Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Google, Youtube Server not found, Thunderbird ruft keine mails mehr ab usw. (https://www.trojaner-board.de/145221-google-youtube-server-not-found-thunderbird-ruft-keine-mails-mehr-ab-usw.html)

zakiya 26.11.2013 21:15
Google, Youtube Server not found, Thunderbird ruft keine mails mehr ab usw.
 
Hallo zusammen,

bin grade ziemlich am verzweifeln...

auf allen meinen Browsern (FF, GC, IE) kann ich google und youtube nicht mehr erreichen (über hidemyass geht es aber sehr wohl).
zudem ruft mein thunderbird seit einigen Tagen keine mails mehr ab. connecting to pop.blabla ist das einzige was kommt. habe sowohl ne gmx adresse als auch nen eigenen server, funzt beides nicht (handy ruft tadellos alles ab).

nachdem ich heute abend gebingt hab (google will ja nicht), habe ich meinen chache geleert (einige male ist dabei der flash player abgestürzt?!), antivir geupdatet (wollte auch nicht auf anhieb und problemlos), neustarts ohne ende gemacht und dergleichen. inzwischen stürzt mein flash player (edit: auf einer seite, sonst nirgends) ausnahmslos ab, dafür erreiche ich google grad wieder. ich versteh es absolut nicht was hier läuft.

ich hab das blöde gefühl nen trojaner, virus oder sonstwas eingefangen zu haben. hat jemand von euch ne idee was ich machen könnte?

ich hab vor ein paar tagen bei no script xss erlaubt, ansonsten fällt mich nichts ein, was ich verändert habe.

vielen dank für eure hilfe,
sandra

schrauber 26.11.2013 21:47
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


zakiya 26.11.2013 22:14
Hey,

vielen Dank für die superschnelle Antwort.
hab eben veruscht nach deiner anleitung vorzugehen, jedoch (nach mehreren Versuchen) kommt jedesmal der fehler FRST.exe has stopped working

bei listing files and folders hängt es bei ~DFFFE7FAB3FC5E471C.tmp falls dir das was hilft

schrauber 27.11.2013 12:23
Richtige Version wurde benutzt? 32/64Bit?

Wenn ja dann so:

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
  • Doppelklick auf die OTL.exe
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal Ausgabe
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

zakiya 27.11.2013 20:39
narf, Server nicht gefunden...aber dank läppi hab ich die exe runtergeladen rüberkopiert und ausgeführt. ergebnis siehe unten.

1000dank für die hilfe!

schrauber 28.11.2013 13:19
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

zakiya 28.11.2013 21:27
OTL Logfile:
Code:
OTL logfile created on: 27.11.2013 20:05:16 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = S:\_00 Downloads
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,24 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 56,73% Memory free
6,48 Gb Paging File | 4,10 Gb Available in Paging File | 63,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,78 Gb Total Space | 15,90 Gb Free Space | 28,50% Space Free | Partition Type: NTFS
Drive D: | 322,17 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 50,20 Gb Total Space | 16,33 Gb Free Space | 32,53% Space Free | Partition Type: NTFS
Drive G: | 14,70 Gb Total Space | 6,66 Gb Free Space | 45,32% Space Free | Partition Type: FAT32
Drive M: | 150,59 Gb Total Space | 60,05 Gb Free Space | 39,88% Space Free | Partition Type: NTFS
Drive P: | 50,20 Gb Total Space | 32,18 Gb Free Space | 64,10% Space Free | Partition Type: NTFS
Drive S: | 38,33 Gb Total Space | 4,18 Gb Free Space | 10,91% Space Free | Partition Type: NTFS
Drive T: | 100,39 Gb Total Space | 1,85 Gb Free Space | 1,84% Space Free | Partition Type: NTFS
 
