Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Polizei Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.02.2013, 14:03   #1
yourajassef
 
Polizei Virus - Standard

Polizei Virus



Hallo Trojaner-Board-Team,
das hat mich auch erwischt : Polizei Virus der meinen Computer gesperrt hat.

Ich habe schon auch schon ähnliche Themen sowie "Vorgehen beim Verschlüsselungs-Trojaner" im Forum gelesen.

Ich habe Malwarebaytes installiert. Es wird jetzt durchgeführt (vollständiges Prüfen)

OTL habe ich auch installiert.

Ich habe Windows Vista 32 Bit

Ich bedanke mich für die Weiterhilfe

Viele Grüße

Youssef

Alt 02.02.2013, 17:43   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizei Virus - Standard

Polizei Virus





Zitat:
Ich habe Malwarebaytes installiert. Es wird jetzt durchgeführt (vollständiges Prüfen)

OTL habe ich auch installiert.
Schön, toll, und wo sind die Logs dazu?
__________________

__________________

Alt 02.02.2013, 20:37   #3
yourajassef
 
Polizei Virus - Standard

Polizei Virus



Hallo,
sorry das hat ewig gedauert bis der test fertig war.
Hier die Logs (Ich habe nichts gelöscht, OTL habe ich noch nicht ausgeführt. Ich warte auf Eure Anweisungen):

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.02.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
yourajassef :: YOURAJASSEF-PC [Administrator]

Schutz: Aktiviert

02.02.2013 13:52:10
MBAM-log-2013-02-02 (20-35-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 444089
Laufzeit: 2 Stunde(n), 11 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 67
HKCR\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Keine Aktion durchgeführt.
HKCR\CLSID\{396CFC12-932D-496b-A0A8-5D7201E105E1} (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{573F4ABB-A1A2-44ED-9BA9-A8DAD40AAC46} (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F} (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\CLSID\{74C22317-5B90-471f-9AD2-FEC049870A16} (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.Scopes (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Keine Aktion durchgeführt.
HKCR\ClickPotatoLiteAx.Info (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\ClickPotatoLiteAx.Info.1 (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.Dwnldr (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.HbAx (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.HbAx.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.HbGuru (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.HbInfoBand (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.IEButton (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.IEButton.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.IEButtonA (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.ReportData (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.Reporter (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.RprtCtrl (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.Stock (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.Stock.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\AppID\CmndFF.DLL (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\AppID\mozillaps.dll (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCU\Software\clickpotatolitesa (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|ShopperReports 3.1.69.0 (Adware.HotBar) -> Daten:  -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E8790771B5765B5A37AD97 (Malware.Trace) -> Daten:  -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|ShopperReports@ShopperReports.com (ShopperReports) -> Daten: C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Daten: C:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox\extensions -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 24
C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Users\yourajassef\AppData\Roaming\ClickPotatoLite (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Users\yourajassef\AppData\Roaming\ShopperReports3 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ClickPotatoLite (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Program Files\ClickPotatoLite\bin (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Program Files\ClickPotatoLite\bin\10.0.668.0 (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox\extensions (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox\extensions\plugins (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\chrome\content (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64} (Adware.ScanQuery) -> Keine Aktion durchgeführt.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome (Adware.ScanQuery) -> Keine Aktion durchgeführt.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults (Adware.ScanQuery) -> Keine Aktion durchgeführt.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults\preferences (Adware.ScanQuery) -> Keine Aktion durchgeführt.

