Dringend! Schwerer Fehler

#0
19.04.2012, 19:50
...neu hier

Beiträge: 4
#1 Seidt einiger zeit sind meine downloads beschädigt oder Alll mögliche Sachen zb skype internet stürzen ab Hier mein scanLogfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:46:21, on 19.04.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\avmwlanstick\WLanGUI.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\pc\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\softonic\1.5.11.5\bh\softonic.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\softonic\1.5.11.5\softonicTlbr.dll
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
O23 - Service: Unsigned Themes (UnsignedThemes) - The Within Network, LLC - C:\Windows\UnsignedThemesSvc.exe

--
End of file - 4562 bytes
Seitenanfang Seitenende
19.04.2012, 20:26
Moderator

Beiträge: 5694
#2 Herzlich Willkommen auf dem Protecus Forum

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
• Bitte arbeite alle Schritte der Reihe nach ab.
• Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
• Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
• Bitte kein Crossposting (posten in mehreren Foren).
• Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
• Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Downloade Dir bitte [URL=http://filepony.de/dl-bWJhbS1zZXR1cC5leGU=-malwarebytes_anti_malware-1272569975-8918697/]Malwarebytes[/URL]• Installiere das Programm in den vorgegebenen Pfad.
[color=green]Vista und Win7 User mit Rechtsklick "als Administrator starten"[/color]• Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung• Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.• Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.• Versichere Dich, dass [color=red]alle Funde[/color] markiert sind und drücke Entferne Auswahl.• Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.• Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 2

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
• Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
Seitenanfang Seitenende
20.04.2012, 14:40
...neu hier

Themenstarter

Beiträge: 4
#3 Das is der Scan VOn Malewarebytes/Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.20.02

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
pc :: PC-PC [Administrator]

Schutz: Aktiviert

20.04.2012 14:05:00
mbam-log-2012-04-20 (14-05-00).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 179127
Laufzeit: 3 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
OTL.Text
OTL logfile created on: 20.04.2012 14:21:04 - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\pc\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 51,03% Memory free
3,98 Gb Paging File | 2,83 Gb Available in Paging File | 71,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 904,79 Gb Free Space | 97,13% Space Free | Partition Type: NTFS
Drive D: | 74,50 Gb Total Space | 23,38 Gb Free Space | 31,38% Space Free | Partition Type: NTFS

Computer Name: PC-PC | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012.04.20 13:57:30 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.13 06:36:40 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.02.09 12:59:08 | 001,529,152 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012.02.09 12:59:08 | 001,220,928 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2012.02.06 14:24:20 | 000,451,856 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieCtrl.exe
PRC - [2012.02.06 14:24:18 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieSvc.exe
PRC - [2011.09.06 23:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2011.09.06 23:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.10.22 03:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe
PRC - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.13 02:07:48 | 000,021,096 | ---- | M] (The Within Network, LLC) -- C:\Windows\UnsignedThemesSvc.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012.03.13 06:36:53 | 001,969,080 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2012.04.19 15:35:10 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.09 12:59:08 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.02.06 14:24:18 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012.01.31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.09.06 23:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.13 02:07:48 | 000,021,096 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2012.04.20 14:04:33 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.02.09 12:48:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.02.06 14:24:16 | 000,133,392 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011.09.06 23:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.09.06 23:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.09.06 23:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.09.06 23:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.09.06 23:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.09.06 23:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.10.01 02:00:00 | 000,926,080 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fwlanusb4.sys -- (fwlanusb4)
DRV - [2010.10.01 02:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2010.01.12 20:57:24 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010.01.12 20:57:23 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010.01.12 20:57:23 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010.01.12 20:57:23 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009.07.13 02:07:46 | 000,025,448 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\uxpatch.sys -- (uxpatch)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 B4 AC 35 08 D9 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109794&babsrc=SP_ss&mntrId=321f81b300000000000000259c96c9bd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.02.20 16:53:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.26 16:07:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012.03.26 16:07:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\mozilla\Extensions
[2012.03.26 16:13:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profiles\awza44qj.default\extensions
[2012.03.26 16:12:15 | 000,010,338 | ---- | M] () -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\awza44qj.default\searchplugins\duckduckgo.xml
[2012.03.26 16:12:31 | 000,002,219 | ---- | M] () -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\awza44qj.default\searchplugins\g-forum-search.xml
[2012.03.26 16:07:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AWZA44QJ.DEFAULT\EXTENSIONS\CLIENT@ANONYMOX.NET.XPI
[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Programme\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Programme\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.116 195.50.140.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{310A83A2-060F-4EF0-B0C1-FE91F5850D8D}: DhcpNameServer = 195.50.140.116 195.50.140.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{643A2F63-96D3-472D-A124-3A76C0ACE72B}: DhcpNameServer = 195.50.140.116 195.50.140.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A148A00-FB04-4EB2-AB55-1A123240458E}: DhcpNameServer = 195.50.140.116 195.50.140.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8981998E-CCCF-48B5-9235-733A362C3AD1}: DhcpNameServer = 195.50.140.116 195.50.140.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF509E50-845C-4127-982D-475F5E1663A0}: DhcpNameServer = 195.50.140.116 195.50.140.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1F4803B-D66A-4FCF-A164-66D6AED6845F}: DhcpNameServer = 195.50.140.116 195.50.140.246
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.09.18 16:31:04 | 000,000,000 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{d2ce1b6f-5bc1-11e1-9149-00123f5b68fa}\Shell - "" = AutoRun
O33 - MountPoints2\{d2ce1b6f-5bc1-11e1-9149-00123f5b68fa}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012.04.20 14:04:33 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.04.20 13:57:20 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
[2012.04.20 13:55:37 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Malwarebytes
[2012.04.20 13:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.20 13:55:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.20 13:55:30 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.20 13:55:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.14 00:43:45 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Simfy
[2012.04.14 00:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.04.14 00:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
[2012.04.14 00:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\simfy
[2012.04.14 00:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.04.14 00:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012.04.14 00:38:43 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\Adobe
[2012.04.12 12:16:28 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\redsn0w
[2012.04.12 12:16:12 | 000,000,000 | ---D | C] -- C:\Users\pc\Documents\redsn0w_win_0.9.10b6-1
[2012.03.26 16:07:41 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Mozilla
[2012.03.26 16:07:41 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\Mozilla
[2012.03.26 16:00:19 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tor
[2012.03.26 15:57:07 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Tor

