Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Kopieren & Einfügen funktioniert nicht immer (https://www.trojaner-board.de/138264-kopieren-einfuegen-funktioniert-immer.html)

darkeye78x 15.07.2013 14:20
Kopieren & Einfügen funktioniert nicht immer
 
Hallo,

ich habe seit Wochen schon ein sehr nerviges Problem. Das Kopieren und Einfügen funktioniert meistens nicht, manchmal funktioniert es, dann wieder nicht. Es ist also sehr unregelmäßig. Dabei spielt es keine Rolle ob ich die Tastenfunktion benutze oder die Maustaste.

Dabei kann ich meistens den Text kopieren, doch wenn ich mit der rechten Maustaste klicke, ist das Feld "Einfügen" grau und somit nicht anklickbar.

Was ich kopiere ist immer unterschiedlich... meistens Texte aus Windows Live Mail, Excel, Url-Adresszeile im Browser, aus dem Notepad, aus Formularen aus dem Netz... ich sehe da keinen Zusammenhang. Meistens funktioniert das Kopieren, doch das Einfügen jedoch nicht.

Zu Meinem PC:
Windows 7 64 Bit
Alle Add Ons auf dem neustens Stand
Firefox Browser, Windows 7, Java auf dem neusten Stand

Habe schon Stunden im Netz nach einer Lösung gesucht und nix gefunden.

Unter Systemsteuerung -> Java ist "Konsole anzeigen" aktiviert

Habe mit "Eusing Free Registry Cleaner" alle Einträge gescannt und repariert.

Benutze Zone Alarm, auch auf dem neusten Stand. Habe (angeblich) keine Viren auf dem Rechner.

Hier mein Hijackthis:

Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:59:44, on 15.07.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
D:\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
D:\Photoshop CS2\Adobe(R) Photoshop(R) CS2\Photoshop.exe
C:\Users\Dan\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=121845&babsrc=HP_ss_din2g&mntrId=E206001E8C4572B5
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - D:\IEPro\iepro.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - (no file)
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\IEPro\IEProRecorder.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (file missing)
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - D:\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - D:\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\IEPro\iepro.dll
O9 - Extra button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ\ICQ7M\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11165 bytes


Kann mir jemand weiterhelfen?

cosinus 15.07.2013 14:22
Hallo und :hallo:

Zitat:
Hier mein Hijackthis:
Lesestoff:
Bitte keine Hijackthis-Logfiles posten!!!

Zitat:
Zitat von Larusso (Beitrag 614538)
Uns ist klar, dass HijackThis wahrscheinlich eines der bekanntesten Analysetools ist.
Jedoch scannt es nur noch sehr oberflächlich und gibt uns für eine genaue Analyse eures Systems zu wenig Informationen.

Darum, bitte keine HijackThis Logfiles posten, sondern folgendes lesen und abarbeiten.

http://www.trojaner-board.de/69886-a...-beachten.html

Nur mit diesen Informationen können wir euch helfen.

Danke :daumenhoc




Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

darkeye78x 15.07.2013 17:55
Okay habe die Scans gemacht:

Extras.txt:
Code:
OTL Extras logfile created on: 15.07.2013 17:37:31 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 45,28% Memory free
6,00 Gb Paging File | 3,85 Gb Available in Paging File | 64,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 67,07 Gb Total Space | 17,50 Gb Free Space | 26,09% Space Free | Partition Type: NTFS
Drive D: | 39,83 Gb Total Space | 32,02 Gb Free Space | 80,40% Space Free | Partition Type: NTFS
Drive F: | 232,88 Gb Total Space | 111,53 Gb Free Space | 47,89% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\IEPro\MiniDM.exe" = D:\IEPro\MiniDM.exe:*:Enabled:MiniDM -- (IE7Pro.com)
"D:\IEPro\MiniDM.exe" = D:\IEPro\MiniDM.exe:*:Enabled:MiniDM -- (IE7Pro.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D34EDF9-2C34-409A-B7FB-3F0F8B65681E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0E660DE2-F196-4597-96B7-EA59E16D8F4E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{105272F5-D416-4655-917B-BFBBB7EF9840}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C9AA10C-7F55-4837-8333-14466DE24CAB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{23C8B2A0-24BC-45B2-AC25-596F2EB28303}" = lport=139 | protocol=6 | dir=in | app=system |
"{24546F10-097A-4240-B416-1E785645893F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{27B1DB21-231F-4339-90D6-CCB7938592FA}" = lport=138 | protocol=17 | dir=in | app=system |
"{2BDBC908-F9FC-4896-B806-1278E88ABB25}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2F30F0B6-E3BD-4FE0-9307-CD0867CB3334}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32BE7585-FCE9-457F-A44E-E1DEB97DD08B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3400A50F-7547-408B-A94A-10775D0D0045}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{382DD4C3-C094-407F-A48A-F61806B9F3D3}" = lport=137 | protocol=17 | dir=in | app=system |
"{41537A7F-84F4-46FF-9FEA-D0BE051C09CF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{50678739-B5D0-43D6-9B39-18B306EC0151}" = lport=445 | protocol=6 | dir=in | app=system |
"{521C4E30-0F24-4237-B1FE-F6700AE839C5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{636860EC-C608-412A-A5B1-740135748CEC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7B89FFC4-E40A-407E-989A-613B3F2CABD1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8B54F55D-2E41-46BE-BAFE-1CE03FBDFC78}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9F81054D-A8F4-4AE9-90AE-8B1648F2D762}" = rport=445 | protocol=6 | dir=out | app=system |
"{B2521E44-33B4-4C0D-B621-0F224373C4BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B5FF8715-1C9A-4F69-B6D2-806BAC6D0C67}" = rport=139 | protocol=6 | dir=out | app=system |
"{BACBC54F-12B4-49E4-88E2-92E96DD0C78F}" = rport=138 | protocol=17 | dir=out | app=system |
"{CCADD7E6-6386-4122-BE77-5733E731E06B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D5663D52-5775-4E41-8339-6F97DCB3F951}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E7710988-3005-4BFC-B50B-1FA25F02B9CA}" = rport=137 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024CF9D7-C272-4A29-9599-1623A6CEAA8D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{059B3E42-E8BF-45AC-BC48-1B1CADC4576A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0733B86A-BDE3-4C08-A3D8-6CA04BB292AF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{14303D72-CB0D-4EDB-ABFA-F7E0F2AE0A03}" = protocol=6 | dir=in | app=d:\icq\icq7m\icq.exe |
"{1CD36758-B3DC-40C3-8763-1D010C9FA66D}" = protocol=6 | dir=in | app=d:\icq\icq7m\icq.exe |
"{2626E37C-1D73-4A2C-BBBF-E98D33A4272C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{26DD4EEF-F825-4B34-80E0-023493A5A978}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2FB0035B-102A-4244-A7D4-E1F20C460186}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{371C93AD-464C-4C42-97F2-694791BCFAE1}" = dir=in | app=c:\users\***\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{4EEBE19A-0B91-43F9-B253-7914B04CDA7D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{551F39B0-8E5E-4B32-B39D-94BB76FA0812}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5D771DC1-3FF0-4CEC-99E0-6AA52F00719B}" = protocol=6 | dir=out | app=system |
"{73EF1911-2D03-414E-ACCA-E4242E96778F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7E8C2E3A-E342-4A79-AB48-CCD234CC2ABE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{84C98A5F-E987-4C4A-8117-B3AAED942266}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8B0108A5-AA56-4FCF-9F1C-AF760FE79241}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9AAF5C56-602C-469E-AC3B-5B83723F2D09}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9AAFD2A4-016E-4CD1-9B1C-683B2D7096E7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9E6A5660-748D-477B-B912-FE0983C2C468}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A31EA203-983F-4B7E-ABA9-76324418502F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A91A3900-1BB8-43D9-B949-A7CDC794E54F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B4C8B056-216D-4880-9A94-E4A0027881E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B5363D18-34B3-4BD9-806A-EDF8A33E719D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B56324AA-A14A-4311-A9BF-45718DCAFE56}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C1930E89-C2F9-437A-B2B3-F24F0F1699B3}" = protocol=17 | dir=in | app=d:\icq\icq7m\icq.exe |
"{DF60ECFD-E8E4-489C-86EC-0813242540E2}" = protocol=17 | dir=in | app=d:\icq\icq7m\icq.exe |
"{ECD121EF-978B-4E83-A68C-8206E952256D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{183B7569-90FB-4C56-9761-0EEB002CAB83}" = Adobe Camera Raw 4.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22C58DA3-FA02-4DD3-8C5B-23570411E95B}" = Windows Live Writer Resources
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{23B93929-FAD4-40E5-96C6-0E977BB87204}" = Windows Live Essentials
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2BB06A5C-9536-4D7C-AD9D-AD53B7A09E2F}" = KingBill 2012
"{325988C2-8D7B-460E-8F6F-4747129CA495}" = ZoneAlarm Security
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB}" = Adobe Version Cue CS3 Client
"{49DC9658-D26A-4AAB-A83A-2655B8033056}" = Photo Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8}" = Adobe ExtendScript Toolkit 2
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{53652DA6-AD2D-4B0F-80BA-6F3CFE2B48D7}" = ZoneAlarm Security
"{54CCA4E2-D15D-4927-A866-2D33BFED4A8E}" = ZoneAlarm Firewall
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{6ADCBB79-7B9A-449B-AE31-E1C7116042B9}" = ZoneAlarm Firewall
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{733D84D6-AAFD-4368-A1D0-F2734F6B9082}" = Adobe Help Viewer CS3
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{7F3A2319-79CF-4701-95FB-034E99281808}" = Adobe Bridge Start Meeting
"{8BC84ECC-EA87-49C0-93C0-2B5DF62745CD}" = Adobe Asset Services CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9532F6E0-ED0A-41A4-87F9-49478E44E8C1}" = ZoneAlarm Antivirus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{CCC7C18E-1BEA-409F-B7A9-6C9740B99119}" = Windows Live UX Platform Language Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}" = Adobe Update Manager CS3
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D29B0575-C3DE-4746-A893-4FDF0F7D68B2}" = Windows Live Mail
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"{FC5F20C5-C44E-40DE-927C-4C7D7994912F}" = Windows Live Messenger
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Canon MX870 series Benutzerregistrierung" = Canon MX870 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Freemake Video Converter_is1" = Freemake Video Converter Version 4.0.2
"IE7Pro" = IE7Pro
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.22
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"Notepad++" = Notepad++
"PokerStars.eu" = PokerStars.eu
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0
"Revo Uninstaller" = Revo Uninstaller 1.94
"Speed Dial Utility" = Canon Kurzwahlprogramm
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
"Windows Mail Undelete_is1" = Windows Mail Undelete v.3.0.0
"WinLiveSuite" = Windows Live Essentials
"xampp" = XAMPP 1.8.1
"XnView_is1" = XnView 1.99.5
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DSite" = Update for Zip Opener
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.07.2013 06:07:32 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 09.07.2013 16:56:03 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917,
 Zeitstempel: 0x51c06b1b  Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917,
 Zeitstempel: 0x51c06a5b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00173668  ID des fehlerhaften
 Prozesses: 0x5b0  Startzeit der fehlerhaften Anwendung: 0x01ce7c8d6a713503  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 f6ce241f-e8d9-11e2-85c4-001e8c4572b5
 
Error - 10.07.2013 04:01:43 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 11.07.2013 03:27:13 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 11.07.2013 04:49:36 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 12.07.2013 06:15:01 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 12.07.2013 20:59:27 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.07.2013 05:37:17 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 14.07.2013 05:53:19 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 15.07.2013 05:22:00 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 08.07.2013 08:39:37 | Computer Name = ***-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 09.07.2013 05:57:11 | Computer Name = ***-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 09.07.2013 05:57:21 | Computer Name = ***-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 09.07.2013 05:57:29 | Computer Name = ***-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 09.07.2013 06:05:07 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?07.?2013 um 12:03:47 unerwartet heruntergefahren.
 
Error - 09.07.2013 06:05:20 | Computer Name = ***-PC | Source = BugCheck | ID = 1001
Description =
 
Error - 10.07.2013 05:38:52 | Computer Name = ***-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 12.07.2013 13:18:58 | Computer Name = ***-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 12.07.2013 21:03:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde nicht
 richtig gestartet.
 
Error - 13.07.2013 05:38:36 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
 
 
< End of report >



OTL.txt:
Code:
OTL logfile created on: 15.07.2013 17:37:31 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 45,28% Memory free
6,00 Gb Paging File | 3,85 Gb Available in Paging File | 64,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 67,07 Gb Total Space | 17,50 Gb Free Space | 26,09% Space Free | Partition Type: NTFS
Drive D: | 39,83 Gb Total Space | 32,02 Gb Free Space | 80,40% Space Free | Partition Type: NTFS
Drive F: | 232,88 Gb Total Space | 111,53 Gb Free Space | 47,89% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.15 17:36:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2013.06.27 01:08:48 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.06.12 16:42:26 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.03.27 14:02:42 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013.03.27 13:31:18 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2013.02.19 22:32:20 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.06.28 17:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- D:\Winamp\winampa.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.27 01:08:48 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.06.12 16:42:25 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.08.10 16:50:56 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2007.02.20 17:04:02 | 002,463,976 | ---- | M] () -- C:\Windows\SysWOW64\NPSWF32.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.06.27 01:08:48 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.12 16:42:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.03.27 14:02:42 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2013.03.01 12:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.19 22:32:20 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.11.22 16:35:22 | 000,828,072 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2012.11.16 12:22:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.13 12:49:42 | 000,450,136 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.09 18:59:32 | 000,485,680 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.01.09 18:59:30 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2012.01.09 18:59:30 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.05.13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.05.13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011.05.13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.25 04:14:46 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\l160x64.sys -- (AtcL001)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2012.11.22 16:35:36 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010.07.01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- D:\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=121845&babsrc=HP_ss_din2g&mntrId=E206001E8C4572B5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC AA C2 FA 2C 4E CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=121845&babsrc=SP_ss&mntrId=E206001E8C4572B5
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledAddons: info%40seerobots.com:0.3.2
FF - prefs.js..extensions.enabledAddons: %7B08eaf605-03f5-44b1-a86d-e1ce89872ac3%7D:14
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7B888d99e7-e8b5-46a3-851e-1ec45da1e644%7D:17.0.0
FF - prefs.js..extensions.enabledAddons: ipdata%40extension:1.0.0.16
FF - prefs.js..extensions.enabledAddons: selectivecookiedelete%40siju.mathew:4.1
FF - prefs.js..extensions.enabledAddons: webrank-toolbar%40probcomp.com:4.4
FF - prefs.js..extensions.enabledAddons: toolbar%40alexa.com:1.8.0
FF - prefs.js..extensions.enabledAddons: %7Bd57c9ff1-6389-48fc-b770-f78bd89b6e8a%7D:1.46
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.38
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: D:\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2013.05.08 15:52:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013.05.08 15:52:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.27 01:08:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: D:\Thunderbird\components [2012.10.17 20:05:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.27 01:08:43 | 000,000,000 | ---D | M]
 
[2012.10.17 19:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.07.15 14:31:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\f3glm5wv.default\extensions
[2013.06.23 13:08:34 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\f3glm5wv.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2012.10.23 15:42:55 | 000,000,000 | ---D | M] (Domain Details) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\f3glm5wv.default\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91}
[2013.01.19 13:13:06 | 000,000,000 | ---D | M] (Website City + Country Info) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\f3glm5wv.default\extensions\ipdata@extension
[2013.01.19 13:38:18 | 000,000,000 | ---D | M] (selectivecookiedelete) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\f3glm5wv.default\extensions\selectivecookiedelete@siju.mathew
[2013.03.01 21:14:02 | 000,000,000 | ---D | M] (WebRank Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\f3glm5wv.default\extensions\webrank-toolbar@probcomp.com
[2013.01.19 13:13:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\f3glm5wv.default\extensions\ipdata@extension\chrome
[2013.01.19 13:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\f3glm5wv.default\extensions\ipdata@extension\defaults
[2013.05.25 13:42:26 | 002,168,615 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\f3glm5wv.default\extensions\firebug@software.joehewitt.com.xpi
[2012.10.23 16:04:18 | 000,011,906 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\f3glm5wv.default\extensions\info@seerobots.com.xpi
[2012.10.23 13:30:37 | 000,007,927 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\f3glm5wv.default\extensions\pagerank-client@koeniglich.ch.xpi
[2013.05.02 09:27:18 | 000,086,749 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\f3glm5wv.default\extensions\toolbar@alexa.com.xpi
[2012.10.23 12:22:41 | 000,015,205 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\f3glm5wv.default\extensions\{08eaf605-03f5-44b1-a86d-e1ce89872ac3}.xpi
[2013.07.15 14:31:45 | 000,535,736 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\f3glm5wv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.12.24 12:52:49 | 000,030,502 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\f3glm5wv.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2013.06.15 15:08:35 | 000,868,738 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\f3glm5wv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012.11.07 22:55:54 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\f3glm5wv.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.06.02 20:30:08 | 000,150,349 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\f3glm5wv.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi
[2013.06.23 18:52:34 | 000,006,505 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\f3glm5wv.default\searchplugins\babylon.xml
[2013.06.23 18:52:45 | 000,001,294 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\f3glm5wv.default\searchplugins\delta.xml
[2013.06.27 01:08:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.06.27 01:08:42 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de
[2013.06.27 01:08:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.06.27 01:08:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - D:\IEPro\IEPro.dll (IE7Pro.com)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - Reg Error: Value error. File not found
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File not found
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\IEPro\IEProRecorder.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [WinampAgent] D:\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKLM..\RunOnce: [Del22094094] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Del22093922] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - D:\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - D:\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ\ICQ7M\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0B7FB4F-8479-4F16-B05D-CA0794E6A244}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.15 17:28:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DSite
[2013.07.11 11:06:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
[2013.07.11 11:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
[2013.07.11 10:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.07.11 10:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.07.11 10:43:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.07.09 12:05:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.06.27 01:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.23 18:52:15 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Freemake
[2013.06.23 18:52:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2013.06.23 18:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2013.06.23 18:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2013.06.23 18:51:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenCandy
[2013.06.20 22:41:25 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.06.20 22:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.06.20 22:41:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.06.20 22:34:31 | 000,000,000 | ---D | C] -- C:\Users\***\Tracing
[2013.06.20 22:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013.06.17 20:10:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2013.06.17 20:10:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\BabSolution
[2013.06.17 20:08:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\DealPlyLive
[2013.06.17 20:08:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPlyLive
[2013.06.17 20:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\DealPlyLive
[2013.06.17 20:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.06.17 20:07:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Dealply
[2013.06.17 20:07:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google
[2013.06.17 20:07:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPly
[2013.06.17 20:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.06.17 20:07:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Babylon
[2013.06.17 20:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.15 17:42:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.15 17:36:13 | 000,006,558 | ---- | M] () -- C:\Users\***\Documents\NeueDatenbank.kdbx
[2013.07.15 17:32:22 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.07.15 17:29:22 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4091732102-1417289204-537718382-1001UA.job
[2013.07.15 17:28:12 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013.07.15 11:27:55 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.15 11:27:55 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.15 11:20:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.15 11:20:12 | 2415,222,784 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.13 23:29:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4091732102-1417289204-537718382-1001Core.job
[2013.07.12 12:13:40 | 002,222,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.11 11:06:53 | 000,000,586 | ---- | M] () -- C:\Users\***\Desktop\Eusing Free Registry Cleaner.lnk
[2013.07.10 22:40:09 | 001,633,540 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.10 22:40:09 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.10 22:40:09 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.10 22:40:09 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.10 22:40:09 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.09 12:25:25 | 000,080,553 | ---- | M] () -- C:\Users\***\Desktop\Artfiles_Vertrag.pdf
[2013.07.04 11:13:39 | 001,945,910 | ---- | M] () -- C:\Users\***\Desktop\productdata183519-1.csv
[2013.07.02 21:49:15 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.07.02 15:54:23 | 000,023,916 | ---- | M] () -- C:\Users\***\Documents\brief_polizei_anzeige_radfahrer.odt
[2013.06.19 17:18:02 | 000,028,707 | ---- | M] () -- C:\Users\***\Desktop\Rechnung Nr8160.pdf
[2013.06.19 17:17:16 | 000,028,703 | ---- | M] () -- C:\Users\***\Desktop\Rechnung Nr8158.pdf
[2013.06.19 11:26:23 | 000,603,849 | ---- | M] () -- C:\Users\***\Desktop\Teppich.pdf
[2013.06.17 20:08:24 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.06.17 20:08:00 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\Dealply.job
[2013.06.17 13:14:36 | 000,575,841 | ---- | M] () -- C:\Users\***\Desktop\Close.pdf
 
