Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Rechner nach ZAccess sauber? (https://www.trojaner-board.de/121256-rechner-zaccess-sauber.html)

Aragorn1 04.08.2012 17:24
Rechner nach ZAccess sauber?
 
Hallo,

ich habe hier ein Notebook bekommen, das mit einem Trojaner befallen ist/war.
Ich habe bereits alle möglichen Scans mit verschiedenen Rescue-Disks und mbam laufen lassen, die haben auch schon aufgeräumt. Unter anderem wurde eine Datei '800000cb.@' gefunden und entfernt.

Ich habe aber noch nicht so viel Erfahrung mit Rootkits und würde gerne die Meinung eines Fachmannes hören, ob die Kiste (ein Notebook) nun sauber ist.

Anbei die Logs von OTL und TDSSkiller.

Danke schon mal im Voraus!

Wolfgang

Aragorn1 05.08.2012 08:30
Rechner nach ZAccess sauber?
 
Moin,

Avira hatte übrigens ursprünglich einen TR/ATRAPS.Gen gemeldet, falls das
hilft...

Und hier noch mal ein aktuelles Quick-Scan Log von OTL:

OTL Logfile:OTL Logfile:
Code:
OTL logfile created on: 05.08.2012 10:29:43 - Run 3
OTL by OldTimer - Version 3.2.56.0    Folder = D:\AV
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,50% Memory free
6,18 Gb Paging File | 5,15 Gb Available in Paging File | 83,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117,54 Gb Total Space | 14,20 Gb Free Space | 12,08% Space Free | Partition Type: NTFS
Drive D: | 113,88 Gb Total Space | 109,00 Gb Free Space | 95,71% Space Free | Partition Type: NTFS
Drive F: | 1,91 Gb Total Space | 1,88 Gb Free Space | 98,66% Space Free | Partition Type: FAT32
Drive P: | 1,46 Gb Total Space | 0,97 Gb Free Space | 65,91% Space Free | Partition Type: NTFS
 
Computer Name: TOSHIBA-NB | User Name: WGaethke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\AV\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TAMSvr.exe (AuthenTec Inc.)
PRC - C:\Programme\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Common Files\Sage KHK Shared\Liveupdate\LiveUpdateInstaller.exe (Sage Software)
PRC - C:\Programme\Common Files\Sage KHK Shared\REGISTRY.EXE (Sage KHK Software)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\igfxTMM.dll ()
MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Windows\System32\btwhidcs.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (SolidWorks Licensing Service) -- C:\Programme\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (FreeAgentGoNext Service) -- C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (LPDSVC) -- C:\Windows\System32\lpdsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (Authentec memory manager) -- C:\Windows\System32\TAMSvr.exe (AuthenTec Inc.)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (LiveUpdateInstaller) -- C:\Programme\Common Files\Sage KHK Shared\Liveupdate\LiveUpdateInstaller.exe (Sage Software)
SRV - (Registry) -- C:\Programme\Common Files\Sage KHK Shared\REGISTRY.EXE (Sage KHK Software)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (aswArKrn) -- C:\Users\WGaethke\AppData\Local\Temp\aswArKrn.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon)
DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (hotcore3) -- C:\Windows\System32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (AlfaFF) -- C:\Windows\System32\drivers\AlfaFF.sys (Alfa Corporation)
DRV - (CnxtHdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation                          )
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (ATSWPDRV) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (Thpdrv) -- C:\Windows\System32\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Thpevm) -- C:\Windows\System32\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (APL531) -- C:\Windows\System32\drivers\ov550i.sys (Omnivision Technologies, Inc.)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (Hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.myheritage.com
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = hxxp://search.myheritage.com?orig=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q={searchTerms}&crm=1
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1329285772-28137740-4280337599-1123\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
IE - HKU\S-1-5-21-1329285772-28137740-4280337599-1123\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1329285772-28137740-4280337599-1123\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1329285772-28137740-4280337599-1123\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 FC 53 35 EC 82 CA 01  [binary data]
IE - HKU\S-1-5-21-1329285772-28137740-4280337599-1123\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1329285772-28137740-4280337599-1123\..\SearchScopes,DefaultScope = {BE28C22E-F666-424d-B5FD-125C4AFEE34E}
IE - HKU\S-1-5-21-1329285772-28137740-4280337599-1123\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1329285772-28137740-4280337599-1123\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1329285772-28137740-4280337599-1123\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKU\S-1-5-21-1329285772-28137740-4280337599-1123\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1329285772-28137740-4280337599-1123\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2475029&SearchSource=13"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2475029&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.6
FF - prefs.js..extensions.enabledItems: CompactMenuCE@Merci.chao:4.3.2
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.1.1
FF - prefs.js..extensions.enabledItems: metaswitcher@com.extensions.mattiasschlenker.de:1.0.0.26
FF - prefs.js..extensions.enabledItems: printpdf@pavlov.net:0.76
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
FF - prefs.js..extensions.enabledItems: {20291fcc-1471-46c8-8213-5911f5ce6d67}:1.6.4
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.21 09:08:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.21 09:08:50 | 000,000,000 | ---D | M]
 
