14 18:58 - 00149034 ____A C:\Windows\System32\perfc007.dat
2012-11-25 13:30 - 2009-07-14 06:13 - 01618320 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-25 11:59 - 2012-11-25 11:59 - 00000000 ____D C:\Users\Chis\Downloads\mbar-1.01.0.1009
2012-11-25 11:59 - 2012-11-25 11:58 - 12961620 ____A C:\Users\Chis\Downloads\mbar-1.01.0.1009.zip
2012-11-25 11:49 - 2012-11-25 11:49 - 00046566 ____A C:\Users\Chis\Downloads\Extras.Txt
2012-11-25 11:48 - 2012-11-25 11:48 - 00068978 ____A C:\Users\Chis\Downloads\OTL.Txt
2012-11-25 11:42 - 2012-11-25 11:42 - 00602112 ____A (OldTimer Tools) C:\Users\Chis\Desktop\OTL.exe
2012-11-25 11:02 - 2012-11-25 11:02 - 01009763 ____A C:\Users\Chis\Downloads\gm692.zip
2012-11-25 02:05 - 2012-07-04 19:09 - 00000000 ____D C:\Users\Chis\AppData\Roaming\Skype
2012-11-25 01:18 - 2012-11-25 01:18 - 00002814 ____A C:\Users\Chis\Desktop\RKreport[15]_S_11252012_02d0118.txt
2012-11-25 01:08 - 2012-11-25 01:08 - 00001088 ____A C:\AdwCleaner[R2].txt
2012-11-25 01:06 - 2012-11-26 19:43 - 00480125 ____A C:\Users\Chis\Desktop\adwcleaner.exe
2012-11-25 01:06 - 2012-11-25 01:06 - 00480125 ____A C:\Users\Chis\Downloads\adwcleaner.exe
2012-11-25 01:06 - 2012-11-25 01:06 - 00480125 ____A C:\Users\Chis\Downloads\adwcleaner(1).exe
2012-11-25 01:06 - 2012-11-25 01:06 - 00001027 ____A C:\AdwCleaner[R1].txt
2012-11-25 01:01 - 2012-11-25 01:01 - 00000154 ____A C:\Users\Chis\Desktop\es.txt
2012-11-25 00:49 - 2012-11-25 00:49 - 00002776 ____A C:\Users\Chis\Desktop\RKreport[14]_S_11252012_02d0049.txt
2012-11-25 00:42 - 2012-11-25 00:42 - 00002738 ____A C:\Users\Chis\Desktop\RKreport[13]_S_11252012_02d0042.txt
2012-11-25 00:40 - 2012-11-25 00:40 - 00002120 ____A C:\scu.dat
2012-11-25 00:23 - 2012-11-25 00:23 - 00007517 ____A C:\Users\Chis\Desktop\hijackthis.log
2012-11-25 00:07 - 2012-11-25 00:07 - 00000000 ____D C:\Program Files (x86)\ESET
2012-11-25 00:07 - 2012-11-25 00:06 - 02322184 ____A (ESET) C:\Users\Chis\Downloads\esetsmartinstaller_deu(1).exe
2012-11-24 23:45 - 2012-11-24 23:45 - 00637588 ____A C:\Users\Chis\Desktop\dds.pcapng
2012-11-24 23:45 - 2012-11-24 23:45 - 00000000 ____D C:\Users\Chis\AppData\Roaming\Wireshark
2012-11-24 23:43 - 2012-11-24 23:43 - 00000000 ____D C:\Program Files (x86)\WinPcap
2012-11-24 23:43 - 2012-11-24 23:41 - 00000000 ____D C:\Program Files\Wireshark
2012-11-24 23:40 - 2012-11-24 23:40 - 00002255 ____A C:\Users\Chis\Desktop\RKreport[12]_S_11242012_02d2340.txt
2012-11-24 23:40 - 2012-11-24 23:39 - 01149932 ____A C:\Users\Chis\Downloads\Process1523Explorer.zip
2012-11-24 23:25 - 2012-11-24 23:25 - 00002133 ____A C:\Users\Chis\Desktop\RKreport[11]_S_11242012_02d2325.txt
2012-11-24 23:24 - 2012-11-24 23:23 - 26633976 ____A (Wireshark development team) C:\Users\Chis\Downloads\Wireshark-win64-1.8.3.exe
2012-11-24 23:20 - 2012-11-24 23:20 - 00000000 ____D C:\Program Files (x86)\7-Zip
2012-11-24 23:19 - 2012-11-24 23:19 - 01110476 ____A C:\Users\Chis\Downloads\7z920.exe
2012-11-24 23:19 - 2012-11-24 23:19 - 00000414 ____A C:\Users\Chis\Downloads\utilman-cmd-system.7z
2012-11-24 23:12 - 2012-11-24 23:12 - 00002093 ____A C:\Users\Chis\Desktop\RKreport[10]_S_11242012_02d2312.txt
2012-11-24 23:12 - 2012-11-24 23:12 - 00002054 ____A C:\Users\Chis\Desktop\RKreport[9]_S_11242012_02d2312.txt
2012-11-24 23:00 - 2012-11-24 23:00 - 00002017 ____A C:\Users\Chis\Desktop\RKreport[8]_S_11242012_02d2300.txt
2012-11-24 22:58 - 2012-11-24 22:58 - 00001222 ____A C:\Users\Chis\Desktop\RKreport[7]_DN_11242012_02d2258.txt
2012-11-24 22:57 - 2012-11-24 22:57 - 00002193 ____A C:\Users\Chis\Desktop\RKreport[5]_S_11242012_02d2257.txt
2012-11-24 22:57 - 2012-11-24 22:57 - 00001373 ____A C:\Users\Chis\Desktop\RKreport[6]_H_11242012_02d2257.txt
2012-11-24 21:57 - 2012-11-24 21:57 - 00001164 ____A C:\Users\Chis\Desktop\RKreport[4]_DN_11242012_02d2157.txt
2012-11-24 21:56 - 2012-11-24 21:56 - 00001301 ____A C:\Users\Chis\Desktop\RKreport[3]_H_11242012_02d2156.txt