========== Files Created - No Company Name ==========
 
[2013.07.15 17:32:22 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.07.15 17:28:12 | 000,000,278 | ---- | C] () -- C:\Windows\tasks\DSite.job
[2013.07.11 11:06:53 | 000,000,586 | ---- | C] () -- C:\Users\***\Desktop\Eusing Free Registry Cleaner.lnk
[2013.07.09 12:25:24 | 000,080,553 | ---- | C] () -- C:\Users\***\Desktop\Artfiles_Vertrag.pdf
[2013.07.04 11:13:36 | 001,945,910 | ---- | C] () -- C:\Users\***\Desktop\productdata183519-1.csv
[2013.07.02 15:54:22 | 000,023,916 | ---- | C] () -- C:\Users\***\Documents\brief_polizei_anzeige_radfahrer.odt
[2013.06.19 17:17:03 | 000,028,703 | ---- | C] () -- C:\Users\***\Desktop\Rechnung Nr8158.pdf
[2013.06.19 11:26:23 | 000,603,849 | ---- | C] () -- C:\Users\***\Desktop\Teppich.pdf
[2013.06.17 20:08:24 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.06.17 20:07:59 | 000,000,282 | ---- | C] () -- C:\Windows\tasks\Dealply.job
[2013.06.17 13:14:35 | 000,575,841 | ---- | C] () -- C:\Users\***\Desktop\Close.pdf
[2012.11.15 19:19:31 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2012.10.17 19:34:03 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.06.17 20:10:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BabSolution
[2013.06.17 20:07:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon
[2012.11.30 19:08:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.10.22 15:59:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint
[2013.03.07 14:45:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.06.13 18:29:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2013.06.17 20:07:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dealply
[2013.07.15 17:28:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DSite
[2012.10.31 20:17:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FireShot
[2012.10.23 13:27:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GrabPro
[2012.11.12 14:54:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2013.07.15 17:36:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass
[2012.10.17 23:45:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2013.06.23 18:51:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2012.10.24 14:30:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.11.16 12:45:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickStoresToolbar
[2012.10.17 20:05:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2012.10.17 21:34:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2012.10.31 21:06:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 

< End of report >





gmer.txt:
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-15 18:44:24
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3 Hitachi_HTS541612J9SA00 rev.SBDOC70P 111,79GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\uwldapow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000076fd1465 2 bytes [FD, 76]
.text  C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    0000000076fd14bb 2 bytes [FD, 76]
.text  ...                                                                                                                                      * 2
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000076fd1465 2 bytes [FD, 76]
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              0000000076fd14bb 2 bytes [FD, 76]
.text  ...                                                                                                                                      * 2
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000076fd1465 2 bytes [FD, 76]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000076fd14bb 2 bytes [FD, 76]
.text  ...                                                                                                                                      * 2

---- Disk sectors - GMER 2.1 ----

Disk  \Device\Harddisk1\DR1                                                                                                                    unknown MBR code

---- EOF - GMER 2.1 ----


Hoffe mal Ihr findet den Schadcode!

P.S.: Was ich vergessen hatte zu erwähnen, und was auch sehr merkwürdig ist: Nachdem ich Text kopiert habe, klappt das Einfügen oftmals nach ungefähr 10 mal hintereinander Klicken der Tastenkombi Strg + V. Würde mich freuen wenn Ihr mir weiter helfen könnt!

cosinus 16.07.2013 14:38
Was ist mit meiner anderen Frage? Gab es nun jemals Virenfunde oder nicht? Wenn ja wo bitte sind die Logs dazu?

darkeye78x 16.07.2013 16:18
Ich finde leider keine Logdatei. Wenn ich Zone Alarm öffne finde ich lediglich unter den Prüfungsergebnissen:

2165412 Dateien geprüft
46 Viren gefunden
3 Dateien in Quarantäne

Dabei handelt es sich um diese drei Dateien:

Exploit.Linux.Lotoor.ad
not-a-virus:RemoteAdmin.Win32.RAdmin.fz
Exploit.Linux.Lotoor.p

cosinus 17.07.2013 00:12
Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

darkeye78x 17.07.2013 13:02
Hier ist erst mal der Code von ComboFix:

Code:
ComboFix 13-07-15.01 - *** 17.07.2013  13:06:30.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3071.1019 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: ZoneAlarm Free Firewall Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Free Firewall Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\uninst.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-06-17 bis 2013-07-17  ))))))))))))))))))))))))))))))
.
.
2013-07-17 11:16 . 2013-07-17 11:16        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-07-17 11:12 . 2013-07-17 11:12        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1455C444-25A6-4CA4-934B-9CE7CFCFF458}\offreg.dll
2013-07-16 10:03 . 2013-07-02 08:34        9460976        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1455C444-25A6-4CA4-934B-9CE7CFCFF458}\mpengine.dll
2013-07-15 15:28 . 2013-07-15 15:28        --------        d-----w-        c:\users\***\AppData\Roaming\DSite
2013-07-11 08:44 . 2013-07-11 08:44        --------        d-----w-        c:\program files (x86)\Common Files\Java
2013-07-11 08:44 . 2013-07-11 08:43        867240        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2013-07-11 08:44 . 2013-07-11 08:43        789416        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-07-11 08:44 . 2013-07-11 08:43        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-11 08:43 . 2013-07-11 08:43        --------        d-----w-        c:\program files (x86)\Java
2013-07-10 20:07 . 2013-05-27 05:50        1011712        ----a-w-        c:\program files\Windows Defender\MpSvc.dll
2013-07-10 20:07 . 2013-05-27 05:50        571904        ----a-w-        c:\program files\Windows Defender\MpClient.dll
2013-07-10 20:07 . 2013-05-27 05:50        314880        ----a-w-        c:\program files\Windows Defender\MpCommu.dll
2013-07-10 20:07 . 2013-05-27 04:57        4608        ----a-w-        c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 20:07 . 2013-05-27 04:57        54784        ----a-w-        c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 20:07 . 2013-05-27 04:57        392704        ----a-w-        c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 20:07 . 2013-05-27 03:15        9216        ----a-w-        c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 20:07 . 2013-06-04 06:00        624128        ----a-w-        c:\windows\system32\qedit.dll
2013-07-10 20:07 . 2013-06-04 04:53        509440        ----a-w-        c:\windows\SysWow64\qedit.dll
2013-07-10 20:07 . 2013-05-06 06:03        1887744        ----a-w-        c:\windows\system32\WMVDECOD.DLL
2013-07-10 20:07 . 2013-05-06 04:56        1620480        ----a-w-        c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 20:06 . 2013-06-05 03:34        3153920        ----a-w-        c:\windows\system32\win32k.sys
2013-07-10 20:06 . 2013-04-10 05:48        1732608        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 20:06 . 2013-04-10 05:46        1402880        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 20:06 . 2013-04-10 05:46        1393152        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 20:06 . 2013-04-10 05:46        1367040        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 20:06 . 2013-04-10 05:03        936448        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 20:06 . 2013-04-02 22:51        1643520        ----a-w-        c:\windows\system32\DWrite.dll
2013-07-10 20:06 . 2013-04-09 23:34        1247744        ----a-w-        c:\windows\SysWow64\DWrite.dll
2013-06-23 16:52 . 2013-06-23 16:53        --------        d-----w-        c:\programdata\Freemake
2013-06-23 16:51 . 2013-06-23 16:51        --------        d-----w-        c:\users\***\AppData\Roaming\OpenCandy
2013-06-20 20:41 . 2013-06-20 20:41        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2013-06-20 20:41 . 2013-06-20 20:41        --------        d-----r-        c:\program files (x86)\Skype
2013-06-20 20:34 . 2013-06-20 20:39        --------        d-----w-        c:\users\***\Tracing
2013-06-20 20:26 . 2013-06-20 20:26        --------        d-----w-        c:\program files\Windows Live
2013-06-17 18:10 . 2013-06-17 18:11        --------        d-----w-        c:\users\***\AppData\Roaming\vlc
2013-06-17 18:10 . 2013-06-17 18:10        --------        d-----w-        c:\users\***\AppData\Roaming\BabSolution
2013-06-17 18:08 . 2013-06-17 19:13        --------        d-----w-        c:\program files (x86)\DealPlyLive
2013-06-17 18:08 . 2013-06-17 18:08        --------        d-----w-        c:\users\***\AppData\Local\DealPlyLive
2013-06-17 18:08 . 2013-06-17 18:08        --------        d-----w-        c:\programdata\DealPlyLive
2013-06-17 18:07 . 2013-06-17 18:07        --------        d-----w-        c:\users\***\AppData\Roaming\Dealply
2013-06-17 18:07 . 2013-07-09 13:13        --------        d-----w-        c:\users\***\AppData\Local\Google
2013-06-17 18:07 . 2013-06-17 18:07        --------        d-----w-        c:\programdata\Babylon
2013-06-17 18:07 . 2013-06-17 18:07        --------        d-----w-        c:\users\***\AppData\Roaming\Babylon
2013-06-17 18:07 . 2013-06-17 18:07        --------        d-----w-        c:\program files (x86)\VideoLAN
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-10 20:34 . 2012-10-22 12:44        78185248        ----a-w-        c:\windows\system32\MRT.exe
2013-06-12 14:42 . 2012-10-17 21:28        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 14:42 . 2012-10-17 21:28        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-20 22:31 . 2013-05-20 22:31        719360        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2013-05-20 22:31 . 2013-05-20 22:31        226304        ----a-w-        c:\windows\system32\elshyph.dll
2013-05-20 22:31 . 2013-05-20 22:31        185344        ----a-w-        c:\windows\SysWow64\elshyph.dll
2013-05-20 22:31 . 2013-05-20 22:31        158720        ----a-w-        c:\windows\SysWow64\msls31.dll
2013-05-20 22:31 . 2013-05-20 22:31        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2013-05-20 22:31 . 2013-05-20 22:31        138752        ----a-w-        c:\windows\SysWow64\wextract.exe
2013-05-20 22:31 . 2013-05-20 22:31        1054720        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-20 22:31 . 2013-05-20 22:31        73728        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-20 22:31 . 2013-05-20 22:31        61952        ----a-w-        c:\windows\SysWow64\tdc.ocx
2013-05-20 22:31 . 2013-05-20 22:31        523264        ----a-w-        c:\windows\SysWow64\vbscript.dll
2013-05-20 22:31 . 2013-05-20 22:31        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2013-05-20 22:31 . 2013-05-20 22:31        38400        ----a-w-        c:\windows\SysWow64\imgutil.dll
2013-05-20 22:31 . 2013-05-20 22:31        361984        ----a-w-        c:\windows\SysWow64\html.iec
2013-05-20 22:31 . 2013-05-20 22:31        137216        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2013-05-20 22:31 . 2013-05-20 22:31        12800        ----a-w-        c:\windows\SysWow64\mshta.exe
2013-05-20 22:31 . 2013-05-20 22:31        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2013-05-20 22:31 . 2013-05-20 22:31        97280        ----a-w-        c:\windows\system32\mshtmled.dll
2013-05-20 22:31 . 2013-05-20 22:31        905728        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-05-20 22:31 . 2013-05-20 22:31        81408        ----a-w-        c:\windows\system32\icardie.dll
2013-05-20 22:31 . 2013-05-20 22:31        762368        ----a-w-        c:\windows\system32\ieapfltr.dll
2013-05-20 22:31 . 2013-05-20 22:31        452096        ----a-w-        c:\windows\system32\dxtmsft.dll
2013-05-20 22:31 . 2013-05-20 22:31        441856        ----a-w-        c:\windows\system32\html.iec
2013-05-20 22:31 . 2013-05-20 22:31        281600        ----a-w-        c:\windows\system32\dxtrans.dll
2013-05-20 22:31 . 2013-05-20 22:31        27648        ----a-w-        c:\windows\system32\licmgr10.dll
2013-05-20 22:31 . 2013-05-20 22:31        270848        ----a-w-        c:\windows\system32\iedkcs32.dll
2013-05-20 22:31 . 2013-05-20 22:31        247296        ----a-w-        c:\windows\system32\webcheck.dll
2013-05-20 22:31 . 2013-05-20 22:31        235008        ----a-w-        c:\windows\system32\url.dll
2013-05-20 22:31 . 2013-05-20 22:31        23040        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2013-05-20 22:31 . 2013-05-20 22:31        216064        ----a-w-        c:\windows\system32\msls31.dll
2013-05-20 22:31 . 2013-05-20 22:31        197120        ----a-w-        c:\windows\system32\msrating.dll
2013-05-20 22:31 . 2013-05-20 22:31        1509376        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-05-20 22:31 . 2013-05-20 22:31        1441280        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2013-05-20 22:31 . 2013-05-20 22:31        1400416        ----a-w-        c:\windows\system32\ieapfltr.dat
2013-05-20 22:31 . 2013-05-20 22:31        102912        ----a-w-        c:\windows\system32\inseng.dll
2013-05-20 22:31 . 2013-05-20 22:31        92160        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-05-20 22:31 . 2013-05-20 22:31        77312        ----a-w-        c:\windows\system32\tdc.ocx
2013-05-20 22:31 . 2013-05-20 22:31        62976        ----a-w-        c:\windows\system32\pngfilt.dll
2013-05-20 22:31 . 2013-05-20 22:31        599552        ----a-w-        c:\windows\system32\vbscript.dll
2013-05-20 22:31 . 2013-05-20 22:31        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2013-05-20 22:31 . 2013-05-20 22:31        51200        ----a-w-        c:\windows\system32\imgutil.dll
2013-05-20 22:31 . 2013-05-20 22:31        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-05-20 22:31 . 2013-05-20 22:31        173568        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-05-20 22:31 . 2013-05-20 22:31        167424        ----a-w-        c:\windows\system32\iexpress.exe
2013-05-20 22:31 . 2013-05-20 22:31        149504        ----a-w-        c:\windows\system32\occache.dll
2013-05-20 22:31 . 2013-05-20 22:31        144896        ----a-w-        c:\windows\system32\wextract.exe
2013-05-20 22:31 . 2013-05-20 22:31        13824        ----a-w-        c:\windows\system32\mshta.exe
2013-05-20 22:31 . 2013-05-20 22:31        136192        ----a-w-        c:\windows\system32\iepeers.dll
2013-05-20 22:31 . 2013-05-20 22:31        135680        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-05-20 22:31 . 2013-05-20 22:31        12800        ----a-w-        c:\windows\system32\msfeedssync.exe
2013-05-13 05:51 . 2013-06-12 08:55        184320        ----a-w-        c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 08:55        1464320        ----a-w-        c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 08:55        139776        ----a-w-        c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 08:55        52224        ----a-w-        c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 08:55        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 08:55        1160192        ----a-w-        c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 08:55        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 08:55        1192448        ----a-w-        c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 08:55        903168        ----a-w-        c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 08:55        43008        ----a-w-        c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 08:56        30720        ----a-w-        c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 08:56        24576        ----a-w-        c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 08:56        1910632        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-05-02 07:28 . 2012-07-17 12:37        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2010-11-21 03:27        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-04-26 05:51 . 2013-06-12 08:56        751104        ----a-w-        c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-12 08:56        492544        ----a-w-        c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-12 08:55        1505280        ----a-w-        c:\windows\SysWow64\d3d11.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-03-27 73832]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"WinampAgent"="d:\winamp\winampa.exe" [2012-06-28 74752]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2013-04-05 1960448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys;c:\windows\SYSNATIVE\DRIVERS\kl2.sys [x]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
S3 AtcL001;NDIS-Miniporttreiber für L1-Gigabit-Ethernet-Controller von Atheros;c:\windows\system32\DRIVERS\l160x64.sys;c:\windows\SYSNATIVE\DRIVERS\l160x64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-17 14:42]
.
2013-07-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4091732102-1417289204-537718382-1001Core.job
- c:\users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-01 22:23]
.
2013-07-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4091732102-1417289204-537718382-1001UA.job
- c:\users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-01 22:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-01 2710856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-22 1127592]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=121845&babsrc=HP_ss_din2g&mntrId=E206001E8C4572B5
IE: An vorhandenes PDF anfügen - d:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - d:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - d:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - d:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - d:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - d:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - d:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - d:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - d:\icq\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3glm5wv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - e20649bf000000000000001e8c4572b5
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15879
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.518:52
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=121562&tsp=4922
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
------- Dateityp-Verknüpfung -------
.
.txt=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4091732102-1417289204-537718382-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-4091732102-1417289204-537718382-1001)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4091732102-1417289204-537718382-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-4091732102-1417289204-537718382-1001)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-17  13:24:00
ComboFix-quarantined-files.txt  2013-07-17 11:23
.
Vor Suchlauf: 9 Verzeichnis(se), 19.039.690.752 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 20.571.615.232 Bytes frei
.
- - End Of File - - CD0ACA9083CF8F56EF321BBFADE8F682
A36C5E4F47E84449FF07ED3517B43A31