[2009.12.22 11:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WGaethke\AppData\Roaming\mozilla\Extensions
[2011.12.21 11:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WGaethke\AppData\Roaming\mozilla\Firefox\Profiles\dh7catvx.default\extensions
[2011.12.21 11:20:46 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\WGaethke\AppData\Roaming\mozilla\Firefox\Profiles\dh7catvx.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011.09.23 14:50:42 | 000,000,000 | ---D | M] (Site Launcher) -- C:\Users\WGaethke\AppData\Roaming\mozilla\Firefox\Profiles\dh7catvx.default\extensions\{20291fcc-1471-46c8-8213-5911f5ce6d67}
[2010.04.30 17:17:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\WGaethke\AppData\Roaming\mozilla\Firefox\Profiles\dh7catvx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.17 11:22:37 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Users\WGaethke\AppData\Roaming\mozilla\Firefox\Profiles\dh7catvx.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010.01.06 12:09:30 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Users\WGaethke\AppData\Roaming\mozilla\Firefox\Profiles\dh7catvx.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2011.12.21 11:20:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\WGaethke\AppData\Roaming\mozilla\Firefox\Profiles\dh7catvx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.12.21 11:20:53 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\WGaethke\AppData\Roaming\mozilla\Firefox\Profiles\dh7catvx.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011.03.17 15:38:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WGaethke\AppData\Roaming\mozilla\Firefox\Profiles\dh7catvx.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}-trash
[2011.03.24 12:26:23 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\WGaethke\AppData\Roaming\mozilla\Firefox\Profiles\dh7catvx.default\extensions\engine@conduit.com
[2010.03.17 11:22:35 | 000,000,000 | ---D | M] ("Metaswitcher") -- C:\Users\WGaethke\AppData\Roaming\mozilla\Firefox\Profiles\dh7catvx.default\extensions\metaswitcher@com.extensions.mattiasschlenker.de
[2010.03.17 11:22:37 | 000,000,000 | ---D | M] (printpdf) -- C:\Users\WGaethke\AppData\Roaming\mozilla\Firefox\Profiles\dh7catvx.default\extensions\printpdf@pavlov.net
[2010.03.17 11:22:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WGaethke\AppData\Roaming\mozilla\Firefox\Profiles\dh7catvx.default\extensions\metaswitcher@com.extensions.mattiasschlenker.de\chrome
[2010.03.17 11:22:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WGaethke\AppData\Roaming\mozilla\Firefox\Profiles\dh7catvx.default\extensions\metaswitcher@com.extensions.mattiasschlenker.de\defaults
[2010.01.20 12:19:10 | 000,000,923 | ---- | M] () -- C:\Users\WGaethke\AppData\Roaming\Mozilla\Firefox\Profiles\dh7catvx.default\searchplugins\conduit.xml
[2011.12.05 10:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.08.22 13:56:30 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Programme\Mozilla Firefox\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009.08.22 13:56:28 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Programme\Mozilla Firefox\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009.08.22 13:56:37 | 000,000,000 | ---D | M] (Session Manager) -- C:\Programme\Mozilla Firefox\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2009.08.22 13:56:37 | 000,000,000 | ---D | M] (Site Launcher) -- C:\Programme\Mozilla Firefox\extensions\{20291fcc-1471-46c8-8213-5911f5ce6d67}
[2009.08.22 13:56:38 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Programme\Mozilla Firefox\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2009.08.22 13:56:35 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Programme\Mozilla Firefox\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2011.10.27 08:55:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2009.08.22 13:56:29 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Programme\Mozilla Firefox\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2009.08.22 13:56:28 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Programme\Mozilla Firefox\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009.08.22 13:56:30 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Programme\Mozilla Firefox\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009.08.22 13:56:31 | 000,000,000 | ---D | M] (FoxTab) -- C:\Programme\Mozilla Firefox\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009.08.22 13:56:32 | 000,000,000 | ---D | M] (GooglePreview) -- C:\Programme\Mozilla Firefox\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2009.08.22 13:56:27 | 000,000,000 | ---D | M] ("AutoPager") -- C:\Programme\Mozilla Firefox\extensions\autopager@mozilla.org