2012-11-24 21:55 - 2012-11-24 21:55 - 00002485 ____A C:\Users\Chis\Desktop\RKreport[2]_D_11242012_02d2155.txt
2012-11-24 21:49 - 2012-11-24 21:49 - 00002377 ____A C:\Users\Chis\Desktop\RKreport[1]_S_11242012_02d2149.txt
2012-11-24 21:47 - 2012-11-24 21:46 - 00752128 ____A C:\Users\Chis\Downloads\RogueKiller.exe
2012-11-24 21:45 - 2012-11-24 17:02 - 00007502 ____A C:\Users\Chis\Downloads\hijackthis.log
2012-11-24 21:39 - 2012-11-24 21:39 - 00000000 ____D C:\Users\Chis\AppData\Local\Aeria Games
2012-11-24 21:38 - 2012-11-24 21:38 - 00000000 ____D C:\Users\All Users\Aeria Games
2012-11-24 21:22 - 2012-11-24 21:22 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2012-11-24 21:22 - 2012-11-24 21:22 - 00000000 ____D C:\Users\Chis\AppData\Roaming\Aeria Games & Entertainment
2012-11-24 21:22 - 2012-11-24 21:22 - 00000000 ____D C:\Program Files (x86)\Aeria Games
2012-11-24 21:10 - 2012-11-24 21:10 - 00475232 ____A (Aeria Games & Entertainment) C:\Users\Chis\Downloads\lastchaos_us_downloader.exe
2012-11-24 21:10 - 2012-11-24 21:10 - 00000000 ____D C:\Users\Chis\AppData\Local\Akamai
2012-11-24 20:55 - 2012-11-24 20:55 - 02322184 ____A (ESET) C:\Users\Chis\Downloads\esetsmartinstaller_deu.exe
2012-11-24 18:20 - 2012-11-24 18:20 - 00001618 ____A C:\Users\Chis\Desktop\startup.txt
2012-11-24 17:08 - 2012-11-24 17:08 - 00000000 ____D C:\Users\Chis\AppData\Roaming\SUPERAntiSpyware.com
2012-11-24 17:08 - 2012-11-24 17:06 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-11-24 17:06 - 2012-11-24 17:06 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-11-24 17:06 - 2012-11-24 17:06 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-11-24 17:05 - 2012-11-24 17:05 - 21139592 ____A (SUPERAntiSpyware.com) C:\Users\Chis\Downloads\SUPERAntiSpyware1012.exe
2012-11-24 17:01 - 2012-11-24 17:01 - 00388608 ____A (Trend Micro Inc.) C:\Users\Chis\Downloads\HiJackThis204.exe
2012-11-24 17:01 - 2012-07-05 16:07 - 00000000 ____D C:\Users\Public\Darkest of Days
2012-11-24 17:01 - 2012-07-03 14:12 - 00000000 ____D C:\Users\Chis\AppData\Local\VirtualStore
2012-11-24 15:53 - 2012-11-24 15:53 - 00001147 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-11-24 15:53 - 2012-11-24 15:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-11-24 15:53 - 2012-11-24 15:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-11-24 14:24 - 2012-11-24 14:24 - 00000000 ____D C:\Users\Chis\Pc SAFE
2012-11-24 14:24 - 2012-07-03 14:12 - 00000000 ____D C:\users\Chis
2012-11-24 14:14 - 2012-11-24 14:14 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.txt
2012-11-23 22:36 - 2012-08-10 12:55 - 00000000 ____D C:\Users\Chis\AppData\Local\Google
2012-11-23 17:55 - 2012-10-06 14:24 - 00000000 ____D C:\Users\Chis\Desktop\Mugge
2012-11-23 17:55 - 2012-10-06 14:12 - 00000000 ____D C:\Users\Chis\Desktop\Mails
2012-11-23 17:55 - 2012-10-06 13:45 - 00000000 ____D C:\Users\Chis\Desktop\Bewerbungen Christian
2012-11-23 17:55 - 2012-02-15 15:42 - 00000000 ____D C:\Users\Chis\Desktop\bewerb
2012-11-23 17:38 - 2012-11-23 17:38 - 923795456 ____A C:\Users\Chis\Desktop\linuxmint-14-cinnamon-dvd-64bit.iso
2012-11-17 18:19 - 2012-11-17 18:19 - 00000000 ____D C:\Users\Chis\Desktop\BonezMC
2012-11-17 17:41 - 2012-11-04 11:25 - 00000000 ____D C:\Users\Chis\Documents\StarCraft II
2012-11-17 17:41 - 2012-11-04 11:25 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2012-11-08 16:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF
2012-11-04 16:08 - 2012-11-04 11:21 - 00000000 ____D C:\Users\Chis\AppData\Roaming\wargaming.net
2012-11-04 11:25 - 2012-11-04 11:25 - 00001148 ____A C:\Users\Public\Desktop\StarCraft II.lnk
2012-11-04 11:25 - 2012-11-04 11:25 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-11-04 11:24 - 2012-11-04 11:24 - 00000000 ____D C:\Users\All Users\Battle.net
2012-11-04 11:20 - 2012-11-04 11:20 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-11-04 11:20 - 2012-11-04 11:20 - 00000000 ____D C:\Games