Infizierte Dateien: 44
C:\Program Files\ShopperReports3\bin\3.1.69.0\CmndFF.dll (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Users\yourajassef\wgsdgsdgdsgsd.exe (Spyware.Zbot.ED) -> Keine Aktion durchgeführt.
C:\Users\yourajassef\AppData\Local\Temp\RarSFX0\MegaplaySetup.exe (Adware.Seeearch) -> Keine Aktion durchgeführt.
C:\Users\yourajassef\AppData\Local\Temp\RarSFX0\seeearch.exe (Adware.Dropper) -> Keine Aktion durchgeführt.
C:\Users\yourajassef\AppData\Local\Temp\RarSFX1\MegaplaySetup.exe (Adware.Seeearch) -> Keine Aktion durchgeführt.
C:\Users\yourajassef\AppData\Local\Temp\RarSFX1\seeearch.exe (Adware.Dropper) -> Keine Aktion durchgeführt.
C:\Users\yourajassef\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\65a237f5-716f3b3f (Spyware.Zbot.ED) -> Keine Aktion durchgeführt.
C:\Users\yourajassef\Downloads\Neuer Ordner\Megaplayer.exe (Adware.Seeearch) -> Keine Aktion durchgeführt.
C:\Users\yourajassef\Downloads\Neuer Ordner\fifa_12_iphone_rar_downloader.exe (Adware.EasyDownloads) -> Keine Aktion durchgeführt.
D:\usb micha\Programme\Ptedit50\Addins\AddinSet.exe (Virus.Expiro) -> Keine Aktion durchgeführt.
D:\von festplatte\Windows 7\expandedSetup\boot\bootsect.exe (Virus.Expiro) -> Keine Aktion durchgeführt.
D:\von festplatte\Windows 7\expandedSetup\sources\dism.exe (Virus.Expiro) -> Keine Aktion durchgeführt.
D:\von festplatte\Windows 7\expandedSetup\sources\dismhost.exe (Virus.Expiro) -> Keine Aktion durchgeführt.
D:\von festplatte\Windows 7\expandedSetup\sources\rollback.exe (Virus.Expiro) -> Keine Aktion durchgeführt.
D:\von festplatte\Windows 7\expandedSetup\sources\setup.exe (Virus.Expiro) -> Keine Aktion durchgeführt.
D:\von festplatte\Windows 7\expandedSetup\sources\dlmanifests\microsoft-windows-iasserver-migplugin\iasmigreader.exe (Virus.Expiro) -> Keine Aktion durchgeführt.
D:\von festplatte\Windows 7\expandedSetup\support\migwiz\mighost.exe (Virus.Expiro) -> Keine Aktion durchgeführt.
D:\von festplatte\Windows 7\expandedSetup\support\migwiz\migwiz.exe (Virus.Expiro) -> Keine Aktion durchgeführt.
D:\von festplatte\Windows 7\expandedSetup\support\migwiz\postmig.exe (Virus.Expiro) -> Keine Aktion durchgeführt.
D:\von festplatte\Windows 7\expandedSetup\support\migwiz\cable\cableinst.exe (Virus.Expiro) -> Keine Aktion durchgeführt.
D:\von festplatte\Windows 7\expandedSetup\support\tools\gbunicnv.exe (Virus.Expiro) -> Keine Aktion durchgeführt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0\link.ico (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\chrome\content\infopane.js (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\chrome\content\InfoPane.xul (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\components\BrowserExtensionFF.dll (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\components\BrowserExtensionFF.xpt (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\About Us.lnk (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\Customer Support.lnk (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome.manifest (Adware.ScanQuery) -> Keine Aktion durchgeführt.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\install.rdf (Adware.ScanQuery) -> Keine Aktion durchgeführt.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome\scanquery.jar (Adware.ScanQuery) -> Keine Aktion durchgeführt.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults\preferences\prefs.js (Adware.ScanQuery) -> Keine Aktion durchgeführt.

(Ende)
         
Hallo Trojaner-board-Team,

nun habe ich auch OTL durchgeführt. Hier sind die 2 Logs:

Vielen Dank im Voraus

OTL:

Code:
ATTFilter
OTL logfile created on: 02.02.2013 22:23:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\yourajassef\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 28,09% Memory free
6,19 Gb Paging File | 3,70 Gb Available in Paging File | 59,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 10,40 Gb Free Space | 10,65% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 8,20 Gb Free Space | 8,39% Space Free | Partition Type: NTFS
Drive E: | 102,78 Gb Total Space | 7,43 Gb Free Space | 7,23% Space Free | Partition Type: NTFS
Drive F: | 232,83 Gb Total Space | 15,52 Gb Free Space | 6,66% Space Free | Partition Type: FAT32
 
Computer Name: YOURAJASSEF-PC | User Name: yourajassef | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\yourajassef\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\yourajassef\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\McAfee Security Scan\3.0.313\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee Security Scan\3.0.313\McCHSvc.exe (McAfee, Inc.)
PRC - C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Programme\Dell\DELL Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.313\McCHSvc.exe (McAfee, Inc.)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (Netaapl) -- system32\DRIVERS\netaapl.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (gqorbfjs) -- C:\Windows\system32\drivers\gqorbfjs.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=342&systemid=406&sr=0&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dimadimaraja.com/
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AA 01 10 1C D1 02 CC 01  [binary data]
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100842&mntrId=ee08035c00000000000000ff6ecd1ed9
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=342&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\..\SearchScopes\{A89B7D27-C3ED-4FAA-83E3-02E014612E5F}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = hxxp://10.5.0.253:3128
 