[2009.08.22 13:56:19 | 000,000,000 | ---D | M] ("COMPUTER BILD Fox Config Helper") -- C:\Programme\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de
[2009.08.22 13:56:36 | 000,000,000 | ---D | M] (Personal Menu) -- C:\Programme\Mozilla Firefox\extensions\CompactMenuCE@Merci.chao
[2009.08.22 13:56:32 | 000,000,000 | ---D | M] (Lazarus: Form Recovery) -- C:\Programme\Mozilla Firefox\extensions\lazarus@interclue.com
[2009.08.22 13:56:27 | 000,000,000 | ---D | M] ("Metaswitcher") -- C:\Programme\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de
[2009.08.22 13:56:36 | 000,000,000 | ---D | M] (printpdf) -- C:\Programme\Mozilla Firefox\extensions\printpdf@pavlov.net
[2009.08.22 13:56:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de\chrome
[2009.08.22 13:56:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de\defaults
[2009.08.22 13:56:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de\chrome
[2009.08.22 13:56:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de\defaults
[2011.12.05 10:36:30 | 000,084,346 | ---- | M] () (No name found) -- C:\USERS\WGAETHKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DH7CATVX.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
[2011.12.05 10:36:39 | 000,512,595 | ---- | M] () (No name found) -- C:\USERS\WGAETHKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DH7CATVX.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
[2011.09.23 14:50:45 | 000,254,273 | ---- | M] () (No name found) -- C:\USERS\WGAETHKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DH7CATVX.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
[2011.09.23 14:50:45 | 000,138,595 | ---- | M] () (No name found) -- C:\USERS\WGAETHKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DH7CATVX.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2011.12.05 10:36:51 | 000,688,596 | ---- | M] () (No name found) -- C:\USERS\WGAETHKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DH7CATVX.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011.09.23 14:50:45 | 000,688,571 | ---- | M] () (No name found) -- C:\USERS\WGAETHKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DH7CATVX.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2011.12.05 10:36:31 | 000,044,608 | ---- | M] () (No name found) -- C:\USERS\WGAETHKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DH7CATVX.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI
[2011.12.05 10:36:34 | 000,337,045 | ---- | M] () (No name found) -- C:\USERS\WGAETHKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DH7CATVX.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
[2011.10.27 08:53:18 | 000,071,426 | ---- | M] () (No name found) -- C:\USERS\WGAETHKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DH7CATVX.DEFAULT\EXTENSIONS\COMPACTMENUCE@MERCI.CHAO.XPI
[2011.09.23 14:50:38 | 000,246,802 | ---- | M] () (No name found) -- C:\USERS\WGAETHKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DH7CATVX.DEFAULT\EXTENSIONS\LAZARUS@INTERCLUE.COM.XPI
[2011.12.05 10:35:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.05 10:35:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.05 10:35:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.05 10:35:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.05 10:35:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.10.24 17:55:28 | 000,003,803 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xml
[2011.12.05 10:35:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.05 10:35:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {FFFFFFA2-C40D-475D-8C91-9A9876ACFCDD} - C:\Programme\klickTel\klickTel Toolbar\kttoolbar.dll (klickTel AG)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&klickTel Toolbar) - {FFFF8BAD-BB43-4A08-8258-BFB40A29FBD7} - C:\Programme\klickTel\klickTel Toolbar\kttoolbar.dll (klickTel AG)
