Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Delta Search Redirect, letzte Monate mit alter Java Version gesurft

Delta Search Redirect, letzte Monate mit alter Java Version gesurft


Log-Analyse und Auswertung: Delta Search Redirect, letzte Monate mit alter Java Version gesurft

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 28.07.2013, 11:31   #4
MarwieX
 
Delta Search Redirect, letzte Monate mit alter Java Version gesurft - Standard

Delta Search Redirect, letzte Monate mit alter Java Version gesurft


Hallo Matthias,

danke für Deine Unterstützung. Hier nun also die Auswertungen. Zuerst mal mit GMER, den ich gestern Abend durchlaufen liess und danach die von Dir angeforderten Schritte 1-3:

GMER
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-28 10:31:46
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD1600BEVS-75RST0 rev.04.01G04 149.05GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\MarwieX\AppData\Local\Temp\pwloikow.sys


---- System - GMER 2.1 ----

SSDT   928A875E                                                                                         ZwCreateSection
SSDT   928A8768                                                                                         ZwRequestWaitReplyPort
SSDT   928A8763                                                                                         ZwSetContextThread
SSDT   928A876D                                                                                         ZwSetSecurityObject
SSDT   928A8772                                                                                         ZwSystemDebugControl
SSDT   928A86FF                                                                                         ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         82C879F5 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           82CC11F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                              82CC853C 4 Bytes  [5E, 87, 8A, 92]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                              82CC8898 4 Bytes  [68, 87, 8A, 92]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                              82CC88DC 4 Bytes  [63, 87, 8A, 92]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                              82CC8958 4 Bytes  [6D, 87, 8A, 92]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                              82CC89AC 4 Bytes  [72, 87, 8A, 92]
.text  ...                                                                                              

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e4ce10816                      
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e4ce10816@000761b9f1a3         0x5F 0xB4 0x33 0x0A ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e4ce10816 (not active ControlSet)  
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e4ce10816@000761b9f1a3             0x5F 0xB4 0x33 0x0A ...

---- EOF - GMER 2.1 ----
Schritt 1 - AdwCleaner
Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 28/07/2013 um 10:34:27 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : MarwieX - JHO-LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\MarwieX\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\MarwieY\AppData\Roaming\Mozilla\Firefox\Profiles\y7bm03bg.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\MarwieY\AppData\Roaming\Mozilla\Firefox\Profiles\y7bm03bg.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\MarwieY\AppData\Roaming\Mozilla\Firefox\Profiles\y7bm03bg.default\searchplugins\BrowserProtect.xml
Datei Gelöscht : C:\Users\MarwieY\AppData\Roaming\Mozilla\Firefox\Profiles\y7bm03bg.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\MarwieX\AppData\Roaming\Mozilla\Firefox\Profiles\rgorylez.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\MarwieX\AppData\Roaming\Mozilla\Firefox\Profiles\rgorylez.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\MarwieX\AppData\Roaming\Mozilla\Firefox\Profiles\rgorylez.default\searchplugins\Babylon.xml
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\MarwieY\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\MarwieY\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\MarwieY\AppData\Roaming\file scout
Ordner Gelöscht : C:\Users\MarwieY\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\d57dadab43fee46
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\d57dadab43fee46
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\MarwieY\AppData\Roaming\Mozilla\Firefox\Profiles\y7bm03bg.default\prefs.js

C:\Users\MarwieY\AppData\Roaming\Mozilla\Firefox\Profiles\y7bm03bg.default\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "en");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.id", "fa430327000000000000001f3a076ef3");
Gelöscht : user_pref("extensions.delta.instlDay", "15820");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.16.16");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.16.1615:26:47");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.16.16");

Datei : C:\Users\MarwieX\AppData\Roaming\Mozilla\Firefox\Profiles\rgorylez.default\prefs.js

Gelöscht : user_pref("browser.newtab.url", "hxxp://www2.delta-search.com/?affID=121562&tt=240413_ctrl&babsrc=NT[...]
Gelöscht : user_pref("browser.search.order.1", "Delta Search");

*************************

AdwCleaner[S1].txt - [4880 octets] - [28/07/2013 10:34:27]