========== FireFox ==========
 
FF - prefs.js..CT2319825.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.rajacasablanca.com"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: ClickPotatoLite%40ClickPotatoLite.com:10.0.668.0
FF - prefs.js..extensions.enabledAddons: %7BDE9265D8-D55D-4286-9DC4-F8D8A0CA2F64%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\PROGRA~1\MOZILL~1\plugins\NpFv522.dll (1 mal 1 Software GmbH)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ShopperReports@ShopperReports.com: C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions [2011.04.27 19:58:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox\extensions [2011.04.27 19:58:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F3D26C8-9907-48ff-BC74-B8C572D317BF}: C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win [2012.01.05 18:01:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F0963A3-1658-4fde-9585-23A25CC288BF}: C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win [2012.01.05 18:01:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.28 11:49:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.27 01:01:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.27 01:01:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox [2011.04.28 22:53:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Users\yourajassef\AppData\Roaming\Mozilla\Firefox\Profiles/gfjmy2pc.default\extensions\specialsavings@superfish.com [2012.10.20 19:37:54 | 000,000,000 | ---D | M]
 
[2012.05.20 20:10:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yourajassef\AppData\Roaming\mozilla\Extensions
[2012.12.14 20:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yourajassef\AppData\Roaming\mozilla\Firefox\Profiles\gfjmy2pc.default\extensions
[2012.10.20 19:37:54 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\yourajassef\AppData\Roaming\mozilla\Firefox\Profiles\gfjmy2pc.default\extensions\specialsavings@superfish.com
[2012.12.14 20:12:12 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\yourajassef\AppData\Roaming\mozilla\firefox\profiles\gfjmy2pc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.10.04 20:02:36 | 000,002,101 | ---- | M] () -- C:\Users\yourajassef\AppData\Roaming\mozilla\firefox\profiles\gfjmy2pc.default\searchplugins\googlede.xml
[2013.01.19 18:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.01.19 18:48:06 | 000,000,000 | ---D | M] (ScanQuery) -- C:\Programme\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}
[2011.04.27 19:58:46 | 000,000,000 | ---D | M] (ClickPotatoLite Component) -- C:\PROGRAM FILES\CLICKPOTATOLITE\BIN\10.0.668.0\FIREFOX\EXTENSIONS
[2013.01.19 18:48:06 | 000,000,000 | ---D | M] (ScanQuery) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}
[2011.04.09 00:19:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013.01.19 18:48:40 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.09.21 11:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll
[2012.05.28 11:48:40 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012.06.09 13:26:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.04 12:00:04 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.08.31 16:29:41 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.09 13:26:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.09 13:26:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.10 22:24:41 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012.06.09 13:26:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.09 13:26:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (eCard Client Initiator) - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Programme\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000..\Run: [DELL Webcam Manager] C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000..\Run: [svñhîst] C:\Users\yourajassef\wgsdgsdgdsgsd.exe ()
O4 - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000..\Run: [Xvid] C:\Programme\Xvid\CheckUpdate.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\yourajassef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\yourajassef\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2027C885-E4F7-4ACC-92F8-0EF34481D55D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32AA4F81-6594-4EEB-A8DF-E8758EAA08D1}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6ECD1ED9-2AF2-49AD-92B3-53112338A2BC}: DhcpNameServer = 134.108.34.5 134.108.34.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7684A6C-BDED-4E33-8A09-976C4CE9B654}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O24 - Desktop WallPaper: C:\Users\yourajassef\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\yourajassef\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.02 21:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.02 21:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.02.02 21:05:30 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.02.02 14:16:52 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\Desktop\ddd