Computer Name: ZAN_DESK | User Name: Zandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - S:\_00 Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Vtune\TBPANEL.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mindjet\MindManager 9\MmReminderService.exe (Mindjet)
PRC - C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
PRC - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Cherry\KeyMan\KeyMan.exe (ZF Electronics GmbH)
PRC - C:\Program Files\Cherry\CDI\cdi.exe (ZF Electronics GmbH)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\PrintIsolationHost.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Users\Zandra\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Zandra\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll ()
MOD - C:\Users\Zandra\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll ()
MOD - C:\Users\Zandra\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll ()
MOD - C:\Users\Zandra\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll ()
MOD - C:\Program Files\Tablet\Wacom\libxml2.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - C:\Program Files\Vtune\TBPANEL.exe ()
MOD - C:\Program Files\Mindjet\MindManager 9\zlib.dll ()
MOD - C:\Program Files\Cherry\KeyMan\zlib1.dll ()
MOD - C:\Program Files\Cherry\KeyMan\libpng13.dll ()
MOD - C:\Program Files\Vtune\TBMANAGE.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (vsmon) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV - (TabletServiceWacom) -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (TouchServiceWacom) -- C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe (Wacom Technology, Corp.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Cherry Device Interface) -- C:\Program Files\Cherry\CDI\cdi.exe (ZF Electronics GmbH)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avnetflt) -- C:\Windows\System32\drivers\avnetflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (acsock) -- C:\Windows\System32\drivers\acsock.sys (Cisco Systems, Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (WacHidRouter) -- C:\Windows\System32\drivers\wachidrouter.sys (Wacom Technology)
DRV - (hidkmdf) -- C:\Windows\System32\drivers\hidkmdf.sys (Windows (R) Win 7 DDK provider)
DRV - (wacomrouterfilter) -- C:\Windows\System32\drivers\wacomrouterfilter.sys (Wacom Technology)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (Ch2kUSBM) -- C:\Windows\System32\drivers\Ch2kUSBm.sys (Cherry GmbH)
DRV - (ahcix86) -- C:\Windows\System32\drivers\ahcix86.sys (Advanced Micro Devices, Inc)
DRV - (Ch2kUSB) -- C:\Windows\System32\drivers\Ch2kUSB.sys (Cherry GmbH)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (ZD1211BU(TP-LINK) -- C:\Windows\System32\drivers\ZD1211BU.sys (Atheros Technology Corporation)
DRV - (TBPanel) -- C:\Windows\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (Cardex) -- C:\Windows\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A 81 C4 A4 E4 EA CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.6: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Zandra\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Zandra\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.05.15 19:47:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012.06.21 07:25:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.11.16 11:12:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2012.05.15 18:33:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zandra\AppData\Roaming\Mozilla\Extensions
[2012.05.17 10:46:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zandra\AppData\Roaming\Mozilla\Firefox\Profiles\6bv9954n.default\extensions
[2013.11.24 06:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zandra\AppData\Roaming\Mozilla\Firefox\Profiles\7li9lt0b.default\extensions
[2012.05.17 18:56:05 | 000,000,000 | ---D | M] (Screenshot Pimp) -- C:\Users\Zandra\AppData\Roaming\Mozilla\Firefox\Profiles\7li9lt0b.default\extensions\{056d0610-e44d-11df-bccf-0800200c9a66}
[2013.11.24 06:51:58 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Zandra\AppData\Roaming\Mozilla\Firefox\Profiles\7li9lt0b.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013.05.26 05:33:06 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Zandra\AppData\Roaming\Mozilla\Firefox\Profiles\7li9lt0b.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2013.09.01 18:39:42 | 000,000,000 | ---D | M] (Print pages to PDF) -- C:\Users\Zandra\AppData\Roaming\Mozilla\Firefox\Profiles\7li9lt0b.default\extensions\printPages2Pdf@reinhold.ripper
[2013.09.17 21:41:32 | 000,000,000 | ---D | M] (Super Start) -- C:\Users\Zandra\AppData\Roaming\Mozilla\Firefox\Profiles\7li9lt0b.default\extensions\superstart@enjoyfreeware.org
[2012.05.17 18:56:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zandra\AppData\Roaming\Mozilla\Firefox\Profiles\7li9lt0b.default\extensions\temp
[2012.09.19 15:02:27 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Zandra\AppData\Roaming\Mozilla\Firefox\Profiles\7li9lt0b.default\extensions\amznUWL2@amazon.com.xpi
[2013.11.21 08:21:37 | 002,212,154 | ---- | M] () (No name found) -- C:\Users\Zandra\AppData\Roaming\Mozilla\Firefox\Profiles\7li9lt0b.default\extensions\firebug@software.joehewitt.com.xpi
[2012.11.22 08:33:42 | 001,230,904 | ---- | M] () (No name found) -- C:\Users\Zandra\AppData\Roaming\Mozilla\Firefox\Profiles\7li9lt0b.default\extensions\Office2007Black@JBBS.xpi
[2013.11.19 07:47:11 | 000,534,998 | ---- | M] () (No name found) -- C:\Users\Zandra\AppData\Roaming\Mozilla\Firefox\Profiles\7li9lt0b.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.12.11 19:45:04 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Zandra\AppData\Roaming\Mozilla\Firefox\Profiles\7li9lt0b.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.02.09 14:53:40 | 000,328,332 | ---- | M] () (No name found) -- C:\Users\Zandra\AppData\Roaming\Mozilla\Firefox\Profiles\7li9lt0b.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2013.11.03 11:45:54 | 000,778,022 | ---- | M] () (No name found) -- C:\Users\Zandra\AppData\Roaming\Mozilla\Firefox\Profiles\7li9lt0b.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013.11.16 11:12:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.11.16 11:12:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Zandra\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Zandra\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Zandra\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - Extension: YouTube = C:\Users\Zandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Zandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Zandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.05.15 20:35:34 | 000,001,451 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 practivate.adobe
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.newoa
O1 - Hosts: 127.0.0.1 practivate.adobe.ntp
O1 - Hosts: 127.0.0.1 practivate.adobe.ipp
O1 - Hosts: 23 more lines...
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CherryKeyMan] C:\Program Files\Cherry\KeyMan\KeyMan.exe (ZF Electronics GmbH)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 9\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
O4 - HKCU..\Run: [Video Performer63615.exe] "C:\Users\Zandra\AppData\Local\Temp\Video Performer63615.exe" /XML="C:\Users\Zandra\AppData\Local\Temp\BF5E.tmp" /STP=0:2 File not found
O4 - HKLM..\RunOnce: [SymInstallStub] C:\Windows\System32\Adobe\Shockwave 12\SymInstallStub.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FB970B7-96D4-4837-A210-B0ABC38CB6F2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79471EE2-11BF-4BC9-AD04-3E401F20C162}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B067AD09-9A27-43A8-A248-F174092C8375}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.02.03 13:21:22 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012.05.14 10:49:45 | 000,000,000 | ---D | M] - P:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.11.26 22:08:27 | 000,000,000 | ---D | C] -- C:\FRST
[2013.11.26 22:06:16 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.11.26 22:06:16 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.11.26 21:56:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2013.11.26 19:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.11.20 19:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.11.16 11:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.05.24 10:30:24 | 001,548,288 | ---- | C] (AbstractSpoon Software) -- C:\Program Files\ToDoList.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.11.27 19:44:41 | 000,013,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.11.27 19:44:41 | 000,013,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.11.27 19:41:36 | 000,611,076 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.11.27 19:41:36 | 000,107,262 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.11.27 19:37:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.11.27 19:37:03 | 2607,992,832 | -HS- | M] () -- C:\hiberfil.sys
[2013.11.27 07:49:29 | 000,000,622 | -H-- | M] () -- C:\Windows\tasks\Norton Product InstallerIdle.job
[2013.11.26 22:37:33 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-884300604-3128960577-1161286599-1000UA.job
[2013.11.26 22:06:16 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.11.26 22:06:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.11.26 22:01:40 | 000,002,275 | ---- | M] () -- C:\Users\Zandra\Desktop\Norton Product Installer.lnk
[2013.11.24 07:05:09 | 000,010,192 | ---- | M] () -- C:\Program Files\ToDoList.ini
[2013.11.22 01:10:52 | 000,002,061 | ---- | M] () -- C:\Users\Zandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013.11.17 11:51:11 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2013.11.16 13:37:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-884300604-3128960577-1161286599-1000Core.job
[2013.11.16 12:41:37 | 006,075,329 | ---- | M] () -- C:\Users\Zandra\Desktop\03581410.pdf
[2013.11.16 12:41:21 | 001,226,100 | ---- | M] () -- C:\Users\Zandra\Desktop\1861100206.pdf
[2013.11.16 12:41:08 | 000,262,084 | ---- | M] () -- C:\Users\Zandra\Desktop\05271610.pdf
[2013.10.31 19:25:19 | 000,137,208 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.10.31 19:25:19 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.10.31 19:25:19 | 000,067,680 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.10.31 19:25:19 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.10.28 20:40:32 | 002,712,610 | ---- | M] () -- C:\Users\Zandra\Desktop\20131028_203218 copy.jpg
[2013.10.28 20:32:18 | 002,410,558 | ---- | M] () -- C:\Users\Zandra\Desktop\20131028_203218.jpg
 