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012.04.20 14:04:33 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.04.20 13:57:30 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
[2012.04.20 13:55:32 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.20 13:54:16 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.20 13:54:16 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.20 13:51:57 | 000,655,802 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.20 13:51:57 | 000,616,348 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.20 13:51:57 | 000,130,434 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.20 13:51:57 | 000,106,728 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.20 13:46:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.20 13:46:48 | 1602,859,008 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.19 19:52:16 | 000,000,061 | ---- | M] () -- C:\Users\pc\Desktop\Dringend! Schwerer Fehler - Virus Hilfe.URL
[2012.04.19 19:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.14 00:43:46 | 000,000,032 | ---- | M] () -- C:\Users\pc\.simfy
[2012.04.14 00:43:39 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\simfy.lnk
[2012.04.13 23:54:11 | 004,864,000 | ---- | M] () -- C:\Users\pc\Desktop\Chris Brown - What it Do -www.hiphopgenerals.com.mp3
[2012.04.12 11:58:59 | 003,318,627 | ---- | M] () -- C:\Users\pc\Desktop\Stromae - Alors On Danse.mp3
[2012.04.12 11:42:42 | 004,240,509 | R--- | M] () -- C:\Users\pc\Desktop\Macklemore & Ryan Lewis - Can't Hold Us..mp3
[2012.04.11 17:38:58 | 203,554,938 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.28 06:55:43 | 000,001,478 | ---- | M] () -- C:\Users\pc\Desktop\images.jpg
[2012.03.28 06:55:22 | 000,000,493 | ---- | M] () -- C:\Users\pc\Desktop\httpwww.google.deimgresq=Macklemore+cover&hl=de&biw=976&bih=603&gbv=2&tbm=isch&tbnid=iJaDT-Ua2sU1BM&imgrefurl=httpgoodmusica.URL
[2012.03.26 16:07:13 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.26 16:00:19 | 000,001,536 | ---- | M] () -- C:\Users\pc\Desktop\Tor.lnk
[2012.03.23 21:19:12 | 000,000,161 | ---- | M] () -- C:\Users\pc\Desktop\Stereo Lautsprecher Soundstation MusicMan Midi blau (4260101738356) eBay.url

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.04.20 13:55:32 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.19 19:50:50 | 000,000,061 | ---- | C] () -- C:\Users\pc\Desktop\Dringend! Schwerer Fehler - Virus Hilfe.URL
[2012.04.19 15:11:00 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.14 00:43:46 | 000,000,032 | ---- | C] () -- C:\Users\pc\.simfy
[2012.04.14 00:43:39 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\simfy.lnk
[2012.04.13 23:53:35 | 004,864,000 | ---- | C] () -- C:\Users\pc\Desktop\Chris Brown - What it Do -www.hiphopgenerals.com.mp3
[2012.04.12 11:58:20 | 003,318,627 | ---- | C] () -- C:\Users\pc\Desktop\Stromae - Alors On Danse.mp3
[2012.04.12 11:42:21 | 004,240,509 | R--- | C] () -- C:\Users\pc\Desktop\Macklemore & Ryan Lewis - Can't Hold Us..mp3
[2012.04.11 17:38:58 | 203,554,938 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.03.28 06:55:41 | 000,001,478 | ---- | C] () -- C:\Users\pc\Desktop\images.jpg
[2012.03.28 06:55:22 | 000,000,493 | ---- | C] () -- C:\Users\pc\Desktop\httpwww.google.deimgresq=Macklemore+cover&hl=de&biw=976&bih=603&gbv=2&tbm=isch&tbnid=iJaDT-Ua2sU1BM&imgrefurl=httpgoodmusica.URL
[2012.03.26 16:07:13 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.26 16:07:12 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.03.26 16:00:19 | 000,001,536 | ---- | C] () -- C:\Users\pc\Desktop\Tor.lnk
[2012.03.23 21:19:12 | 000,000,161 | ---- | C] () -- C:\Users\pc\Desktop\Stereo Lautsprecher Soundstation MusicMan Midi blau (4260101738356) eBay.url
[2012.02.21 17:45:54 | 000,001,566 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.02.20 17:34:17 | 000,000,000 | ---- | C] () -- C:\Windows\System32\controls.ini
[2012.02.20 14:57:07 | 000,049,792 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusb4.bin

[color=#E56717]========== LOP Check ==========[/color]

[2012.02.23 14:08:17 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\.minecraft
[2012.01.22 17:19:14 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Babylon
[2012.02.22 15:35:59 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Opera
[2012.04.12 12:16:28 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\redsn0w
[2012.04.14 00:43:45 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Simfy
[2012.02.25 10:55:26 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\TuneUp Software
[2012.04.13 17:15:18 | 000,031,372 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



< End of report >
OTL Extra TXt.
OTL Extras logfile created on: 20.04.2012 14:21:04 - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\pc\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 51,03% Memory free
3,98 Gb Paging File | 2,83 Gb Available in Paging File | 71,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 904,79 Gb Free Space | 97,13% Space Free | Partition Type: NTFS
Drive D: | 74,50 Gb Total Space | 23,38 Gb Free Space | 31,38% Space Free | Partition Type: NTFS

Computer Name: PC-PC | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant *S-1-5-32-544:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2C5927BD-3F65-4207-8FB5-8EDF638A3511}_is1" = SmartPCFixer 4.2
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{57C39411-6747-489C-A226-46885FB0D2D0}" = DriverBoost
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{B4C40A0E-14C9-1E1F-2AEC-ABF96EA3FB51}" = simfy
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Opera 11.61.1250" = Opera 11.61
"Sandboxie" = Sandboxie 3.64 (32-bit)
"Simfy" = simfy
"softonic" = Softonic toolbar on IE and Chrome
"TuneUp Utilities 2012" = TuneUp Utilities 2012

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Zip Uncompressor" = Zip Uncompressor

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
Seitenanfang Seitenende
20.04.2012, 21:46
Moderator

Beiträge: 5694
#4 ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.

• Dein Anti-Virus-Programm während des Scans deaktivieren.

Button (<< klick) drücken.

Firefox-User:
Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
IE-User:
müssen das Installieren eines ActiveX Elements erlauben.

• Setze den einen Hacken bei Yes, i accept the Terms of Use.
• Drücke den Button.
• Warte bis die Komponenten herunter geladen wurden.
• Setze einen Haken bei "Scan archives".
• Gehe sicher das bei Remove Found Threads kein Hacken gesetzt ist.
drücken.
• Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.Wenn der Scan beendet wurde

• Klicke .
• Klicke und speichere das Logfile als ESET.txt auf dem Desktop.
• Klicke Back und Finish

Bitte poste die Logfile hier.
Seitenanfang Seitenende
22.04.2012, 14:24
...neu hier

Themenstarter

Beiträge: 4
#5 Witig ich kann es nicht installieren da es beschädigt is wenn ich es downloade ;)
Seitenanfang Seitenende
22.04.2012, 22:19
Moderator

Beiträge: 5694
#6 Was kommt für eine Meldung?
Seitenanfang Seitenende
27.04.2012, 19:53
...neu hier

Themenstarter

Beiträge: 4
#7 Datei bescheadigt /kann schliesslich nicht geladen werden
Seitenanfang Seitenende
27.04.2012, 20:49
Moderator

Beiträge: 5694
#8 Versuche so:

Abgesicherter Modus zur Bereinigung


• Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
• Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:


Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: