Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Delta Search gelöscht... noch Viren ja oder nein? (https://www.trojaner-board.de/131438-delta-search-geloescht-noch-viren.html)

Kilah_43 23.02.2013 21:43
Delta Search gelöscht... noch Viren ja oder nein?
 
Hallo Sehr geehrter Trojaner Team

mein kleiner Bruder hat leider ohne meine Genehmigung ein paar Programme installiert. Ich konnte durch die Foren in Eurem Board zwar Delta Search und Movie2kdownloader löschen, jedoch will ich sicher gehen, dass mein Computer auch frei von Viren und Trojanern ist, daher wollte ich euch fragen, wie soll ich vorgehen...

Ich Danke schon einmal im Voraus...

MfG

Kilah_43

t'john 24.02.2013 11:13
:hallo:


Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Kilah_43 24.02.2013 19:38
Hier sind die LogfilesOTL Logfile:
Code:
OTL logfile created on: 24.02.2013 19:17:50 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Privat\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 59,53% Memory free
5,93 Gb Paging File | 4,70 Gb Available in Paging File | 79,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,54 Gb Total Space | 63,20 Gb Free Space | 43,73% Space Free | Partition Type: NTFS
Drive F: | 143,45 Gb Total Space | 121,90 Gb Free Space | 84,98% Space Free | Partition Type: NTFS
 