========== Files Created - No Company Name ==========
 
[2013.11.26 22:01:40 | 000,002,305 | ---- | C] () -- C:\Users\Zandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton Product Installer.lnk
[2013.11.26 22:01:40 | 000,002,275 | ---- | C] () -- C:\Users\Zandra\Desktop\Norton Product Installer.lnk
[2013.11.26 22:01:40 | 000,000,622 | -H-- | C] () -- C:\Windows\tasks\Norton Product InstallerIdle.job
[2013.11.16 12:41:36 | 006,075,329 | ---- | C] () -- C:\Users\Zandra\Desktop\03581410.pdf
[2013.11.16 12:41:21 | 001,226,100 | ---- | C] () -- C:\Users\Zandra\Desktop\1861100206.pdf
[2013.11.16 12:41:08 | 000,262,084 | ---- | C] () -- C:\Users\Zandra\Desktop\05271610.pdf
[2013.10.28 20:40:30 | 002,712,610 | ---- | C] () -- C:\Users\Zandra\Desktop\20131028_203218 copy.jpg
[2013.10.28 20:35:39 | 002,410,558 | ---- | C] () -- C:\Users\Zandra\Desktop\20131028_203218.jpg
[2012.10.08 12:04:43 | 000,003,584 | ---- | C] () -- C:\Users\Zandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.19 12:06:30 | 002,621,723 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.06.25 15:39:50 | 000,001,456 | ---- | C] () -- C:\Users\Zandra\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012.05.25 08:51:45 | 001,516,453 | ---- | C] () -- C:\Users\Zandra\nala mit feder.png
[2012.05.25 08:48:36 | 001,007,348 | ---- | C] () -- C:\Users\Zandra\bbsephia1.png
[2012.05.24 22:43:53 | 000,030,041 | ---- | C] () -- C:\Users\Zandra\bass-guitar-wallpaper-5.jpg
[2012.05.24 22:42:15 | 002,306,556 | ---- | C] () -- C:\Users\Zandra\_DSF2016.JPG
[2012.05.24 22:42:15 | 000,484,854 | ---- | C] () -- C:\Users\Zandra\kiwi.jpg
[2012.05.24 22:42:15 | 000,482,374 | ---- | C] () -- C:\Users\Zandra\DSCF2401.thumb.jpg
[2012.05.24 22:42:15 | 000,466,713 | ---- | C] () -- C:\Users\Zandra\DSCF2234.thumb.jpg
[2012.05.24 22:40:34 | 000,030,030 | ---- | C] () -- C:\Users\Zandra\get.jpg
[2012.05.24 22:37:15 | 000,148,786 | ---- | C] () -- C:\Users\Zandra\phoebs auf dem klavier.jpg
[2012.05.24 22:31:26 | 001,018,966 | ---- | C] () -- C:\Users\Zandra\K-MB_smart_Discoball-smart_lo_05.jpg
[2012.05.24 22:31:26 | 000,531,666 | ---- | C] () -- C:\Users\Zandra\Discoball-smart_lo_01.jpg
[2012.05.24 10:30:45 | 000,010,192 | ---- | C] () -- C:\Program Files\ToDoList.ini
[2012.05.23 09:38:13 | 000,000,132 | ---- | C] () -- C:\Users\Zandra\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.05.17 23:50:24 | 000,007,602 | ---- | C] () -- C:\Users\Zandra\AppData\Local\Resmon.ResmonCfg
[2012.05.15 18:52:43 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2012.05.15 18:30:57 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2012.05.15 18:26:05 | 002,944,929 | ---- | C] () -- C:\Users\Zandra\DSCF3745.JPG
[2012.05.15 18:26:05 | 000,516,610 | ---- | C] () -- C:\Users\Zandra\bass.jpg
[2012.05.15 01:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 10:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
--- --- ---


OTL Logfile:
Code:
OTL Extras logfile created on: 27.11.2013 20:05:16 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = S:\_00 Downloads
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,24 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 56,73% Memory free
6,48 Gb Paging File | 4,10 Gb Available in Paging File | 63,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,78 Gb Total Space | 15,90 Gb Free Space | 28,50% Space Free | Partition Type: NTFS
Drive D: | 322,17 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 50,20 Gb Total Space | 16,33 Gb Free Space | 32,53% Space Free | Partition Type: NTFS
Drive G: | 14,70 Gb Total Space | 6,66 Gb Free Space | 45,32% Space Free | Partition Type: FAT32
Drive M: | 150,59 Gb Total Space | 60,05 Gb Free Space | 39,88% Space Free | Partition Type: NTFS
Drive P: | 50,20 Gb Total Space | 32,18 Gb Free Space | 64,10% Space Free | Partition Type: NTFS
Drive S: | 38,33 Gb Total Space | 4,18 Gb Free Space | 10,91% Space Free | Partition Type: NTFS
Drive T: | 100,39 Gb Total Space | 1,85 Gb Free Space | 1,84% Space Free | Partition Type: NTFS
 
Computer Name: ZAN_DESK | User Name: Zandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems, Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E374A16F-EAF0-427C-8957-F966D7538D89}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{EECBD1D2-BCEC-494B-95AF-8A7E728CAFC1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FBFB5038-C891-41E8-AD29-61D8839350DC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D4F123-2453-452E-9306-E232DF0FA586}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{2E771E26-3E49-46A7-80EC-3CD7E42BF98F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7FE0BACE-038C-4CFD-8696-4D4A9C515D0A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8ECC8E09-EC20-445D-A15F-5E6B33B78F55}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{959AE520-04DE-4428-A8AE-75E00E36E979}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{98E623D8-7078-47AD-B6F3-B51870065F24}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CE894F71-87CC-430F-9288-C25A0B47194B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{EAA8AEC8-F48F-4FB3-AF58-D86C3B183034}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1389C3D3-7E31-42FC-A6AF-FA1AFBE0AC8F}" = ZoneAlarm Antivirus
"{14830F1E-C1C4-4526-BB51-4FC1ABC3EFBD}" = ZoneAlarm Firewall
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3BD98AAF-61B5-46E0-A6C8-593C242C7C48}" = TP-LINK Wireless Client Utility
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{483AEC7E-EA54-4433-B2BF-D75C33D2A488}" = Mindjet MindManager 9
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{5058B085-AA79-41E5-A726-681B4C4B846E}" = ACDSee 5.0 PowerPack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6553F4A8-B67F-49BA-A882-FF499C83CF4B}" = 32 Bit HP CIO Components Installer
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A41EB7B5-8883-4795-A587-AAD8A84A010D}" = Cisco AnyConnect Secure Mobility Client
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC627AE5-A2B1-4D16-AF56-178D10EC3E81}" = KeyMan V3.6 Build 6
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA3F9C49-CAA9-4FF5-B70A-A7FC0976C5E9}" = ZoneAlarm Security
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.5.3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 5.0.11.508
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"IrfanView" = IrfanView (remove only)
"Kyocera Product Library" = Kyocera Product Library
"LastFM_is1" = Last.fm 1.5.4.27091
"Mozilla Firefox 25.0.1 (x86 en-GB)" = Mozilla Firefox 25.0.1 (x86 en-GB)
"Mozilla Thunderbird 24.1.1 (x86 en-GB)" = Mozilla Thunderbird 24.1.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MySSID_is1" = Vtune 7.21
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PDF-XChange 3_is1" = PDF-XChange 3
"sp6" = Logitech SetPoint 6.32
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.11.2013 11:26:06 | Computer Name = Zan_Desk | Source = Microsoft-Windows-User Profiles Service | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
 temporary profile. Changes you make to this profile will be lost when you log off.
 
Error - 17.11.2013 11:27:31 | Computer Name = Zan_Desk | Source = Microsoft-Windows-User Profiles Service | ID = 1508
Description = Windows was unable to load the registry. This problem is often caused
 by insufficient memory or insufficient security rights.      DETAIL - The process cannot
 access the file because it is being used by another process.  for C:\Users\Zandra\ntuser.dat
 
Error - 17.11.2013 11:27:31 | Computer Name = Zan_Desk | Source = Microsoft-Windows-User Profiles Service | ID = 1502
Description = Windows cannot load the locally stored profile. Possible causes of
 this error include insufficient security rights or a corrupt local profile.      DETAIL
 - The process cannot access the file because it is being used by another process.

 
Error - 17.11.2013 11:27:31 | Computer Name = Zan_Desk | Source = Microsoft-Windows-User Profiles Service | ID = 1515
Description = Windows has backed up this user profile. Windows will automatically
 try to use the backup profile the next time this user logs on.
 
Error - 17.11.2013 11:27:31 | Computer Name = Zan_Desk | Source = Microsoft-Windows-User Profiles Service | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
 temporary profile. Changes you make to this profile will be lost when you log off.
 