O3 - HKU\S-1-5-21-1329285772-28137740-4280337599-1123\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1329285772-28137740-4280337599-1123\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-1329285772-28137740-4280337599-1123\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Programme\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Jetex.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8429823-7611-4479-B1DC-ABA384961F91}: DhcpNameServer = 192.168.0.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C36BABE6-8BF1-427A-9C07-3677F526F6F2}: NameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.04 10:48:11 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\GHISLER
[2012.08.04 10:44:53 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Roaming\GHISLER
[2012.08.03 14:21:45 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Roaming\Malwarebytes
[2012.08.03 14:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.03 14:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.03 14:21:30 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.03 14:21:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.03 14:01:08 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.08.03 07:43:33 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{A06B0304-5900-4085-8B9A-3B427BB65E2B}
[2012.08.03 07:43:26 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{57BF8C86-BF5A-4308-91D7-296AE17B7356}
[2012.08.02 12:19:08 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{0D5664A8-541F-49F2-998C-20898551E566}
[2012.08.02 12:19:04 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{04E3826C-4CBC-429F-AC1A-233C2E292C99}
[2012.08.01 07:49:52 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{841D5B86-FA93-4BF8-AF4F-F4504E601581}
[2012.08.01 07:49:48 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{1A0727F4-AF77-4CC0-BAB4-46F35AF4E661}
[2012.07.31 07:40:10 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{A09961CF-39C2-4C24-877E-21E4184326F3}
[2012.07.31 07:40:01 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{AB5EC715-104E-476B-B7F2-40EB915B0636}
[2012.07.30 08:01:14 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{5D858B0D-B156-4009-B178-F2F5492D1B2C}
[2012.07.30 08:01:11 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{32B4AC03-773B-426F-ADB1-E19887E9C233}
[2012.07.27 08:12:56 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{F3211BF6-1FD9-4C24-A713-38100E916128}
[2012.07.27 08:12:50 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{7DCDE9E2-8E76-4EA3-9658-9E8FD5EA2956}
[2012.07.26 07:54:25 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{D24B6384-3EA7-40DC-A7E4-17C9DEFF5277}
[2012.07.26 07:54:23 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{7FB91722-60F4-47C3-9895-FBB9E485EB35}
[2012.07.25 07:42:19 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{136A4C66-464D-40D5-B5D1-A371E6728DDC}
[2012.07.25 07:42:16 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{3963D415-4D6D-4569-B6CC-8377ADE66598}
[2012.07.24 08:03:55 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{DCB5BCE4-E15B-4808-B8E1-A1C59A63FF04}
[2012.07.24 08:03:38 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{32694D9C-30D1-48D8-B658-91B742EE4964}
[2012.07.23 08:02:35 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{D52188CC-56CA-4269-8DFE-E77E8E739665}
[2012.07.23 08:02:32 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{A90ED35B-828F-45E1-BCD6-39DB507EC7CA}
[2012.07.20 08:03:35 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{41F8212E-D547-4A1F-942D-DD8070725EC7}
[2012.07.20 08:03:27 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{36128FFF-9435-461A-93C2-3575EC208EF6}
[2012.07.19 08:02:03 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{8450C136-6040-4D26-A506-BDAB2ABD8301}
[2012.07.19 08:01:53 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{6A976D34-2EF5-41F3-A1BC-D370F34C7ADB}
[2012.07.18 08:08:37 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{5215B29C-A074-4E4C-ACC0-ED6A3C67FDBA}
[2012.07.18 08:08:34 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{04749517-51BE-4690-9A1E-FB50778D626B}
[2012.07.17 07:56:20 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{912B4CF6-2B84-4B05-9AE8-F0EFC4D1332E}
[2012.07.17 07:56:11 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{4A125E2B-9700-4DF3-AC5B-152EA7985A02}
[2012.07.16 07:52:45 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{F02251A1-862D-4C28-8A3B-ACC9B4B0B1E9}
[2012.07.16 07:52:23 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{2ABE686F-7249-4929-B712-F8176E0770DD}
[2012.07.13 08:06:06 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{EAE45DE7-267D-4799-BE5C-95DDB9652DDF}
[2012.07.13 08:06:03 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{893943C2-D52F-488B-AF48-7A62BB5231CF}
[2012.07.12 09:24:05 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{394E69EB-6EDF-412B-8310-CD19A8A1FF48}
[2012.07.12 09:24:03 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{71CB27D9-2450-4762-8A4E-20CBDD670207}
[2012.07.12 08:04:24 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{925BD6D0-30C8-48F1-8ACC-BA26FF439C79}
[2012.07.11 08:04:31 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{634822D3-A829-4375-8986-E533AC4E09AE}
[2012.07.11 08:04:26 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{1C162B8D-85F2-4C00-A100-2D72CD2410A6}
[2012.07.10 07:58:58 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{D2F7D61A-D87E-40F3-8685-7ACB4099580E}
[2012.07.10 07:58:54 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{F57571E6-DCAB-4496-B2C7-697AA016B147}
[2012.07.09 07:49:22 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{ABA6C3C1-C7B9-438D-A565-7DE213193F00}
[2012.07.09 07:49:17 | 000,000,000 | ---D | C] -- C:\Users\WGaethke\AppData\Local\{650F284A-8D98-4CE9-95ED-22D63C4E8202}
[2010.06.29 15:48:23 | 036,762,424 | ---- | C] (Dassault Systèmes SolidWorks Corp.                          ) -- C:\Program Files\eDrawingsFullEnglish.exe
[1 C:\Users\WGaethke\AppData\Roaming\*.tmp files -> C:\Users\WGaethke\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2012.08.05 10:35:00 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{155C2676-65E2-4843-856B-D7F4D60272B6}.job
[2012.08.05 10:24:26 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 10:24:26 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 10:10:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.05 10:10:08 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.04 18:58:07 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.04 18:56:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.04 18:29:30 | 000,759,850 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.04 18:29:30 | 000,704,054 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.04 18:29:30 | 000,175,416 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.04 18:29:30 | 000,142,164 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.04 18:23:15 | 000,000,809 | ---- | M] () -- C:\Users\WGaethke\Desktop\Total Commander.lnk
[2012.08.03 16:39:52 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.03 16:39:52 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.03 16:39:52 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.08.03 16:39:52 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\Paragon Archive name arc_270311173520024.job
[2012.08.03 14:21:33 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.03 13:58:44 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.08.03 08:22:46 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.12 08:28:55 | 000,383,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\WGaethke\AppData\Roaming\*.tmp files -> C:\Users\WGaethke\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\System32\
[2012.08.04 18:22:36 | 000,000,809 | ---- | C] () -- C:\Users\WGaethke\Desktop\Total Commander.lnk
[2012.08.03 14:21:33 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.01 15:07:56 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{565baab6-f10b-ee61-e16c-ce10ae5a28d7}\U\00000001.@
[2012.01.11 13:54:11 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{565baab6-f10b-ee61-e16c-ce10ae5a28d7}\@
[2011.10.12 11:20:30 | 000,002,083 | ---- | C] () -- C:\Users\WGaethke\.recently-used.xbel
[2011.02.04 15:16:16 | 000,000,097 | ---- | C] () -- C:\Windows\WirelessFTP.INI
[2011.01.28 15:59:43 | 000,000,024 | ---- | C] () -- C:\Windows\Pcrk32.INI
[2010.12.27 15:24:36 | 000,000,369 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2010.12.27 15:23:44 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2010.09.24 12:49:15 | 000,142,624 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.07.07 10:34:54 | 001,720,832 | ---- | C] () -- C:\Program Files\FreePDF4.02.EXE
[2010.07.07 10:32:17 | 016,357,376 | ---- | C] () -- C:\Program Files\gs871w32.exe
[2010.06.28 11:17:48 | 034,733,864 | ---- | C] () -- C:\Program Files\swviewer.exe
[2010.06.28 10:48:46 | 152,045,352 | ---- | C] () -- C:\Program Files\swexplorer.exe
[2009.12.22 19:17:59 | 000,020,480 | ---- | C] () -- C:\Users\WGaethke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.22 11:29:17 | 000,002,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.11.09 20:39:36 | 000,004,925 | ---- | C] () -- C:\ProgramData\kivjpthq.ecv
 