Computer Name: PRIVAT-PC | User Name: Privat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Privat\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Benzle\WiFiSendServer\WiFiSendServer.exe ()
PRC - C:\Users\Privat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com)
PRC - C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
PRC - C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
PRC - C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Programme\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe (CyberLink)
PRC - C:\Programme\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink)
PRC - C:\Programme\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
PRC - C:\Programme\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe ()
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Privat\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Programme\Common Files\SPBA\upeksvr.exe (UPEK Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Benzle\WiFiSendServer\WiFiSendServer.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Programme\Benzle\WiFiSendServer\WebKit.dll ()
MOD - C:\Programme\Benzle\WiFiSendServer\libxml2.dll ()
MOD - C:\Programme\Benzle\WiFiSendServer\JavaScriptCore.dll ()
MOD - C:\Programme\Benzle\WiFiSendServer\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\PLFSetI.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (ST2012_Svc) -- C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
SRV - (CyberLink PowerDVD 11.0 Service) -- C:\Programme\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe (CyberLink)
SRV - (CyberLink PowerDVD 11.0 Monitor Service) -- C:\Programme\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink)
SRV - (CLHNServiceForPowerDVD) -- C:\Programme\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe ()
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (ahuy76rr) --  File not found
DRV - (vwhid) -- C:\Windows\System32\drivers\vwhid.sys (Windows (R) Win 7 DDK provider)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (AlfaFF) -- C:\Windows\System32\drivers\AlfaFF.sys (Alfa Corporation)
DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Programme\CyberLink\PowerDVD11\Common\NavFilter\000.fcl (CyberLink Corp.)
DRV - (ntk_PowerDVD) -- C:\Programme\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys (Cyberlink Corp.)
DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys ()
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google
IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E F2 85 1F A3 A0 CC 01  [binary data]
IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google
IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google
IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\..\SearchScopes\{D0EF81A6-313D-491B-84F6-7EBF06EB0F7B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=IMB&o=15785&src=kw&q={searchTerms}&locale=&apn_ptnrs=HQ&apn_dtid=YYYYYYYYDE&apn_uid=c0152214-75f9-436f-9660-f4ea7617855c&apn_sauid=7425AA07-D8FB-4686-87C1-4AA1D5C0634A
IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1426
FF - prefs.js..extensions.enabledAddons: %7BE0B8C461-F8FB-49b4-8373-FE32E9252800%7D:5.4.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Privat\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.04.10 11:25:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 13:37:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 13:37:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.11.11 22:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Extensions
[2013.02.23 21:23:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\68ae93pt.default\extensions
[2013.01.11 22:16:42 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\68ae93pt.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012.11.11 15:22:18 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\68ae93pt.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2012.09.19 13:05:42 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\68ae93pt.default\extensions\ich@maltegoetz.de
[2012.09.20 21:04:37 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\firefox\profiles\68ae93pt.default\extensions\personas@christopher.beard.xpi
[2012.12.11 13:14:37 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\firefox\profiles\68ae93pt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.02.14 19:00:08 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\firefox\profiles\68ae93pt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.06 13:37:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.10 11:25:08 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.02.06 13:37:11 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.22 09:49:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 15:26:06 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.22 09:49:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.22 09:49:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.22 09:49:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.22 09:49:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-4042933089-19693313-36808641-1000\..\Toolbar\WebBrowser: (no name) - {FF88A983-649D-4207-9336-9B999280B436} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RemoteControl11] C:\Programme\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [WiFiSendServer] C:\Program Files\Benzle\WiFiSendServer\WiFiSendServer.exe ()
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKU\S-1-5-21-4042933089-19693313-36808641-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4042933089-19693313-36808641-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-4042933089-19693313-36808641-1000..\Run: [Octoshape Streaming Services] C:\Users\Privat\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Privat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Privat\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Privat\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB61003B-4978-42E6-9C36-F3543897C5D1}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{fa7dfc24-1c2d-11e1-85a0-00238b19cc66}\Shell - "" = AutoRun
O33 - MountPoints2\{fa7dfc24-1c2d-11e1-85a0-00238b19cc66}\Shell\AutoRun\command - "" = I:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.24 19:16:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Privat\Desktop\OTL.exe
[2013.02.23 21:29:14 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Privat\Desktop\TFC.exe
[2013.02.23 21:17:57 | 004,189,792 | ---- | C] (Piriform Ltd) -- C:\Users\Privat\Desktop\ccsetup327.exe
[2013.02.22 18:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.02.22 18:27:53 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Local\PutLockerDownloader
[2013.02.22 18:27:33 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com
[2013.02.22 18:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\Movie2KDownloader.com
[2013.02.17 17:48:35 | 000,000,000 | ---D | C] -- C:\Users\Privat\Desktop\Summer cem
[2013.02.16 10:43:40 | 000,000,000 | ---D | C] -- C:\Users\Privat\Desktop\subway surfer origin
[2013.02.16 10:41:06 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Roaming\DiskAid
[2013.02.16 10:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskAid
[2013.02.16 10:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\DigiDNA
[2013.02.16 10:40:22 | 004,088,160 | ---- | C] (DigiDNA                                                    ) -- C:\Users\Privat\Desktop\DiskAid_5_45.exe
[2013.02.16 10:37:20 | 000,000,000 | ---D | C] -- C:\Users\Privat\Desktop\Subway+Cheat+By+Appl3Fre4k
[2013.02.14 17:28:35 | 000,000,000 | ---D | C] -- C:\Users\Privat\Desktop\Kollegah_und_Farid_Bang_-_Jung_Brutal_Gutaussehend_2_(Premium_Edition)
[2013.02.14 00:24:10 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.02.14 00:24:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.02.14 00:24:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.02.14 00:24:07 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.02.14 00:24:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.02.14 00:24:06 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.02.14 00:24:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.02.14 00:24:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.02.13 18:59:56 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.13 18:59:44 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.13 18:59:42 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.13 18:59:39 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013.02.13 18:59:36 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.02.06 13:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.31 11:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
[2013.01.31 11:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\PMS
[2013.01.31 11:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\PS3 Media Server
[2013.01.29 19:49:41 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Roaming\Spyware Terminator
[2013.01.29 19:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2013.01.29 19:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2013.01.29 19:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2013.01.29 19:47:25 | 000,937,208 | ---- | C] (Crawler.com                                                ) -- C:\Users\Privat\Desktop\SpywareTerminatorSetup.exe
[2013.01.28 12:23:37 | 000,000,000 | ---D | C] -- C:\Users\Privat\Desktop\Hotmail
[2013.01.28 06:18:22 | 000,023,200 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\vwhid.sys
[2013.01.28 06:18:20 | 000,015,008 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\hidkmdf.sys
[2013.01.26 15:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\DISCIPLINE
[2013.01.26 14:50:42 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2013.01.26 14:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013.01.26 14:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.24 19:17:24 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.24 19:17:24 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.24 19:16:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Privat\Desktop\OTL.exe
[2013.02.24 19:11:53 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013.02.24 19:10:43 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2013.02.24 19:09:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.24 19:09:42 | 2388,283,392 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.24 19:05:37 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.23 21:29:16 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Privat\Desktop\TFC.exe
[2013.02.23 21:23:14 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.23 21:21:01 | 000,587,671 | ---- | M] () -- C:\Users\Privat\Desktop\adwcleaner0.exe
[2013.02.23 21:19:29 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.02.23 21:18:09 | 004,189,792 | ---- | M] (Piriform Ltd) -- C:\Users\Privat\Desktop\ccsetup327.exe
[2013.02.22 18:27:33 | 000,000,878 | ---- | M] () -- C:\Users\Privat\Desktop\Movie2KDownloader.lnk
[2013.02.22 18:27:07 | 000,188,792 | ---- | M] () -- C:\Users\Privat\Desktop\manta_2.exe
[2013.02.16 18:56:35 | 198,821,081 | ---- | M] () -- C:\Users\Privat\Desktop\Sommer_Jam_Sessions_Hamburg.rar
[2013.02.16 17:57:32 | 009,853,218 | ---- | M] () -- C:\Users\Privat\Desktop\Upl0ad3d_by_R4F.rar.part
[2013.02.16 10:41:02 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\DiskAid.lnk
[2013.02.16 10:40:37 | 004,088,160 | ---- | M] (DigiDNA                                                    ) -- C:\Users\Privat\Desktop\DiskAid_5_45.exe
[2013.02.15 23:44:11 | 000,000,713 | ---- | M] () -- C:\Users\Privat\Desktop\Subway+Cheat+By+Appl3Fre4k.rar
[2013.02.14 17:31:43 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.14 17:31:43 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.14 17:31:43 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.14 17:31:43 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.14 11:04:50 | 000,408,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.09 20:53:55 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.02.09 20:53:55 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.01.31 12:21:49 | 075,018,846 | ---- | M] () -- C:\Users\Privat\Desktop\Club-Taksim Compilation Volume 7.mp3
[2013.01.31 11:55:39 | 000,000,956 | ---- | M] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2013.01.31 11:53:50 | 033,934,236 | ---- | M] () -- C:\Users\Privat\Desktop\pms-setup-windows-1.72.0.exe
[2013.01.30 12:57:14 | 000,001,051 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.30 12:56:56 | 000,001,021 | ---- | M] () -- C:\Users\Privat\Desktop\Dropbox.lnk
[2013.01.29 19:49:40 | 000,001,004 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2013.01.29 19:47:33 | 000,937,208 | ---- | M] (Crawler.com                                                ) -- C:\Users\Privat\Desktop\SpywareTerminatorSetup.exe
[2013.01.28 12:21:09 | 005,003,592 | ---- | M] () -- C:\Users\Privat\Desktop\Hotmail.zip
[2013.01.28 06:18:22 | 000,023,200 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\vwhid.sys
[2013.01.28 06:18:20 | 000,015,008 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\hidkmdf.sys
[2013.01.26 14:50:42 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2013.01.26 14:47:09 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
 