Error - 17.11.2013 11:28:15 | Computer Name = Zan_Desk | Source = Microsoft-Windows-User Profiles Service | ID = 1533
Description = Windows cannot delete the profile directory C:\Users\TEMP. This error
 may be caused by files in this directory being used by another program.      DETAIL
 - The directory is not empty. 
 
Error - 24.11.2013 09:51:43 | Computer Name = Zan_Desk | Source = Application Error | ID = 1000
Description = Faulting application name: vsmon.exe, version: 10.2.57.0, time stamp:
 0x4fc957b7  Faulting module name: vsdb.dll, version: 10.2.57.0, time stamp: 0x4fc953f8
Exception
 code: 0xc0000005  Fault offset: 0x0000eca3  Faulting process id: 0x698  Faulting application
 start time: 0x01cee91c45c32618  Faulting application path: C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
Faulting
 module path: C:\Program Files\CheckPoint\ZoneAlarm\vsdb.dll  Report Id: 8cbe6a93-550f-11e3-95be-0023cdb8456b
 
Error - 25.11.2013 15:26:51 | Computer Name = Zan_Desk | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerPlugin_11_7_700_202.exe, version:
 11.7.700.202, time stamp: 0x51801fef  Faulting module name: FlashPlayerPlugin_11_7_700_202.exe,
 version: 11.7.700.202, time stamp: 0x51801fef  Exception code: 0x40000015  Fault offset:
 0x000178f0  Faulting process id: 0x16f8  Faulting application start time: 0x01ceea0613cb0022
Faulting
 application path: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
Faulting
 module path: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
Report
 Id: 8895e25f-5607-11e3-9529-0023cdb8456b
 
Error - 26.11.2013 17:09:05 | Computer Name = Zan_Desk | Source = Application Error | ID = 1000
Description = Faulting application name: FRST.exe, version: 3.3.8.1, time stamp:
 0x4f25baec  Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp:
 0x4cc7ab44  Exception code: 0xc0000005  Fault offset: 0x00051f88  Faulting process id:
 0x116c  Faulting application start time: 0x01ceeaeb9cf22bb4  Faulting application path:
 S:\_00 Downloads\FRST.exe  Faulting module path: C:\Windows\SYSTEM32\ntdll.dll  Report
 Id: fae06347-56de-11e3-83d7-0023cdb8456b
 
Error - 26.11.2013 17:09:56 | Computer Name = Zan_Desk | Source = Application Error | ID = 1000
Description = Faulting application name: FRST.exe, version: 3.3.8.1, time stamp:
 0x4f25baec  Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp:
 0x4cc7ab44  Exception code: 0xc0000005  Fault offset: 0x00051f88  Faulting process id:
 0x15dc  Faulting application start time: 0x01ceeaebcc5b3f7b  Faulting application path:
 S:\_00 Downloads\FRST.exe  Faulting module path: C:\Windows\SYSTEM32\ntdll.dll  Report
 Id: 1990d320-56df-11e3-83d7-0023cdb8456b
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 27.11.2013 14:38:23 | Computer Name = Zan_Desk | Source = acvpnagent | ID = 67108866
Description = Function: URL::URL File: .\Utility\URL.cpp Line: 46 Invoked Function:
 URL::setURL Return Code: -28508150 (0xFE4D000A) Description: URL_ERROR_BAD_URL parameter=
 
Error - 27.11.2013 14:38:31 | Computer Name = Zan_Desk | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
 254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
 
Error - 27.11.2013 14:38:31 | Computer Name = Zan_Desk | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
 1194 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780
 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
 
Error - 27.11.2013 14:38:31 | Computer Name = Zan_Desk | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
 1081 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363
 (0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
 not contact target
 
Error - 27.11.2013 14:38:31 | Computer Name = Zan_Desk | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 865 Invoked Function: CNetEnvironment::TestAccessToSG Return Code: -28901363 (0xFE47000D)
Description:
 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
 
Error - 27.11.2013 14:39:01 | Computer Name = Zan_Desk | Source = acvpnagent | ID = 67108866
Description = Function: URL::URL File: .\Utility\URL.cpp Line: 46 Invoked Function:
 URL::setURL Return Code: -28508150 (0xFE4D000A) Description: URL_ERROR_BAD_URL parameter=
 
Error - 27.11.2013 14:39:09 | Computer Name = Zan_Desk | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
 254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
 
Error - 27.11.2013 14:39:09 | Computer Name = Zan_Desk | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
 1194 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780
 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
 
Error - 27.11.2013 14:39:09 | Computer Name = Zan_Desk | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
 1081 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363
 (0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
 not contact target
 