[2013.02.02 13:51:41 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.02.02 13:48:41 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Roaming\Malwarebytes
[2013.02.02 13:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.02 13:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.02 13:48:24 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.02.02 13:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.02.02 13:29:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\yourajassef\Desktop\OTL.exe
[2013.02.02 11:36:16 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{FA64E702-B458-40E3-9168-E40E168717C0}
[2013.02.01 15:30:51 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{84734E89-DCEA-416B-95DD-4901C7B8D5CF}
[2013.01.31 18:47:23 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{4E7C9939-30D0-470A-AE68-62608B9CAD1C}
[2013.01.30 22:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.01.30 16:31:33 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{F7CEB9F6-B0B1-4FDF-93F1-717F1C65F9FD}
[2013.01.29 22:58:11 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{F6CE08B8-61F3-41C7-8167-BB28A32692A9}
[2013.01.28 21:09:14 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{483C6E8A-58E3-4FDC-AFD0-6DDB9A87BC2F}
[2013.01.28 07:50:37 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{8A8D83FB-69B8-47AC-8F24-AB24CAE95D81}
[2013.01.27 10:19:23 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{61DE3AA7-E19B-41D9-80F4-DBE6A0A7976B}
[2013.01.27 01:11:13 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\Documents\DELL Webcam Center
[2013.01.27 01:11:03 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Roaming\Creative
[2013.01.27 01:01:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Reallusion
[2013.01.27 01:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Reallusion
[2013.01.27 00:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2013.01.27 00:59:45 | 005,627,904 | ---- | C] (Reallusion Inc.) -- C:\Windows\System32\LiveCamVirtual.ocx
[2013.01.27 00:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative
[2013.01.27 00:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\Creative Live! Cam
[2013.01.27 00:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL
[2013.01.27 00:57:53 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2013.01.26 18:14:01 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{6B17BB85-6FC3-4665-B020-4FED96DE1CCF}
[2013.01.25 21:10:46 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\Desktop\25.01.2013
[2013.01.25 20:58:08 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{F141443B-E818-4EC7-9A8F-1485D7F06711}
[2013.01.25 17:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam
[2013.01.25 16:54:42 | 000,024,576 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\OEM02Srv.exe
[2013.01.25 16:54:42 | 000,007,424 | ---- | C] (EyePower Games Pte. Ltd.) -- C:\Windows\System32\drivers\OEM02Vfx.sys
[2013.01.25 16:54:41 | 000,235,520 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\OEM02Dev.sys
[2013.01.25 16:54:41 | 000,040,960 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\OEM02Pin.dll
[2013.01.25 16:54:41 | 000,036,864 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
[2013.01.25 16:54:41 | 000,032,768 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\OEM02Hwx.dll
[2013.01.25 16:54:41 | 000,020,480 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\OEM02Pin.crl
[2013.01.25 16:54:40 | 000,385,024 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\OEM02Cvw.dll
[2013.01.25 16:54:40 | 000,331,776 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\OEM02Cvw.crl
[2013.01.25 16:54:38 | 000,028,672 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\OEM02Cfg.exe
[2013.01.25 16:54:37 | 000,141,376 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\OEM02Afx.sys
[2013.01.25 16:54:30 | 000,036,864 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\CtCamMgr.dll
[2013.01.25 08:13:32 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{F830E3BE-2CEC-494D-9EF5-1A3E422FC67E}
[2013.01.24 19:39:09 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{4F91E7A1-7D33-4E10-AB89-ECA7FE71DABE}
[2013.01.24 17:58:26 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Roaming\Movier
[2013.01.24 17:58:07 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movier
[2013.01.24 17:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movier
[2013.01.24 17:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\Movier
[2013.01.24 17:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Cutter
[2013.01.24 17:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\FreeVideoCutter.exe
[2013.01.24 17:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
[2013.01.24 17:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