========== Files Created - No Company Name ==========
 
[2013.02.23 21:23:04 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.23 21:20:54 | 000,587,671 | ---- | C] () -- C:\Users\Privat\Desktop\adwcleaner0.exe
[2013.02.23 21:19:29 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.02.22 18:27:33 | 000,000,878 | ---- | C] () -- C:\Users\Privat\Desktop\Movie2KDownloader.lnk
[2013.02.22 18:26:50 | 000,188,792 | ---- | C] () -- C:\Users\Privat\Desktop\manta_2.exe
[2013.02.16 17:51:11 | 198,821,081 | ---- | C] () -- C:\Users\Privat\Desktop\Sommer_Jam_Sessions_Hamburg.rar
[2013.02.16 17:49:24 | 009,853,218 | ---- | C] () -- C:\Users\Privat\Desktop\Upl0ad3d_by_R4F.rar.part
[2013.02.16 10:41:02 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\DiskAid.lnk
[2013.02.16 10:10:01 | 000,000,713 | ---- | C] () -- C:\Users\Privat\Desktop\Subway+Cheat+By+Appl3Fre4k.rar
[2013.01.31 11:57:20 | 075,018,846 | ---- | C] () -- C:\Users\Privat\Desktop\Club-Taksim Compilation Volume 7.mp3
[2013.01.31 11:55:39 | 000,000,956 | ---- | C] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2013.01.31 11:52:11 | 033,934,236 | ---- | C] () -- C:\Users\Privat\Desktop\pms-setup-windows-1.72.0.exe
[2013.01.29 19:49:44 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2013.01.29 19:49:40 | 000,001,004 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2013.01.28 12:20:59 | 005,003,592 | ---- | C] () -- C:\Users\Privat\Desktop\Hotmail.zip
[2013.01.26 15:11:04 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DISCIPLINE.LNK
[2013.01.26 14:47:09 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.08.30 17:00:31 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012.08.30 16:59:55 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2012.08.30 16:59:55 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2012.08.30 16:59:55 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2012.06.03 21:01:07 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012.06.03 20:59:19 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.04.19 17:54:38 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.11.18 16:56:20 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2011.11.18 11:16:54 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2011.11.11 20:02:02 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2011.11.11 20:02:02 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011.11.11 20:02:02 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2011.11.11 20:02:02 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 24.02.2013 19:17:50 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Privat\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 59,53% Memory free
5,93 Gb Paging File | 4,70 Gb Available in Paging File | 79,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,54 Gb Total Space | 63,20 Gb Free Space | 43,73% Space Free | Partition Type: NTFS
Drive F: | 143,45 Gb Total Space | 121,90 Gb Free Space | 84,98% Space Free | Partition Type: NTFS
 
Computer Name: PRIVAT-PC | User Name: Privat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E4333A-9DC5-4647-97F0-C2CBD6A5DB32}" = lport=445 | protocol=6 | dir=in | app=system |
"{01AC9AE3-83B0-468A-9544-A6D94E14AC0B}" = rport=138 | protocol=17 | dir=out | app=system |
"{08868640-98C0-42E9-935D-101965AF83C3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{18C6A4B5-6AD5-4586-ADDE-74B5BCE66AF4}" = lport=56990 | protocol=17 | dir=in | name=pando media booster |
"{1FB9CE76-5548-4100-9A2D-8D70106A448C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{213D739C-28BB-49E1-8D69-DA691E5A22C4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{327F6DB8-525B-48D6-88CD-C5F82FB435CC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3F5389E1-1CB0-4EC0-A339-D041619F07F5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{49C0BD07-F0C7-44F7-A723-61A2212F7BF8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{4E64E6E0-54B3-4AEF-8524-6C00935CE921}" = lport=139 | protocol=6 | dir=in | app=system |
"{57F213D7-D790-4F8C-8B08-8A65E1FA0AC6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5C19B4B7-C759-4328-8811-0BAD1C18AE64}" = lport=138 | protocol=17 | dir=in | app=system |
"{5D77F721-4FDD-42FE-A0AC-9BE83F499360}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5F42D157-BF6F-4D18-98AB-8CCE92D7AB86}" = rport=139 | protocol=6 | dir=out | app=system |
"{64F28DAB-E14D-4EFA-9B40-3F4E366CCE3D}" = rport=445 | protocol=6 | dir=out | app=system |
"{6AD4AC01-E5BC-4A18-8768-A4B4E7763C11}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{76B9B207-11A1-4279-B866-DF3DA79CBA49}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{78C168BC-F729-4966-A5A0-3DBF4C8441EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79A53E58-C919-4064-95F5-409297D62EE0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7D233836-5422-49D5-BDFD-E20F559E0AFF}" = lport=56990 | protocol=17 | dir=in | name=pando media booster |
"{851FA95B-5C35-405F-A0BD-60CF7CAEA855}" = lport=56990 | protocol=6 | dir=in | name=pando media booster |
"{8AC4D329-6C47-496A-81B5-9D3373F98B71}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8BFB10BA-2ED6-467E-9B11-A3EB455F9209}" = lport=56990 | protocol=6 | dir=in | name=pando media booster |
"{91420414-943E-4CA1-9F8B-960537433F68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A4B7B8BD-B4B9-496C-84A1-D515501A2E03}" = rport=137 | protocol=17 | dir=out | app=system |
"{C64F5D06-461F-4AA9-91C8-74BA7F991592}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C8402DD3-561F-4445-9D57-7B8179846225}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D22A1B69-DDBA-4773-ABC0-522B73E71A63}" = lport=137 | protocol=17 | dir=in | app=system |
"{DCECDA9D-8917-45DC-B902-FC19B397988F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E0F2911D-2CE0-4216-B6E7-AD63E6DCB2BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0507353E-347B-4E02-BF12-A2810950A54F}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{0BAA3D67-7708-473A-A6B2-5B8583DCE468}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0D7C63C1-AEC9-47D6-B417-8C30570FB7FA}" = dir=in | app=c:\program files\cyberlink\powerdvd11\pdvd11serv.exe |
"{0EEE8F6D-88DA-42BB-8604-744D9B52D569}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{11C9C6B1-C9BE-4D25-B1AD-7C32E10782FC}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{12F1CFAD-936E-490A-B08B-4D359430699D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{21FA552D-ECE9-4501-9E42-D76D324C073C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2A3CBEB2-9A99-4AD2-8123-5D388EA374DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2BC0F701-8909-4677-A4F2-BD705B9AACF7}" = protocol=17 | dir=in | app=c:\users\privat\appdata\roaming\dropbox\bin\dropbox.exe |
"{3097CE50-D923-4F8C-B878-A173DB0A3BCA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{34225C76-8BBC-452E-9248-71F85995C65B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{356D3735-9945-40EC-AF59-77F2186D8B93}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4FB13D71-C82C-449F-9342-104D68248DA5}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{52384759-5F68-408B-BDB3-F0FCE41A4C33}" = dir=in | app=c:\program files\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe |
"{59D5A5FB-4D5A-4569-ADA9-6CF002363DBC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{67EC013B-6935-40FD-BC81-8BB2B9CA1642}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{705DA1EF-D66B-4FF2-9337-D66274C5C4FC}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{7D1D1523-B9A9-4763-A638-6D29A0C7DE99}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{83193F97-280B-4D0A-A9F9-8D5DA963211E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{834799E9-CFBB-4D22-990B-1ED5694C5601}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{892D45D0-93A6-4A8B-A1E3-ACF03727C842}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{96BFA4C3-DEAE-4513-845C-0A33941D5FAF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{971F0CD9-DF7F-478B-85AF-D585EE1FA9B4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9D9D46F7-53ED-48A1-BB98-22605B114EA4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A28FC066-E136-4124-94E2-A663EFB143F3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A2C76C64-CD81-4C16-834C-3F9E67C24B06}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A32C957D-045F-4FC6-ABD6-81E87C873EDD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A3AD7CA5-59FD-4CF9-805C-891B2301A55A}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{ABCC6F1D-BF29-4D4A-96EA-F57216D5F957}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B0165E38-E823-48ED-BDF7-11C84650DBF5}" = dir=in | app=c:\program files\cyberlink\powerdvd11\powerdvd11.exe |
"{B56A929B-86C3-4B38-B193-665927D4B650}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BB9D7A5C-03DB-4341-9BE1-00EBA7C2EA17}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BC8A14EB-6C73-4339-A08E-AABAC405EB00}" = protocol=6 | dir=in | app=c:\users\privat\appdata\roaming\dropbox\bin\dropbox.exe |
"{BD24ECAC-847A-4159-B4A2-6B5AE9947F76}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BF94B057-0765-4BC0-AC10-9209AD462807}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C4D53B91-6538-4873-8CD4-DD8449795189}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CA7F94D4-A68A-49CC-87FE-6143C2F58102}" = protocol=6 | dir=out | app=system |
"{CD4C54C3-11BA-43B6-AA6A-3E0B30C05127}" = dir=in | app=c:\program files\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe |
"{DBC19C6C-3D1C-4DF7-8421-A0D24812DA8E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{E65ABB29-BB2D-4E8B-88CC-89A6F1A5E0CD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E7E12469-6301-4DF4-B6DD-9F92B06A839C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{E853099B-AFBC-4103-9A99-F2EC6059642D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF76C4B4-DE66-4377-AECD-E97DABF0E456}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F1667519-AB0D-41F1-8890-06DB414A1701}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{F6C0E763-C9E0-4450-B392-46E1CCA0C4AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FBC134FE-C393-48F0-B70A-E5548AA85380}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"TCP Query User{14B318BD-60DC-4A7B-B888-C59E89A7FDC4}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"TCP Query User{1C089700-C11E-41D3-9994-9AE47FD11916}C:\program files\benzle\wifisendserver\wifisendserver.exe" = protocol=6 | dir=in | app=c:\program files\benzle\wifisendserver\wifisendserver.exe |
"TCP Query User{3BFEA5F8-BE04-4ED5-A83C-7328D984501A}C:\users\privat\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\privat\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{6A709476-3292-4539-8C36-E12D5B0084B1}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
"TCP Query User{A718706D-B534-46D8-BEF3-2A0E5E2861FD}C:\program files\benzle\wifisendserver\wifisendserver.exe" = protocol=6 | dir=in | app=c:\program files\benzle\wifisendserver\wifisendserver.exe |
"TCP Query User{B128460E-D854-4B4A-8360-3E43F3B91DDB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{D612DF72-9E0C-42A8-8433-A6AE8C50FD1F}C:\users\privat\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\privat\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{F27B8651-D4CF-4A6B-8988-3BA08AA2683F}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{1578CC61-297E-4790-A6C3-0F8AED3732CC}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
"UDP Query User{164228F3-1ED6-4ED4-BD9F-000C7EC5521A}C:\users\privat\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\privat\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{3A0037FA-E7BD-491A-B127-2760E0081CF0}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{5C98FAE8-D2E0-4916-8D1B-37D109DC73A8}C:\program files\benzle\wifisendserver\wifisendserver.exe" = protocol=17 | dir=in | app=c:\program files\benzle\wifisendserver\wifisendserver.exe |
"UDP Query User{6ED21E78-9F6C-4DA5-901D-118191999B7C}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{727EA0FB-CBB5-46DF-9108-653F81845D68}C:\users\privat\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\privat\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{9E7AB13F-1849-4A3A-9D09-71A942BAFA0D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{A7158B8A-68B3-4E11-80E2-69628302C58E}C:\program files\benzle\wifisendserver\wifisendserver.exe" = protocol=17 | dir=in | app=c:\program files\benzle\wifisendserver\wifisendserver.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{62813F65-4D78-43AF-A53C-DFAFA122E065}" = Windows Live Messenger
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Acer Acer Bio Protection 6.0.00.16" = Acer Bio Protection