Error - 27.11.2013 14:39:09 | Computer Name = Zan_Desk | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 865 Invoked Function: CNetEnvironment::TestAccessToSG Return Code: -28901363 (0xFE47000D)
Description:
 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
 
[ System Events ]
Error - 14.10.2013 13:53:39 | Computer Name = Zan_Desk | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 19.10.2013 08:23:10 | Computer Name = Zan_Desk | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 30.10.2013 02:52:11 | Computer Name = Zan_Desk | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 03.11.2013 14:27:36 | Computer Name = Zan_Desk | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 06.11.2013 14:35:44 | Computer Name = Zan_Desk | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 10.11.2013 07:49:47 | Computer Name = Zan_Desk | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 21.11.2013 03:47:11 | Computer Name = Zan_Desk | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 24.11.2013 09:51:52 | Computer Name = Zan_Desk | Source = Service Control Manager | ID = 7034
Description = The TrueVector Internet Monitor service terminated unexpectedly. 
It has done this 1 time(s).
 
Error - 25.11.2013 13:29:21 | Computer Name = Zan_Desk | Source = EventLog | ID = 6008
Description = The previous system shutdown at 06:58:57 on ?25.?11.?2013 was unexpected.
 
Error - 25.11.2013 13:29:22 | Computer Name = Zan_Desk | Source = BugCheck | ID = 1001
Description =
 
 
< End of report >
--- --- ---

schrauber 29.11.2013 15:41
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

zakiya 02.12.2013 11:34
Combofix Logfile:
Code:
ComboFix 13-11-27.01 - Zandra 02.12.2013  11:19:03.2.4 - x86
Microsoft Windows 7 Professional  6.1.7600.0.1252.49.1033.18.3316.2209 [GMT 1:00]
ausgeführt von:: c:\users\Zandra\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: ZoneAlarm Free Firewall Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Free Firewall Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\windows\security\Database\tmp.edb
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vpnagent
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-11-02 bis 2013-12-02  ))))))))))))))))))))))))))))))
.
.
2013-12-02 10:26 . 2013-12-02 10:26        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-11-28 20:44 . 2013-11-28 20:44        --------        d-----w-        c:\programdata\Symantec
2013-11-28 20:44 . 2013-11-28 20:44        --------        d-----w-        c:\windows\system32\drivers\NSS
2013-11-28 20:44 . 2013-11-28 20:44        --------        d-----w-        c:\program files\Norton Security Scan
2013-11-28 20:27 . 2013-11-28 20:44        --------        d-----w-        c:\programdata\Norton
2013-11-28 20:27 . 2013-11-28 20:27        --------        d-----w-        c:\program files\NortonInstaller
2013-11-26 21:08 . 2013-11-26 21:08        --------        d-----w-        C:\FRST
2013-11-26 21:06 . 2013-11-26 21:06        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-26 20:56 . 2013-11-26 20:56        --------        d-----w-        c:\windows\system32\Adobe
2013-11-20 18:05 . 2013-11-22 00:13        --------        d-----w-        c:\program files\Mozilla Thunderbird
2013-11-17 15:27 . 2013-11-17 15:28        --------        d-----w-        c:\users\TEMP
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-17 10:51 . 2012-06-05 08:16        16400        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys
2013-10-31 18:25 . 2013-09-04 17:42        67680        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2013-10-31 18:25 . 2013-09-04 17:42        37352        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2013-10-31 18:25 . 2013-09-04 17:42        137208        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-10-31 18:25 . 2013-09-04 17:42        90400        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-04 20:41 . 2012-05-24 09:30        1548288        ----a-w-        c:\program files\ToDoList.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 1866864]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Adobe Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2010-10-25 1216416]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2011-08-02 2248704]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19875432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CherryKeyMan"="c:\program files\Cherry\KeyMan\KeyMan.exe" [2010-09-01 254004]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-06-01 73392]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-06-07 522744]
"MMReminderService"="c:\program files\Mindjet\MindManager 9\MMReminderService.exe" [2011-02-11 38240]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-10-31 683576]
.
c:\users\Zandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03        66328        ----a-w-        c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-30 06:46        499608        ------w-        c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 05:08        1523360        ----a-w-        c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2012-06-07 87976]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-03-29 11640]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-03-29 55672]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-03-29 13688]
S0 ahcix86;ahcix86;c:\windows\system32\DRIVERS\ahcix86.sys [2010-06-23 210000]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-10-31 37352]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2012-01-09 11352]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-10-31 440376]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2013-10-31 1164360]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2013-10-31 67680]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-04-30 27016]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-04-30 497280]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2012-04-18 7218040]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [2012-04-18 483704]
S3 Ch2kUSB;Cherry USB Driver for CDI;c:\windows\system32\drivers\Ch2kUSB.sys [2010-01-21 112512]
S3 Ch2kUSBM;Cherry USB Mouse Driver for CDI;c:\windows\system32\drivers\Ch2kUSBm.sys [2010-07-29 63744]
S3 Cherry Device Interface;Cherry Device Interface;c:\program files\Cherry\CDI\cdi.exe [2010-08-25 577582]
S3 ZD1211BU(TP-LINK);TP-LINK Wireless USB Adapter Driver(TP-LINK);c:\windows\system32\DRIVERS\zd1211Bu.sys [2007-06-25 500736]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-884300604-3128960577-1161286599-1000Core.job
- c:\users\Zandra\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-06 21:23]
.
2013-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-884300604-3128960577-1161286599-1000UA.job
- c:\users\Zandra\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-06 21:23]
.
2013-11-30 c:\windows\Tasks\Norton Security Scan for Zandra.job
- c:\progra~1\NORTON~2\Engine\403~1.24\Nss.exe [2013-11-28 06:43]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Zandra\AppData\Roaming\Mozilla\Firefox\Profiles\7li9lt0b.default\
FF - prefs.js: browser.search.selectedEngine - BMRK File Host Search
FF - prefs.js: browser.startup.homepage - chrome://superstart/content/index.html
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-ISW - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(604)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'Explorer.exe'(5940)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\Common Files\Cherry\Common\KbdHook00.dll
.
Zeit der Fertigstellung: 2013-12-02  11:27:49
ComboFix-quarantined-files.txt  2013-12-02 10:27
.
Vor Suchlauf: 17.116.225.536 bytes free
Nach Suchlauf: 17.003.737.088 bytes free
.
- - End Of File - - D17F198464F088C3A2B913E84CCF6DD3
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

