http://ad-emea.doubleclick.net
 

Ich habe mir einen hxxp://ad-emea.doubleclick.net Virus eingefangen.
Wenn ich auf manchen Seiten einen Button klicke lande ich auf einer leeren Seite, auf der oben als URL die hxxp://ad-emea.doubleclick.net..... Adresse steht.
Scan mit Kaspersky hat kein ergebnis gebracht.

Anti-Malware bytes habe ich laufen lassen, das Programm hat nix gefunden

Den Scan mit OTL habe ich nach Anweisung bereits gemacht, ich erhalte allerdings nur eine Text Datei als Ergebniss.

Diese hier:

OTL logfile created on: 01.02.2013 06:30:10 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Programme
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,87 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 47,69% Memory free
3,75 Gb Paging File | 2,42 Gb Available in Paging File | 64,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 38,33 Gb Total Space | 6,57 Gb Free Space | 17,15% Space Free | Partition Type: NTFS
Drive D: | 298,08 Gb Total Space | 278,39 Gb Free Space | 93,39% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - D:\Programme\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.)
PRC - C:\Users\alex\AppData\Local\Apps\2.0\QGLWZ525.0NG\0KNX6YNZ.QP7\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe (AVM Berlin)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe (Kaspersky Lab ZAO)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\af7e2da8fcdb0d788cea0638e157c54b\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\60674dde4b56087c189f576f36f6720f\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()


========== Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (avmaura) -- C:\Windows\System32\drivers\avmaura.sys (AVM Berlin)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kltdi) -- C:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klkbdflt) -- C:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab)
DRV - (kneps) -- C:\Windows\System32\drivers\kneps.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1782905466-269194785-2140451480-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\S-1-5-21-1782905466-269194785-2140451480-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1782905466-269194785-2140451480-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1782905466-269194785-2140451480-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 2C E6 81 46 0F CD 01 [binary data]
IE - HKU\S-1-5-21-1782905466-269194785-2140451480-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1782905466-269194785-2140451480-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de"
FF - prefs.js..extensions.enabledAddons: fb_add_on%40avm.de:1.6.3
FF - prefs.js..extensions.enabledAddons: url_advisor%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.20 18:42:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.20 18:42:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.20 18:42:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.20 18:42:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.20 18:42:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.19 10:20:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.19 10:20:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.10 06:18:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.19 10:20:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.19 10:20:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.10 06:18:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2012.03.31 15:01:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\Extensions
[2012.10.23 05:20:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\Firefox\Profiles\nnmi76dk.default\extensions
[2012.05.14 20:41:17 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\alex\AppData\Roaming\mozilla\Firefox\Profiles\nnmi76dk.default\extensions\fb_add_on@avm.de
[2013.01.19 10:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.01.19 10:20:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2013.01.19 10:20:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.01.19 10:20:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.12.20 18:42:56 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2012.12.20 18:42:56 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\URL_ADVISOR@KASPERSKY.COM
[2013.01.19 10:20:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.01.19 10:20:47 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - Extension: YouTube = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Google Mail = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKU\S-1-5-21-1782905466-269194785-2140451480-1001..\Run: [AVMUSBFernanschluss] C:\Users\alex\AppData\Local\Apps\2.0\QGLWZ525.0NG\0KNX6YNZ.QP7\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe (AVM Berlin)
O4 - Startup: C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F588668D-742D-4606-A512-9550DBE12A6B}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.01.28 06:50:14 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.01.25 07:09:23 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\Skype
[2013.01.25 07:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.01.20 10:48:40 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.01.20 10:48:40 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.01.20 10:48:40 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.01.19 10:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.11 08:10:58 | 000,000,000 | ---D | C] -- C:\Users\alex\Documents\My Received Files
[2013.01.10 20:11:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox.bak
[2013.01.10 06:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.01.09 06:33:16 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.09 06:32:37 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013.01.09 06:32:37 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.01.09 06:32:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 06:32:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 06:32:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 06:32:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 06:32:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 06:32:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 06:32:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 06:32:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 06:32:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 06:32:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 06:32:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 06:32:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 06:32:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 06:32:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 06:32:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 06:32:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 06:32:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 06:32:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 06:32:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 06:32:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 06:32:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 06:32:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 06:32:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 06:32:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 06:32:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 06:32:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 06:32:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 06:32:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 06:29:28 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013.01.09 06:29:28 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013.01.09 06:29:27 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013.01.09 06:29:27 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013.01.09 06:29:27 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013.01.09 06:29:27 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013.01.09 06:29:26 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013.01.09 06:29:26 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013.01.09 06:29:26 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013.01.09 06:29:26 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013.01.09 06:29:26 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013.01.09 06:29:25 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013.01.09 06:29:20 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013.01.09 06:29:20 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013.01.09 06:29:20 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013.01.09 06:29:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013.01.09 06:27:13 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013.01.09 06:27:10 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013.01.07 07:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MasterSplitter
[2013.01.05 14:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2013.01.05 14:38:28 | 000,126,976 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrfxD05b.dll
[2013.01.05 14:38:27 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BroSNMP.dll
[2013.01.05 14:38:27 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2.dll
[2013.01.05 14:38:27 | 000,012,288 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2S.dll
[2013.01.05 14:38:27 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2L.dll
[2013.01.05 14:37:48 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\InstallShield
[2013.01.05 14:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2013.01.05 13:54:17 | 000,167,936 | ---- | C] (brother) -- C:\Windows\System32\NSSearch.dll
[2013.01.05 13:54:17 | 000,061,952 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrNetSti.dll
[2013.01.05 13:54:17 | 000,037,376 | ---- | C] (Brother Industries,Ltd) -- C:\Windows\System32\Brnsplg.dll
[2013.01.05 13:54:17 | 000,034,816 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\System32\BrWiaNCp.dll
[2013.01.05 13:54:17 | 000,018,944 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\System32\BrnStiCp.cpl
[2013.01.05 13:54:10 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrSti07a.dll
[2013.01.05 13:45:29 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