========== LOP Check ==========
 
[2009.11.24 16:41:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AceBIT
[2008.12.06 13:41:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo Photo Commander 5
[2008.11.07 21:41:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CD-LabelPrint
[2009.11.26 18:43:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\COMPUTERBILD Browser-Optimierer
[2008.12.11 15:06:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER
[2009.03.23 17:30:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GlarySoft
[2009.07.06 15:00:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\iSpring Solutions
[2008.11.04 17:53:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\klickTel
[2008.11.04 17:23:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware
[2009.07.30 11:19:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SmartTools
[2008.10.15 22:33:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TMP
[2008.10.16 20:37:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TOSHIBA
[2009.05.16 21:22:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2009.02.15 18:21:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinBatch
[2010.03.21 13:11:52 | 000,000,000 | ---D | M] -- C:\Users\WGaethke\AppData\Roaming\AntiBrowserSpy 2009
[2010.09.25 20:00:20 | 000,000,000 | ---D | M] -- C:\Users\WGaethke\AppData\Roaming\Ashampoo
[2010.06.29 16:01:00 | 000,000,000 | ---D | M] -- C:\Users\WGaethke\AppData\Roaming\DassaultSystemes
[2011.08.25 09:19:10 | 000,000,000 | ---D | M] -- C:\Users\WGaethke\AppData\Roaming\de.formblitz.formbox
[2010.08.18 04:58:01 | 000,000,000 | ---D | M] -- C:\Users\WGaethke\AppData\Roaming\DWGeditor
[2010.06.29 16:01:00 | 000,000,000 | ---D | M] -- C:\Users\WGaethke\AppData\Roaming\EDrawings
[2010.01.04 10:03:45 | 000,000,000 | ---D | M] -- C:\Users\WGaethke\AppData\Roaming\EPSON
[2012.08.04 10:54:20 | 000,000,000 | ---D | M] -- C:\Users\WGaethke\AppData\Roaming\GHISLER
[2011.10.12 11:20:30 | 000,000,000 | ---D | M] -- C:\Users\WGaethke\AppData\Roaming\gtk-2.0
[2010.07.31 17:24:52 | 000,000,000 | ---D | M] -- C:\Users\WGaethke\AppData\Roaming\klickTel
[2010.06.12 18:09:16 | 000,000,000 | ---D | M] -- C:\Users\WGaethke\AppData\Roaming\Leadertech
[2010.03.17 12:19:24 | 000,000,000 | ---D | M] -- C:\Users\WGaethke\AppData\Roaming\Lexware
[2011.09.08 11:11:04 | 000,000,000 | ---D | M] -- C:\Users\WGaethke\AppData\Roaming\muvee Technologies
[2011.01.30 16:51:05 | 000,000,000 | ---D | M] -- C:\Users\WGaethke\AppData\Roaming\MyHeritage
[2010.12.27 15:23:44 | 000,000,000 | ---D | M] -- C:\Users\WGaethke\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2011.02.04 15:16:49 | 000,000,000 | ---D | M] -- C:\Users\WGaethke\AppData\Roaming\TOSHIBA
[2010.03.22 09:19:33 | 000,000,000 | ---D | M] -- C:\Users\WGaethke\AppData\Roaming\TuneUp Software
[2012.08.03 16:39:52 | 000,000,956 | ---- | M] () -- C:\Windows\Tasks\Paragon Archive name arc_270311173520024.job
[2012.08.04 18:58:07 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.08.05 10:35:00 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{155C2676-65E2-4843-856B-D7F4D60272B6}.job
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

--- --- ---


Schönen Sonntag!

t'john 09.08.2012 12:35
:hallo:

Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
  • Windows XP (nur 32-bit)
  • Windows Vista (32-bit/64-bit)
  • Windows 7 (32-bit/64-bit)


Vorbereitung und wichtige Hinweise

  • Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
  • Liste der zu deaktivierenden Programme.
    Bei Unklarheiten bitte fragen.


  • ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
  • Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
  • Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
  • Teile uns das mit und warte auf unsere Anweisungen.


  • Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
  • Während des Laufs von Combofix nichts anderes am Computer machen!
  • Akzeptiere die Bedingungen (Disclaimer) mit "Ja".


  • Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
  • Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
  • Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
  • Bitte nicht in dieses Combofix-Fenster klicken.
  • Das könnte Dein System einfrieren oder hängen bleiben lassen.
  • Es wird ein Backup Deiner Registry erstellt.
  • Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.


  • Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
  • Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
  • Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.


  • Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
  • Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.



Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

t'john 02.09.2012 10:40
Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:38 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131