schrauber 02.12.2013 11:56
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

zakiya 02.12.2013 12:56
Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.02.04

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Zandra :: ZAN_DESK [Administrator]

Schutz: Aktiviert

02.12.2013 12:34:32
mbam-log-2013-12-02 (12-34-32).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 211565
Laufzeit: 4 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

AdwCleaner Logfile:
Code:
# AdwCleaner v3.014 - Report created 02/12/2013 at 12:40:53
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Professional  (32 bits)
# Username : Zandra - ZAN_DESK
# Running from : S:\_00 Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Found C:\Users\Zandra\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.17006


-\\ Mozilla Firefox v25.0.1 (en-GB)

[ File : C:\Users\Zandra\AppData\Roaming\Mozilla\Firefox\Profiles\6bv9954n.default\prefs.js ]


[ File : C:\Users\Zandra\AppData\Roaming\Mozilla\Firefox\Profiles\7li9lt0b.default\prefs.js ]

Line Found : user_pref("easygestures.searchQuery1", "hxxp://www.google.de/search?q=%s&ie=UTF-8&hl=de&num=100");
Line Found : user_pref("easygestures.searchQuery2", "hxxp://vivisimo.com/search?query=%s");
Line Found : user_pref("easygestures.searchQuery3", "hxxp://de.altavista.com/web/results?q=%s&kgs=0&kls=1&avkw=aapt");
Line Found : user_pref("easygestures.translateQuery", "hxxp://info.babylon.com/cgi-bin/info.cgi?ot=2&layout=combo.html&n=30&lang=6&word=%s");

-\\ Google Chrome v

[ File : C:\Users\Zandra\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2176 octets] - [02/12/2013 12:40:53]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2236 octets] ##########
--- --- ---

JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x86
Ran by Zandra on 02.12.2013 at 12:43:59,36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitengine



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Empty Folder] C:\Users\Zandra\appdata\local\{8DA42A67-4995-4957-8931-985CAE1EB1A0}
Successfully deleted: [Empty Folder] C:\Users\Zandra\appdata\local\{DC422C84-3CB3-418B-8162-16128FEA0A70}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.12.2013 at 12:46:28,19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---



FRST kann ich leider immer noch nicht erstellen, das stürzt weiterhin ab :/

schrauber 03.12.2013 09:40

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
  • Doppelklick auf die OTL.exe
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal Ausgabe
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.



Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:37 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19