AAU 6.0.00.16
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIMP2" = AIMP2
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"DiskAid_is1" = DiskAid 5.45
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube Download_is1" = Free YouTube Download version 3.1.27.508
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"ImgBurn" = ImgBurn
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PS3 Media Server" = PS3 Media Server
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 1.1.11
"WiFiSendServer" = WiFiSendServer -- iPhone/iPad for your computers
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4042933089-19693313-36808641-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Octoshape Streaming Services" = Octoshape Streaming Services
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.12.2012 06:27:54 | Computer Name = Privat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16208
 
Error - 08.12.2012 06:27:55 | Computer Name = Privat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 08.12.2012 06:27:55 | Computer Name = Privat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17332
 
Error - 08.12.2012 06:27:55 | Computer Name = Privat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17332
 
Error - 08.12.2012 13:23:19 | Computer Name = Privat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 08.12.2012 13:23:19 | Computer Name = Privat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 24941034
 
Error - 08.12.2012 13:23:19 | Computer Name = Privat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 24941034
 
Error - 08.12.2012 13:23:20 | Computer Name = Privat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 08.12.2012 13:23:20 | Computer Name = Privat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 24942033
 
Error - 08.12.2012 13:23:20 | Computer Name = Privat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 24942033
 
[ System Events ]
Error - 09.02.2013 10:29:34 | Computer Name = Privat-PC | Source = DCOM | ID = 10010
Description =
 
Error - 13.02.2013 13:51:41 | Computer Name = Privat-PC | Source = DCOM | ID = 10010
Description =
 
Error - 15.02.2013 18:22:53 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "CyberLink PowerDVD 11.0 Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 16.02.2013 12:39:22 | Computer Name = Privat-PC | Source = WMPNetworkSvc | ID = 866300
Description =
 
Error - 23.02.2013 16:25:52 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 23.02.2013 16:25:52 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 23.02.2013 16:30:08 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Spyware Terminator 2012 Realtime Shield Service" wurde unerwartet
 beendet. Dies ist bereits 1 Mal passiert.
 
Error - 23.02.2013 17:04:51 | Computer Name = Privat-PC | Source = bowser | ID = 8003
Description =
 
Error - 24.02.2013 10:23:32 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "CyberLink PowerDVD 11.0 Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 24.02.2013 14:09:50 | Computer Name = Privat-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?02.?2013 um 19:07:59 unerwartet heruntergefahren.
 
 
< End of report >
--- --- ---

t'john 25.02.2013 13:24
Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
:OTL

IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\..\SearchScopes\{D0EF81A6-313D-491B-84F6-7EBF06EB0F7B}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=IMB&o=15785&src=kw&q={searchTerms}&locale=&apn_ptnrs=HQ&apn_dtid=YYYYYYYYDE&apn_uid=c0152214-75f9-436f-9660-f4ea7617855c&apn_sauid=7425AA07-D8FB-4686-87C1-4AA1D5C0634A
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
O3 - HKU\S-1-5-21-4042933089-19693313-36808641-1000\..\Toolbar\WebBrowser: (no name) - {FF88A983-649D-4207-9336-9B999280B436} - No CLSID value found.
[2013.02.22 18:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.02.24 19:10:43 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2013.02.23 21:21:01 | 000,587,671 | ---- | M] () -- C:\Users\Privat\Desktop\adwcleaner0.exe
[2013.02.22 18:27:33 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\movie2kDownloader.com
[2013.02.22 18:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\movie2kDownloader.com
[2013.02.22 18:27:33 | 000,000,878 | ---- | M] () -- C:\Users\Privat\Desktop\movie2kDownloader.lnk
[2013.02.24 19:11:53 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job

:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Privat\*.tmp
C:\Users\Privat\AppData\*.dll
C:\Users\Privat\AppData\*.exe
C:\Users\Privat\AppData\Local\Temp\*.exe
C:\Users\Privat\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Kilah_43 25.02.2013 16:58
die OG Logfiles

