Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Mozilla survey 2013 popup (https://www.trojaner-board.de/140176-mozilla-survey-2013-popup.html)

deisterfuchs 20.08.2013 22:58
Mozilla survey 2013 popup
 
Liste der Anhänge anzeigen (Anzahl: 1)
Guten Abend,

heute dämmerte mir, dass hinter den Popups was Ernstes stecken könnte, das hat mich zu euch geführt. Ich bin offenkundig nicht der erste und einzige. Leider habe ich kein Expertenwissen.

Habe schon die empfohlenen Schritte durchgeführt, logfiles anbei

logfile von defogger

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:37 on 20/08/2013 (SecTec MediaConsult)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
logfile FRST

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2013 04
Ran by SecTec MediaConsult (administrator) on 20-08-2013 22:44:06
Running from C:\Users\SecTec MediaConsult\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Windows\system32\ENAgent.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
() C:\Windows\System32\ieconfig_1und1_svc.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) E:\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Logitech, Inc.) E:\Logitech\SetPoint\SetPoint.exe
(pdfforge  hxxp://www.pdfforge.org/) E:\PDFCreator\PDFCreator.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [x]
HKLM\...\Run: [chkhbci] - C:\Windows\system32\chkhbcin.exe [204800 2007-04-18] ()
HKLM\...\Run: [WPCUMI] - C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [NBKeyScan] - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [1836328 2007-09-20] (Nero AG)
HKLM\...\Run: [ALDI Foto Service] - "E:\ALDI-Foto\FotoSuite.exe" /autorun [x]
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [FUFAXSTM] - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [FUFAXRCV] - C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [NSU_agent] - C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] ()
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - E:\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-05-01] (Google Inc.)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [202024 2007-09-20] (Nero AG)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [] -  [x]
HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090040 2012-12-21] (Nokia)
HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Felix\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Felix\...\Policies\system: [LogonHoursAction] 2
HKU\Felix\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> E:\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk
ShortcutTarget: PDFCreator.lnk -> E:\PDFCreator\PDFCreator.exe (pdfforge  hxxp://www.pdfforge.org/)
Startup: C:\Users\SecTec MediaConsult\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1
URLSearchHook: ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
SearchScopes: HKLM - {6D3CE66D-4A76-4947-B7B8-735ECC369608} URL = hxxp://startsear.ch/?aff=1&q={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
SearchScopes: HKCU - DefaultScope {6D3CE66D-4A76-4947-B7B8-735ECC369608} URL = hxxp://startsear.ch/?aff=1&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {31CF9EBE-5755-4a1d-AC25-2834D952D9B4} URL = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
SearchScopes: HKCU - {3AA4CFB9-B888-441B-906D-FE0B265FFADC} URL = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
SearchScopes: HKCU - {3CD18572-6DC9-4053-A84F-3EB0433280C0} URL = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://go.web.de/suchbox/google?q={searchTerms}
SearchScopes: HKCU - {6D3CE66D-4A76-4947-B7B8-735ECC369608} URL = hxxp://startsear.ch/?aff=1&q={searchTerms}
SearchScopes: HKCU - {95BBD548-2C57-41F7-9C49-1CE3231E4E09} URL = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
BHO: 1&&1 Internet AG Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
Toolbar: HKLM - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
Toolbar: HKCU -No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Handler: msdaipp - No CLSID Value -
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 19 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\SecTec MediaConsult\AppData\Roaming\Mozilla\Firefox\Profiles\bpatue95.default
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - E:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\SecTec MediaConsult\AppData\Roaming\Mozilla\Firefox\Profiles\bpatue95.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\SecTec MediaConsult\AppData\Roaming\Mozilla\Firefox\Profiles\bpatue95.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\SecTec MediaConsult\AppData\Roaming\Mozilla\Firefox\Profiles\bpatue95.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\SecTec MediaConsult\AppData\Roaming\Mozilla\Firefox\Profiles\bpatue95.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\SecTec MediaConsult\AppData\Roaming\Mozilla\Firefox\Profiles\bpatue95.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\SecTec MediaConsult\AppData\Roaming\Mozilla\Firefox\Profiles\bpatue95.default\searchplugins\startsear.xml
FF SearchPlugin: C:\Users\SecTec MediaConsult\AppData\Roaming\Mozilla\Firefox\Profiles\bpatue95.default\searchplugins\webde-suche.xml
FF Extension: No Name - C:\Users\SecTec MediaConsult\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Deutsches Wörterbuch (alte Rechtschreibung) für die Rechtschreibprüfung in Mozilla-Produkten - C:\Users\SecTec MediaConsult\AppData\Roaming\Mozilla\Firefox\Profiles\bpatue95.default\Extensions\de-DE-alt@dictionaries.addons.mozilla.org
FF Extension: Microsoft .NET Framework Assistant - C:\Users\SecTec MediaConsult\AppData\Roaming\Mozilla\Firefox\Profiles\bpatue95.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: OneClickDownload - C:\Users\SecTec MediaConsult\AppData\Roaming\Mozilla\Firefox\Profiles\bpatue95.default\Extensions\OneClickDownload@OneClickDownload.com.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 ENAgent; C:\Windows\system32\ENAgent.exe [4022272 2011-03-02] (SEIKO EPSON CORPORATION)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION)
S3 FirebirdServerMAGIXInstance; E:\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
R2 serviceIEConfig; C:\Windows\System32\ieconfig_1und1_svc.exe [1053848 2009-09-09] ()
R2 StarMoney 7.0 OnlineUpdate; C:\Program Files\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-29] (Avira Operations GmbH & Co. KG)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [101248 2011-06-25] (AVM Berlin)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R3 cxbu0wdm; C:\Windows\System32\DRIVERS\cxbu0wdm.sys [97792 2008-01-15] (OMNIKEY)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [25160 2007-08-07] (Elaborate Bytes AG)
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [11984 2007-02-16] (Elaborate Bytes AG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 vsdatant7; System32\drivers\vsdatant.win7.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-20 22:41 - 2013-08-20 22:42 - 01070233 _____ (Farbar) C:\Users\SecTec MediaConsult\Desktop\FRST.exe
2013-08-20 22:37 - 2013-08-20 22:37 - 00000500 _____ C:\Users\SecTec MediaConsult\Desktop\defogger_disable.log
2013-08-20 22:37 - 2013-08-20 22:37 - 00000000 _____ C:\Users\SecTec MediaConsult\defogger_reenable
2013-08-20 22:35 - 2013-08-20 22:35 - 00050477 _____ C:\Users\SecTec MediaConsult\Desktop\Defogger.exe
2013-08-20 22:33 - 2013-08-20 22:33 - 00714352 _____ C:\Users\SecTec MediaConsult\Downloads\ZipOpenerSetup.exe
2013-08-20 22:30 - 2013-08-20 21:57 - 00602112 _____ (OldTimer Tools) C:\Users\SecTec MediaConsult\Desktop\OTL.exe
2013-08-20 22:10 - 2013-08-20 22:10 - 00329152 _____ C:\Users\SecTec MediaConsult\Downloads\OTL.Txt
2013-08-20 22:10 - 2013-08-20 22:10 - 00052558 _____ C:\Users\SecTec MediaConsult\Downloads\Extras.Txt
2013-08-20 21:57 - 2013-08-20 21:57 - 00602112 _____ (OldTimer Tools) C:\Users\SecTec MediaConsult\Downloads\OTL.exe
2013-08-15 19:11 - 2013-08-15 19:11 - 00159344 _____ C:\Windows\Minidump\Mini081513-01.dmp
2013-08-15 07:47 - 2013-08-15 07:53 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 07:40 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 07:40 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 07:40 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 07:40 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 07:40 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 07:40 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-15 07:40 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-15 07:40 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 07:40 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 07:40 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 07:40 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 07:40 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-15 07:40 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-15 07:40 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 07:40 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 07:40 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-15 07:35 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 07:35 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 07:35 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 07:35 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-15 07:35 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 07:35 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 07:35 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 07:35 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 07:35 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 07:35 - 2013-07-05 05:20 - 00914880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 07:35 - 2013-07-05 03:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-08-15 07:35 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-15 07:35 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-05 16:16 - 2013-08-05 16:16 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-05 16:16 - 2013-08-05 16:16 - 00000000 ____D C:\Program Files\iPod
2013-07-29 17:55 - 2013-07-29 17:55 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-29 17:55 - 2013-07-29 17:55 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-29 17:55 - 2013-07-29 17:55 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-29 17:55 - 2013-07-29 17:55 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-21 17:30 - 2013-06-04 03:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-21 17:30 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-21 17:30 - 2013-04-17 13:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-21 17:30 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-21 17:30 - 2013-04-17 13:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-21 17:30 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-21 17:30 - 2013-04-17 12:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-21 17:30 - 2013-04-17 12:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-21 17:30 - 2013-04-17 12:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-21 17:30 - 2013-04-17 12:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-21 17:29 - 2013-06-01 06:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-21 17:29 - 2013-05-08 06:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

==================== One Month Modified Files and Folders =======

2013-08-20 22:43 - 2013-08-20 22:43 - 00000000 ____D C:\FRST
2013-08-20 22:42 - 2013-08-20 22:41 - 01070233 _____ (Farbar) C:\Users\SecTec MediaConsult\Desktop\FRST.exe
2013-08-20 22:37 - 2013-08-20 22:37 - 00000500 _____ C:\Users\SecTec MediaConsult\Desktop\defogger_disable.log
2013-08-20 22:37 - 2013-08-20 22:37 - 00000000 _____ C:\Users\SecTec MediaConsult\defogger_reenable
2013-08-20 22:37 - 2007-12-21 18:40 - 00000000 ____D C:\Users\SecTec MediaConsult
2013-08-20 22:35 - 2013-08-20 22:35 - 00050477 _____ C:\Users\SecTec MediaConsult\Desktop\Defogger.exe
2013-08-20 22:34 - 2012-04-06 12:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-20 22:33 - 2013-08-20 22:33 - 00714352 _____ C:\Users\SecTec MediaConsult\Downloads\ZipOpenerSetup.exe
2013-08-20 22:19 - 2006-11-02 14:47 - 00004048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-20 22:19 - 2006-11-02 14:47 - 00004048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-20 22:10 - 2013-08-20 22:10 - 00329152 _____ C:\Users\SecTec MediaConsult\Downloads\OTL.Txt
2013-08-20 22:10 - 2013-08-20 22:10 - 00052558 _____ C:\Users\SecTec MediaConsult\Downloads\Extras.Txt
2013-08-20 22:04 - 2010-03-27 23:34 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-20 21:57 - 2013-08-20 22:30 - 00602112 _____ (OldTimer Tools) C:\Users\SecTec MediaConsult\Desktop\OTL.exe
2013-08-20 21:57 - 2013-08-20 21:57 - 00602112 _____ (OldTimer Tools) C:\Users\SecTec MediaConsult\Downloads\OTL.exe
2013-08-20 21:37 - 2006-11-02 14:52 - 01618185 _____ C:\Windows\WindowsUpdate.log
2013-08-20 18:45 - 2010-03-27 23:34 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-19 17:30 - 2013-06-27 15:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-19 06:47 - 2006-11-02 12:33 - 01445352 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-19 06:44 - 2013-01-06 16:53 - 00002424 _____ C:\Windows\setupact.log
2013-08-15 19:20 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-15 19:11 - 2013-08-15 19:11 - 00159344 _____ C:\Windows\Minidump\Mini081513-01.dmp
2013-08-15 19:11 - 2013-05-22 21:35 - 195566315 _____ C:\Windows\MEMORY.DMP
2013-08-15 19:11 - 2007-12-28 12:09 - 00000000 ____D C:\Windows\Minidump
2013-08-15 19:11 - 2007-12-21 19:24 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-15 19:11 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-15 17:27 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-08-15 17:09 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-15 07:53 - 2013-08-15 07:47 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 07:53 - 2006-11-02 15:01 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-15 07:47 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-05 16:37 - 2012-04-06 12:20 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-05 16:37 - 2011-06-07 16:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-05 16:36 - 2007-12-22 08:41 - 00000000 ____D C:\Users\SECTEC~1\AppData\Local\Adobe
2013-08-05 16:16 - 2013-08-05 16:16 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-05 16:16 - 2013-08-05 16:16 - 00000000 ____D C:\Program Files\iPod
2013-08-05 16:16 - 2012-09-16 09:06 - 00001392 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-05 16:16 - 2008-12-23 09:45 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-02 17:06 - 2007-12-26 08:56 - 00058880 _____ C:\Users\SECTEC~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-29 18:06 - 2011-11-17 08:37 - 00002073 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-29 18:06 - 2007-12-22 08:40 - 00000000 ____D C:\Program Files\Google
2013-07-29 17:56 - 2008-05-24 11:23 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-29 17:55 - 2013-07-29 17:55 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-29 17:55 - 2013-07-29 17:55 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-29 17:55 - 2013-07-29 17:55 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-29 17:55 - 2013-07-29 17:55 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-29 17:55 - 2012-07-08 11:12 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-29 17:55 - 2010-05-14 08:20 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-25 04:40 - 2013-08-15 07:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-25 04:32 - 2013-08-15 07:40 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-25 04:30 - 2013-08-15 07:40 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-25 04:26 - 2013-08-15 07:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-25 04:26 - 2013-08-15 07:40 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-25 04:25 - 2013-08-15 07:40 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-25 04:24 - 2013-08-15 07:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-25 04:24 - 2013-08-15 07:40 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-25 04:23 - 2013-08-15 07:40 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-25 04:23 - 2013-08-15 07:40 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-25 04:23 - 2013-08-15 07:40 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-25 04:23 - 2013-08-15 07:40 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-25 04:23 - 2013-08-15 07:40 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-25 04:22 - 2013-08-15 07:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-25 04:22 - 2013-08-15 07:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-25 04:22 - 2013-08-15 07:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-22 03:27 - 2006-11-02 14:47 - 00401304 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-22 03:25 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-07-22 03:09 - 2008-09-03 18:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-22 03:00 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-21 17:11 - 2012-04-27 08:55 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-21 17:11 - 2007-12-21 19:22 - 00157292 _____ C:\Windows\PFRO.log

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-15 19:18

==================== End Of Log ============================
logfile FRST, addition

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-08-2013 04
Ran by SecTec MediaConsult at 2013-08-20 22:44:48
Running from C:\Users\SecTec MediaConsult\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

1ClickDownloader (Version: 2.7 Build 26473)
1und1 Internet Explorer Add-On
1und1 Internet Explorer Add-On (Version: 1.0)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader 9.5.5 - Deutsch (Version: 9.5.5)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Avira Free Antivirus (Version: 13.0.0.3885)
AVM FRITZ!Box Dokumentation
AVM FRITZ!Box Druckeranschluss
AVM FRITZ!Box USB-Fernanschluss (HKCU Version: 2.2.1.0)
Bonjour (Version: 3.0.0.10)
CardMan synchronous API V1.1.1.4
CDDRV_Installer (Version: 4.60)
CloneDVD2
CT-API für CardMan V4.0.2.2
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DriveImage XML (Private Edition) (Version: 2.44.000)
Druckerdeinstallation für EPSON SX525WD Series
EPSON BX620FWD Series Handbuch
EPSON BX620FWD Series Netzwerk-Handbuch
EPSON BX620FWD Series Printer Uninstall
EPSON BX635FWD Series Printer Uninstall
Epson Easy Photo Print 2 (Version: 2.2.3.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
Epson Event Manager (Version: 2.40.0001)
Epson FAX Utility (Version: 1.20.00)
Epson PC-FAX Driver
EPSON Scan
EpsonNet Print (Version: 2.4i)
EpsonNet Setup 3.3 (Version: 3.3a)
Firebird SQL Server - MAGIX Edition (Version: 2.0.1.13)
Google Earth (Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.153)
iCloud (Version: 2.1.2.8)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 6 (Version: 1.6.0.60)
Java(TM) 6 Update 7 (Version: 1.6.0.70)
JavaFX 2.1.1 (Version: 2.1.1)
KhalInstallWrapper (Version: 4.60.122)
Logitech SetPoint (Version: 4.60)
Logitech Updater (Version: 1.70)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nero 8 Demo (Version: 8.10.88)
neroxml (Version: 1.0.0)
Nokia Connectivity Cable Driver (Version: 7.1.101.0)
Nokia PC Suite (Version: 7.1.62.1)
Nokia Software Updater (Version: 3.0.655)
Nokia Suite (Version: 3.7.22.0)
NVIDIA 3D Vision Controller-Treiber 310.90 (Version: 310.90)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OpenOffice.org Installer 1.0 (Version: 1.0.9221)
PC Connectivity Solution (Version: 12.0.76.0)
PDFCreator (Version: 0.9.5)
PDFCreator Toolbar (Version: 3.3.0.1)
QuickTime (Version: 7.73.80.64)
Rossmann Online Print Wizard Installer 1.0
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
StarMoney (Version: 1.0)
StarMoney (Version: 2.0)
StarMoney (Version: 5.0)
StarMoney 7.0 S-Edition (Version: 7.0)
TIPP10 Version 2.0.3
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VC 9.0 Runtime (Version: 1.0.0)
VCRedistSetup (Version: 1.0.0)
vShare.tv plugin 1.3 (Version: 1.3)
WEKA Ex-Schutz . (Version: .)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)
XMedia Recode 2.1.0.3 (Version: 2.1.0.3)
Yellometer (Version: 1.5.1.0)
ZoneAlarm LTD Toolbar
 