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2012-11-23 18:50:26
Restore point made on: 2012-11-24 16:01:35
Restore point made on: 2012-11-24 16:18:22
Restore point made on: 2012-11-24 17:01:18
Restore point made on: 2012-11-26 15:05:12

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4092.96 MB
Available physical RAM: 3505.38 MB
Total Pagefile: 4091.11 MB
Available Pagefile: 3488.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:226.53 GB) (Free:148.05 GB) NTFS
3 Drive f: (GRMCHPFRER_DE_DVD) (CDROM) (Total:2.29 GB) (Free:0 GB) UDF
4 Drive g: (BOOT) (Removable) (Total:1.79 GB) (Free:1.79 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: () (Fixed) (Total:223 GB) (Free:222.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  Datentr„ger ###  Status        Gr”áe    Frei    Dyn  GPT
  ---------------  -------------  -------  -------  ---  ---
  Datentr„ger 0    Online          465 GB      0 B       
  Datentr„ger 1    Online        1840 MB      0 B       

Partitions of Disk 0:
===============

  Partition ###  Typ              Gr”áe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r              12 GB  1024 KB
  Partition 2    Prim„r            226 GB    12 GB
  Partition 3    Prim„r            223 GB  239 GB
  Partition 4    OEM              3620 MB  462 GB

==================================================================================

Disk: 0
Partition 1
Typ      : 06
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS    Typ        Gr”áe    Status    Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1    D                RAW    Partition    12 GB  Fehlerfre         

=========================================================

Disk: 0
Partition 2
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS    Typ        Gr”áe    Status    Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2    C                NTFS  Partition    226 GB  Fehlerfre         

=========================================================

Disk: 0
Partition 3
Typ      : 07
Versteckt: Nein
Aktiv    : Ja

  Volume ###  Bst  Bezeichnung  DS    Typ        Gr”áe    Status    Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3    Y                NTFS  Partition    223 GB  Fehlerfre         

=========================================================

Disk: 0
Partition 4
Typ      : 12
Versteckt: Ja
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS    Typ        Gr”áe    Status    Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5                      NTFS  Partition  3620 MB  Fehlerfre  Versteck

=========================================================

Disk: 0
Partition 4
Typ      : 12
Versteckt: Ja
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS    Typ        Gr”áe    Status    Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5                      NTFS  Partition  3620 MB  Fehlerfre  Versteck

=========================================================

Partitions of Disk 1:
===============

  Partition ###  Typ              Gr”áe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r            1839 MB    31 KB