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-4042933089-19693313-36808641-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D0EF81A6-313D-491B-84F6-7EBF06EB0F7B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0EF81A6-313D-491B-84F6-7EBF06EB0F7B}\ not found.
Prefs.js: "Delta Search" removed from browser.search.selectedEngine
Registry value HKEY_USERS\S-1-5-21-4042933089-19693313-36808641-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FF88A983-649D-4207-9336-9B999280B436} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF88A983-649D-4207-9336-9B999280B436}\ not found.
C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} folder moved successfully.
C:\ProgramData\BrowserProtect\2.6.1095.52 folder moved successfully.
C:\ProgramData\BrowserProtect folder moved successfully.
C:\Windows\KMSEmulator.exe moved successfully.
C:\Users\Privat\Desktop\adwcleaner0.exe moved successfully.
C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\movie2kDownloader.com folder moved successfully.
C:\Program Files\movie2kDownloader.com folder moved successfully.
C:\Users\Privat\Desktop\movie2kDownloader.lnk moved successfully.
C:\Windows\Tasks\AutoKMS.job moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
C:\ProgramData\Temp\{F232C87C-6E92-4775-8210-DFE90B7777D9} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
File\Folder C:\Users\Privat\*.tmp not found.
File\Folder C:\Users\Privat\AppData\*.dll not found.
File\Folder C:\Users\Privat\AppData\*.exe not found.
C:\Users\Privat\AppData\Local\Temp\ServerUpdater_V0_9_20.exe moved successfully.
C:\Users\Privat\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Privat\Desktop\cmd.bat deleted successfully.
C:\Users\Privat\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Privat
->Temp folder emptied: 761662 bytes
->Temporary Internet Files folder emptied: 162845 bytes
->FireFox cache emptied: 75667628 bytes
->Flash cache emptied: 2266 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3687 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 73,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02252013_153947

Files\Folders moved on Reboot...
File\Folder C:\Users\Privat\AppData\Local\Temp\OICE_4405B91D-4981-40E8-BC9F-8AA71FF01E37.0\7361E14D. not found!
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Malwarebytes

Malwarebytes Anti-Malware (Test) 1.70.0.1100
Malwarebytes : Free anti-malware download

Datenbank Version: v2013.02.25.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Privat :: PRIVAT-PC [Administrator]

Schutz: Aktiviert

25.02.2013 15:49:21
mbam-log-2013-02-25 (15-49-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 308382
Laufzeit: 1 Stunde(n), 6 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\AutoKMS\AutoKMS.exe (Trojan.Agent.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

ADW Cleaner kommt gleich nach

Seitdem Neustart öffnet sich mein Notebook nicht mehr richtig, es erscheint nur ein das Acer Symbol und danach erscheint nur noch ein schwarzes Bild... :/

ich musste zur abgesicherten Modus Wechseln..

ahja die adw cleaner logsAdwCleaner Logfile:
Code:
# AdwCleaner v2.113 - Datei am 25/02/2013 um 17:29:20 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : Privat - PRIVAT-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\Privat\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\Privat\AppData\Local\PutLockerDownloader
Ordner Gefunden : C:\Users\Privat\AppData\Roaming\dvdvideosoftiehelpers

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.2 (de)

Datei : C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\68ae93pt.default\prefs.js

Gefunden : user_pref("extensions.delta.admin", false);
Gefunden : user_pref("extensions.delta.aflt", "babsst");
Gefunden : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gefunden : user_pref("extensions.delta.autoRvrt", "false");
Gefunden : user_pref("extensions.delta.dfltLng", "en");
Gefunden : user_pref("extensions.delta.excTlbr", false);
Gefunden : user_pref("extensions.delta.id", "06b48b4800000000000000238b19cc66");
Gefunden : user_pref("extensions.delta.instlDay", "15758");
Gefunden : user_pref("extensions.delta.instlRef", "sst");
Gefunden : user_pref("extensions.delta.newTab", false);
Gefunden : user_pref("extensions.delta.prdct", "delta");
Gefunden : user_pref("extensions.delta.prtnrId", "delta");
Gefunden : user_pref("extensions.delta.rvrt", "false");
Gefunden : user_pref("extensions.delta.smplGrp", "none");
Gefunden : user_pref("extensions.delta.tlbrId", "base");
Gefunden : user_pref("extensions.delta.tlbrSrchUrl", "");
Gefunden : user_pref("extensions.delta.vrsn", "1.8.10.0");
Gefunden : user_pref("extensions.delta.vrsnTs", "1.8.10.018:30:50");
Gefunden : user_pref("extensions.delta.vrsni", "1.8.10.0");