==================== Restore Points  =========================

11-08-2013 16:54:11 Geplanter Prüfpunkt
13-08-2013 12:31:52 Windows Update
15-08-2013 05:39:03 Windows Update
15-08-2013 18:00:26 Geplanter Prüfpunkt
16-08-2013 09:52:08 Geplanter Prüfpunkt
20-08-2013 16:50:16 Windows Update

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000736 ____A C:\Windows\system32\Drivers\etc\hosts
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0AA0AF05-438F-474A-9285-FB0B634D073F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-05] (Adobe Systems Incorporated)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {241F2A1E-C32F-4EC7-AD04-6EB951ADEBBC} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-19] (Microsoft Corp.)
Task: {280D6F41-0E3A-46E4-8674-8626287CBCDD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {409D2673-3120-4A5D-85C9-D3D47A2BBEB5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {46F17D60-2F31-4C1E-A5B3-85B34B629208} - System32\Tasks\User_Feed_Synchronization-{FD049DBC-0FE7-403A-85F2-FDE4A0CE8FD4} => C:\Windows\system32\msfeedssync.exe [2011-04-26] (Microsoft Corporation)
Task: {592FA323-A847-41D8-B395-64F18CB41372} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-27] (Google Inc.)
Task: {5B8318A9-8AEF-40D3-A4ED-C0E96BB14E19} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-27] (Google Inc.)
Task: {6B5462CD-0F7E-4D63-9187-A35EE57B7318} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)
Task: {9FFBDCB9-612E-4BDA-9473-EAE2736D5051} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {C0C0C00B-6B15-43B3-B8E8-76B6AB7E8149} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe No File
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/20/2013 09:16:13 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung StarMoney.exe, Version 2.0.8.26, Zeitstempel 0x4f97c936, fehlerhaftes Modul sfmuicontrol.dll, Version 2.0.8.25, Zeitstempel 0x4f671230, Ausnahmecode 0xc0000005, Fehleroffset 0x00032a7e,
Prozess-ID 0x%9, Anwendungsstartzeit StarMoney.exe0.

Error: (08/19/2013 09:11:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3105

Error: (08/19/2013 09:11:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3105

Error: (08/19/2013 09:11:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/19/2013 09:11:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1092

Error: (08/19/2013 09:11:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1092

Error: (08/19/2013 09:11:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/19/2013 05:31:23 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung WINWORD.EXE, Version 14.0.6129.5000, Zeitstempel 0x5082f354, fehlerhaftes Modul gdiplus.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x515ba857, Ausnahmecode 0xc0000005, Fehleroffset 0x748f74b2,
Prozess-ID 0x1e8c, Anwendungsstartzeit WINWORD.EXE0.

Error: (08/19/2013 05:10:03 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung WINWORD.EXE, Version 14.0.6129.5000, Zeitstempel 0x5082f354, fehlerhaftes Modul gdiplus.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x515ba857, Ausnahmecode 0xc0000005, Fehleroffset 0x748f74b2,
Prozess-ID 0x2a60, Anwendungsstartzeit WINWORD.EXE0.

Error: (08/19/2013 06:54:00 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3026


System errors:
=============
Error: (08/15/2013 07:30:45 PM) (Source: Service Control Manager) (User: )
Description: 30000stisvc

Error: (08/15/2013 07:14:13 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (08/15/2013 07:14:13 PM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (08/15/2013 07:12:59 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (08/15/2013 07:12:54 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (08/15/2013 07:12:44 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (08/15/2013 07:11:38 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 15.08.2013 um 18:59:31 unerwartet heruntergefahren.

Error: (08/15/2013 05:14:18 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (08/15/2013 05:14:18 PM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (08/15/2013 05:12:39 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (08/20/2013 09:16:13 PM) (Source: Application Error)(User: )
Description: StarMoney.exe2.0.8.264f97c936sfmuicontrol.dll2.0.8.254f671230c000000500032a7e

Error: (08/19/2013 09:11:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3105

Error: (08/19/2013 09:11:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3105

Error: (08/19/2013 09:11:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/19/2013 09:11:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1092

Error: (08/19/2013 09:11:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1092

Error: (08/19/2013 09:11:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/19/2013 05:31:23 PM) (Source: Application Error)(User: )
Description: WINWORD.EXE14.0.6129.50005082f354gdiplus.dll_unloaded0.0.0.0515ba857c0000005748f74b21e8c01ce9cee3317a460

Error: (08/19/2013 05:10:03 PM) (Source: Application Error)(User: )
Description: WINWORD.EXE14.0.6129.50005082f354gdiplus.dll_unloaded0.0.0.0515ba857c0000005748f74b22a6001ce9cec4489cea0

Error: (08/19/2013 06:54:00 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3026


CodeIntegrity Errors:
===================================
  Date: 2012-07-07 09:42:48.106
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-12 22:14:13.626
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Logitech\SetPoint\lgscroll.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-12 22:14:13.446
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Logitech\SetPoint\lgscroll.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-12 22:13:03.177
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Logitech\SetPoint\lgscroll.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-12 22:13:03.032
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Logitech\SetPoint\lgscroll.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-12 22:13:02.887
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Logitech\SetPoint\lgscroll.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-12 22:13:02.730
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Logitech\SetPoint\lgscroll.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-12 22:13:02.559
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Logitech\SetPoint\lgscroll.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-12 22:13:02.410
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Logitech\SetPoint\lgscroll.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-12 22:13:02.265
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Logitech\SetPoint\lgscroll.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 81%
Total physical RAM: 2045.77 MB
Available physical RAM: 384.29 MB
Total Pagefile: 4346.55 MB
Available Pagefile: 1755.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:98.44 GB) (Free:14.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:253.12 GB) (Free:201.22 GB) NTFS
Drive e: () (Fixed) (Total:114.2 GB) (Free:113.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 342B9080)
Partition 1: (Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=253 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=114 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Bei gmer gab es ein Problem, Fehlermeldung:
"Es befindet sich kein Datenträger im Laufwerk. Legen Sie einen Datenträger in Laufwerk \Device\Harddisk1\DR1 ein."

Siehe auch Anhang

Den scan musste ich dann abbrechen...

Sonst habe ich noch nichts unternommen.

Danke schon mal für eure Unterstützung! Gehe jetzt erstmal schlafen...

smeenk 20.08.2013 23:17
:hallo:

Bitte lade dir Zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Speichere Zoek.exe auf deinem Desktop.
  • Bitte lade dir Zoekscript.txt aus den Anhang.
  • Achtung: Das angehängten Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Speichere Zoekscript.txt auf deinem Desktop(Wichtig: es muss sich in jedem Fall im gleichen Ordner wie Zoek.exe befinden)
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann Zoek nämlich bei der Arbeit behindern.
  • Schließe alle laufenden Programme damit Zoek ungehindert arbeiten kann.
  • Ziehe Zoekscript.txt in die Zoek.exe wie in diesem Bild:
    http://www.imgdumper.nl/uploads7/51d...put_o17AAA.gif
  • Sei geduldig bis das Skript durchläuft.
  • Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)

deisterfuchs 21.08.2013 05:36
Guten Morgen, hier das logfile von ZOEK

Code:
Zoek.exe Version 4.0.0.4 Updated 19-08-2013
Tool run by SecTec MediaConsult on 21.08.2013 at  6:12:40,43.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\SecTec MediaConsult\Desktop\zoek.exe
Script used: C:\Users\SecTec MediaConsult\Desktop\zoekscript.txt

==== System Restore Info ======================

21.08.2013 06:13:32 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1042598475-3139920688-3118179947-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6D3CE66D-4A76-4947-B7B8-735ECC369608} deleted successfully
HKEY_USERS\S-1-5-21-1042598475-3139920688-3118179947-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Installed Programs ======================

1ClickDownloader 
1und1 Internet Explorer Add-On 
Acrobat.com 
Adobe AIR 
Adobe Flash Player 11 ActiveX 
Adobe Flash Player 11 Plugin 
Adobe Reader 9.5.5 - Deutsch 
Apple Application Support 
Apple Mobile Device Support 
Apple Software Update 
Avira Free Antivirus 
AVM FRITZBox Dokumentation 
AVM FRITZBox Druckeranschluss 
AVM FRITZBox USB-Fernanschluss 
Bonjour 
CardMan synchronous API V1.1.1.4 
CDDRV_Installer 
CloneDVD2 
CT-API fr CardMan V4.0.2.2 
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition 
DriveImage XML (Private Edition) 
Druckerdeinstallation fr EPSON SX525WD Series 
EPSON BX620FWD Series Handbuch 
EPSON BX620FWD Series Netzwerk-Handbuch 
EPSON BX620FWD Series Printer Uninstall 
EPSON BX635FWD Series Printer Uninstall 
Epson Easy Photo Print 2 
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) 
Epson Event Manager 
Epson FAX Utility 
Epson PC-FAX Driver 
EPSON Scan 
EpsonNet Print 
EpsonNet Setup 3.3 
Firebird SQL Server - MAGIX Edition 
Google Earth 
Google Toolbar for Internet Explorer 
Google Update Helper 
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) 
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) 
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) 
iCloud 
iTunes 
Java 7 Update 25 
Java Auto Updater 
Java(TM) 6 Update 6 
Java(TM) 6 Update 7 
JavaFX 2.1.1 
KhalInstallWrapper 
Logitech SetPoint 
Logitech Updater 
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU 
Microsoft .NET Framework 3.5 Language Pack SP1 - deu 
Microsoft .NET Framework 3.5 SP1 
Microsoft .NET Framework 4 Client Profile 
Microsoft Office 2010 Service Pack 1 (SP1) 
Microsoft Office Access MUI (German) 2010 
Microsoft Office Excel MUI (German) 2010 
Microsoft Office File Validation Add-In 
Microsoft Office Groove MUI (German) 2010 
Microsoft Office InfoPath MUI (German) 2010 
Microsoft Office Live Add-in 1.5 
Microsoft Office OneNote MUI (German) 2010 
Microsoft Office Outlook MUI (German) 2010 
Microsoft Office PowerPoint MUI (German) 2010 
Microsoft Office Professional Plus 2010 
Microsoft Office Proof (English) 2010 
Microsoft Office Proof (French) 2010 
Microsoft Office Proof (German) 2010 
Microsoft Office Proof (Italian) 2010 
Microsoft Office Proofing (German) 2010 
Microsoft Office Publisher MUI (German) 2010 
Microsoft Office Shared MUI (German) 2010 
Microsoft Office Word MUI (German) 2010 
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 
Microsoft Visual C++ 2005 Redistributable 
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 
Microsoft_VC100_CRT_SP1_x86 
Mozilla Firefox 22.0 (x86 de) 
Mozilla Maintenance Service 
MSVC80_x86_v2 
MSVC90_x86 
MSXML 4.0 SP2 (KB936181) 
MSXML 4.0 SP2 (KB941833) 
MSXML 4.0 SP2 (KB954430) 
MSXML 4.0 SP2 (KB973688) 
MSXML 4.0 SP3 Parser 
MSXML 4.0 SP3 Parser (KB2721691) 
MSXML 4.0 SP3 Parser (KB2758694) 
Nero 8 Demo 
neroxml 
Nokia Connectivity Cable Driver 
Nokia PC Suite 
Nokia Software Updater 
Nokia Suite 
NVIDIA 3D Vision Controller-Treiber 310.90 
NVIDIA 3D Vision Treiber 311.06 
NVIDIA Grafiktreiber 311.06 
NVIDIA Install Application 
NVIDIA PhysX-Systemsoftware 9.12.1031 
NVIDIA PhysX 
NVIDIA Stereoscopic 3D Driver 
NVIDIA Systemsteuerung 311.06 
NVIDIA Update 1.11.3 
NVIDIA Update Components 
OpenOffice.org Installer 1.0 
PC Connectivity Solution 
PDFCreator 
PDFCreator Toolbar 
QuickTime 
Rossmann Online Print Wizard Installer 1.0 
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) 
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) 
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) 
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) 
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition 
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition 
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition 
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition 
Security Update for Microsoft Office 2010 (KB2553091) 
Security Update for Microsoft Office 2010 (KB2553096) 
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition 
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition 
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition 
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition 
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition 
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition 
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition 
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition 
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition 
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition 
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition 
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition 
Spelling Dictionaries Support For Adobe Reader 9 
StarMoney 
StarMoney 7.0 S-Edition 
TIPP10 Version 2.0.3 
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) 
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) 
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) 
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) 
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) 
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) 
Update for Microsoft Office 2010 (KB2553065) 
Update for Microsoft Office 2010 (KB2553092) 
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2566458) 
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition 
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition 
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition 
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition 
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition 
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition 
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition 
VC 9.0 Runtime 
VCRedistSetup 
vShare.tv plugin 1.3 
WEKA Ex-Schutz . 
Windows-Treiberpaket - Nokia pccsmcfd "LegacyDriver"  (05/31/2012 7.1.2.0) 
Windows Media Player Firefox Plugin 
Windows Mobile-Ger„tecenter 
XMedia Recode 2.1.0.3 
Yellometer 
ZoneAlarm LTD Toolbar 

==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\a0kfh8ht.default

user.js not found
---- Lines CT2613550 removed from prefs.js ----


---- Lines CT2613550 modified from prefs.js ----


---- Lines conduit removed from prefs.js ----


---- Lines conduit modified from prefs.js ----


---- Lines Web Search removed from prefs.js ----


---- Lines Web Search modified from prefs.js ----


---- Lines Customized removed from prefs.js ----


---- Lines Customized modified from prefs.js ----


---- Lines CommunityToolbar removed from prefs.js ----


---- Lines CommunityToolbar modified from prefs.js ----


---- Lines OneClickDownload removed from prefs.js ----


---- Lines OneClickDownload modified from prefs.js ----


---- FireFox user.js and prefs.js backups ----

prefs__0617_.backup

ProfilePath: C:\Users\SecTec MediaConsult\AppData\Roaming\Mozilla\Firefox\Profiles\bpatue95.default

user.js not found
---- Lines CT2613550 removed from prefs.js ----

user_pref("CT2613550.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2613550.CTID", "ct2613550");
user_pref("CT2613550.CurrentServerDate", "9-3-2011");
user_pref("CT2613550.DialogsAlignMode", "LTR");
user_pref("CT2613550.DownloadReferralCookieData", "");
user_pref("CT2613550.EMailNotifierPollDate", "Wed Mar 09 2011 18:43:29 GMT+0100");
user_pref("CT2613550.FeedPollDate129254982599602533", "Wed Mar 09 2011 17:55:54 GMT+0100");
user_pref("CT2613550.FeedPollDate129254982599602539", "Wed Mar 09 2011 17:55:54 GMT+0100");
user_pref("CT2613550.FeedPollDate129254982599602545", "Wed Mar 09 2011 17:55:54 GMT+0100");
user_pref("CT2613550.FeedPollDate129254982599602551", "Wed Mar 09 2011 17:55:54 GMT+0100");
user_pref("CT2613550.FeedPollDate129254982599602557", "Wed Mar 09 2011 17:55:54 GMT+0100");
user_pref("CT2613550.FeedPollDate129254982599602563", "Wed Mar 09 2011 17:55:54 GMT+0100");
user_pref("CT2613550.FeedPollDate129254982599602569", "Wed Mar 09 2011 17:55:54 GMT+0100");
user_pref("CT2613550.FeedPollDate129254982599602575", "Wed Mar 09 2011 17:55:54 GMT+0100");
user_pref("CT2613550.FeedPollDate129254982599602581", "Wed Mar 09 2011 17:55:54 GMT+0100");
user_pref("CT2613550.FeedPollDate129254982599602587", "Wed Mar 09 2011 17:55:54 GMT+0100");
user_pref("CT2613550.FeedPollDate129254982599602593", "Wed Mar 09 2011 17:55:54 GMT+0100");
user_pref("CT2613550.FeedPollDate129254982599602599", "Wed Mar 09 2011 17:55:54 GMT+0100");
user_pref("CT2613550.FeedPollDate129254982599602605", "Wed Mar 09 2011 17:55:54 GMT+0100");
user_pref("CT2613550.FeedPollDate129254982599602611", "Wed Mar 09 2011 17:55:54 GMT+0100");
user_pref("CT2613550.FeedPollDate129254982599602617", "Wed Mar 09 2011 17:55:55 GMT+0100");
user_pref("CT2613550.FeedPollDate129254982599602623", "Wed Mar 09 2011 17:55:55 GMT+0100");
user_pref("CT2613550.FeedPollDate129254982599602629", "Wed Mar 09 2011 17:55:55 GMT+0100");
user_pref("CT2613550.FeedTTL129254982599602545", 5);
user_pref("CT2613550.FeedTTL129254982599602551", 5);
user_pref("CT2613550.FeedTTL129254982599602575", 2);
user_pref("CT2613550.FeedTTL129254982599602605", 5);
user_pref("CT2613550.FeedTTL129254982599602617", 30);
user_pref("CT2613550.FirstServerDate", "7-3-2011");
user_pref("CT2613550.FirstTime", true);
user_pref("CT2613550.FirstTimeFF3", true);
user_pref("CT2613550.FirstTimeSettingsDone", true);
user_pref("CT2613550.FixPageNotFoundErrors", true);
user_pref("CT2613550.GroupingServerCheckInterval", 1440);
user_pref("CT2613550.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2613550.Initialize", true);
user_pref("CT2613550.InitializeCommonPrefs", true);
user_pref("CT2613550.InstallationAndCookieDataSentCount", 3);
user_pref("CT2613550.InstallationType", "UnknownIntegration");
user_pref("CT2613550.InstalledDate", "Mon Mar 07 2011 18:01:36 GMT+0100");
user_pref("CT2613550.IsGrouping", false);
user_pref("CT2613550.IsMulticommunity", false);
user_pref("CT2613550.IsOpenThankYouPage", false);
user_pref("CT2613550.IsOpenUninstallPage", false);
user_pref("CT2613550.LanguagePackLastCheckTime", "Mon Mar 07 2011 18:01:37 GMT+0100");
user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2613550.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2613550.LastLogin_2.7.1.3", "Wed Mar 09 2011 15:09:31 GMT+0100");
user_pref("CT2613550.LatestVersion", "2.7.1.3");
user_pref("CT2613550.Locale", "de-de");
user_pref("CT2613550.LoginCache", 4);
user_pref("CT2613550.MCDetectTooltipHeight", "83");
user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2613550.MCDetectTooltipWidth", "295");
user_pref("CT2613550.RadioIsPodcast", false);
user_pref("CT2613550.RadioMediaID", "8546");
user_pref("CT2613550.RadioMediaType", "Media Player");
user_pref("CT2613550.RadioMenuSelectedID", "EBRadioMenu_CT26135508546");
user_pref("CT2613550.RadioStationName", "Radio%208");
user_pref("CT2613550.RadioStationURL", "hxxp://stream.radio8.de:8000/live.m3u");
user_pref("CT2613550.SavedHomepage", "hxxp://www.google.de/");
user_pref("CT2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=ct2613550&octid=EB_ORIGINAL_CTID&SearchSource=1");
user_pref("CT2613550.SearchFromAddressBarIsInit", true);
user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&q=");
user_pref("CT2613550.SearchInNewTabEnabled", true);
user_pref("CT2613550.SearchInNewTabIntervalMM", 1440);
user_pref("CT2613550.SearchInNewTabLastCheckTime", "Mon Mar 07 2011 18:01:37 GMT+0100");
user_pref("CT2613550.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2613550.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2613550.SettingsCheckIntervalMin", 120);
user_pref("CT2613550.SettingsLastCheckTime", "Mon Mar 07 2011 17:56:56 GMT+0100");
user_pref("CT2613550.SettingsLastUpdate", "1298419708");
user_pref("CT2613550.ThirdPartyComponentsInterval", 504);
user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Mon Mar 07 2011 17:56:56 GMT+0100");
user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255348257");
user_pref("CT2613550.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
user_pref("CT2613550.UserID", "UN99704492685025096");
user_pref("CT2613550.ValidationData_Toolbar", 0);
user_pref("CT2613550.WeatherNetwork", "");
user_pref("CT2613550.WeatherPollDate", "Wed Mar 09 2011 18:38:29 GMT+0100");
user_pref("CT2613550.WeatherUnit", "C");
user_pref("CT2613550.alertChannelId", "1006347");
user_pref("CT2613550.clientLogIsEnabled", true);
user_pref("CT2613550.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2613550.ct2613550.DialogsAlignMode", "LTR");
user_pref("CT2613550.ct2613550.FeedLastCount3082739963941193807", 703);
user_pref("CT2613550.ct2613550.FirstTimeSettingsDone", true);
user_pref("CT2613550.ct2613550.InvalidateCache", false);
user_pref("CT2613550.ct2613550.LanguagePackLastCheckTime", "Tue Mar 08 2011 18:47:40 GMT+0100");
user_pref("CT2613550.ct2613550.Locale", "de-de");
user_pref("CT2613550.ct2613550.RadioLastCheckTime", "Wed Mar 09 2011 18:47:59 GMT+0100");
user_pref("CT2613550.ct2613550.RadioLastUpdateIPServer", "3");
user_pref("CT2613550.ct2613550.RadioLastUpdateServer", "0");
user_pref("CT2613550.ct2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2613550&octid=EB_ORIGINAL_CTID&SearchSource=1");
user_pref("CT2613550.ct2613550.SearchInNewTabLastCheckTime", "Wed Mar 09 2011 20:16:44 GMT+0100");
user_pref("CT2613550.ct2613550.SettingsCheckIntervalMin", 120);
user_pref("CT2613550.ct2613550.SettingsLastCheckTime", "Wed Mar 09 2011 17:55:51 GMT+0100");
user_pref("CT2613550.ct2613550.SettingsLastUpdate", "1298419708");
user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastCheck", "Mon Mar 07 2011 18:01:36 GMT+0100");
user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastUpdate", "1255348257");
user_pref("CT2613550.myStuffEnabled", true);
user_pref("CT2613550.myStuffPublihserMinWidth", 400);
user_pref("CT2613550.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2613550.myStuffServiceIntervalMM", 1440);
user_pref("CT2613550.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2613550.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CommunityToolbar.ToolbarsList", "CT2613550");
user_pref("CommunityToolbar.ToolbarsList2", "CT2613550");
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2613550");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}");
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&q=");

---- Lines CT2613550 modified from prefs.js ----


---- Lines conduit removed from prefs.js ----


---- Lines conduit modified from prefs.js ----


---- Lines Web Search removed from prefs.js ----

user_pref("browser.search.defaultengine", "Web Search");
user_pref("browser.search.defaultenginename", "Web Search");
user_pref("browser.search.defaultthis.engineName", "ZoneAlarm-Sicherheit Customized Web Search");
user_pref("browser.search.order.1", "Web Search");

---- Lines Web Search modified from prefs.js ----


---- Lines Customized removed from prefs.js ----


---- Lines Customized modified from prefs.js ----


---- Lines CommunityToolbar removed from prefs.js ----

user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Mar 09 2011 19:29:13 GMT+0100");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");

---- Lines CommunityToolbar modified from prefs.js ----


---- Lines OneClickDownload removed from prefs.js ----

user_pref("extensions.bootstrappedAddons", "{\"OneClickDownload@OneClickDownload.com\":{\"version\":\"1.3\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\SecTec MediaConsult\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bpatue95.default\\\\extensions\\\\OneClickDownload@OneClickDownload.com.xpi\"}}");
user_pref("extensions.OneClickDownload.filter", "0");
user_pref("extensions.OneClickDownload.lastUpdate", "{\"hours\":17,\"min\":28}");

---- Lines OneClickDownload modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\",\"mtime\":1245891655292,\"rdfTime\":1232707720000}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1372338110712,\"rdfTime\":1372338110612}}},{\"name\":\"app-profile\",\"addons\":{\"de-DE-alt@dictionaries.addons.mozilla.org\":{\"descriptor\":\"C:\\\\Users\\\\SecTec MediaConsult\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bpatue95.default\\\\extensions\\\\de-DE-alt@dictionaries.addons.mozilla.org\",\"mtime\":1198318373414,\"rdfTime\":1176128760000},\"OneClickDownload@OneClickDownload.com\":{\"descriptor\":\"C:\\\\Users\\\\SecTec MediaConsult\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bpatue95.default\\\\extensions\\\\OneClickDownload@OneClickDownload.com.xpi\",\"mtime\":1359652079105},\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\Users\\\\SecTec MediaConsult\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bpatue95.default\\\\extensions\\\\{20a82645-c095-46ed-80e3-08825760534b}\",\"mtime\":1272434231106,\"rdfTime\":1271780036000}}}]");

---- FireFox user.js and prefs.js backups ----

prefs__0617_.backup

==== Deleting Files \ Folders ======================

"C:\ProgramData\.zreglib" deleted
"C:\Users\SecTec MediaConsult\AppData\Roaming\Mozilla\Firefox\Profiles\bpatue95.default\searchplugins\conduit.xml" deleted
"C:\Users\SecTec MediaConsult\AppData\Roaming\Mozilla\Firefox\Profiles\bpatue95.default\extensions\OneClickDownload@OneClickDownload.com.xpi" deleted
"C:\Program Files\Mozilla Firefox\Plugins\npvsharetvplg.dll" deleted
"C:\Users\SecTec MediaConsult\Downloads\ivdf_fusebundle_nt_en.zip" deleted
"C:\Windows\SEECC28E3(400).tmp" deleted
"C:\Windows\SEECC28E3.tmp" not deleted
"C:\Windows\System32\SET1F36.tmp" deleted
"C:\Windows\System32\SETFD2.tmp" deleted
"C:\Program Files\1ClickDownload" deleted
"C:\Program Files\vShare.tv plugin" deleted
"C:\Users\SecTec MediaConsult\AppData\LocalLow\Conduit" deleted
"C:\Users\SecTec MediaConsult\AppData\Roaming\Mozilla\Firefox\Profiles\bpatue95.default\jetpack" deleted
"C:\Users\SecTec MediaConsult\AppData\Roaming\Mozilla\Firefox\Profiles\bpatue95.default\CT2613550" deleted
"C:\Users\SecTec MediaConsult\AppData\Roaming\Mozilla\Firefox\Profiles\bpatue95.default\CT2613550" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\SECTEC~1\AppData\Local\Temp ====
====== C:\Windows\system32 =====
2013-08-15 05:40:16        C5EEAA837E52F7B4763D5678CEDB9FF4        2382848        ----a-w-        C:\Windows\System32\mshtml.tlb
2013-08-15 05:40:16        9C89AF1C0D74AEB51025F4B7A1A27A6E        73216        ----a-w-        C:\Windows\System32\mshtmled.dll
2013-08-15 05:40:16        87246CCD0088A7C7DE9ECAEC346DBB68        420864        ----a-w-        C:\Windows\System32\vbscript.dll
2013-08-15 05:40:15        E5085AC9642756F6467F0A28B85477E2        607744        ----a-w-        C:\Windows\System32\msfeeds.dll
2013-08-15 05:40:15        CA8860800EF5E387D0D4CC27F64E8011        176640        ----a-w-        C:\Windows\System32\ieui.dll
2013-08-15 05:40:15        6839F14A2507D9273BD13565DD880377        1129472        ----a-w-        C:\Windows\System32\wininet.dll
2013-08-15 05:40:15        3711B49D8CF265A24CD82FB3BCFFB1D5        142848        ----a-w-        C:\Windows\System32\ieUnatt.exe
2013-08-15 05:40:15        0A725B5A547DE3B4C0E7A0F6F6E972A5        65536        ----a-w-        C:\Windows\System32\jsproxy.dll
2013-08-15 05:40:15        079C80C13024923DCF3DCCB4D8357637        717824        ----a-w-        C:\Windows\System32\jscript.dll
2013-08-15 05:40:14        F3F218BAE79C4C104DFC44D8D530FD7C        1800704        ----a-w-        C:\Windows\System32\jscript9.dll
2013-08-15 05:40:14        E500CEACB8FA2114C76FE39005F79C2D        231936        ----a-w-        C:\Windows\System32\url.dll
2013-08-15 05:40:14        C4C06D8FDF02BD36497BD91825BB4C17        1796096        ----a-w-        C:\Windows\System32\iertutil.dll
2013-08-15 05:40:13        E8B57171FBDC576F4ECBB075179C308B        1104384        ----a-w-        C:\Windows\System32\urlmon.dll
2013-08-15 05:40:13        22BEE919EE9E20F6DA460F0EB5F37B03        9738752        ----a-w-        C:\Windows\System32\ieframe.dll
2013-08-15 05:40:13        127359736B0A2093249F20B3B0395BBE        1427968        ----a-w-        C:\Windows\System32\inetcpl.cpl
2013-08-15 05:40:12        7161E761E81356C8EF6383CB1AE41B8D        12334080        ----a-w-        C:\Windows\System32\mshtml.dll
2013-08-15 05:35:39        351FA1DF82CFFDEDA801604246E63E95        15872        ----a-w-        C:\Windows\System32\icaapi.dll
2013-08-15 05:35:21        F1DBB1AC69239D292A9035032C5B4F00        2048        ----a-w-        C:\Windows\System32\tzres.dll
2013-08-15 05:35:16        E389C328AC7FE5673593ECAD269E7A54        783360        ----a-w-        C:\Windows\System32\rpcrt4.dll
2013-08-15 05:35:12        CB284FC56D12BF5D2503CB75B03FD40A        3551680        ----a-w-        C:\Windows\System32\ntoskrnl.exe
2013-08-15 05:35:12        B9FDFF876B0E7B4FECBAA5708C6ED616        1205168        ----a-w-        C:\Windows\System32\ntdll.dll
2013-08-15 05:35:12        61E5B6E75A5E53D1052A6D18BF67B59A        3603904        ----a-w-        C:\Windows\System32\ntkrnlpa.exe
2013-08-15 05:35:07        D16A740186870C32941C0E61DF4F1298        172544        ----a-w-        C:\Windows\System32\wintrust.dll
2013-08-15 05:35:07        71B479749F0F52C4FEC726C6FFA2CE1C        98304        ----a-w-        C:\Windows\System32\cryptnet.dll
2013-08-15 05:35:07        684C130BBC6DB681BAD4920A4C944AA5        133120        ----a-w-        C:\Windows\System32\cryptsvc.dll
2013-08-15 05:35:07        26138BCD0131DA417A6006FE8990CC59        992768        ----a-w-        C:\Windows\System32\crypt32.dll
====== C:\Windows\system32\drivers =====
2013-08-15 05:35:39        F4EAA7ECBCB25DE901C9B7F2CDCDA0B3        24064        ----a-w-        C:\Windows\System32\drivers\tssecsrv.sys
2013-08-15 05:35:36        6D0D344F643E28B31262AC2682109A3C        914880        ----a-w-        C:\Windows\System32\drivers\tcpip.sys
2013-08-15 05:35:36        5877A786EF27E42C4E84D1356F922302        31232        ----a-w-        C:\Windows\System32\drivers\tcpipreg.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-08-05 14:16:19        --------        d-----w-        C:\Program Files\iPod
======= C: =====
====== C:\Users\SecTec MediaConsult\AppData\Roaming ======
====== C:\Users\SecTec MediaConsult ======
2013-08-20 21:00:11        60BF4AE8CC40B0E3E28613657ED2EED8        377856        ----a-w-        C:\Users\SecTec MediaConsult\Downloads\gyzykr3r.exe
2013-08-20 20:59:30        60BF4AE8CC40B0E3E28613657ED2EED8        377856        ----a-w-        C:\Users\SecTec MediaConsult\Desktop\gmer_2.1.19163.exe
2013-08-20 20:41:58        98C9D5417C3589E48D96CCF606D065B8        1070233        ----a-w-        C:\Users\SecTec MediaConsult\Desktop\FRST.exe
2013-08-20 20:37:40        D41D8CD98F00B204E9800998ECF8427E        0        ----a-w-        C:\Users\SecTec MediaConsult\defogger_reenable
2013-08-20 20:35:06        9146F21288AB749C4C729343F5F285A1        50477        ----a-w-        C:\Users\SecTec MediaConsult\Desktop\Defogger.exe
2013-08-20 20:33:29        78E5B8514EA50C0BD084386D79D5AE46        714352        ----a-w-        C:\Users\SecTec MediaConsult\Downloads\ZipOpenerSetup.exe
2013-08-20 20:30:28        4ADCFEE16EE9978F06157634669D36FB        602112        ----a-w-        C:\Users\SecTec MediaConsult\Desktop\OTL.exe
2013-08-20 19:57:43        4ADCFEE16EE9978F06157634669D36FB        602112        ----a-w-        C:\Users\SecTec MediaConsult\Downloads\OTL.exe
2013-08-05 14:16:42        --------        d-----w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2013-08-05 14:16:16        --------        d-----w-        C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-07-29 16:06:45        --------        d-----w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

====== C: exe-files ==
2074-03-16 15:49:34        EF230C2D75FACAF45D7E7018E0119151        1058640        ----a-w-        C:\Program Files\StarMoney 7.0 S-Edition\tools\NetViewer.exe
2074-03-16 15:49:34        615995EE81F4C9B3E700F93C0B40D3E9        1582896        ----a-w-        C:\Program Files\StarMoney 7.0 S-Edition\tools\NetViewer2.exe
2013-08-21 04:04:05        D6E84508BBE50BBEEFAF02C865A96836        1070672        ----a-w-        C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_714BFB3B4B0991F6.exe
2013-08-21 04:03:42        42D0D34CAA293C83B4433A537DF13895        530912        ----a-w-        C:\Program Files\Google\Update\Install\{E7C4ED88-1521-4F0A-8FCD-774F04CFB4FE}\GoogleToolbarInstaller_updater_signed.exe
2013-08-21 04:03:42        42D0D34CAA293C83B4433A537DF13895        530912        ----a-w-        C:\Program Files\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.5.4413.1752\GoogleToolbarInstaller_updater_signed.exe
2013-08-20 21:00:11        60BF4AE8CC40B0E3E28613657ED2EED8        377856        ----a-w-        C:\Users\SecTec MediaConsult\Downloads\gyzykr3r.exe
2013-08-20 20:59:30        60BF4AE8CC40B0E3E28613657ED2EED8        377856        ----a-w-        C:\Users\SecTec MediaConsult\Desktop\gmer_2.1.19163.exe
2013-08-20 20:41:58        98C9D5417C3589E48D96CCF606D065B8        1070233        ----a-w-        C:\Users\SecTec MediaConsult\Desktop\FRST.exe
2013-08-20 20:35:06        9146F21288AB749C4C729343F5F285A1        50477        ----a-w-        C:\Users\SecTec MediaConsult\Desktop\Defogger.exe
2013-08-20 20:33:29        78E5B8514EA50C0BD084386D79D5AE46        714352        ----a-w-        C:\Users\SecTec MediaConsult\Downloads\ZipOpenerSetup.exe
2013-08-20 20:30:28        4ADCFEE16EE9978F06157634669D36FB        602112        ----a-w-        C:\Users\SecTec MediaConsult\Desktop\OTL.exe
2013-08-20 19:57:43        4ADCFEE16EE9978F06157634669D36FB        602112        ----a-w-        C:\Users\SecTec MediaConsult\Downloads\OTL.exe
2013-08-15 05:40:15        3711B49D8CF265A24CD82FB3BCFFB1D5        142848        ----a-w-        C:\Windows\System32\ieUnatt.exe
2013-08-15 05:40:14        57EC630DBD5F0713E77CB3540AB80A8E        757400        ----a-w-        C:\Program Files\Internet Explorer\iexplore.exe
2013-08-15 05:35:12        CB284FC56D12BF5D2503CB75B03FD40A        3551680        ----a-w-        C:\Windows\System32\ntoskrnl.exe
2013-08-15 05:35:12        61E5B6E75A5E53D1052A6D18BF67B59A        3603904        ----a-w-        C:\Windows\System32\ntkrnlpa.exe
=== C: other files ==
2013-08-15 05:35:39        F4EAA7ECBCB25DE901C9B7F2CDCDA0B3        24064        ----a-w-        C:\Windows\System32\drivers\tssecsrv.sys
2013-08-15 05:35:36        6D0D344F643E28B31262AC2682109A3C        914880        ----a-w-        C:\Windows\System32\drivers\tcpip.sys
2013-08-15 05:35:36        5877A786EF27E42C4E84D1356F922302        31232        ----a-w-        C:\Windows\System32\drivers\tcpipreg.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-21-1042598475-3139920688-3118179947-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"
"NokiaSuite.exe"="C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray"
"iCloudServices"="C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe"
"ApplePhotoStreams"="C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN"
"chkhbci"="C:\Windows\system32\chkhbcin.exe"
"WPCUMI"="C:\Windows\system32\WpcUmi.exe"
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"ALDI Foto Service"="E:\ALDI-Foto\FotoSuite.exe /autorun"
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
"EEventManager"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"
"NSU_agent"="C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="E:\iTunes\iTunesHelper.exe"
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide"
"FUFAXSTM"=""C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe""
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe "
"FUFAXRCV"=""C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"
"NokiaSuite.exe"="C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray"
"iCloudServices"="C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe"
"ApplePhotoStreams"="C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"

==== Startup Folders ======================

2013-04-02 16:33:20        1145        ----a-w-        C:\users\SecTec MediaConsult\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
2008-01-16 20:58:35        673        ----a-w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
2008-01-02 11:12:45        570        ----a-w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:@C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [27.03.2010 23:34]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [27.03.2010 23:34]

==== Firefox Extensions ======================

ProfilePath: C:\Users\SecTec MediaConsult\AppData\Roaming\Mozilla\Firefox\Profiles\bpatue95.default
- Deutsches Wrterbuch alte Rechtschreibung fr die Rechtschreibprfung in Mozilla-Produkten - %ProfilePath%\extensions\de-DE-alt@dictionaries.addons.mozilla.org
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\SecTec MediaConsult\AppData\Roaming\Mozilla\Firefox\Profiles\bpatue95.default
0C8597DBC74AAF5179471BA013E3C6B4        - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll -        Shockwave Flash
ABCB4A6EAB701C629378255ABCB308E5        - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll -        Java(TM) Platform SE 7 U25
D7324EB1EDCB8990F8522DE0311359E9        - C:\Windows\system32\npDeployJava1.dll -        Java Deployment Toolkit 7.0.250.17
101700E93EB905992B518256CB441829        - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll -        Google Update
7550FC1ADE982582D5920BEA6430E3D4        - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll -        Google Earth Plugin
AE84791D996D1F05A2446B0C447D937A        - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll -        Adobe Acrobat
AE84791D996D1F05A2446B0C447D937A        - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll -        Adobe Acrobat
270EE43CC00609B9937AAF94E1E970D4        - E:\iTunes\Mozilla Plugins\npitunes.dll -        iTunes Application Detector
D7EFF0B98C370E03D7E2593399D9B669        - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll -        NVIDIA 3D Vision
75A1232EAC640B782CDD2132B5271AA8        - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll -        NVIDIA 3D VISION
F7B27774DAF8660ADD71EA29AE8C1B1A        - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll -        Nokia Suite Enabler Plugin
11EF47BE3D8A4A943E10A63870C1F2C6        - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll -        QuickTime Plug-in 7.7.3
4ACB977AAB250731739302CB45A807B3        - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll -        QuickTime Plug-in 7.7.3
6E7690D2EE4E530DAC8C562CF8CCE70B        - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll -        QuickTime Plug-in 7.7.3
D2E4BDDD297B6A481BAC612C25A1F10A        - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll -        QuickTime Plug-in 7.7.3
7A14B17E24CE74BBB603B824EDA79A72        - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll -        QuickTime Plug-in 7.7.3
2A92F41DCBB5832872D8B0E941746112        - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll -        QuickTime Plug-in 7.7.3
C1FD5EE5FD1F65CE223A5C3AE846DDF6        - C:\Program Files\QuickTime\Plugins\npqtplugin.dll -        QuickTime Plug-in 7.7.3
24E990B1E6D55428001843CF7217DD81        - C:\Program Files\Microsoft\Office Live\npOLW.dll -        Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox
AB87EEFFD18F2BAAFC274E7075EA6C67        - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -        Windows Presentation Foundation / Windows Presentation Foundation
DFCAB29E8FD38F95650CC1E203E8D318        - C:\Windows\system32\npmproxy.dll -        Microsoft® Windows® Operating System


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
kpionmjnkbpcdpcflammlgllecmejgjj - C:\Program Files\vShare.tv plugin\vshareplg.crx[]
pmlghpafmmnmmkjdhacccolfgnkiboco - C:\Program Files\1ClickDownload\oneclickdownloader10.crx[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://startsear.ch/?aff=1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://startsear.ch/?aff=1"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6D3CE66D-4A76-4947-B7B8-735ECC369608}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6D3CE66D-4A76-4947-B7B8-735ECC369608}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{31CF9EBE-5755-4a1d-AC25-2834D952D9B4} PDFCreator-Symbolleiste  Url="hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field"
{3AA4CFB9-B888-441B-906D-FE0B265FFADC} Amazon  Url="hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}"
{3CD18572-6DC9-4053-A84F-3EB0433280C0} 1und1 Suche Url="hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{95BBD548-2C57-41F7-9C49-1CE3231E4E09} eBay  Url="hxxp://go.web.de/suchbox/ebay?query={searchTerms}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1042598475-3139920688-3118179947-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully
HKEY_USERS\S-1-5-21-1042598475-3139920688-3118179947-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully
HKEY_USERS\S-1-5-21-1042598475-3139920688-3118179947-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} deleted successfully
HKEY_USERS\S-1-5-21-1042598475-3139920688-3118179947-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\SecTec MediaConsult\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\SecTec MediaConsult\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\SecTec MediaConsult\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\SecTec MediaConsult\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\SecTec MediaConsult\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\users\Felix\AppData\Local\Mozilla\Firefox\Profiles\a0kfh8ht.default\Cache emptied successfully
C:\users\SecTec MediaConsult\AppData\Local\Mozilla\Firefox\Profiles\bpatue95.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\SECTEC~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\SEECC28E3.tmp"  not deleted
"C:\Users\SecTec MediaConsult\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on 21.08.2013 at  6:26:30,62 ======================
Achtung: bin ab sofort bis morgen Abend unterwegs, also bitte nicht wundern, dass ich nicht reagiere..