########## EOF - C:\AdwCleaner[S1].txt - [4940 octets] ##########
Schritt 2 - Junkware Removal Tool
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.5 (07.26.2013:2)
OS: Windows 7 Professional x86
Ran by MarwieX on 28.07.2013 at 11:52:57.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\MarwieX\AppData\Roaming\mozilla\firefox\profiles\rgorylez.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.07.2013 at 11:56:02.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Schritt 3 - FRST 32bit - FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-07-2013 04
Ran by MarwieX (administrator) on 28-07-2013 11:58:41
Running from C:\Users\MarwieX\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(OLYMPUS IMAGING CORP.) C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\system32\schtasks.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [OEM02Mon.exe] - C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [ISUSPM Startup] - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [RoxWatchTray] - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [221184 2006-11-05] (Sonic Solutions)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2508104 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [IJNetworkScanUtility] - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-02] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1851192 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [ 2010-11-20] (Microsoft Corporation)
HKU\MarwieY\...\Run: [Steam] - C:\Program Files\Steam\Steam.exe [ 2013-07-10] (Valve Corporation)
HKU\MSSQL$SQLEXPRESS\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [ 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 3.lnk
ShortcutTarget: Device Detector 3.lnk -> C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
Startup: C:\Users\MarwieY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\MarwieX\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
BHO: Snapform Viewer PlugIn for IE - {00AF1458-D967-4C0E-B736-D6D010521EF5} - C:\Program Files\SnapFormViewer\Viewer\bin\lib\SFVPlugInIE_x86.dll (Ringler Informatik AG)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\MarwieX\AppData\Roaming\Mozilla\Firefox\Profiles\rgorylez.default
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: www.google.ch
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-02] (Avira Operations GmbH & Co. KG)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-05-05] (Avira Operations GmbH & Co. KG)
R3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [39608 2012-09-18] (Logitech, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
S3 SNTNLUSB; C:\Windows\System32\DRIVERS\SNTNLUSB.SYS [35328 2007-04-27] (SafeNet, Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 VNUSB; C:\Windows\System32\DRIVERS\VNUSB.sys [38496 2006-04-07] (OLYMPUS IMAGING CORP.)
S1 MpKsl74f46066; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ECFB497F-C934-49B4-828A-EF70F65DBFD6}\MpKsl74f46066.sys [x]
S1 MpKsl9b7a48e0; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6BFD4BCE-6B4F-4D2C-AA7B-C18CA3169E18}\MpKsl9b7a48e0.sys [x]
S1 MpKsla4a486d3; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E3C1A09D-C323-4C50-81B6-BF667B85B8CC}\MpKsla4a486d3.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-28 11:58 - 2013-07-28 11:58 - 00000000 ____D C:\FRST
2013-07-28 11:57 - 2013-07-28 10:28 - 01221426 _____ (Farbar) C:\Users\MarwieX\Desktop\FRST.exe
2013-07-28 11:56 - 2013-07-28 11:56 - 00000962 _____ C:\Users\MarwieX\Desktop\JRT.txt
2013-07-28 11:52 - 2013-07-28 11:52 - 00000000 ____D C:\Windows\ERUNT
2013-07-28 10:34 - 2013-07-28 10:35 - 00005009 _____ C:\AdwCleaner[S1].txt
2013-07-27 22:44 - 2013-07-27 22:44 - 00602112 _____ (OldTimer Tools) C:\Users\MarwieX\Desktop\OTL.exe
2013-07-27 22:41 - 2013-07-27 22:41 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-27 22:37 - 2013-07-27 22:37 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-27 22:37 - 2013-07-27 22:37 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-27 22:37 - 2013-07-27 22:37 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-27 22:37 - 2013-07-27 22:37 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-27 22:33 - 2013-07-27 22:33 - 00000000 _____ C:\Users\MarwieX\defogger_reenable
2013-07-27 22:31 - 2013-07-28 11:57 - 00000000 ____D C:\Users\MarwieX\Downloads\TrojanerBoardTools
2013-07-27 17:38 - 2013-07-27 17:42 - 00000000 ____D C:\Users\MarwieY\Desktop\The Majestic - VOSTFR
2013-07-27 17:33 - 2013-07-27 17:33 - 00000000 ____D C:\Users\MarwieY\Desktop\Films
2013-07-27 11:11 - 2013-07-27 11:15 - 00000000 ____D C:\Windows\system32\MRT
2013-07-27 11:02 - 2013-07-27 11:07 - 00000000 ____D C:\Users\MarwieY\Desktop\Season1_E5-6
2013-07-27 10:55 - 2013-07-27 11:01 - 00000000 ____D C:\Users\MarwieY\Desktop\Season1_E3-4
2013-07-27 10:48 - 2013-07-27 10:54 - 00000000 ____D C:\Users\MarwieY\Desktop\Season1_E1-2
2013-07-27 10:46 - 2013-07-27 10:48 - 00000000 ____D C:\Users\MarwieY\Desktop\Wolkig mit Aussicht auf Fleischbällchen (HD, Ea10)
2013-07-25 11:41 - 2013-07-25 11:41 - 00000000 ____D C:\Program Files\Windows Phone
2013-07-25 11:39 - 2013-07-25 11:39 - 06790816 _____ (Microsoft Corporation) C:\Users\MarwieY\Downloads\WindowsPhone.exe
2013-07-20 11:44 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-20 11:44 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-20 11:44 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-20 11:44 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-20 11:44 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-20 11:44 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-20 11:44 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-20 11:44 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-20 11:44 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-20 11:44 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-20 11:44 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-20 11:44 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-20 11:44 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-20 11:44 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-20 11:44 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-20 11:44 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 22:57 - 2013-07-13 22:57 - 04188160 _____ C:\Program Files\GUTF3D6.tmp
2013-07-13 22:57 - 2013-07-13 22:57 - 00000000 ____D C:\Program Files\GUMF3D5.tmp
2013-07-10 19:31 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 19:30 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 19:30 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 19:30 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-09 21:59 - 2013-07-09 21:59 - 00000000 ____D C:\Users\MarwieX\AppData\Roaming\Canon
2013-07-07 22:58 - 2013-07-07 22:58 - 00000757 _____ C:\Users\MarwieX\AppData\Local\recently-used.xbel
2013-07-07 16:14 - 2013-07-07 16:14 - 00002574 _____ C:\Users\MarwieX\Downloads\CH040023323377733241Y_20130707_1614.mt940

==================== One Month Modified Files and Folders =======

2013-07-28 11:58 - 2013-07-28 11:58 - 00000000 ____D C:\FRST
2013-07-28 11:57 - 2013-07-27 22:31 - 00000000 ____D C:\Users\MarwieX\Downloads\TrojanerBoardTools
2013-07-28 11:56 - 2013-07-28 11:56 - 00000962 _____ C:\Users\MarwieX\Desktop\JRT.txt
2013-07-28 11:52 - 2013-07-28 11:52 - 00000000 ____D C:\Windows\ERUNT
2013-07-28 11:35 - 2012-10-17 20:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-28 11:22 - 2010-06-03 20:32 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-28 11:13 - 2009-07-14 06:34 - 00013648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-28 11:13 - 2009-07-14 06:34 - 00013648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-28 10:37 - 2010-06-03 20:32 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-28 10:37 - 2010-01-22 23:46 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-28 10:37 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-28 10:37 - 2009-07-14 06:39 - 00055684 _____ C:\Windows\setupact.log
2013-07-28 10:35 - 2013-07-28 10:34 - 00005009 _____ C:\AdwCleaner[S1].txt
2013-07-28 10:35 - 2010-01-18 00:25 - 01538343 _____ C:\Windows\WindowsUpdate.log
2013-07-28 10:28 - 2013-07-28 11:57 - 01221426 _____ (Farbar) C:\Users\MarwieX\Desktop\FRST.exe
2013-07-27 22:44 - 2013-07-27 22:44 - 00602112 _____ (OldTimer Tools) C:\Users\MarwieX\Desktop\OTL.exe
2013-07-27 22:41 - 2013-07-27 22:41 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-27 22:37 - 2013-07-27 22:37 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-27 22:37 - 2013-07-27 22:37 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-27 22:37 - 2013-07-27 22:37 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-27 22:37 - 2013-07-27 22:37 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-27 22:37 - 2012-09-03 20:27 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-27 22:37 - 2010-09-13 11:29 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-27 22:33 - 2013-07-27 22:33 - 00000000 _____ C:\Users\MarwieX\defogger_reenable
2013-07-27 22:33 - 2012-09-23 21:05 - 00000000 ____D C:\Users\MarwieX
2013-07-27 17:47 - 2011-10-16 21:45 - 00000000 ____D C:\Users\MarwieY\AppData\Roaming\vlc
2013-07-27 17:42 - 2013-07-27 17:38 - 00000000 ____D C:\Users\MarwieY\Desktop\The Majestic - VOSTFR
2013-07-27 17:33 - 2013-07-27 17:33 - 00000000 ____D C:\Users\MarwieY\Desktop\Films
2013-07-27 17:32 - 2011-01-08 15:49 - 00000000 ___RD C:\Users\MarwieY\Dropbox
2013-07-27 17:32 - 2011-01-08 15:40 - 00000000 ____D C:\Users\MarwieY\AppData\Roaming\Dropbox
2013-07-27 17:26 - 2013-02-10 19:39 - 00000000 ____D C:\Program Files\Steam
2013-07-27 11:15 - 2013-07-27 11:11 - 00000000 ____D C:\Windows\system32\MRT
2013-07-27 11:07 - 2013-07-27 11:02 - 00000000 ____D C:\Users\MarwieY\Desktop\Season1_E5-6
2013-07-27 11:01 - 2013-07-27 10:55 - 00000000 ____D C:\Users\MarwieY\Desktop\Season1_E3-4
2013-07-27 10:54 - 2013-07-27 10:48 - 00000000 ____D C:\Users\MarwieY\Desktop\Season1_E1-2
2013-07-27 10:48 - 2013-07-27 10:46 - 00000000 ____D C:\Users\MarwieY\Desktop\Wolkig mit Aussicht auf Fleischbällchen (HD, Ea10)
2013-07-25 11:41 - 2013-07-25 11:41 - 00000000 ____D C:\Program Files\Windows Phone
2013-07-25 11:39 - 2013-07-25 11:39 - 06790816 _____ (Microsoft Corporation) C:\Users\MarwieY\Downloads\WindowsPhone.exe
2013-07-25 09:19 - 2013-02-10 19:40 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-07-20 15:42 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-20 12:51 - 2009-07-14 06:33 - 00475632 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-20 12:49 - 2009-07-14 10:57 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-20 12:49 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-20 12:48 - 2011-12-14 00:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-20 12:48 - 2010-01-20 22:14 - 00511180 _____ C:\Windows\PFRO.log
2013-07-20 11:43 - 2010-01-18 17:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-20 08:32 - 2012-04-10 10:19 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-07-20 08:32 - 2011-06-07 13:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-07-20 08:31 - 2010-01-20 22:26 - 00000000 ____D C:\Users\MarwieY\AppData\Local\Adobe
2013-07-13 22:57 - 2013-07-13 22:57 - 04188160 _____ C:\Program Files\GUTF3D6.tmp
2013-07-13 22:57 - 2013-07-13 22:57 - 00000000 ____D C:\Program Files\GUMF3D5.tmp
2013-07-10 21:30 - 2012-09-23 21:16 - 00000000 ____D C:\Users\MarwieX\.gconfd
2013-07-10 19:21 - 2012-09-23 21:16 - 00000000 ____D C:\Users\MarwieX\.gconf
2013-07-09 21:59 - 2013-07-09 21:59 - 00000000 ____D C:\Users\MarwieX\AppData\Roaming\Canon
2013-07-09 19:32 - 2012-04-27 17:16 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-09 17:47 - 2013-04-15 21:30 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-07 22:58 - 2013-07-07 22:58 - 00000757 _____ C:\Users\MarwieX\AppData\Local\recently-used.xbel
2013-07-07 22:40 - 2010-06-13 21:18 - 00000000 ____D C:\Users\MarwieY\AppData\Roaming\Skype
2013-07-07 16:14 - 2013-07-07 16:14 - 00002574 _____ C:\Users\MarwieX\Downloads\CH040023323377733241Y_20130707_1614.mt940
2013-07-02 14:16 - 2013-05-07 16:40 - 00067168 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

Files to move or delete:
====================
C:\ProgramData\nvModes.dat

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-28 01:16

==================== End Of Log ============================
--- --- ---


Schritt 3 - FRST Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-07-2013 04
Ran by MarwieX at 2013-07-28 12:00:59
Running from C:\Users\MarwieX\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
Adobe Bridge 1.0 (Version: 001.000.000)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Creative Suite 2
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Illustrator CS2 (Version: 12.000.000)
Adobe InDesign CS2 (Version: 004.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
Adobe Stock Photos 1.0 (Version: 001.000.000)
Adobe SVG Viewer 3.0 (Version:  3.0)
Anvil Studio
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Avira Free Antivirus (Version: 13.0.0.3884)
BibleWorks 6
Bullzip PDF Printer 7.2.0.1304 (Version: 7.2.0.1304)
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon Kurzwahlprogramm
Canon MP Navigator EX 3.1
Canon MX870 series Benutzerregistrierung
Canon MX870 series MP Drivers
Canon SELPHY CP510
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CanoScan LiDE 90
Cisco AnyConnect VPN Client (Version: 2.5.0217)
Die Siedler II - Die nächste Generation
EasyTax 2009 BL 1.0
EasyTax 2010 BL 1.02
EasyTax 2011 BL 1.0
EasyTax 2012 BL 1.02 (Version: 1.02)
Entity Framework Designer für Visual Studio 2012 - DEU (Version: 11.1.20810.00)
eReg (Version: 1.20.138.34)
Erforderliche Komponenten für SSDT  (Version: 11.0.2100.60)
FaJo XP File Security Extension v1.2 (Version: v1.2)
Free Studio version 5.3.5 (Version: 5.3.5)
Free YouTube to MP3 Converter version 3.12.2.422 (Version: 3.12.2.422)
GnuCash 2.4.11
Google Earth (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.153)
GPL Ghostscript Lite 8.70
iCloud (Version: 1.0.2.17)
ifolor Designer (Version: 3.0.13.0)
Inkscape 0.48.1  (Version: 0.48.1)
iTunes (Version: 11.0.2.26)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Laptop Integrated Webcam Driver (1.04.01.1011)  
Logitech SetPoint 6.51 (Version: 6.51.8)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (Version: 4.5.50709)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (Version: 4.5.50709)
Microsoft .NET Framework 4.5 SDK (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Help Viewer 1.1 Language Pack - DEU (Version: 1.1.40219)
Microsoft Help Viewer 2.0 (Version: 2.0.50727)
Microsoft Help Viewer 2.0 Language Pack - DEU (Version: 2.0.50727)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Migros Photo Service
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
Mp3tag v2.54 (Version: v2.54)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA 3D Vision Treiber 320.18 (Version: 320.18)
NVIDIA GeForce Experience 1.5 (Version: 1.5)
NVIDIA Grafiktreiber 320.18 (Version: 320.18)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.2018)
NVIDIA Systemsteuerung 320.18 (Version: 320.18)
NVIDIA Update 4.11.9 (Version: 4.11.9)
NVIDIA Update Components (Version: 4.11.9)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Olympus Digital Wave Player
Picasa 3 (Version: 3.9)
QuickTime (Version: 7.73.80.64)
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator DE (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Drag-to-Disc (Version: 9.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio MyDVD DE (Version: 9.0.117)
Roxio Update Manager (Version: 3.0.0)
SequoiaView
Sid Meier's Civilization V
Skype™ 5.10 (Version: 5.10.116)
Snapform Viewer 1.7.31 (Version: 1.7.31)
Sonic Activation Module (Version: 1.0)
Steam (Version: 1.0.0.0)
Suite Specific (Version: 2.0.0)
System Requirements Lab
Total Commander (Remove or Repair) (Version: 7.57a)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4.5 (KB2750147) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update for Microsoft Visual Studio 2012 (KB2781514) (Version: 11.0.50727)
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VLC media player 2.0.3 (Version: 2.0.3)
Windows Phone app for desktop (Version: 1.0.1720.1)
WinPcap 4.1.2 (Version: 4.1.0.2001)
Wireshark 1.6.4 (Version: 1.6.4)
 

==================== Restore Points  =========================

07-07-2013 21:04:06 Windows Update
20-07-2013 09:33:39 Windows Update
25-07-2013 09:39:54 Installed Windows Phone app for desktop
27-07-2013 09:10:22 Windows Update
27-07-2013 20:35:43 Installed Java 7 Update 25

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0F6DD9A4-E191-4AAB-8A92-68C839132DBB} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {1F64848A-ED43-4B36-9FEF-C3AB965E4E20} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-03] (Google Inc.)
Task: {465C56B5-FDBA-400D-BB84-F54CFDA21572} - System32\Tasks\{C310F796-1C74-4183-8FCE-D0A5490042B5} => C:\Program Files\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {526D343F-4FEA-4958-836F-CAAA5635FC9B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {B4CD4900-58E7-4E00-B08F-1B3D61E19D58} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-03] (Google Inc.)
Task: {B8F0C8BE-7C75-4C31-8F77-D5E3F298282E} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {EC0EA9C9-B63C-45CD-BF2F-85F4CFCDC400} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: MpKsl74f46066
Description: MpKsl74f46066
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl74f46066
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: MpKsl9b7a48e0
Description: MpKsl9b7a48e0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl9b7a48e0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: MpKsla4a486d3
Description: MpKsla4a486d3
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsla4a486d3
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Bluetooth-Gerät (PAN)
Description: Bluetooth-Gerät (PAN)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (09/12/2012 09:24:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 148 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 25%
Total physical RAM: 3838.04 MB
Available physical RAM: 2863.87 MB
Total Pagefile: 7674.38 MB
Available Pagefile: 6546.83 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.05 GB) (Free:10.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 30000000)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Themen zu Delta Search Redirect, letzte Monate mit alter Java Version gesurft
adobe reader xi, antivir, autorun, avira, bho, canon, converter, dvdvideosoft ltd., entfernen, error, failed, filescout.exe, firefox, flash player, format, helper, iexplore.exe, install.exe, logfile, mozilla, mp3, ntdll.dll, olympus, plug-in, programme und funktionen, prozess, registry, rundll, scan, security, senden, software, svchost.exe, total commander, windows


« loadtbs-3.0 u. evtl. mehr beseitigen! | Google Redirect & Windows Sicherheitscenter lässt sich nicht aktivieren »


Ähnliche Themen: Delta Search Redirect, letzte Monate mit alter Java Version gesurft


  1. Delta-Homes.com redirect entfernen
    Anleitungen, FAQs & Links - 11.10.2015 (2)
  2. babylon search und delta search als startseite im browser
    Plagegeister aller Art und deren Bekämpfung - 06.06.2014 (9)
  3. Search d.p Engine. Ist das Delta-Search? Wenn nein, egal ich werde es nicht mehr los
    Log-Analyse und Auswertung - 27.01.2014 (11)
  4. Delta Search und Babylon search - Malware durch Freeware, Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 16.07.2013 (37)
  5. Delta Search
    Log-Analyse und Auswertung - 19.06.2013 (45)
  6. delta search
    Plagegeister aller Art und deren Bekämpfung - 01.05.2013 (11)
  7. Delta Search mit Spybot entfernt; Delta Search taucht jedoch in neuen Tab trotzdem auf
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (10)
  8. Delta Search
    Plagegeister aller Art und deren Bekämpfung - 14.04.2013 (16)
  9. Delta Search
    Plagegeister aller Art und deren Bekämpfung - 03.04.2013 (6)
  10. delta search
    Log-Analyse und Auswertung - 01.04.2013 (9)
  11. Delta Search
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (51)
  12. Delta Search
    Plagegeister aller Art und deren Bekämpfung - 22.03.2013 (9)
  13. Delta Search und Babylon Search entfernt - Ist nun alles weg?
    Log-Analyse und Auswertung - 16.03.2013 (18)
  14. Delta Search Tab
    Plagegeister aller Art und deren Bekämpfung - 21.02.2013 (24)
  15. Microsoft warnt vor Lücke in alter Flash-Player-Version
    Nachrichten - 13.01.2010 (0)
  16. Letzte Zonealarm Version für Win9x
    Antiviren-, Firewall- und andere Schutzprogramme - 13.01.2007 (8)
  17. Vorerst letzte Version von CWShredder...
    Log-Analyse und Auswertung - 08.07.2004 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Delta Search Redirect, letzte Monate mit alter Java Version gesurft - Hallo Matthias, danke für Deine Unterstützung. Hier nun also die Auswertungen. Zuerst mal mit GMER, den ich gestern Abend durchlaufen liess und danach die von Dir angeforderten Schritte 1-3: GMER - Delta Search Redirect, letzte Monate mit alter Java Version gesurft...
Archiv
Du betrachtest: Delta Search Redirect, letzte Monate mit alter Java Version gesurft auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55