*************************

AdwCleaner[R1].txt - [11156 octets] - [23/02/2013 21:21:08]
AdwCleaner[R2].txt - [11217 octets] - [23/02/2013 21:22:32]
AdwCleaner[R3].txt - [2840 octets] - [25/02/2013 17:27:56]
AdwCleaner[R4].txt - [2710 octets] - [25/02/2013 17:29:20]
AdwCleaner[S1].txt - [11092 octets] - [23/02/2013 21:22:57]

########## EOF - C:\AdwCleaner[R4].txt - [2831 octets] ##########
--- --- ---

Hier beginnt esAdwCleaner Logfile:
Code:
# AdwCleaner v2.113 - Datei am 25/02/2013 um 17:27:56 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : Privat - PRIVAT-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\Privat\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\Privat\AppData\Local\PutLockerDownloader
Ordner Gefunden : C:\Users\Privat\AppData\Roaming\dvdvideosoftiehelpers

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.2 (de)

Datei : C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\68ae93pt.default\prefs.js

Gefunden : user_pref("extensions.delta.admin", false);
Gefunden : user_pref("extensions.delta.aflt", "babsst");
Gefunden : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gefunden : user_pref("extensions.delta.autoRvrt", "false");
Gefunden : user_pref("extensions.delta.dfltLng", "en");
Gefunden : user_pref("extensions.delta.excTlbr", false);
Gefunden : user_pref("extensions.delta.id", "06b48b4800000000000000238b19cc66");
Gefunden : user_pref("extensions.delta.instlDay", "15758");
Gefunden : user_pref("extensions.delta.instlRef", "sst");
Gefunden : user_pref("extensions.delta.newTab", false);
Gefunden : user_pref("extensions.delta.prdct", "delta");
Gefunden : user_pref("extensions.delta.prtnrId", "delta");
Gefunden : user_pref("extensions.delta.rvrt", "false");
Gefunden : user_pref("extensions.delta.smplGrp", "none");
Gefunden : user_pref("extensions.delta.tlbrId", "base");
Gefunden : user_pref("extensions.delta.tlbrSrchUrl", "");
Gefunden : user_pref("extensions.delta.vrsn", "1.8.10.0");
Gefunden : user_pref("extensions.delta.vrsnTs", "1.8.10.018:30:50");
Gefunden : user_pref("extensions.delta.vrsni", "1.8.10.0");

*************************

AdwCleaner[R1].txt - [11156 octets] - [23/02/2013 21:21:08]
AdwCleaner[R2].txt - [11217 octets] - [23/02/2013 21:22:32]
AdwCleaner[R3].txt - [2650 octets] - [25/02/2013 17:27:56]
AdwCleaner[S1].txt - [11092 octets] - [23/02/2013 21:22:57]

########## EOF - C:\AdwCleaner[R3].txt - [2771 octets] ##########
--- --- ---

t'john 25.02.2013 17:54
Sehr gut! :daumenhoc

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



danach:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




danach:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

Kilah_43 25.02.2013 17:58
ist es denn normal, dass ich NUR noch im abgesicherten Modus arbeiten kann?
i.wie öffnet sich mein notebook normal nicht mehr. es kommt nur noch ein schwarzes Bildschirm beim hochfahren..

das Programm aswMBR öffnet sich und scannt einige Minuten, jedoch stürzt es nach 2-3 minuten jedesmal ab.. Need ur help =(

ahja und nebenbei mein firefall avast wird nicht mehr aktiviert, seitdem ich es deaktiviert habe..

t'john 26.02.2013 12:06
Normal ist das nicht, kann aber am gecrackten Windows/Office liegen.


Die Benutzung von Cracks und Keygens verstoesst gegen unseren Kodex.

Schon mal darueber nachgedacht, warum es Cracks gibt?
Mit Cracks & Co installiert man sich Hintertueren auf dem Rechner.
Kriminelle nutzen solche Rechner als Botnetz fuer ihre Machenschaften. Dein System ist als nicht vertrauenswuerdig einzustufen und du solltest keine sensiblen Sachen wie Homebanking an dem PC betreiben.

Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP

1. Datenrettung:



2. Formatieren, Windows neu instalieren:



3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.

Kilah_43 26.02.2013 12:57
Hmm kann ich nicht einfach Windows Office deinstallieren und gut ist es? Ich habe sehr viele wichtige Daten und die will ich nicht einfach löschen..

Ich habe jetzt eine System Wiederherstellung gemacht und es funktioniert wieder..

t'john 26.02.2013 13:24
Zitat:
Hmm kann ich nicht einfach Windows Office deinstallieren und gut ist es? Ich habe sehr viele wichtige Daten und die will ich nicht einfach löschen..
Sichere deine Daten und besorge dir ein legales Windows. Dann Neuaufsetzen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:31 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55