smeenk 21.08.2013 23:07
Kein Problem, nimm dir Zeit :)

Ich habe eine neue Anhang für Zoek.exe erstellt, verwendet es wie das erste mal und poste mir bitte das neue Log-Datei Zoek.exe

deisterfuchs 22.08.2013 18:03
Hallo, da bin ich wieder;)

hier das neue logfile:

Code:
Zoek.exe Version 4.0.0.4 Updated 19-08-2013
Tool run by SecTec MediaConsult on 22.08.2013 at 18:53:00,03.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\SecTec MediaConsult\Desktop\zoek.exe
Script used: C:\Users\SecTec MediaConsult\Desktop\zoekscript.txt

==== Older Logs ======================

C:\zoek-results21.08.2013-0626.log        45563 bytes

==== Deleting Files \ Folders ======================

"C:\Users\SecTec MediaConsult\Downloads\ZipOpenerSetup.exe" deleted

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\vShare.tv plugin deleted successfully

==== EOF on 22.08.2013 at 18:57:02,97 ======================
warte gespannt auf Antwort

smeenk 22.08.2013 18:28
Sieht gelungen aus :daumenhoc

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

deisterfuchs 22.08.2013 19:51
Hier das logfile von adwcleaner

Code:
# AdwCleaner v3.000 - Report created 22/08/2013 at 20:41:46
# Updated 20/08/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : SecTec MediaConsult - HEIMCOMPUTER
# Running from : C:\Users\SecTec MediaConsult\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\SecTec MediaConsult\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
File Deleted : C:\Users\SecTec MediaConsult\AppData\Roaming\Mozilla\Firefox\Profiles\bpatue95.default\searchplugins\11-suche.xml
File Deleted : C:\Users\SecTec MediaConsult\AppData\Roaming\Mozilla\Firefox\Profiles\bpatue95.default\searchplugins\Startsear.xml
File Deleted : C:\Program Files\Mozilla Firefox\Plugins\npvsharetvplg.dll

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\1ClicktorrentFile
Key Deleted : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher
Key Deleted : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher.1
Key Deleted : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO
Key Deleted : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}]
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\pdfforge.org
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\pdfforge.org
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16502


-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\SecTec MediaConsult\AppData\Roaming\Mozilla\Firefox\Profiles\bpatue95.default\prefs.js ]


[ File : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\a0kfh8ht.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [4641 octets] - [22/08/2013 20:40:14]
AdwCleaner[S0].txt - [4654 octets] - [22/08/2013 20:41:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4714 octets] ##########

smeenk 22.08.2013 23:29
Prima :D

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

deisterfuchs 23.08.2013 06:00
good morning,

zuerst das logfile von mbar

Code:
Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org

Database version: v2013.08.22.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
SecTec MediaConsult :: HEIMCOMPUTER [administrator]

23.08.2013 06:15:53
mbar-log-2013-08-23 (06-15-53).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 275191
Time elapsed: 8 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Ergebnis war "nix gefunden" :daumenhoc

und das logfile von security check

Code:
Results of screen317's Security Check version 0.99.72 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 JavaFX 2.1.1   
 Java 7 Update 25 
 Java(TM) 6 Update 6 
 Java(TM) 6 Update 7 
 Adobe Flash Player        11.8.800.94 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (23.0.1)
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSASCui.exe
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Windows Defender MSASCui.exe 
 StarMoney 7.0 S-Edition ouservice StarMoneyOnlineUpdate.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

smeenk 24.08.2013 23:29
Adobe Reader braucht eine Update, sonst sieht alles Prima aus :)

Bemerkst Du noch einige Probleme?

deisterfuchs 25.08.2013 11:59
alles wie früher, ganz große Klasse!

DANKE!!!!!!!!!

Was muss ich jetzt noch tun (Programme löschen, defogger enablen, usw.)?

Vielleicht hast Du auch einen Tipp, wie man sich noch besser schützt?

smeenk 25.08.2013 22:34
Zitat:
Zitat von deisterfuchs (Beitrag 1140074)
Was muss ich jetzt noch tun (Programme löschen, defogger enablen, usw.)?

Vielleicht hast Du auch einen Tipp, wie man sich noch besser schützt?
Mal sehen ;)

Tools deinstallieren

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: jetzt auf re-enable klicken.
  2. Downloade Dir bitte auf jeden Fall delfix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • DelFix entfernt u. a. alle verwendeten Programme und löscht sich abschließend selbst.
  3. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Abschließend noch Tipps zu folgenden Themen:
  • Systemupdates
  • Softwareupdates
  • Sicherheitssoftware
  • Sicheres Surfen
Lesestoff:
Systemupdates
Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
  • Bitte überprüfe, ob dein System Windows Updates automatisch herunter lädt:
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.


Lesestoff:
Softwareupdates
Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:Auch nicht gelistete Programme sind natürlich wichtig. Ob es für diese eine neue Version gibt, kannst du auf deren Herstellerwebseite oder ganz bequem mit diesen Tools überprüfen:


Lesestoff:
Sicherheitssoftware
Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
  • Wenn du deine Antivirenlösung wechseln solltest, findest du hier Tools mit denen du die Überreste nach der Deinstallation deines alten Scanners entfernen kannst.
  • Installiere niemals mehr als einen Virenscanner. Deren Hintergrundwächter würden sich gegenseitig behindern und dein System ausbremsen.
  • Ein Browserplugin, das dich vor betrügerischen Webseiten schützt, kann dir gute Dienste leisten, wenn du dich nicht gut auskennst (siehe oben).
  • Sorge dafür, dass deine Sicherheitslösung ständig up-to-date ist und sich automatisch Updates besorgt. Wenn du auf manuelle Updates setzt bist du meistens zu spät, da die Virendatenbanken oft täglich sogar mehrfach erneuert werden.
  • Einen zusätzlichen Schutz (und dieser wäre auch erlaubt) bietet ein spezieller Malwarescanner. Hier empfehle ich dir dringend Malwarebytes und einmal wöchentlich damit zu scannen. In der kostenpflichtigen Version hat es sogar einen Hintergrundwächter. Hierfür haben wir eine Anleitung für dich.
Zuletzt empfehle ich dir deine Daten regelmässig (am besten automatisch) zu sichern. Dies kann eine professionelle Backuplösung, externe Festplatten, Brennen auf DVDs oder Überspielen auf ein Online-Laufwerk wie z.B. Dropbox sein. Erzeuge so viele Kopien wie möglich und halte sie aktuell. Nur so bist du auf den schlimmsten Fall vorbereitet, wenn dein Computer - wodurch auch immer - unbrauchbar werden sollte. Leider passiert das ja immer unangekündigt und immer dann wenn man ihn am Nötigsten braucht. Also sorge vor! :)


Lesestoff:
Sicheres Surfen
Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
  • Klicke nicht irgendwo hin, nur weil es bunt ist und leuchtet, in einer Ecke aufpoppt oder so aussieht, als wäre es eine Systemmeldung.
  • Lade dir keine illegale Software, keine Cracks, keine Keygens, keine Gametrainer usw ... die Webseiten, die so etwas anbieten, sind meist nicht seriös und die angeblichen Helfer sind meist verseuchter als du es dir ausmalen würdest. Es spielt dabei keine Rolle, ob du diese Dateien über einen Browser oder Filesharingprogramme beziehst.
  • Öffne keine Emailanhänge von Leuten, die du nicht kennst, Emails mit seltsamen Rechtschreibfehlern oder starte Dateien, die dir eine Webseite anbietet, ohne dass du sie wolltest.
  • Lasse niemand an deinem Computer surfen, der diese Regeln nicht auch befolgt.
  • Verlasse dich nicht darauf, dass dein Virenscanner schon alles findet. Keine Sicherheitslösung ist 100% sicher!

Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
  • WOT (Web of trust) Dieses Add-On warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst. Hinweis: Avast enthält ein solches Plugin bereits.
  • Sandboxie schafft eine zusätzliche isolierte Programmumgebung, damit dein Browser wie ein Kleinkind im Sandkasten sicher ist. (Anleitung: Sandboxie)
  • Securebanking ist ein Software, die Verbindungen untersucht und dir meldet, wenn jemand "mithört". Wie der Name sagt, wurde es entwickelt, damit Onlinebanking wirklich sicher ist. Mehr Infos auf der Homepage: Secure Banking

Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.



Damit wünsche ich dir noch viel Spaß beim Surfen im Internet :daumenhoc

... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Grüße
Smeenk

deisterfuchs 30.08.2013 17:54
Prima, danke nochmal und schönes WE (Spende ist auf dem Weg..)


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:22 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19