==================================================================================

Disk: 1
Partition 1
Typ      : 0C
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS    Typ        Gr”áe    Status    Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4    G  BOOT        FAT32  Wechselmed  1839 MB  Fehlerfre         

=========================================================

Disk: 1
Partition 1
Typ      : 0C
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS    Typ        Gr”áe    Status    Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4    G  BOOT        FAT32  Wechselmed  1839 MB  Fehlerfre         

=========================================================

Last Boot: 2012-11-25 14:08

==================== End Of Log =============================

M-K-D-B 27.11.2012 12:29
Servus,




Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
2012-11-24 14:14 - 2012-11-24 14:14 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.txt
C:\Windows\SysNative\drivers\etc\hosts
C:\Windows\System32\drivers\etc\hosts
Folder: C:\Windows\System32\drivers\etc
Folder: C:\Windows\SysNative\drivers\etc
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

B29Korn 27.11.2012 12:46
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2012
Ran by SYSTEM at 2012-11-27 12:42:52 Run:1
Running from G:\

==============================================

C:\Windows\System32\Drivers\etc\hosts.txt moved successfully.
C:\Windows\SysNative\drivers\etc\hosts not found.
C:\Windows\System32\drivers\etc\hosts moved successfully.

========================= Folder: C:\Windows\System32\drivers\etc ========================

2009-07-14 03:35 - 2009-06-10 22:00 - 0003683 ____A () C:\Windows\System32\drivers\etc\lmhosts.sam
2009-07-14 03:34 - 2009-06-10 22:00 - 0000407 ____A () C:\Windows\System32\drivers\etc\networks
2009-07-14 03:34 - 2009-06-10 22:00 - 0001358 ____A () C:\Windows\System32\drivers\etc\protocol
2009-07-14 03:34 - 2009-06-10 22:00 - 0017463 ____A () C:\Windows\System32\drivers\etc\services

====== End of Folder: ======

========================= Folder: C:\Windows\SysNative\drivers\etc ========================

Directory Not Found

====== End of Folder: ======

==== End of Fixlog ====

M-K-D-B 27.11.2012 14:45
Servus,



Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.

B29Korn 27.11.2012 15:10
Code:
OTL logfile created on: 27.11.2012 15:03:53 - Run 5
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Chis\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 63,20% Memory free
7,99 Gb Paging File | 6,13 Gb Available in Paging File | 76,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226,53 Gb Total Space | 147,87 Gb Free Space | 65,28% Space Free | Partition Type: NTFS
Drive F: | 1,79 Gb Total Space | 1,79 Gb Free Space | 99,92% Space Free | Partition Type: FAT32
 
Computer Name: CHRIS | User Name: Chis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe (Adobe Systems, Inc.)
PRC - C:\Users\Chis\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (ALDITALKVerbindungsassistent_Service) -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (ewusbnet) -- C:\Windows\SysWOW64\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\SysWOW64\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 75 AA 3E 11 7A CC CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.24 15:53:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.07.03 14:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\Extensions
[2012.11.27 07:54:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\Firefox\Profiles\ha2ube1i.default\extensions
[2012.11.24 16:01:17 | 000,530,519 | ---- | M] () (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\firefox\profiles\ha2ube1i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.11.26 20:32:25 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\firefox\profiles\ha2ube1i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.24 15:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.20 07:17:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Chis\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
 
Hosts file not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05218312-76DA-4793-BBF9-3A306F064BE8}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8CD4DB1-850C-478E-8029-8CEC3557DAAC}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.27 11:39:23 | 000,000,000 | ---D | C] -- C:\FRST
[2012.11.27 09:51:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.27 09:26:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.27 09:17:44 | 005,007,135 | R--- | C] (Swearware) -- C:\Users\Chis\Desktop\ComboFix.exe
[2012.11.26 20:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.11.26 19:58:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.11.26 19:46:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012.11.26 19:45:37 | 000,000,000 | ---D | C] -- C:\JRT
[2012.11.26 15:04:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.26 15:04:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.26 15:04:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.26 15:04:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.26 15:04:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.26 09:31:09 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.11.25 11:42:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chis\Desktop\OTL.exe
[2012.11.25 00:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.11.24 23:45:25 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Wireshark
[2012.11.24 23:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012.11.24 23:43:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012.11.24 23:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2012.11.24 23:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.11.24 23:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.11.24 21:48:22 | 000,000,000 | ---D | C] -- C:\Users\Chis\Desktop\RK_Quarantine
[2012.11.24 21:39:44 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Local\Aeria Games
[2012.11.24 21:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2012.11.24 21:37:07 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012.11.24 21:22:47 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012.11.24 21:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012.11.24 21:22:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aeria Games
[2012.11.24 21:22:41 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Aeria Games & Entertainment
[2012.11.24 21:10:26 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Local\Akamai
[2012.11.24 17:08:41 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\SUPERAntiSpyware.com
[2012.11.24 17:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.11.24 17:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.11.24 17:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.11.24 15:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.11.24 15:53:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.11.24 14:24:16 | 000,000,000 | ---D | C] -- C:\Users\Chis\Pc SAFE
[2012.11.17 18:19:20 | 000,000,000 | ---D | C] -- C:\Users\Chis\Desktop\BonezMC
[2012.11.17 18:19:16 | 000,000,000 | ---D | C] -- C:\Users\Chis\Desktop\Imbiss_Bronko-Fettsack_4_Life-DE-2012-VOiCE
[2012.11.04 11:28:46 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\Users\Chis\Documents\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012.11.04 11:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.11.04 11:21:23 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\wargaming.net
[2012.11.04 11:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2012.11.04 11:20:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012.11.04 11:20:47 | 000,000,000 | ---D | C] -- C:\Games
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.27 14:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.27 12:51:59 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.27 12:51:59 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.27 12:44:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.27 12:44:41 | 3218,837,504 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.27 11:17:28 | 000,165,376 | ---- | M] () -- C:\Users\Chis\Desktop\SystemLook_x64.exe
[2012.11.27 10:22:29 | 000,000,194 | ---- | M] () -- C:\Users\Chis\Desktop\hosts-perm.bat
[2012.11.27 09:18:01 | 005,007,135 | R--- | M] (Swearware) -- C:\Users\Chis\Desktop\ComboFix.exe
[2012.11.27 08:27:00 | 1234,456,012 | ---- | M] () -- C:\Users\Chis\Desktop\TeritoriaEP2FullClient.rar
[2012.11.26 20:46:12 | 000,021,080 | ---- | M] () -- C:\Users\Chis\Desktop\rage.png
[2012.11.26 19:45:30 | 000,909,379 | ---- | M] () -- C:\Users\Chis\Desktop\JRT.exe
[2012.11.26 09:26:33 | 000,000,512 | ---- | M] () -- C:\Users\Chis\Desktop\MBR.dat
[2012.11.25 13:30:36 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.25 13:30:36 | 000,698,926 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.25 13:30:36 | 000,653,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.25 13:30:36 | 000,149,034 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.25 13:30:36 | 000,121,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.25 11:42:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chis\Desktop\OTL.exe
[2012.11.25 11:40:50 | 000,271,101 | ---- | M] () -- C:\Users\Chis\Desktop\IMG_0257.JPG
[2012.11.25 11:18:10 | 000,309,424 | ---- | M] () -- C:\Users\Chis\Desktop\IMG_0256.JPG
[2012.11.25 01:06:20 | 000,480,125 | ---- | M] () -- C:\Users\Chis\Desktop\adwcleaner.exe
[2012.11.25 00:40:18 | 001,120,018 | ---- | M] () -- C:\Users\Chis\Desktop\Unbenannt222.png
[2012.11.25 00:40:16 | 000,002,120 | ---- | M] () -- C:\scu.dat
[2012.11.24 23:45:25 | 000,637,588 | ---- | M] () -- C:\Users\Chis\Desktop\dds.pcapng
[2012.11.24 20:06:34 | 000,275,070 | ---- | M] () -- C:\Users\Chis\Desktop\IMG_0255.JPG
[2012.11.24 17:06:37 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.11.24 15:53:12 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.23 17:38:24 | 923,795,456 | ---- | M] () -- C:\Users\Chis\Desktop\linuxmint-14-cinnamon-dvd-64bit.iso
[2012.11.17 16:20:03 | 000,262,039 | ---- | M] () -- C:\Users\Chis\Desktop\ChristianWUHU.jpg
[2012.11.04 18:33:51 | 002,062,526 | ---- | M] () -- C:\Users\Chis\Desktop\Unbenannt.png
[2012.11.04 11:25:26 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
 
========== Files Created - No Company Name ==========
 
[2012.11.27 11:17:27 | 000,165,376 | ---- | C] () -- C:\Users\Chis\Desktop\SystemLook_x64.exe
[2012.11.27 10:22:29 | 000,000,194 | ---- | C] () -- C:\Users\Chis\Desktop\hosts-perm.bat
[2012.11.27 08:21:16 | 1234,456,012 | ---- | C] () -- C:\Users\Chis\Desktop\TeritoriaEP2FullClient.rar
[2012.11.26 20:46:12 | 000,021,080 | ---- | C] () -- C:\Users\Chis\Desktop\rage.png
[2012.11.26 19:45:26 | 000,909,379 | ---- | C] () -- C:\Users\Chis\Desktop\JRT.exe
[2012.11.26 19:43:50 | 000,480,125 | ---- | C] () -- C:\Users\Chis\Desktop\adwcleaner.exe
[2012.11.26 15:04:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.26 15:04:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.26 15:04:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.26 15:04:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.26 15:04:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.26 12:47:51 | 000,309,424 | ---- | C] () -- C:\Users\Chis\Desktop\IMG_0256.JPG
[2012.11.26 12:47:50 | 000,271,101 | ---- | C] () -- C:\Users\Chis\Desktop\IMG_0257.JPG
[2012.11.26 09:26:33 | 000,000,512 | ---- | C] () -- C:\Users\Chis\Desktop\MBR.dat
[2012.11.25 00:40:17 | 001,120,018 | ---- | C] () -- C:\Users\Chis\Desktop\Unbenannt222.png
[2012.11.25 00:40:16 | 000,002,120 | ---- | C] () -- C:\scu.dat
[2012.11.24 23:45:25 | 000,637,588 | ---- | C] () -- C:\Users\Chis\Desktop\dds.pcapng
[2012.11.24 23:42:18 | 000,001,541 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2012.11.24 20:08:05 | 000,275,070 | ---- | C] () -- C:\Users\Chis\Desktop\IMG_0255.JPG
[2012.11.24 17:06:37 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.11.24 15:53:12 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.24 15:53:11 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.23 17:38:50 | 923,795,456 | ---- | C] () -- C:\Users\Chis\Desktop\linuxmint-14-cinnamon-dvd-64bit.iso
[2012.11.17 16:19:58 | 000,262,039 | ---- | C] () -- C:\Users\Chis\Desktop\ChristianWUHU.jpg
[2012.11.04 18:33:51 | 002,062,526 | ---- | C] () -- C:\Users\Chis\Desktop\Unbenannt.png
[2012.11.04 11:25:22 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012.09.27 12:31:06 | 001,559,112 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.08 11:27:19 | 000,000,680 | RHS- | C] () -- C:\Users\Chis\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009.07.14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.10 07:28:26 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\.minecraft
[2012.11.24 21:22:41 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\Aeria Games & Entertainment
[2012.07.13 08:56:51 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\ALDITALKVerbindungsassistent
[2012.08.21 10:54:50 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\LolClient
[2012.09.10 12:11:50 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\OpenOffice.org
[2012.07.05 16:18:48 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\ProtectDisc
[2012.11.26 17:46:03 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\TS3Client
[2012.11.04 16:08:42 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\wargaming.net
[2012.11.24 23:45:25 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\Wireshark
 
========== Purity Check ==========
 
 

< End of report >

M-K-D-B 27.11.2012 17:47
Servus,


so, jetzt legen wir eine neue hosts Datei an:




Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:Commands
[resethosts]
[reboot]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread






Schritt 2
Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.





Bekommst du immer noch unerwünschte Werbung?
Wenn ja, in welchem Browser?





Bitte poste mit deiner nächsten Antwort
  • die Logdatei des OTL-Fix,
  • die Logdatei des neuen OTL-Scans,
  • die Beantwortung der gestellten Fragen.

B29Korn 29.11.2012 17:38
Hey, nein ich bekomme keine Werbeeinblendungen mehr! Vielen Dank schonmal!!

Log
Code:
========== COMMANDS ==========
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 11292012_172926
und vom Scan

Code:
OTL logfile created on: 29.11.2012 17:32:23 - Run 6
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Chis\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,91 Gb Available Physical Memory | 72,78% Memory free
7,99 Gb Paging File | 6,66 Gb Available in Paging File | 83,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226,53 Gb Total Space | 147,53 Gb Free Space | 65,13% Space Free | Partition Type: NTFS
Drive F: | 1,79 Gb Total Space | 1,79 Gb Free Space | 99,92% Space Free | Partition Type: FAT32
 
Computer Name: CHRIS | User Name: Chis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Chis\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
PRC - C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (ALDITALKVerbindungsassistent_Service) -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (ewusbnet) -- C:\Windows\SysWOW64\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\SysWOW64\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 75 AA 3E 11 7A CC CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.24 15:53:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.07.03 14:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\Extensions
[2012.11.27 07:54:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\Firefox\Profiles\ha2ube1i.default\extensions
[2012.11.24 16:01:17 | 000,530,519 | ---- | M] () (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\firefox\profiles\ha2ube1i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.11.26 20:32:25 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\firefox\profiles\ha2ube1i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.24 15:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.20 07:17:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Chis\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
 
O1 HOSTS File: ([2012.11.29 17:29:26 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05218312-76DA-4793-BBF9-3A306F064BE8}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8CD4DB1-850C-478E-8029-8CEC3557DAAC}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.27 11:39:23 | 000,000,000 | ---D | C] -- C:\FRST
[2012.11.27 09:51:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.27 09:26:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.27 09:17:44 | 005,007,135 | R--- | C] (Swearware) -- C:\Users\Chis\Desktop\ComboFix.exe
[2012.11.26 20:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.11.26 19:58:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.11.26 19:46:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012.11.26 19:45:37 | 000,000,000 | ---D | C] -- C:\JRT
[2012.11.26 15:04:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.26 15:04:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.26 15:04:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.26 15:04:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.26 15:04:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.26 09:31:09 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.11.25 11:42:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chis\Desktop\OTL.exe
[2012.11.25 00:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.11.24 23:45:25 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Wireshark
[2012.11.24 23:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012.11.24 23:43:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012.11.24 23:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2012.11.24 23:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.11.24 23:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.11.24 21:48:22 | 000,000,000 | ---D | C] -- C:\Users\Chis\Desktop\RK_Quarantine
[2012.11.24 21:39:44 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Local\Aeria Games
[2012.11.24 21:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2012.11.24 21:37:07 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012.11.24 21:22:47 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012.11.24 21:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012.11.24 21:22:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aeria Games
[2012.11.24 21:22:41 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Aeria Games & Entertainment
[2012.11.24 21:10:26 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Local\Akamai
[2012.11.24 17:08:41 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\SUPERAntiSpyware.com
[2012.11.24 17:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.11.24 17:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.11.24 17:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.11.24 15:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.11.24 15:53:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.11.24 14:24:16 | 000,000,000 | ---D | C] -- C:\Users\Chis\Pc SAFE
[2012.11.17 18:19:20 | 000,000,000 | ---D | C] -- C:\Users\Chis\Desktop\BonezMC
[2012.11.17 18:19:16 | 000,000,000 | ---D | C] -- C:\Users\Chis\Desktop\Imbiss_Bronko-Fettsack_4_Life-DE-2012-VOiCE
[2012.11.04 11:28:46 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\Users\Chis\Documents\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012.11.04 11:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.11.04 11:21:23 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\wargaming.net
[2012.11.04 11:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2012.11.04 11:20:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012.11.04 11:20:47 | 000,000,000 | ---D | C] -- C:\Games
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.29 17:30:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.29 17:30:18 | 3218,837,504 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.29 17:29:36 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.29 17:29:36 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.29 17:29:26 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012.11.29 12:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.27 11:17:28 | 000,165,376 | ---- | M] () -- C:\Users\Chis\Desktop\SystemLook_x64.exe
[2012.11.27 10:22:29 | 000,000,194 | ---- | M] () -- C:\Users\Chis\Desktop\hosts-perm.bat
[2012.11.27 09:18:01 | 005,007,135 | R--- | M] (Swearware) -- C:\Users\Chis\Desktop\ComboFix.exe
[2012.11.27 08:27:00 | 1234,456,012 | ---- | M] () -- C:\Users\Chis\Desktop\TeritoriaEP2FullClient.rar
[2012.11.26 20:46:12 | 000,021,080 | ---- | M] () -- C:\Users\Chis\Desktop\rage.png
[2012.11.26 19:45:30 | 000,909,379 | ---- | M] () -- C:\Users\Chis\Desktop\JRT.exe
[2012.11.26 09:26:33 | 000,000,512 | ---- | M] () -- C:\Users\Chis\Desktop\MBR.dat
[2012.11.25 13:30:36 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.25 13:30:36 | 000,698,926 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.25 13:30:36 | 000,653,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.25 13:30:36 | 000,149,034 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.25 13:30:36 | 000,121,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.25 11:42:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chis\Desktop\OTL.exe
[2012.11.25 11:40:50 | 000,271,101 | ---- | M] () -- C:\Users\Chis\Desktop\IMG_0257.JPG
[2012.11.25 11:18:10 | 000,309,424 | ---- | M] () -- C:\Users\Chis\Desktop\IMG_0256.JPG
[2012.11.25 01:06:20 | 000,480,125 | ---- | M] () -- C:\Users\Chis\Desktop\adwcleaner.exe
[2012.11.25 00:40:18 | 001,120,018 | ---- | M] () -- C:\Users\Chis\Desktop\Unbenannt222.png
[2012.11.25 00:40:16 | 000,002,120 | ---- | M] () -- C:\scu.dat
[2012.11.24 23:45:25 | 000,637,588 | ---- | M] () -- C:\Users\Chis\Desktop\dds.pcapng
[2012.11.24 20:06:34 | 000,275,070 | ---- | M] () -- C:\Users\Chis\Desktop\IMG_0255.JPG
[2012.11.24 17:06:37 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.11.24 15:53:12 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.23 17:38:24 | 923,795,456 | ---- | M] () -- C:\Users\Chis\Desktop\linuxmint-14-cinnamon-dvd-64bit.iso
[2012.11.17 16:20:03 | 000,262,039 | ---- | M] () -- C:\Users\Chis\Desktop\ChristianWUHU.jpg
[2012.11.04 18:33:51 | 002,062,526 | ---- | M] () -- C:\Users\Chis\Desktop\Unbenannt.png
[2012.11.04 11:25:26 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
 
========== Files Created - No Company Name ==========
 
[2012.11.27 11:17:27 | 000,165,376 | ---- | C] () -- C:\Users\Chis\Desktop\SystemLook_x64.exe
[2012.11.27 10:22:29 | 000,000,194 | ---- | C] () -- C:\Users\Chis\Desktop\hosts-perm.bat
[2012.11.27 08:21:16 | 1234,456,012 | ---- | C] () -- C:\Users\Chis\Desktop\TeritoriaEP2FullClient.rar
[2012.11.26 20:46:12 | 000,021,080 | ---- | C] () -- C:\Users\Chis\Desktop\rage.png
[2012.11.26 19:45:26 | 000,909,379 | ---- | C] () -- C:\Users\Chis\Desktop\JRT.exe
[2012.11.26 19:43:50 | 000,480,125 | ---- | C] () -- C:\Users\Chis\Desktop\adwcleaner.exe
[2012.11.26 15:04:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.26 15:04:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.26 15:04:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.26 15:04:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.26 15:04:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.26 12:47:51 | 000,309,424 | ---- | C] () -- C:\Users\Chis\Desktop\IMG_0256.JPG
[2012.11.26 12:47:50 | 000,271,101 | ---- | C] () -- C:\Users\Chis\Desktop\IMG_0257.JPG
[2012.11.26 09:26:33 | 000,000,512 | ---- | C] () -- C:\Users\Chis\Desktop\MBR.dat
[2012.11.25 00:40:17 | 001,120,018 | ---- | C] () -- C:\Users\Chis\Desktop\Unbenannt222.png
[2012.11.25 00:40:16 | 000,002,120 | ---- | C] () -- C:\scu.dat
[2012.11.24 23:45:25 | 000,637,588 | ---- | C] () -- C:\Users\Chis\Desktop\dds.pcapng
[2012.11.24 23:42:18 | 000,001,541 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2012.11.24 20:08:05 | 000,275,070 | ---- | C] () -- C:\Users\Chis\Desktop\IMG_0255.JPG
[2012.11.24 17:06:37 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.11.24 15:53:12 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.24 15:53:11 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.23 17:38:50 | 923,795,456 | ---- | C] () -- C:\Users\Chis\Desktop\linuxmint-14-cinnamon-dvd-64bit.iso
[2012.11.17 16:19:58 | 000,262,039 | ---- | C] () -- C:\Users\Chis\Desktop\ChristianWUHU.jpg
[2012.11.04 18:33:51 | 002,062,526 | ---- | C] () -- C:\Users\Chis\Desktop\Unbenannt.png
[2012.11.04 11:25:22 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012.09.27 12:31:06 | 001,559,112 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.08 11:27:19 | 000,000,680 | RHS- | C] () -- C:\Users\Chis\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009.07.14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.10 07:28:26 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\.minecraft
[2012.11.24 21:22:41 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\Aeria Games & Entertainment
[2012.07.13 08:56:51 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\ALDITALKVerbindungsassistent
[2012.08.21 10:54:50 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\LolClient
[2012.09.10 12:11:50 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\OpenOffice.org
[2012.07.05 16:18:48 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\ProtectDisc
[2012.11.26 17:46:03 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\TS3Client
[2012.11.04 16:08:42 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\wargaming.net
[2012.11.24 23:45:25 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\Wireshark
 
========== Purity Check ==========
 
 

< End of report >

M-K-D-B 29.11.2012 19:04
Servus,





Schritt 1
  • Starte Malwarebytes' Anti-Malware, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.





Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

M-K-D-B 04.12.2012 16:34
Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:17 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55