Habe gerade einen Quick Scan von Malaware durchgeführt, hier der Log:

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.17.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
*** :: ***-PC [Administrator]

17.07.2013 13:29:23
mbam-log-2013-07-17 (13-29-23).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 238306
Laufzeit: 4 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Ich habe noch eine Log Datei von Malaware von Januar 2013 gefunden:

Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.10.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

10.01.2013 14:27:01
mbam-log-2013-01-10 (14-27-01).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 206105
Laufzeit: 3 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Nachtrag: Nachdem ich wie oben beschrieben die Anti Viren Programme runtergeladen und ausgeführt habe, kann ich nun den Internet Explorer nicht nutzen! Ständig weiße Seite... Es ist die aktuellste Version und ein Neustart des Rechners hat nichts gebracht.

cosinus 17.07.2013 14:31
Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


Anschließend bitte ein neuen Log mit GMER machen

Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

darkeye78x 18.07.2013 08:46
Malaware Anti Rootkit hat nix finden können, hier dennoch die Log Datei:
Code:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16635

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.337000 GHz
Memory total: 3220299776, free: 2070560768

Downloaded database version: v2013.07.18.02
Downloaded database version: v2013.07.15.01
Initializing...
------------ Kernel report ------------
    07/18/2013 09:07:03
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\kl2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\vsdatant.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\l160x64.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\kernel32.dll
\Windows\System32\nsi.dll
\Windows\System32\lpk.dll
\Windows\System32\urlmon.dll
\Windows\System32\ws2_32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imagehlp.dll
\Windows\System32\shlwapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\wininet.dll
\Windows\System32\user32.dll
\Windows\System32\normaliz.dll
\Windows\System32\advapi32.dll
\Windows\System32\msctf.dll
\Windows\System32\iertutil.dll
\Windows\System32\difxapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\usp10.dll
\Windows\System32\ole32.dll
\Windows\System32\setupapi.dll
\Windows\System32\imm32.dll
\Windows\System32\shell32.dll
\Windows\System32\sechost.dll
\Windows\System32\msvcrt.dll
\Windows\System32\gdi32.dll
\Windows\System32\psapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8003448790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\
Lower Device Object: 0xfffffa8002f30680
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8003447060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
Lower Device Object: 0xfffffa8002ec7680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 1, partition: 2
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8003448790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80034481e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003448790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8002ec6520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8002f30680, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 1, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 1, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8003447060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003447b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003447060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8002ef7520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8002ec7680, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3D9C4C07

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 488392704
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4C2CD691

Partition information:

    Partition 0 type is Other (0x1c)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 10240000

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 10242048  Numsec = 140664832
    Partition file system is NTFS
    Partition is not bootable

    Partition 2 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 150906880  Numsec = 83533824

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 120034123776 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_1_1_10242048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removal finished


gmer.txt:

Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-18 09:42:32
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3 Hitachi_HTS541612J9SA00 rev.SBDOC70P 111,79GB
Running: u7xumm7u.exe; Driver: C:\Users\Dan\AppData\Local\Temp\uwldapow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                      fffff80002bb5000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                                                      fffff80002bb502f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      00000000766a1465 2 bytes [6A, 76]
.text    C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      00000000766a14bb 2 bytes [6A, 76]
.text    ...                                                                                                                                      * 2
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  00000000766a1465 2 bytes [6A, 76]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000766a14bb 2 bytes [6A, 76]
.text    ...                                                                                                                                      * 2
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                00000000766a1465 2 bytes [6A, 76]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              00000000766a14bb 2 bytes [6A, 76]
.text    ...                                                                                                                                      * 2

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk1\DR1                                                                                                                    unknown MBR code

---- EOF - GMER 2.1 ----

... mein Internet Explorer funktioniert immer noch nicht.

cosinus 18.07.2013 20:09
Das ist das falsche Log von MBAR gewesen

darkeye78x 25.07.2013 12:38
Es war nicht das falsche Log von mbar gewesen... Es war die Datei die in dem Ordner mbar erstellt wurde, nach dem Scan. Ein Neustart war nicht nötig, da das Programm nix entdeckt hat. Habe den Scan soeben erneut durchgeführt, hier die Logdatei:

Code:
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.25.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Dan :: DAN-PC [administrator]

25.07.2013 13:17:25
mbar-log-2013-07-25 (13-17-25).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 256925
Time elapsed: 12 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Also seitdem ich die Tools installiert und ausgeführt habe, kann ich meinen Internet Explorer immer noch nicht nutzen! Deinstallation und Neuinstallation war nicht erfolgreich....

cosinus 25.07.2013 16:52
JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Danach eine Kontrolle mit Farbars Tool bitte:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


darkeye78x 26.07.2013 12:48
JRT:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.3 (07.25.2013:1)
OS: Windows 7 Home Premium x64
Ran by *** on 26.07.2013 at 12:57:46,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{c26644c4-2a12-4ca6-8f2e-0ede6cf018f3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta ltd
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\dealplylive"
Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\babsolution"
Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\dealply"
Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\dsite"
Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\***\appdata\local\dealplylive"
Successfully deleted: [Folder] "C:\Program Files (x86)\dealplylive"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free registry cleaner"



~~~ FireFox

Successfully deleted: [File] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\f3glm5wv.default\user.js
Successfully deleted: [File] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\f3glm5wv.default\invalidprefs.js
Successfully deleted: [File] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\f3glm5wv.default\searchplugins\babylon.xml
Successfully deleted: [File] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\f3glm5wv.default\searchplugins\delta.xml
Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de"
Successfully deleted: [Folder] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\f3glm5wv.default\jetpack
Successfully deleted the following from C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\f3glm5wv.default\prefs.js

user_pref("extensions.alexa.searchconf", "\n{\n  \"google\" : {\n    \"urlexp\" : \"hxxp(s)?:\\\\/\\\\/www\\\\.google\\\\..*\\\\/.*[?#&]q=([^&]+)\",\n    \"rankometer\" :  {\n
user_pref("extensions.crossrider.bic", "13f53570c7678e62647cb9b932bb6d10");
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.bbDpng", "23");
user_pref("extensions.delta.cntry", "DE");
user_pref("extensions.delta.dfltLng", "de");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.hdrMd5", "8AEC1DEB090D8A7F35BDCF3FF7CB0AB5");
user_pref("extensions.delta.id", "e20649bf000000000000001e8c4572b5");
user_pref("extensions.delta.instlDay", "15879");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.lastVrsnTs", "1.8.21.518:52:44");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.sg", "azb");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.21.5");
user_pref("extensions.delta.vrsnTs", "1.8.21.518:52:44");
user_pref("extensions.delta.vrsni", "1.8.21.5");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.babTrack", "affID=121562&tsp=4922");
user_pref("extensions.delta_i.srcExt", "ss");
Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\f3glm5wv.default\minidumps [172 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.07.2013 at 13:10:06,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ADWCleaner:
Code:
# AdwCleaner v2.306 - Datei am 26/07/2013 um 13:17:46 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
Datei Gelöscht : C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3glm5wv.default\extensions\toolbar@alexa.com.xpi
Gelöscht mit Neustart : C:\Users\***\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gelöscht : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freemake Video Converter_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3glm5wv.default\prefs.js

Gelöscht : user_pref("quickstores.toolbar.affid", "2017");
Gelöscht : user_pref("quickstores.toolbar.guid", "{CB117879-56E9-CABD-C669-313FB53A5458}");

*************************

AdwCleaner[S1].txt - [2543 octets] - [26/07/2013 13:17:46]

########## EOF - C:\AdwCleaner[S1].txt - [2603 octets] ##########
FRST:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-07-2013
Ran by *** (administrator) on 26-07-2013 13:25:19
Running from C:\Users\***\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Nullsoft, Inc.) D:\Winamp\winampa.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies)
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-03-27] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WinampAgent] - D:\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1960448 2013-04-05] (Dominik Reichl)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\bin\ssv.dll (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - D:\IEPro\iepro.dll (IE7Pro.com)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} -  No File
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\IEPro\IEProRecorder.dll ()
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} -  No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll No File
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3glm5wv.default
FF Homepage: hxxp://www.spiegel.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - D:\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Extension: Website City + Country Info - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3glm5wv.default\Extensions\ipdata@extension
FF Extension: selectivecookiedelete - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3glm5wv.default\Extensions\selectivecookiedelete@siju.mathew
FF Extension: WebRank Toolbar - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3glm5wv.default\Extensions\webrank-toolbar@probcomp.com
FF Extension: FireShot - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3glm5wv.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF Extension: Domain Details - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3glm5wv.default\Extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91}
FF Extension: firebug - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3glm5wv.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: info - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3glm5wv.default\Extensions\info@seerobots.com.xpi
FF Extension: pagerank-client - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3glm5wv.default\Extensions\pagerank-client@koeniglich.ch.xpi
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3glm5wv.default\Extensions\{08eaf605-03f5-44b1-a86d-e1ce89872ac3}.xpi
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3glm5wv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3glm5wv.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3glm5wv.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3glm5wv.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\f3glm5wv.default\Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

==================== Services (Whitelisted) =================

R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD)

==================== Drivers (Whitelisted) ====================

R3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [58368 2009-06-25] (Atheros Communications, Inc.)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2012-01-09] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2012-01-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [485680 2012-01-09] (Kaspersky Lab)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-26 13:24 - 2013-07-26 13:24 - 01779853 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-26 13:24 - 2013-07-26 13:24 - 00000000 ____D C:\FRST
2013-07-26 13:22 - 2013-07-26 13:22 - 00002668 _____ C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-07-26 13:17 - 2013-07-26 13:18 - 00002668 _____ C:\AdwCleaner[S1].txt
2013-07-26 13:17 - 2013-07-26 13:18 - 00000129 _____ C:\Windows\DeleteOnReboot.bat
2013-07-26 13:16 - 2013-07-26 13:16 - 00666633 _____ C:\Users\***\Desktop\adwcleaner.exe
2013-07-26 13:10 - 2013-07-26 13:10 - 00005141 _____ C:\Users\***\Desktop\JRT.txt
2013-07-26 12:57 - 2013-07-26 12:57 - 00000000 ____D C:\Windows\ERUNT
2013-07-26 12:56 - 2013-07-26 12:56 - 00561140 _____ (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-25 13:12 - 2013-07-25 13:12 - 13399154 _____ C:\Users\***\Desktop\mbar-1.06.0.1004.zip
2013-07-25 13:12 - 2013-07-25 13:12 - 00000083 _____ C:\Users\***\Desktop\bve.txt
2013-07-25 12:39 - 2013-07-25 12:39 - 01333552 _____ (iMesh Inc) C:\Users\***\Downloads\iMeshSetup-r1487-w-bf.exe
2013-07-23 15:09 - 2013-07-23 15:09 - 00000000 ____D C:\Users\***\AppData\Roaming\OpenOffice
2013-07-23 15:08 - 2013-07-23 15:08 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-07-23 15:06 - 2013-07-23 15:07 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-07-23 14:59 - 2013-07-23 15:01 - 162401424 _____ C:\Users\***\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe
2013-07-18 09:42 - 2013-07-18 09:42 - 00002577 _____ C:\Users\***\Desktop\gmer.txt
2013-07-18 09:28 - 2013-07-18 09:28 - 00377856 _____ C:\Users\***\Desktop\u7xumm7u.exe
2013-07-18 09:07 - 2013-07-25 13:35 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-18 09:04 - 2013-07-25 13:35 - 00000000 ____D C:\Users\***\Desktop\mbar
2013-07-18 08:46 - 2013-07-18 08:46 - 00000035 _____ C:\Users\***\Desktop\xovi_link.txt
2013-07-17 13:56 - 2013-07-17 13:56 - 51415040 _____ (Microsoft Corporation) C:\Users\***\Downloads\IE10-Windows6.1-x64-de-de.exe
2013-07-17 13:54 - 2013-07-17 13:55 - 51415040 _____ (Microsoft Corporation) C:\Users\***\Downloads\IE10-Windows6.1-x64-de-de_b16521.exe
2013-07-17 13:24 - 2013-07-17 13:24 - 00024532 _____ C:\ComboFix.txt
2013-07-17 13:04 - 2013-07-17 13:24 - 00000000 ____D C:\Qoobox
2013-07-17 13:04 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-17 13:04 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-17 13:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-17 13:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-17 13:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-17 13:04 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-17 13:04 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-17 13:04 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-17 13:03 - 2013-07-17 13:21 - 00000000 ____D C:\Windows\erdnt
2013-07-17 13:02 - 2013-07-17 13:02 - 05089088 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-07-16 14:24 - 2013-07-25 13:56 - 00000257 _____ C:\Users\***\Desktop\Artikeltausch-Bedingungen.txt
2013-07-15 18:46 - 2013-07-17 12:28 - 00000005 _____ C:\Users\***\AppData\Roaming\WBPU-TTL.DAT
2013-07-15 17:49 - 2013-07-15 17:49 - 00084654 _____ C:\Users\***\Downloads\OTL.Txt
2013-07-15 17:49 - 2013-07-15 17:49 - 00053264 _____ C:\Users\***\Downloads\Extras.Txt
2013-07-15 17:36 - 2013-07-15 17:36 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL.exe
2013-07-15 17:32 - 2013-07-15 17:32 - 00000468 _____ C:\Users\***\Downloads\defogger_disable.log
2013-07-15 17:32 - 2013-07-15 17:32 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-15 17:31 - 2013-07-15 17:31 - 00050477 _____ C:\Users\***\Downloads\Defogger.exe
2013-07-15 17:26 - 2013-07-15 17:26 - 00793536 _____ C:\Users\***\Downloads\ZipOpenerSetup.exe
2013-07-15 15:57 - 2013-07-15 15:57 - 00549179 _____ C:\Users\***\Downloads\export-bldomains-www-fewo-direkt-de-.xls
2013-07-15 14:59 - 2013-07-15 14:59 - 00011167 _____ C:\Users\***\Downloads\hijackthis.log
2013-07-15 14:58 - 2013-07-15 14:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\***\Downloads\HiJackThis204.exe
2013-07-15 14:01 - 2013-07-15 14:01 - 00308293 _____ C:\Users\***\Downloads\export-bldomains-www-traum-ferienwohnungen-de-.xls
2013-07-11 12:06 - 2013-07-11 12:06 - 00272473 _____ C:\Users\***\Downloads\d01439fe.sql
2013-07-11 11:06 - 2013-07-11 11:06 - 00981567 _____ C:\Users\***\Downloads\EFRC32Setup.exe
2013-07-11 11:05 - 2013-07-11 11:05 - 02363832 _____ (WiseCleaner.com                                            ) C:\Users\***\Downloads\WRCFree_7.7.3.exe
2013-07-11 10:44 - 2013-07-11 10:44 - 00000000 ____D C:\ProgramData\Sun
2013-07-11 10:44 - 2013-07-11 10:43 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-11 10:44 - 2013-07-11 10:43 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-11 10:44 - 2013-07-11 10:43 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-11 10:44 - 2013-07-11 10:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-11 10:44 - 2013-07-11 10:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-11 10:44 - 2013-07-11 10:43 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-11 10:43 - 2013-07-11 10:43 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-11 10:41 - 2013-07-11 10:42 - 00903080 _____ (Oracle Corporation) C:\Users\***\Downloads\jxpiinstall.exe
2013-07-10 22:32 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 22:32 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 22:32 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 22:32 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 22:32 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 22:32 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 22:32 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 22:32 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 22:32 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 22:32 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 22:32 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 22:32 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 22:32 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 22:32 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 22:32 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 22:32 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 22:32 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 22:32 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 22:32 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 22:32 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 22:32 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 22:32 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 22:32 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 22:32 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 22:32 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 22:32 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 22:32 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 22:32 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 22:32 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 22:32 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 22:32 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 22:07 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 22:07 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 22:07 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 22:07 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 22:06 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 22:06 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 22:06 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 12:05 - 2013-07-09 12:05 - 00568200 _____ C:\Windows\Minidump\070913-37424-01.dmp
2013-07-09 12:05 - 2013-07-09 12:05 - 00000000 ____D C:\Windows\Minidump
2013-07-09 12:00 - 2013-07-09 12:00 - 00739856 _____ (Google Inc.) C:\Users\***\Downloads\chrome_installer_27.0.1453.116.exe
2013-07-04 11:13 - 2013-07-04 11:13 - 01945910 _____ C:\Users\***\Desktop\productdata183519-1.csv
2013-07-02 15:54 - 2013-07-02 15:54 - 00023916 _____ C:\Users\***\Documents\brief_polizei_anzeige_radfahrer.odt
2013-06-27 01:08 - 2013-06-27 01:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-07-26 13:24 - 2013-07-26 13:24 - 01779853 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-26 13:24 - 2013-07-26 13:24 - 00000000 ____D C:\FRST
2013-07-26 13:22 - 2013-07-26 13:22 - 00002668 _____ C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-07-26 13:19 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-26 13:19 - 2009-07-14 06:51 - 00056568 _____ C:\Windows\setupact.log
2013-07-26 13:18 - 2013-07-26 13:17 - 00002668 _____ C:\AdwCleaner[S1].txt
2013-07-26 13:18 - 2013-07-26 13:17 - 00000129 _____ C:\Windows\DeleteOnReboot.bat
2013-07-26 13:18 - 2012-10-17 17:55 - 01187968 _____ C:\Windows\WindowsUpdate.log
2013-07-26 13:16 - 2013-07-26 13:16 - 00666633 _____ C:\Users\***\Desktop\adwcleaner.exe
2013-07-26 13:10 - 2013-07-26 13:10 - 00005141 _____ C:\Users\***\Desktop\JRT.txt
2013-07-26 12:57 - 2013-07-26 12:57 - 00000000 ____D C:\Windows\ERUNT
2013-07-26 12:57 - 2013-06-10 10:37 - 00000000 ____D C:\Users\***\AppData\Roaming\KeePass
2013-07-26 12:56 - 2013-07-26 12:56 - 00561140 _____ (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-26 12:42 - 2012-10-17 23:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-26 11:29 - 2012-11-02 00:24 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4091732102-1417289204-537718382-1001UA.job
2013-07-26 10:18 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-26 10:18 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-25 23:29 - 2012-11-02 00:24 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4091732102-1417289204-537718382-1001Core.job
2013-07-25 13:56 - 2013-07-16 14:24 - 00000257 _____ C:\Users\***\Desktop\Artikeltausch-Bedingungen.txt
2013-07-25 13:35 - 2013-07-18 09:07 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-25 13:35 - 2013-07-18 09:04 - 00000000 ____D C:\Users\***\Desktop\mbar
2013-07-25 13:12 - 2013-07-25 13:12 - 13399154 _____ C:\Users\***\Desktop\mbar-1.06.0.1004.zip
2013-07-25 13:12 - 2013-07-25 13:12 - 00000083 _____ C:\Users\***\Desktop\bve.txt
2013-07-25 12:39 - 2013-07-25 12:39 - 01333552 _____ (iMesh Inc) C:\Users\***\Downloads\iMeshSetup-r1487-w-bf.exe
2013-07-23 15:25 - 2012-10-17 19:26 - 00064416 _____ C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-23 15:16 - 2009-07-14 06:45 - 02223856 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-23 15:09 - 2013-07-23 15:09 - 00000000 ____D C:\Users\***\AppData\Roaming\OpenOffice
2013-07-23 15:08 - 2013-07-23 15:08 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-07-23 15:07 - 2013-07-23 15:06 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-07-23 15:04 - 2012-10-17 18:03 - 00000000 ___RD C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-23 15:03 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-23 15:01 - 2013-07-23 14:59 - 162401424 _____ C:\Users\***\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe
2013-07-23 13:25 - 2012-10-17 23:15 - 00000000 ____D C:\Users\***\Documents\Bewerbung
2013-07-22 20:38 - 2013-06-10 10:56 - 00006670 _____ C:\Users\***\Documents\NeueDatenbank.kdbx
2013-07-22 16:54 - 2013-05-27 18:51 - 01905422 _____ C:\Users\***\Downloads\SuperOneClick v2.2 - Root Android Phone.zip
2013-07-18 09:42 - 2013-07-18 09:42 - 00002577 _____ C:\Users\***\Desktop\gmer.txt
2013-07-18 09:28 - 2013-07-18 09:28 - 00377856 _____ C:\Users\***\Desktop\u7xumm7u.exe
2013-07-18 08:46 - 2013-07-18 08:46 - 00000035 _____ C:\Users\***\Desktop\xovi_link.txt
2013-07-17 13:57 - 2013-05-21 00:29 - 00012221 _____ C:\Windows\IE10_main.log
2013-07-17 13:56 - 2013-07-17 13:56 - 51415040 _____ (Microsoft Corporation) C:\Users\***\Downloads\IE10-Windows6.1-x64-de-de.exe
2013-07-17 13:55 - 2013-07-17 13:54 - 51415040 _____ (Microsoft Corporation) C:\Users\***\Downloads\IE10-Windows6.1-x64-de-de_b16521.exe
2013-07-17 13:52 - 2012-11-02 00:46 - 00000000 ____D C:\Users\***\AppData\Local\PokerStars.EU
2013-07-17 13:52 - 2012-11-02 00:46 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU
2013-07-17 13:45 - 2010-11-21 05:47 - 00082832 _____ C:\Windows\PFRO.log
2013-07-17 13:24 - 2013-07-17 13:24 - 00024532 _____ C:\ComboFix.txt
2013-07-17 13:24 - 2013-07-17 13:04 - 00000000 ____D C:\Qoobox
2013-07-17 13:24 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-17 13:21 - 2013-07-17 13:03 - 00000000 ____D C:\Windows\erdnt
2013-07-17 13:21 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-17 13:02 - 2013-07-17 13:02 - 05089088 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-07-17 12:28 - 2013-07-15 18:46 - 00000005 _____ C:\Users\***\AppData\Roaming\WBPU-TTL.DAT
2013-07-15 17:49 - 2013-07-15 17:49 - 00084654 _____ C:\Users\***\Downloads\OTL.Txt
2013-07-15 17:49 - 2013-07-15 17:49 - 00053264 _____ C:\Users\***\Downloads\Extras.Txt
2013-07-15 17:36 - 2013-07-15 17:36 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL.exe
2013-07-15 17:32 - 2013-07-15 17:32 - 00000468 _____ C:\Users\***\Downloads\defogger_disable.log
2013-07-15 17:32 - 2013-07-15 17:32 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-15 17:32 - 2012-10-17 18:02 - 00000000 ____D C:\Users\***
2013-07-15 17:31 - 2013-07-15 17:31 - 00050477 _____ C:\Users\***\Downloads\Defogger.exe
2013-07-15 17:26 - 2013-07-15 17:26 - 00793536 _____ C:\Users\***\Downloads\ZipOpenerSetup.exe
2013-07-15 15:57 - 2013-07-15 15:57 - 00549179 _____ C:\Users\***\Downloads\export-bldomains-www-fewo-direkt-de-.xls
2013-07-15 14:59 - 2013-07-15 14:59 - 00011167 _____ C:\Users\***\Downloads\hijackthis.log
2013-07-15 14:59 - 2012-10-17 18:02 - 00000000 ____D C:\Users\***\AppData\Local\VirtualStore
2013-07-15 14:58 - 2013-07-15 14:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\***\Downloads\HiJackThis204.exe
2013-07-15 14:01 - 2013-07-15 14:01 - 00308293 _____ C:\Users\***\Downloads\export-bldomains-www-traum-ferienwohnungen-de-.xls
2013-07-12 12:26 - 2012-10-17 19:47 - 00000000 ____D C:\Users\***\AppData\Local\Windows Live Writer
2013-07-11 12:06 - 2013-07-11 12:06 - 00272473 _____ C:\Users\***\Downloads\d01439fe.sql
2013-07-11 11:06 - 2013-07-11 11:06 - 00981567 _____ C:\Users\***\Downloads\EFRC32Setup.exe
2013-07-11 11:05 - 2013-07-11 11:05 - 02363832 _____ (WiseCleaner.com                                            ) C:\Users\***\Downloads\WRCFree_7.7.3.exe
2013-07-11 10:44 - 2013-07-11 10:44 - 00000000 ____D C:\ProgramData\Sun
2013-07-11 10:43 - 2013-07-11 10:44 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-11 10:43 - 2013-07-11 10:44 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-11 10:43 - 2013-07-11 10:44 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-11 10:43 - 2013-07-11 10:44 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-11 10:43 - 2013-07-11 10:44 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-11 10:43 - 2013-07-11 10:44 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-11 10:43 - 2013-07-11 10:43 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-11 10:42 - 2013-07-11 10:41 - 00903080 _____ (Oracle Corporation) C:\Users\***\Downloads\jxpiinstall.exe
2013-07-11 09:25 - 2012-12-08 23:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 09:25 - 2012-12-08 23:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 09:25 - 2011-04-12 09:55 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 09:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 09:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 22:40 - 2011-04-12 09:43 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-07-10 22:40 - 2011-04-12 09:43 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-07-10 22:40 - 2009-07-14 07:13 - 01633540 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-10 22:34 - 2012-10-22 14:44 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-09 15:13 - 2013-06-17 20:07 - 00000000 ____D C:\Users\***\AppData\Local\Google
2013-07-09 12:05 - 2013-07-09 12:05 - 00568200 _____ C:\Windows\Minidump\070913-37424-01.dmp
2013-07-09 12:05 - 2013-07-09 12:05 - 00000000 ____D C:\Windows\Minidump
2013-07-09 12:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-07-09 12:00 - 2013-07-09 12:00 - 00739856 _____ (Google Inc.) C:\Users\***\Downloads\chrome_installer_27.0.1453.116.exe
2013-07-04 11:13 - 2013-07-04 11:13 - 01945910 _____ C:\Users\***\Desktop\productdata183519-1.csv
2013-07-03 12:00 - 2013-06-25 17:58 - 00000119 _____ C:\Users\***\Desktop\serverumzug.txt
2013-07-02 21:49 - 2012-10-17 19:34 - 01589442 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-02 15:54 - 2013-07-02 15:54 - 00023916 _____ C:\Users\***\Documents\brief_polizei_anzeige_radfahrer.odt
2013-07-01 12:30 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-06-28 10:12 - 2012-10-17 19:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-27 01:08 - 2013-06-27 01:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-26 02:19 - 2012-12-04 15:20 - 00000000 ____D C:\Users\***\AppData\Roaming\Skype

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 17:09

==================== End Of Log ============================
--- --- ---

--- --- ---


Addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-07-2013
Ran by *** at 2013-07-26 13:26:29
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Anchor Service CS3 (x32 Version: 1.0)
Adobe Asset Services CS3 (x32 Version: 3)
Adobe Bridge Start Meeting (x32 Version: 1.0)
Adobe Camera Raw 4.0 (x32 Version: 4.0)
Adobe CMaps (x32 Version: 1.0)
Adobe Default Language CS3 (x32 Version: 1.0)
Adobe Dreamweaver CS3 (x32 Version: 9.0)
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Help Viewer CS3 (x32 Version: 1)
Adobe PDF Library Files (x32 Version: 8.0)
Adobe Photoshop CS2 (x32 Version: 9.0)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Adobe Setup (x32 Version: 1.0)
Adobe Type Support (x32 Version: 1.0)
Adobe Update Manager CS3 (x32 Version: 5.1.0)
Adobe Version Cue CS3 Client (x32 Version: 3)
Adobe Widget Browser (x32 Version: 2.0 Build 348)
Adobe Widget Browser (x32 Version: 2.0.348)
Canon Easy-WebPrint EX (x32)
Canon Kurzwahlprogramm (x32)
Canon MP Navigator EX 3.1 (x32)
Canon MX870 series Benutzerregistrierung (x32)
Canon MX870 series MP Drivers
Canon Utilities Easy-PhotoPrint EX (x32)
Canon Utilities My Printer (x32)
Canon Utilities Solution Menu (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Google Update Helper (x32 Version: 1.3.23.0)
ICQ7M (x32 Version: 7.8)
IE7Pro (x32 Version: 2.5.1)
Java 7 Update 25 (x32 Version: 7.0.250)
Java 7 Update 9 (64-bit) (Version: 7.0.90)
Java Auto Updater (x32 Version: 2.1.9.5)
Junk Mail filter update (x32 Version: 16.4.3508.0205)
KeePass Password Safe 2.22 (x32)
KingBill 2012 (x32 Version: 7.3.3)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Mozilla Thunderbird 16.0.1 (x86 de) (x32 Version: 16.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
Notepad++ (x32 Version: 6.2)
NVIDIA Grafiktreiber 307.83 (Version: 307.83)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA Systemsteuerung 307.83 (Version: 307.83)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OpenOffice 4.0.0 (x32 Version: 4.00.9702)
Photo Common (x32 Version: 16.4.3508.0205)
PokerStars.eu (x32)
Revo Uninstaller 1.94 (x32 Version: 1.94)
rosoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Skype™ 6.3 (x32 Version: 6.3.105)
Unlocker 1.9.1-x64 (Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
VLC media player 2.0.5 (x32 Version: 2.0.5)
Winamp (x32 Version: 5.63 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Mail (x32 Version: 16.4.3508.0205)
Windows Live Messenger (x32 Version: 16.4.3508.0205)
Windows Live MIME IFilter (Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Windows Live Writer (x32 Version: 16.4.3508.0205)
Windows Live Writer Resources (x32 Version: 16.4.3508.0205)
Windows Mail Undelete v.3.0.0 (x32)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
XAMPP 1.8.1 (x32)
XnView 1.99.5 (x32 Version: 1.99.5)
ZoneAlarm Antivirus (x32 Version: 10.2.081.000)
ZoneAlarm Firewall (x32 Version: 11.0.000.038)
ZoneAlarm Firewall (x32 Version: 11.0.000.504)
ZoneAlarm Free Firewall (x32 Version: 11.0.000.504)
ZoneAlarm Security (x32 Version: 11.0.000.038)
ZoneAlarm Security (x32 Version: 11.0.000.504)

==================== Restore Points  =========================

25-07-2013 13:44:43 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-07-17 13:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1FC06AD6-39BE-48DE-990E-E354F5256AED} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4091732102-1417289204-537718382-1001UA => C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-02] (Facebook Inc.)
Task: {3D01F079-6EBC-4A64-9059-083EA9B1CC44} - System32\Tasks\{3D41A83D-9BF3-4119-BF4E-94E13CC3470E} => c:\program files (x86)\mozilla firefox\firefox.exe [2013-06-27] (Mozilla Corporation)
Task: {78CD8FCB-25E9-4688-86F7-E215F4910EB5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {8E53CB40-AEBF-4FCB-A5AA-41D2F8E2E003} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {ACCC1873-6A72-4730-B130-9665724E9D3E} - System32\Tasks\EPUpdater => C:\Users\***\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No File
Task: {C7C21F8F-49D4-4B63-BD60-356B4EF79D1A} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {EA507396-EE42-41B3-AA28-465FB20301B5} - System32\Tasks\Dealply => C:\Users\***\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE No File
Task: {EBE29DCB-0DB7-4FD7-A924-244131BBEE47} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4091732102-1417289204-537718382-1001Core => C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-02] (Facebook Inc.)
Task: {FB86A878-7C2B-47CF-AE4B-E0CB22FA30F1} - System32\Tasks\{0254CC01-7BC0-47FA-9776-17E1DA7E8E27} => c:\program files (x86)\mozilla firefox\firefox.exe [2013-06-27] (Mozilla Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4091732102-1417289204-537718382-1001Core.job => C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4091732102-1417289204-537718382-1001UA.job => C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/26/2013 01:21:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (07/26/2013 01:21:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-07-26 13:16:33.930
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-26 10:49:04.559
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-26 10:32:33.037
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-25 20:21:25.512
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-25 10:54:45.754
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-24 18:34:24.936
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-24 17:45:21.044
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-24 17:27:37.077
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-24 15:40:07.189
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-24 14:43:35.059
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 3071.12 MB
Available physical RAM: 1552.59 MB
Total Pagefile: 6140.42 MB
Available Pagefile: 4321.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:67.07 GB) (Free:20.32 GB) NTFS (Disk=1 Partition=2)
Drive d: () (Fixed) (Total:39.83 GB) (Free:34.52 GB) NTFS (Disk=1 Partition=3)
Drive f: () (Fixed) (Total:232.88 GB) (Free:115.55 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 3D9C4C07)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 112 GB) (Disk ID: 4C2CD691)
Partition 1: (Not Active) - (Size=5 GB) - (Type=1C)
Partition 2: (Active) - (Size=67 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=OF Extended)

==================== End Of Log ============================

cosinus 26.07.2013 16:01
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


darkeye78x 05.08.2013 12:59
Vollständiger Scan MBAM:

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.28.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
*** :: ***-PC [Administrator]

28.07.2013 20:44:14
MBAM-log-2013-07-28 (23-32-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1182141
Laufzeit: 2 Stunde(n), 35 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Eset Log:
Code:
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=12
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2b19542e88d937479796b72a77a51221
# engine=14575
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-29 05:42:36
# local_time=2013-07-29 07:42:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 282232 126749606 0 0
# compatibility_mode=9217 16776573 100 13 7098642 25333290 0 0
# scanned=1562126
# found=5
# cleaned=0
# scan_time=15174
sh=B330DA1A462C60FDF4C6B7EAD0BDF23274FB9310 ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AK trojan" ac=I fn="C:\Users\***\Downloads\SuperOneClick v2.2 - Root Android Phone.zip"
sh=7729FCA5D8E9EF5E6034B731DAA7895E6A788A69 ft=0 fh=0000000000000000 vn="PHP/Agent.BV trojan" ac=I fn="F:\***\menu.php"
sh=7729FCA5D8E9EF5E6034B731DAA7895E6A788A69 ft=0 fh=0000000000000000 vn="PHP/Agent.BV trojan" ac=I fn="F:\***\menu.php"
sh=7729FCA5D8E9EF5E6034B731DAA7895E6A788A69 ft=0 fh=0000000000000000 vn="PHP/Agent.BV trojan" ac=I fn="F:\***\db.php"
sh=7729FCA5D8E9EF5E6034B731DAA7895E6A788A69 ft=0 fh=0000000000000000 vn="PHP/Agent.BV trojan" ac=I fn="F:\***\info.php"


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:24 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19