========== Files - Modified Within 30 Days ==========

[2013.02.01 06:31:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.01 06:17:44 | 000,016,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.01 06:17:44 | 000,016,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.01 06:09:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.01 06:09:45 | 1508,761,600 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.29 06:44:58 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.29 06:44:58 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.29 06:44:58 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.29 06:44:58 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.12 03:30:20 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.01.12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.01.12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.01.09 17:28:15 | 000,294,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.09 07:31:38 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.01.09 07:31:38 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.01.06 10:34:18 | 000,000,982 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2013.01.06 10:34:18 | 000,000,000 | ---- | M] () -- C:\Windows\brdfxspd.dat
[2013.01.05 14:39:37 | 000,000,159 | ---- | M] () -- C:\Windows\brpcfx.ini
[2013.01.05 14:39:07 | 000,000,050 | ---- | M] () -- C:\Windows\System32\bridf07a.dat
[2013.01.05 14:39:05 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013.01.05 14:39:05 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI

========== Files Created - No Company Name ==========

[2013.01.05 14:38:28 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2013.01.05 13:54:17 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2012.08.02 18:29:59 | 000,017,408 | ---- | C] () -- C:\Users\alex\AppData\Local\WebpageIcons.db
[2012.04.02 17:25:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.03.31 19:05:52 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.03.31 19:05:52 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.03.31 18:55:29 | 000,000,982 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.03.31 18:55:29 | 000,000,159 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.03.31 18:55:29 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2012.03.31 16:32:36 | 000,011,448 | ---- | C] () -- C:\Windows\System32\drivers\AsUpIO.sys
[2012.03.31 16:32:33 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2012.03.31 16:32:33 | 000,011,296 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2012.03.31 16:30:12 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012.03.31 13:18:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.31 13:18:17 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.03.31 18:59:06 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\AVM
[2013.01.14 19:32:49 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\BSplayer
[2012.04.13 06:46:46 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\BSplayer Pro
[2012.12.09 15:24:47 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\elsterformular
[2012.08.07 05:30:50 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Forte
[2012.06.07 10:51:02 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\MyPhoneExplorer
[2012.04.11 18:20:15 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\OpenCandy
[2012.04.04 18:21:13 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\OpenOffice.org
[2013.01.06 10:33:43 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\PC-FAX TX
[2012.04.11 18:20:21 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\pdfforge
[2012.03.31 15:32:06 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Thunderbird
[2013.01.31 08:33:15 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\XnView

========== Purity Check ==========



< End of report >

Ich hoffe es kann mir weitergeholfen werden.

Hallo,

Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

muss ich passen warum das drauf ist. Ist ein privater pc,habe windows habe von einer bekannten die aus ihrer Firma hat.
hab aber davon auch nicht viel Ahnung

So? Und welches Windows war vorher auf diesem Rechner?
Deine Bekannte hat dir eine Windows7-Lizenz aus der Firma samt Datenträger und COA-Aufkleber überlassen? :pfeiff:

hab mit einverständnis bekommen.
aber spielt das für die Lösung meines eigentlichen Problems eine Rolle ?

Ja. 1.behandeln wir normalerweise keine Firmenrechner bzw. Rechner mit Firmen-Windows-Lizenz und 2. wenn wir Hinweise auf nicht lizenzierte Software haben stellen wir den Support ebenfalls ein.

ich hab bis eben nicht mal gewusst das das sowas spezielles. habe die mit Schlüssel und bekommen.
das letzte mal habt ihr mir auch geholfen,da hatte ich das selbe drauf

Da ist es wohl übersehen worden. Nicht jeder arbeitet haargenau so wie der andere, ich achte schon darauf, ob jmd ne Professionell Edition von Windows hat, wenn ja, kann und sollte man nachhaken warum und ob hier gewerbliche Nutzung vorliegt.

Dein letzter Strang verlief übrigens wegen fehlender Rückmeldung deinerseits im Sande :pfeiff:

das letzte mal wurde mein Problem doch gelöst.
ich weiß nicht mal was daran verkehrt ist das ich eine Firmen Version habe.es handelt sich ja um keine Kopie

Ja für dich, scheinbar, so eine Analyse geht schon etwas weiter als vier Postings :kloppen:

Lies einfach mal vorherigen Beitrag nochmal, hab keine Lust mich ständig zu wiederholen :balla: