Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
TR/Kazy.795 - Downloads sind nicht mehr möglich

TR/Kazy.795 - Downloads sind nicht mehr möglich


Log-Analyse und Auswertung: TR/Kazy.795 - Downloads sind nicht mehr möglich

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 12.06.2013, 18:12   #1
ricardoonlin
 
TR/Kazy.795 - Downloads sind nicht mehr möglich - Standard

TR/Kazy.795 - Downloads sind nicht mehr möglich


Hallo,

zunächst einmal möchte ich Euch sagen, dass ich es klasse finde, dass Ihr mit diesem Forum Hilfestellung bei Virus-Problemen gebt.
Ich habe bisher weder viel Foren-Erfahrung, noch hatte ich bisher einen Virus. Ich betrete daher im doppelten Sinn Neuland. Daher hoffe ich, dass ihr mir helfen könnt und bedanke mich schon einmal ganz herzlich im Voraus.

Avira hat mir folgenden Fund angezeigt, den ich in Quarantäne verschoben habe: TR/Kazy.795
Am nächsten Tag gab es dann das erste Problem: Downloads waren nicht mehr möglich (weder aus Webmail noch aus dem Browser).

Ich habe die Schritte in der Anleitung durchgeführt. Den Scan mit GMER musste ich zweimal durchführen, da beim ersten mal mit dem "blauen" Problembildschirm alles abgebrochen wurde. Ich habe dann Windows wieder neu gestartet. Hätte ich Schritt 1 (defogger) dann erneut durchführen müssen?

Hier sind die Logs:

OTL:

OTL logfile created on: 12.06.2013 14:43:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Richard\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,93 Gb Total Physical Memory | 0,59 Gb Available Physical Memory | 30,77% Memory free
3,86 Gb Paging File | 2,09 Gb Available in Paging File | 54,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 2,50 Gb Free Space | 5,13% Space Free | Partition Type: NTFS
Drive D: | 184,06 Gb Total Space | 6,84 Gb Free Space | 3,72% Space Free | Partition Type: NTFS
Drive Z: | 2,00 Gb Total Space | 0,05 Gb Free Space | 2,46% Space Free | Partition Type: FAT32

Computer Name: RICHARD-PC | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.06.12 14:37:04 | 000,050,477 | ---- | M] () -- C:\Users\Richard\Desktop\Defogger.exe
PRC - [2013.06.12 14:05:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Richard\Desktop\OTL.exe
PRC - [2013.06.03 18:58:12 | 000,064,008 | ---- | M] (Google) -- C:\Users\Richard\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013.05.29 07:27:40 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe
PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Richard\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.05.07 10:20:30 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.23 09:48:17 | 010,244,448 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer.exe
PRC - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013.04.23 09:40:59 | 000,193,888 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\tv_w32.exe
PRC - [2013.03.28 12:29:16 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.28 12:29:06 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.03.28 12:29:05 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe
PRC - [2012.05.29 17:25:52 | 001,564,880 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.10.12 00:13:12 | 003,975,088 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011.07.31 15:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Programme\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.29 16:16:30 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.20 13:04:14 | 000,370,688 | -H-- | M] (SanDisk Corporation) -- C:\Programme\SanDisk\SanDisk Media Manager\SanDiskMediaManager-Launcher.EXE
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.09.08 05:16:54 | 000,154,312 | ---- | M] (Zecter Inc.) -- C:\Programme\Zecter\ZumoDrive\zumodrive.exe
PRC - [2010.08.21 11:55:32 | 000,391,296 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010.08.21 11:55:28 | 000,780,504 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010.08.21 11:54:46 | 005,493,736 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010.08.20 17:00:22 | 002,570,688 | ---- | M] (Acronis) -- C:\Programme\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2009.09.22 20:42:16 | 002,453,504 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe
PRC - [2009.09.05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2009.06.22 15:21:58 | 000,304,592 | ---- | M] () -- C:\Programme\XSManager\WTGService.exe
PRC - [2009.06.04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [1999.09.30 21:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Programme\PrintKey2000\Printkey2000.exe


========== Modules (No Company Name) ==========

MOD - [2013.06.12 14:37:04 | 000,050,477 | ---- | M] () -- C:\Users\Richard\Desktop\Defogger.exe
MOD - [2013.06.12 14:13:05 | 000,295,424 | ---- | M] () -- C:\Users\Richard\AppData\Local\Temp\WindowsFolderWatcher.dll1354219197849016131.lib
MOD - [2013.06.12 14:12:35 | 000,389,632 | ---- | M] () -- C:\Users\Richard\AppData\Local\Temp\WindowsZFSJNI.dll1331569038997267936.lib
MOD - [2013.06.12 14:12:33 | 000,379,904 | ---- | M] () -- C:\Users\Richard\AppData\Local\Temp\libsqlitejdbc-555837357366778175.lib
MOD - [2013.06.12 14:12:01 | 000,199,168 | ---- | M] () -- C:\Users\Richard\AppData\Local\Temp\WindowsAPI.dll7196461024918885117.lib
MOD - [2013.05.29 07:27:38 | 000,393,168 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll
MOD - [2013.05.29 07:27:37 | 013,136,336 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
MOD - [2013.05.29 07:27:35 | 004,051,408 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\pdf.dll
MOD - [2013.05.29 07:26:40 | 000,599,504 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\libglesv2.dll
MOD - [2013.05.29 07:26:39 | 000,124,368 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\libegl.dll
MOD - [2013.05.29 07:26:36 | 001,597,392 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll
MOD - [2013.05.15 23:57:14 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll
MOD - [2013.05.15 23:56:50 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Richard\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013.01.10 10:13:06 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.01.10 10:12:48 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.01.10 10:12:35 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.01.10 10:12:21 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Richard\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012.06.18 17:24:30 | 000,260,096 | ---- | M] () -- D:\Notepad++\NppShell_05.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server)
SRV - [2013.05.14 21:21:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013.03.28 12:29:16 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.28 12:29:05 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.26 15:49:50 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.06 14:30:30 | 000,022,016 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2012.03.10 02:23:38 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.10.12 00:13:12 | 003,975,088 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011.06.29 16:16:30 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe -- (Lexware_Professional_Datenbank)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.08.21 11:55:28 | 000,780,504 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.06.22 15:21:58 | 000,304,592 | ---- | M] () [Auto | Running] -- C:\Programme\XSManager\WTGService.exe -- (WTGService)
SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - [2013.03.28 12:29:19 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.28 12:29:19 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.03.28 12:29:19 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.02.26 17:34:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.09.19 10:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012.09.19 10:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011.10.12 00:13:13 | 000,163,232 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2011.10.12 00:13:09 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm273.sys -- (tdrpman273)
DRV - [2011.10.12 00:13:08 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2011.10.12 00:13:04 | 000,170,464 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.04.16 07:50:36 | 000,147,416 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cbfs.sys -- (CbFs)
DRV - [2009.10.28 11:59:06 | 000,035,384 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PcaSp50.sys -- (PcaSp50)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2008.10.31 16:19:38 | 000,103,424 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV - [2007.07.16 23:29:43 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hpfxfax.sys -- (HPFXFAX)
DRV - [2007.07.16 23:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2001.09.18 13:00:00 | 000,167,816 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\omcamvid.sys -- (OVT511Plus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=a8aef8dd-62b8-4df3-97c8-6887b4d051d5&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=a8aef8dd-62b8-4df3-97c8-6887b4d051d5&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=a8aef8dd-62b8-4df3-97c8-6887b4d051d5&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=a8aef8dd-62b8-4df3-97c8-6887b4d051d5&affid=111583&searchtype=hp&babsrc=lnkry_nt&installDate=01/01/1970
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 2D 3E 42 EC AF CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=a8aef8dd-62b8-4df3-97c8-6887b4d051d5&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=a8aef8dd-62b8-4df3-97c8-6887b4d051d5&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
IE - HKCU\..\SearchScopes,DefaultScope = {54538F69-A7AC-415D-A3EB-25503A003D3C}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=a8aef8dd-62b8-4df3-97c8-6887b4d051d5&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{54538F69-A7AC-415D-A3EB-25503A003D3C}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7IRFC_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=a8aef8dd-62b8-4df3-97c8-6887b4d051d5&affid=111583&searchtype=hp&babsrc=lnkry&installDate=01/01/1970"
FF - prefs.js..extensions.enabledAddons: {a8aef8dd-62b8-4df3-97c8-6887b4d051d5}:1.1
FF - prefs.js..keyword.URL: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=a8aef8dd-62b8-4df3-97c8-6887b4d051d5&affid=111583&searchtype=ds&babsrc=lnkry&installDate=01/01/1970&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Richard\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Richard\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Richard\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.23 20:47:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.26 15:49:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.24 10:13:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Richard\AppData\Roaming\5045 [2011.11.21 20:12:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.26 15:49:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.24 10:13:54 | 000,000,000 | ---D | M]

[2011.05.09 00:12:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\mozilla\Extensions
[2013.02.18 21:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\xiz03qfu.default\extensions
[2013.02.18 21:37:29 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\xiz03qfu.default\extensions\{a8aef8dd-62b8-4df3-97c8-6887b4d051d5}
[2012.03.04 23:01:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\xiz03qfu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.09 11:52:22 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\xiz03qfu.default\extensions\toolbar@ask.com
[2013.02.18 09:11:55 | 000,002,499 | ---- | M] () -- C:\Users\Richard\AppData\Roaming\mozilla\firefox\profiles\xiz03qfu.default\searchplugins\Web Search.xml
[2012.10.23 14:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.09 16:25:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.02.26 15:49:50 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.26 15:49:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.26 15:49:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.26 15:49:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.26 15:49:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.26 15:49:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.26 15:49:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter},
CHR - homepage: hxxp://www.googlemail.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: GoogleChromeRemotePlugin (Enabled) = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll
CHR - plugin: registryAccess (Enabled) = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.2.0_0\background/registryAccess.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Richard\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Linkury Smartbar = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\
CHR - Extension: Google Drive = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011.03.19 00:55:52 | 000,000,854 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HP Color LaserJet CM1312 MFP Series Fax] C:\Program Files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [SAOB Monitor] C:\Programme\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Richard\AppData\Local\Smartbar\Application\Linkury.exe startup File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Richard\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ZumoDrive] C:\Program Files\Zecter\ZumoDrive\ZumoLauncher.lnk ()
O4 - Startup: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Richard\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zahlungserinnerung.lnk = C:\Profi cash\wzed.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Richard\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} hxxp://ellister.dyndns.org/plugin/h263ctrl.cab (VaPgCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C91DC459-BFCD-42FA-A9AE-13791738C14A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E14349E5-A973-4107-B5C1-E016224D30F8}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.07.31 22:44:36 | 000,000,000 | ---D | M] - Z:\Documents -- [ FAT32 ]
O32 - AutoRun File - [2011.05.01 15:28:41 | 000,000,000 | ---D | M] - Z:\Linked Folders -- [ FAT32 ]
O32 - AutoRun File - [2013.06.12 14:35:14 | 000,000,000 | ---D | M] - Z:\Patenmappe-Shared -- [ FAT32 ]
O33 - MountPoints2\{88d7ebda-aee3-11e0-a207-001f1696d7c9}\Shell - "" = AutoRun
O33 - MountPoints2\{88d7ebda-aee3-11e0-a207-001f1696d7c9}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{8accffea-9a4e-11e0-8f7a-001f1696d7c9}\Shell - "" = AutoRun
O33 - MountPoints2\{8accffea-9a4e-11e0-8f7a-001f1696d7c9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{97528204-635a-11e0-9ef0-001f1696d7c9}\Shell - "" = AutoRun
O33 - MountPoints2\{97528204-635a-11e0-9ef0-001f1696d7c9}\Shell\AutoRun\command - "" = F:\MyDiSa.exe
O33 - MountPoints2\{ae544812-62c3-11df-a208-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ae544812-62c3-11df-a208-806e6f6e6963}\Shell\AutoRun\command - "" = E:\o2Start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.06.12 14:40:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Richard\Desktop\OTL.exe
[2013.06.12 13:40:55 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Malwarebytes
[2013.06.12 13:40:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.12 13:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.12 13:40:34 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.06.12 13:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.06.03 15:29:20 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[4 C:\Users\Richard\Desktop\*.tmp files -> C:\Users\Richard\Desktop\*.tmp -> ]
[2 C:\Users\Richard\AppData\Roaming\*.tmp files -> C:\Users\Richard\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.06.12 14:42:11 | 000,000,000 | ---- | M] () -- C:\Users\Richard\defogger_reenable
[2013.06.12 14:37:04 | 000,050,477 | ---- | M] () -- C:\Users\Richard\Desktop\Defogger.exe
[2013.06.12 14:28:01 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1772502657-2889558274-1553771813-1000UA.job
[2013.06.12 14:27:02 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.12 14:21:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.12 14:18:21 | 000,019,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.12 14:18:21 | 000,019,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.12 14:09:03 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.12 14:08:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.12 14:08:29 | 1554,739,200 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.12 14:05:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Richard\Desktop\OTL.exe
[2013.06.12 13:57:13 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1772502657-2889558274-1553771813-1000UA.job
[2013.06.12 13:40:38 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.12 07:55:57 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1772502657-2889558274-1553771813-1000Core.job
[2013.06.11 20:16:19 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.06.07 12:40:57 | 000,001,061 | ---- | M] () -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.06.04 19:57:18 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.04 19:57:18 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.04 19:57:18 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.04 19:57:18 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.29 12:34:53 | 000,073,577 | ---- | M] () -- C:\Users\Richard\Desktop\Mietauto-Erstattung.pdf
[2013.05.29 09:57:01 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1772502657-2889558274-1553771813-1000Core.job
[2013.05.16 14:09:20 | 003,859,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.14 20:30:51 | 000,163,586 | ---- | M] () -- C:\Users\Richard\Desktop\easyJet-online check-in.pdf
[4 C:\Users\Richard\Desktop\*.tmp files -> C:\Users\Richard\Desktop\*.tmp -> ]
[2 C:\Users\Richard\AppData\Roaming\*.tmp files -> C:\Users\Richard\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.06.12 14:42:11 | 000,000,000 | ---- | C] () -- C:\Users\Richard\defogger_reenable
[2013.06.12 14:40:34 | 000,050,477 | ---- | C] () -- C:\Users\Richard\Desktop\Defogger.exe
[2013.06.12 13:40:38 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.29 12:34:52 | 000,073,577 | ---- | C] () -- C:\Users\Richard\Desktop\Mietauto-Erstattung.pdf
[2013.05.14 20:30:51 | 000,163,586 | ---- | C] () -- C:\Users\Richard\Desktop\easyJet-online check-in.pdf
[2013.03.23 22:17:07 | 000,002,282 | ---- | C] () -- C:\Users\Richard\.recently-used.xbel
[2013.03.18 20:47:48 | 000,004,096 | -H-- | C] () -- C:\Users\Richard\AppData\Local\keyfile3.drm
[2012.10.08 14:42:06 | 000,000,600 | ---- | C] () -- C:\Users\Richard\PUTTY.RND
[2012.09.20 23:05:07 | 000,000,141 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.01.23 22:26:54 | 000,000,000 | ---- | C] () -- C:\Users\Richard\AppData\Local\{4BF84341-4223-423A-A747-A5FA0358E1DC}
[2011.12.15 00:29:17 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.12.12 18:27:26 | 000,481,611 | ---- | C] () -- C:\Users\Richard\111209_Sommer_Sauer_Barts.pdf
[2011.11.06 19:51:37 | 000,000,072 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\blckdom.res
[2011.09.27 12:17:26 | 000,198,144 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2011.09.27 12:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll
[2011.09.27 12:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll
[2011.09.27 12:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll
[2011.07.05 13:17:19 | 000,000,000 | ---- | C] () -- C:\Users\Richard\AppData\Local\{8009FEA1-5810-4FAD-8035-E5DFD7A8B7C6}
[2011.06.27 16:30:33 | 000,000,000 | ---- | C] () -- C:\Users\Richard\AppData\Local\{E7BE5F4C-582D-4D44-8FCD-EB2332EBD25F}
[2011.06.13 19:25:39 | 000,000,000 | ---- | C] () -- C:\Users\Richard\AppData\Local\{3A7D1FE4-EAAC-4FB6-8762-9A112DAF50F2}
[2010.07.24 23:52:49 | 000,019,367 | ---- | C] () -- C:\Users\Richard\USt-Voranmeldung_2Q2010.elfo
[2010.07.20 19:38:40 | 000,020,480 | ---- | C] () -- C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.28 09:32:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.18 23:26:48 | 000,007,625 | ---- | C] () -- C:\Users\Richard\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-1772502657-2889558274-1553771813-1000\$16ff2f68c68998a72779c643dfad8ffe\n.

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011.11.06 19:51:44 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\5038
[2011.11.11 15:44:44 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\5039
[2011.11.15 15:33:06 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\5040
[2011.11.17 10:29:28 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\5041
[2011.11.18 02:46:42 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\5042
[2011.11.19 15:10:19 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\5043
[2011.11.21 20:12:27 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\5045
[2011.06.19 00:14:10 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Acronis
[2010.06.12 22:56:04 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\AI Internet Solutions
[2011.03.10 02:24:45 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\blaxxun interactive
[2010.06.01 20:21:42 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.10.12 00:03:57 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\D4AB7C83-E910-4F4A-BA83-63048517CC6F
[2013.06.12 14:39:06 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Dropbox
[2012.03.04 23:01:49 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\DVDVideoSoft
[2012.03.04 23:01:25 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.19 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\elsterformular
[2013.03.23 22:17:07 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\gtk-2.0
[2010.06.13 22:54:20 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\IrfanView
[2011.11.06 19:51:30 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\kock
[2012.02.26 04:41:49 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Lexware
[2013.04.11 12:40:02 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\NetxpVerein
[2012.08.22 18:16:36 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Notepad++
[2012.07.21 18:19:06 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\OpenCandy
[2011.05.20 16:21:35 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.04.11 13:17:50 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Subsembly
[2013.01.05 14:03:48 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\TeamViewer
[2011.11.08 00:37:50 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\UAs
[2010.12.30 14:20:56 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Wieldy
[2011.11.08 23:17:20 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\xmldm
[2011.07.16 23:05:00 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\XSManager
[2013.06.12 14:13:04 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\ZumoDrive

========== Purity Check ==========



< End of report >





Extras:

OTL Extras logfile created on: 12.06.2013 14:43:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Richard\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,93 Gb Total Physical Memory | 0,59 Gb Available Physical Memory | 30,77% Memory free
3,86 Gb Paging File | 2,09 Gb Available in Paging File | 54,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 2,50 Gb Free Space | 5,13% Space Free | Partition Type: NTFS
Drive D: | 184,06 Gb Total Space | 6,84 Gb Free Space | 3,72% Space Free | Partition Type: NTFS
Drive Z: | 2,00 Gb Total Space | 0,05 Gb Free Space | 2,46% Space Free | Partition Type: FAT32

Computer Name: RICHARD-PC | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002C9FA8-ED6A-4B44-883A-29A5EEE3A7F6}" = Lexware financial office pro 2012
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{02A388E1-5998-453A-ADF1-823BFB0EAAAE}" = bpd_scan
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{0626C86E-5A8F-4A6D-8C0A-5FF38BD2DA3A}" = hppFaxUtilityCM1312
"{07B85EEC-05BD-4E6A-AAEB-502FB2473DFA}" = hppCLJCM1312
"{0868BB9D-5EA0-40AF-A1CC-A38ED4E5BC67}" = 32 Bit HP CIO Components Installer
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
"{2753B568-6F85-4E31-A114-A7F8D8606DDD}" = NETGEAR Powerline Utility
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2D7F5A88-C877-4713-8B3A-6ACBF06B62BE}" = BPDSoftware_Ini
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{325D1D94-4F34-46A7-A489-737C801B931D}" = hppusgCM1312
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{484A13AB-A4C1-41FD-87E0-EBE2DA01250E}" = hppSendFaxCM1312
"{49BE00D7-9144-43ED-B18D-D75D1336ACF8}" = 7400_Help
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C657898-7214-4851-B363-9F75ADE9E3C0}" = ProjectLibre
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51268A7D-4E1A-371A-9849-496D48930952}" = Google Talk Plugin
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{53BC789D-073D-47B6-AA9F-DE05990AF07A}" = Adobe Creative Suite 5 Production Premium
"{583EDB12-4CEA-48B5-A7BA-88069DD47BA2}" = hppQFolderCM1312
"{591B2FA3-E8BC-4163-B1E8-0723DFB67E1D}" = SanDisk ® Media Manager
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FE4A01A-CAB2-42AB-ABD3-C5D9530AF9A0}" = Lexware financial office Juli 2005
"{7985C7FA-B151-4BA7-B19E-1577A7B527F1}" = hppFaxDrvCM1312
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88C6F99C-DEFC-4CA3-8A83-0BF9FD13E377}" = HP OfficeJet L7400 Series
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}" = HP Color LaserJet CM1312 MFP Series 5.1
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95EFD16D-3A38-4E7A-901A-24A92399547C}" = Lexware Elster
"{96439822-CC3B-48E3-B196-B719892D295D}" = Lexware financial office Juli 2005a
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.2
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A34386F8-7655-4E3B-9F51-D3064F607C89}" = blaxxun Contact
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B01AAC47-D5D7-4A9A-AFC0-1C2C23AE8991}" = Linkury Smartbar
"{B59ACF5E-0FF7-44D2-B57D-E516F334AC2E}" = hppScanToCM1312
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D31A8447-7962-42F9-A339-BE79D05C785E}" = BPDSoftware
"{D5F1B51C-FDD3-41C3-B1A1-1477F75C7539}" = L7400_Basic
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E546139F-B099-4a36-BCC2-AC7D68CA9383}" = Lexware financial office pro 2012
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{ED498DD7-FBC1-4C67-8D9B-C9218FBC818D}" = hppManualsCM1312
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{FDC5E0B1-2739-48A1-8027-F76F2E68AC84}" = Lexware professional Datenbank 2012
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.0.0 Shizuku Edition
"DAO" = DAO 3.5/3.6
"Der Verein im Netz" = Der Verein im Netz 20120102-1
"DivX Setup" = DivX-Setup
"ElsterFormular 13.2.0.8623u" = ElsterFormular
"FormatFactory" = FormatFactory 2.90
"Free YouTube Download_is1" = Free YouTube Download version 3.0.22.221
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{2753B568-6F85-4E31-A114-A7F8D8606DDD}" = NETGEAR Powerline Utility
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"PixGEN_is1" = PixGEN v.2.8.4
"PrintKey2000" = PrintKey2000
"Profi cash" = Profi cash
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"TeamViewer 8" = TeamViewer 8
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.0.5
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinRAR archiver" = WinRAR archiver
"xampp" = XAMPP 1.8.0
"XSManager" = XSManager
"ZumoDrive" = ZumoDrive

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"{cfd033d2-5432-49df-8bdc-03fb5035a6bc}" = Linkury Smartbar Engine
"620d61f3f0fa6f3d" = NetxpVerein
"Adobe Connect 9 Add-in" = Adobe Connect 9 Add-in
"Adobe Connect Add-in" = Adobe Connect Add-in
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10.06.2013 08:19:11 | Computer Name = Richard-PC | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not open configuration file C:/xampp/apache/conf/httpd.conf: Das System kann
den angegebenen Pfad nicht finden. .

Error - 11.06.2013 08:43:08 | Computer Name = Richard-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16483,
Zeitstempel: 0x515df825 Name des fehlerhaften Moduls: Flash32_11_7_700_202.ocx,
Version: 11.7.700.202, Zeitstempel: 0x51801f91 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00380dca ID des fehlerhaften Prozesses: 0x6c04 Startzeit der fehlerhaften Anwendung:
0x01ce66a07d162b7e Pfad der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash32_11_7_700_202.ocx
Berichtskennung:
7782a53c-d294-11e2-8ecc-001f1696d7c9

Error - 11.06.2013 13:51:25 | Computer Name = Richard-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.

Error - 11.06.2013 14:17:29 | Computer Name = Richard-PC | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not open configuration file C:/xampp/apache/conf/httpd.conf: Das System kann
den angegebenen Pfad nicht finden. .

Error - 12.06.2013 03:12:29 | Computer Name = Richard-PC | Source = Google Update | ID = 20
Description =

Error - 12.06.2013 05:53:03 | Computer Name = Richard-PC | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not open configuration file C:/xampp/apache/conf/httpd.conf: Das System kann
den angegebenen Pfad nicht finden. .

Error - 12.06.2013 07:07:11 | Computer Name = Richard-PC | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not open configuration file C:/xampp/apache/conf/httpd.conf: Das System kann
den angegebenen Pfad nicht finden. .

Error - 12.06.2013 07:29:37 | Computer Name = Richard-PC | Source = VSS | ID = 12310
Description =

Error - 12.06.2013 07:29:38 | Computer Name = Richard-PC | Source = VSS | ID = 12298
Description =

Error - 12.06.2013 08:08:44 | Computer Name = Richard-PC | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not open configuration file C:/xampp/apache/conf/httpd.conf: Das System kann
den angegebenen Pfad nicht finden. .

[ Media Center Events ]
Error - 24.02.2011 11:54:40 | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
Description = 16:54:39 - Fehler beim Herstellen der Internetverbindung. 16:54:39
- Serververbindung konnte nicht hergestellt werden..

Error - 24.02.2011 11:54:47 | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
Description = 16:54:45 - Fehler beim Herstellen der Internetverbindung. 16:54:45
- Serververbindung konnte nicht hergestellt werden..

Error - 24.02.2011 12:54:54 | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
Description = 17:54:54 - Fehler beim Herstellen der Internetverbindung. 17:54:54
- Serververbindung konnte nicht hergestellt werden..

Error - 24.02.2011 12:55:02 | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
Description = 17:55:00 - Fehler beim Herstellen der Internetverbindung. 17:55:00
- Serververbindung konnte nicht hergestellt werden..

Error - 24.02.2011 13:55:09 | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
Description = 18:55:09 - Fehler beim Herstellen der Internetverbindung. 18:55:09
- Serververbindung konnte nicht hergestellt werden..

Error - 24.02.2011 13:55:17 | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
Description = 18:55:14 - Fehler beim Herstellen der Internetverbindung. 18:55:14
- Serververbindung konnte nicht hergestellt werden..

Error - 09.04.2011 05:44:47 | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
Description = 11:44:47 - Fehler beim Herstellen der Internetverbindung. 11:44:47
- Serververbindung konnte nicht hergestellt werden..

Error - 09.04.2011 05:45:20 | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
Description = 11:45:17 - Fehler beim Herstellen der Internetverbindung. 11:45:17
- Serververbindung konnte nicht hergestellt werden..

Error - 17.04.2011 05:52:30 | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
Description = 11:52:30 - Fehler beim Herstellen der Internetverbindung. 11:52:30
- Serververbindung konnte nicht hergestellt werden..

Error - 17.04.2011 05:53:03 | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
Description = 11:52:59 - Fehler beim Herstellen der Internetverbindung. 11:52:59
- Serververbindung konnte nicht hergestellt werden..

[ System Events ]
Error - 12.06.2013 07:07:11 | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error - 12.06.2013 07:07:11 | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891

Error - 12.06.2013 07:07:12 | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.

Error - 12.06.2013 07:09:12 | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht richtig gestartet.

Error - 12.06.2013 08:08:43 | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060

Error - 12.06.2013 08:08:44 | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
beendet: %%1.

Error - 12.06.2013 08:08:44 | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error - 12.06.2013 08:08:44 | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891

Error - 12.06.2013 08:08:45 | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.

Error - 12.06.2013 08:10:26 | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht richtig gestartet.


< End of report >







Gmer:

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-12 19:05:00
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FBEO 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Richard\AppData\Local\Temp\uxliqfow.sys


---- System - GMER 2.1 ----

SSDT 90648C36 ZwCreateSection
SSDT 90648C40 ZwRequestWaitReplyPort
SSDT 90648C3B ZwSetContextThread
SSDT 90648C45 ZwSetSecurityObject
SSDT 90648C4A ZwSystemDebugControl
SSDT 90648BD7 ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8307CA09 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B61F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 830BD34C 4 Bytes [36, 8C, 64, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 830BD6A8 4 Bytes [40, 8C, 64, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 830BD6EC 4 Bytes [3B, 8C, 64, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 830BD768 4 Bytes [45, 8C, 64, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 830BD7BC 4 Bytes [4A, 8C, 64, 90]
.text ...

---- Devices - GMER 2.1 ----

Device Ntfs.sys

AttachedDevice tdrpm273.sys

Device volmgr.sys

AttachedDevice fltmgr.sys

Device iaStor.sys
Device usbccgp.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{903EE08B-6225-11DF-9631-806E6F6E6963} 8334150248
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{903EE08C-6225-11DF-9631-806E6F6E6963} 30384608

---- Files - GMER 2.1 ----

File C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui 44544 bytes executable
File C:\Program Files\Windows Defender\de-DE\MpEvMsg.dll.mui 16896 bytes executable
File C:\Program Files\Windows Defender\de-DE\MsMpRes.dll.mui 54272 bytes executable

---- EOF - GMER 2.1 ----

 

Themen zu TR/Kazy.795 - Downloads sind nicht mehr möglich
32 bit, autorun, avira searchfree toolbar, bho, browser, crystaldiskinfo, excel, flash player, format, hewlett packard, home, iexplore.exe, install.exe, java/jogek.bss, linkury, logfile, officejet, plug-in, realtek, richtlinie, rundll, scan, smartbar, tr/crypt.zpack.gen, tr/kazy.795, trojan.0access, trojan.agent.rn, virus


« Win 8 diverse Funde PUP (Babylon) Win32/installcore | Windows 7, Meldungen Spyware gefunden kommen immer wieder auf den Webseiten hoch »


Ähnliche Themen: TR/Kazy.795 - Downloads sind nicht mehr möglich


  1. Virusbefall: Browser schmiert ständig ab - Keine Downloads mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 04.11.2014 (5)
  2. Keine Downloads mehr möglich und überall Werbung
    Log-Analyse und Auswertung - 21.10.2014 (28)
  3. WIN 7 Downloads nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 11.09.2014 (1)
  4. Keine Verbindungen / Downloads mehr möglich - DNS Problem?
    Plagegeister aller Art und deren Bekämpfung - 28.07.2014 (5)
  5. Seit einiger Zeit sind keine Downloads und Updates mehr möglich.
    Plagegeister aller Art und deren Bekämpfung - 17.07.2014 (1)
  6. keine downloads aus dem internet mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 02.05.2014 (20)
  7. Keine Downloads mehr möglich! Was tun?
    Plagegeister aller Art und deren Bekämpfung - 23.01.2014 (3)
  8. keine Downloads mehr möglich Win7 (angeblich Viren enthalten)
    Plagegeister aller Art und deren Bekämpfung - 03.01.2014 (9)
  9. Kein Speichern von Downloads mehr möglich (Windows 7)
    Plagegeister aller Art und deren Bekämpfung - 17.11.2013 (16)
  10. XP: Windows Updates nicht möglich, andere Downloads können nicht abgeschlossen werden
    Plagegeister aller Art und deren Bekämpfung - 05.10.2013 (42)
  11. google links führen auf falsche Seiten und downloads sind nicht möglich.
    Plagegeister aller Art und deren Bekämpfung - 29.09.2013 (13)
  12. Keine Downloads mehr möglich unter Windows 7
    Plagegeister aller Art und deren Bekämpfung - 22.09.2013 (19)
  13. NIchts geht mehr: Downloads nicht möglich - 0 kB
    Plagegeister aller Art und deren Bekämpfung - 22.04.2013 (4)
  14. Keinerlei Downloads mehr möglich mit allen Browsern
    Plagegeister aller Art und deren Bekämpfung - 22.04.2013 (61)
  15. Scrollen nicht mehr möglich/Google Chrome Rechtsklick nicht mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 03.04.2012 (13)
  16. System Security / keine Downloads mehr möglich
    Mülltonne - 06.01.2009 (1)
  17. Internet wird immer langsamer, Downloads nicht mehr möglich!
    Log-Analyse und Auswertung - 20.07.2006 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Kazy.795 - Downloads sind nicht mehr möglich - Hallo, zunächst einmal möchte ich Euch sagen, dass ich es klasse finde, dass Ihr mit diesem Forum Hilfestellung bei Virus-Problemen gebt. Ich habe bisher weder viel Foren-Erfahrung, noch hatte ich - TR/Kazy.795 - Downloads sind nicht mehr möglich...
Archiv
Du betrachtest: TR/Kazy.795 - Downloads sind nicht mehr möglich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131