[2013.01.24 07:38:28 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{A16A40D4-94D1-41F1-BF80-8A8C98A29624}
[2013.01.23 16:30:42 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{BC1D8181-AEF0-4C0F-B015-50899F0A6B9B}
[2013.01.22 22:56:00 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{4BD4BFFB-5CB8-40B4-AF7E-5435D9C4CD91}
[2013.01.22 07:09:16 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{8CE1F9D2-0DCA-4226-AF88-824286F2D47B}
[2013.01.21 13:03:29 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{0DE0DBD8-B77E-4E8B-A059-38215C7B982C}
[2013.01.20 22:28:21 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\Desktop\raja turquie
[2013.01.19 18:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.19 18:29:01 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{8921E137-2CD3-4C9E-B033-966E09F1CB3C}
[2013.01.18 20:30:31 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{743F50AF-CCD7-474B-AEC7-B981EBE2B5D4}
[2013.01.16 21:09:32 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{F2EDB183-C9BE-420E-A93E-121C9AEEF1B1}
[2013.01.15 07:14:16 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{3867AAA0-5425-42F5-B084-DFC3002507CD}
[2013.01.14 19:14:00 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{D2018EA6-E7FF-4B84-8AFC-C4D3ED236647}
[2013.01.13 12:20:04 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{6D8F47C2-846A-488C-879D-2DBA678B11E5}
[2013.01.12 11:59:15 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{A5125E27-51D3-4AB2-9E0D-BA58B0E8B9AD}
[2013.01.11 21:45:53 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{E8A54474-05F4-4E7B-8238-CF9E1FCF1464}
[2013.01.10 21:23:09 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{3137AC19-5A43-4F92-856F-0F39813E2BB1}
[2013.01.09 19:58:50 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.09 19:58:30 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013.01.09 19:45:17 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{475B9CA3-694E-4D8A-B7A8-8F1E54CCD231}
[2013.01.08 20:34:30 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{EF7D25D6-447D-43BA-B90C-39878FB941E3}
[2013.01.07 16:47:44 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{9656D099-B7BE-47AF-AADE-F3F45B5AF0BB}
[2013.01.06 19:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013.01.06 14:56:26 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{F5BEC2D7-07DE-4C5A-956B-5AB181480BF4}
[2013.01.05 23:15:34 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{E7336A64-AEF3-43C6-B458-694F382F2977}
[2013.01.05 11:15:18 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{2D07432B-D6F3-42D7-B7D8-1F968C054814}
[2013.01.04 21:34:38 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{6FCC1796-F8A5-47C7-B955-CB3D4B41F3A3}
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.02 22:19:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.02 21:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.02 21:11:24 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.02 21:11:24 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.02 21:05:36 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.02 16:19:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.02 13:51:41 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.02.02 13:48:32 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.02 13:29:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\yourajassef\Desktop\OTL.exe
[2013.02.02 13:18:03 | 000,032,441 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.02.02 13:17:58 | 000,032,441 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.02.02 13:17:58 | 000,002,473 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
[2013.02.02 13:11:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.02 13:11:15 | 3217,113,088 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.02 12:24:00 | 000,095,744 | RHS- | M] () -- C:\Users\yourajassef\wgsdgsdgdsgsd.exe
[2013.02.02 12:00:01 | 000,203,776 | ---- | M] () -- C:\Users\yourajassef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.31 09:35:35 | 000,632,530 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.31 09:35:35 | 000,599,188 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.31 09:35:35 | 000,127,566 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.31 09:35:35 | 000,105,202 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.30 22:39:24 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.01.30 22:39:24 | 000,001,911 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.01.30 11:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.01.27 13:27:24 | 000,000,680 | ---- | M] () -- C:\Users\yourajassef\AppData\Local\d3d9caps.dat
[2013.01.27 01:01:43 | 000,000,076 | RHS- | M] () -- C:\Windows\CT4CET.bin
[2013.01.26 23:28:36 | 000,044,135 | ---- | M] () -- C:\Users\yourajassef\Desktop\aaaa.jpg
[2013.01.25 21:53:28 | 517,202,359 | ---- | M] () -- C:\Users\yourajassef\Documents\IMG_2641.wmv
[2013.01.25 21:31:10 | 308,036,647 | ---- | M] () -- C:\Users\yourajassef\Documents\IMG_2665.wmv
[2013.01.24 22:50:37 | 000,000,957 | ---- | M] () -- C:\Users\yourajassef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.24 22:49:46 | 000,000,937 | ---- | M] () -- C:\Users\yourajassef\Desktop\Dropbox.lnk
[2013.01.24 20:13:45 | 060,964,084 | ---- | M] () -- C:\Users\yourajassef\Desktop\ButKachani.wmv
[2013.01.24 17:58:08 | 000,000,776 | ---- | M] () -- C:\Users\yourajassef\Desktop\Movier.lnk
[2013.01.24 17:57:45 | 007,850,112 | ---- | M] () -- C:\Users\yourajassef\Desktop\Movier-Installer_1.0.17.exe
[2013.01.24 17:40:42 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Free Video Cutter.lnk
[2013.01.16 23:54:43 | 268,922,635 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.14 21:52:07 | 003,741,925 | ---- | M] () -- C:\Users\yourajassef\Desktop\TvQuran.com__112.mp3
[2013.01.10 21:59:18 | 000,374,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.08 21:35:31 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.01.08 21:35:31 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013.02.02 21:05:36 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.02 13:48:32 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.02 13:11:15 | 3217,113,088 | -HS- | C] () -- C:\hiberfil.sys
[2013.02.02 12:24:00 | 000,095,744 | RHS- | C] () -- C:\Users\yourajassef\wgsdgsdgdsgsd.exe
[2013.01.30 22:39:24 | 000,001,911 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.01.27 01:01:43 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2013.01.25 21:47:40 | 517,202,359 | ---- | C] () -- C:\Users\yourajassef\Documents\IMG_2641.wmv
[2013.01.25 21:28:24 | 308,036,647 | ---- | C] () -- C:\Users\yourajassef\Documents\IMG_2665.wmv
[2013.01.25 16:54:42 | 000,057,656 | ---- | C] () -- C:\Windows\System32\drivers\OEM02Pvc.bmp
[2013.01.25 16:54:41 | 000,057,656 | ---- | C] () -- C:\Windows\System32\drivers\OEM02PC.bmp
[2013.01.25 16:54:40 | 000,260,330 | ---- | C] () -- C:\Windows\System32\OEM02Cvw.bff
[2013.01.25 16:54:37 | 000,004,510 | ---- | C] () -- C:\Windows\OEM002.uns
[2013.01.24 22:48:18 | 000,044,135 | ---- | C] () -- C:\Users\yourajassef\Desktop\aaaa.jpg
[2013.01.24 20:12:01 | 060,964,084 | ---- | C] () -- C:\Users\yourajassef\Desktop\ButKachani.wmv
[2013.01.24 19:28:41 | 001,972,106 | ---- | C] () -- C:\Users\yourajassef\Desktop\1 (970).JPG
[2013.01.24 17:58:08 | 000,000,776 | ---- | C] () -- C:\Users\yourajassef\Desktop\Movier.lnk
[2013.01.24 17:57:10 | 007,850,112 | ---- | C] () -- C:\Users\yourajassef\Desktop\Movier-Installer_1.0.17.exe
[2013.01.24 17:40:41 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Free Video Cutter.lnk
[2013.01.14 21:51:56 | 003,741,925 | ---- | C] () -- C:\Users\yourajassef\Desktop\TvQuran.com__112.mp3
[2013.01.06 19:14:38 | 000,000,957 | ---- | C] () -- C:\Users\yourajassef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.08.26 21:16:49 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2012.06.25 19:45:16 | 000,004,096 | -H-- | C] () -- C:\Users\yourajassef\AppData\Local\keyfile3.drm
[2012.03.16 17:47:49 | 000,010,639 | ---- | C] () -- C:\Users\yourajassef\Yotahri_elster_2048.pfx
[2012.01.15 22:10:48 | 000,000,263 | ---- | C] () -- C:\Users\yourajassef\.swfinfo
[2012.01.11 00:27:52 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2012.01.10 19:05:19 | 000,001,263 | ---- | C] () -- C:\Windows\isxdlge2.ini
[2011.12.08 19:35:53 | 000,000,600 | ---- | C] () -- C:\Users\yourajassef\AppData\Roaming\winscp.rnd
[2011.10.23 12:54:54 | 000,001,492 | ---- | C] () -- C:\Users\yourajassef\.recently-used.xbel
[2011.08.03 09:03:53 | 000,000,552 | ---- | C] () -- C:\Users\yourajassef\AppData\Local\d3d8caps.dat
[2011.06.22 21:24:52 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.06.13 10:59:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.06.13 10:59:30 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.06.12 21:02:04 | 000,123,728 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.04.24 13:48:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.04.24 13:40:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.04.24 13:40:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.04.05 12:26:22 | 000,032,441 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.04.05 12:00:05 | 000,203,776 | ---- | C] () -- C:\Users\yourajassef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.05 11:58:17 | 000,032,441 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.04.04 15:33:01 | 000,000,680 | ---- | C] () -- C:\Users\yourajassef\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\yourajassef\Desktop\raja 3- 0 Fus 16.09.2012 -m2.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\yourajassef\Desktop\JAMELC~1.AVI:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\yourajassef\Desktop\10062009080.mp4:TOC.WMV

< End of report >
         
und Extras:

Code:
ATTFilter
OTL Extras logfile created on: 02.02.2013 22:23:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\yourajassef\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 28,09% Memory free
6,19 Gb Paging File | 3,70 Gb Available in Paging File | 59,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 10,40 Gb Free Space | 10,65% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 8,20 Gb Free Space | 8,39% Space Free | Partition Type: NTFS
Drive E: | 102,78 Gb Total Space | 7,43 Gb Free Space | 7,23% Space Free | Partition Type: NTFS
Drive F: | 232,83 Gb Total Space | 15,52 Gb Free Space | 6,66% Space Free | Partition Type: FAT32
 
Computer Name: YOURAJASSEF-PC | User Name: yourajassef | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03059126-6CB4-43D4-BDBF-A031107EE97F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0B7F8B21-2A74-4082-9372-684D7122EB81}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{0CCEF4AE-27CB-4080-BEC4-FD846619BE95}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0E37FEEC-1FCD-4C39-BFFD-DD595BF45421}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0E76D8F8-782D-4A6A-AB9E-D7649CCA4AFF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{10BD1224-E1C8-48B9-8699-5B6C0441E59D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{12DFFAA0-E077-4ABD-AB27-36862BBF45A6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{187FE10B-8F38-440C-9ACD-9029BB25C9CA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{1E8C8A76-7896-4A87-8BD1-B2F5079AD86F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3E440A65-6FCA-4DF4-914E-DF6DC60F3FB6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{628EEA2D-5A36-47B2-96B4-B19546B9AC4F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{67787834-6546-4EC1-A3AD-28E8E21386D0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7A5E3E13-2F4F-4CF1-A1F2-816B2FEC7583}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A785ACBC-24F8-4853-A93C-F210E005D510}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B1DEAD7F-7E11-416D-B489-BBDA1101C6D4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D5414D7E-4DC2-4E0F-819F-42F4356748B3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D5C703C8-0550-4451-BB88-8D259E9750E4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E6E55199-771C-4DB7-8E6A-AEB7FE1A4110}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F423E876-25CB-45B8-9F66-A1610849AA51}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F985D30C-FD70-4043-AD52-A2F4A693538A}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18B9229E-CF8C-4420-A006-3C8B5955034E}" = dir=in | app=c:\users\youraj~1\appdata\local\temp\ibtmp213d533\component_342.decrpt | 
"{261DBC74-3451-4850-89E4-81BECCF6861C}" = protocol=17 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe | 
"{2651EC9D-F3C3-4F9E-9C97-818C4AC43F33}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2856D390-C4BC-42C0-B8F3-A3381B1E9AC8}" = protocol=17 | dir=in | app=c:\program files\easy downloads\easydownloads.exe | 
"{30ADEDB5-3245-4EF7-B05D-6F30D8A3241F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{40451F3E-A74C-46F7-B4E2-008A3C06C157}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{470A4959-9ADC-439D-92F3-6142251560EE}" = protocol=17 | dir=in | app=c:\program files\easy downloads\easydl.exe | 
"{48F1EFF5-6471-4181-9D21-CCDF7797A944}" = protocol=17 | dir=in | app=c:\users\yourajassef\appdata\roaming\dropbox\bin\dropbox.exe | 
"{4ACB4E8C-FE60-40F5-A2DF-DF55DD5C2E82}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5A0334E3-B647-417D-9D41-ADF77E688183}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{648D75E2-1F6E-49D4-A6EB-2D0F2BFD1731}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{6578C3B4-5D10-45A2-917A-565B3F4D480F}" = dir=in | app=c:\users\youraj~1\appdata\local\temp\ibtmp213d533\component_369 | 
"{6781C032-630A-4818-9292-F95242C80CA1}" = protocol=6 | dir=in | app=c:\users\yourajassef\desktop\pes\pes2011.exe | 
"{73408EAF-25B4-4A5F-AE30-0051CB77F774}" = protocol=6 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe | 
"{95B99259-8009-453C-9ECC-4F38AF51DF3B}" = protocol=6 | dir=in | app=c:\users\yourajassef\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9B885F6A-24B3-4ACD-9A84-30C384111DFF}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{9EBDC443-74F4-4D0C-A91A-B9393FB0A71C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{A0B9E01E-5FC5-48BC-8BFD-A709CBEE41B9}" = dir=in | app=c:\users\youraj~1\appdata\local\temp\ibtmp213d533\component_567 | 
"{A25FE531-6D3E-4F95-B07B-FD2A1BAB9B48}" = dir=in | app=c:\users\youraj~1\appdata\local\temp\ibtmp213d533\component_369 | 
"{B60E8BA6-AFBD-4E9D-B209-198C3AFD0163}" = protocol=17 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe | 
"{B6A47838-D0D5-4364-A387-13D997D89A32}" = protocol=6 | dir=in | app=c:\program files\easy downloads\easydl.exe | 
"{BABBB2F6-5058-4EA9-B701-728080B535AD}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{BEC041D9-A012-41B9-8AC4-03CBB5B42001}" = dir=in | app=c:\users\youraj~1\appdata\local\temp\ibtmp213d533\component_369 | 
"{C5C29834-B4F6-4759-9471-CA36315F77E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D2E028F3-F996-441A-BEDC-0A87F5FFD4D0}" = protocol=17 | dir=in | app=c:\users\yourajassef\desktop\pes\pes2011.exe | 
"{D6099798-7299-4B17-A0C0-8983D2840062}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D73FBB7C-B072-492B-B67C-E4FA8580B18D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E6AB0DCB-90AD-4C8D-8A04-F2B58F5069EB}" = protocol=6 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe | 
"{EA95D05E-86B8-49F4-A5FB-36C57101EB41}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EBE65627-A1E6-4CDD-BC20-9B5106B60B29}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{F850F406-90DE-4BC4-8AEE-69C68551C48C}" = protocol=6 | dir=in | app=c:\program files\easy downloads\easydownloads.exe | 
"{F8C420A5-E8FA-4042-9514-642D22E4169B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"TCP Query User{1D5B9381-49CD-4086-A89F-773343E8CBB5}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{609405B5-C1A5-4F34-A1DD-CDA441D16613}C:\program files\lowratevoip.com\lowratevoip\lowratevoip.exe" = protocol=6 | dir=in | app=c:\program files\lowratevoip.com\lowratevoip\lowratevoip.exe | 
"TCP Query User{6A88EBBE-CEC1-48E2-83F7-BF7E964E6743}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{75324174-AC0F-4895-9DEA-ECF0E9FEF07E}C:\program files\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\fifa 12\game\fifa.exe | 
"TCP Query User{90313453-931D-4041-958B-36DF9157B760}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{AF4401F7-5ABA-4C08-B715-87FC5D3312DA}C:\program files\simpletv\tv.exe" = protocol=6 | dir=in | app=c:\program files\simpletv\tv.exe | 
"TCP Query User{BB3D3209-D9D1-4A04-A025-DA4F42BD8A2C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{DCAE5AC3-A323-4CE1-8F11-28B0BCCB310E}C:\users\yourajassef\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\yourajassef\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{DDB854CB-04AD-427C-99EA-42A735B0F456}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{E68532B8-F64D-401C-8322-878BFD7BE043}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{05799B4A-5711-44C5-9EC2-780BE9EBA0BB}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{3863BAD4-800E-4ACF-A456-97F54A822526}C:\program files\lowratevoip.com\lowratevoip\lowratevoip.exe" = protocol=17 | dir=in | app=c:\program files\lowratevoip.com\lowratevoip\lowratevoip.exe | 
"UDP Query User{4FE613CE-7DDF-4300-B60F-C4B40D74812C}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{58DAD19B-4608-4BA8-A5D6-8362CF911FCD}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{611B2B63-935B-491C-8CE5-A5AD6864120F}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{62C78A7E-4986-4E53-B3ED-2A1D462B99AD}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{7553BA3D-DA51-4F85-B52A-6C4B7AE4BAC6}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{A441A6BF-BF0E-4C75-BA5F-05813FB34C5A}C:\program files\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\fifa 12\game\fifa.exe | 
"UDP Query User{C78FEF38-D2F3-4FD2-8B7E-68A08EF7ED52}C:\program files\simpletv\tv.exe" = protocol=17 | dir=in | app=c:\program files\simpletv\tv.exe | 
"UDP Query User{EAB7AA71-AD5F-400A-B8D1-1FD59636D9C1}C:\users\yourajassef\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\yourajassef\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 30
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94895EA7-873E-4FCB-9C7B-DD3F7019D618}_is1" = Free Video Cutter
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A513029-E500-4A1C-8809-8D58B5546E7F}" = AusweisApp
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C411EF9-6EBA-46E3-8132-EDADF1CC0B16}" = SCR3xxx Smart Card Reader
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3DF3D05-DE2A-476A-A384-08FCD58D9FE7}" = USB Game Controller
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F32ED8B1-2442-4B0E-8DEC-3F3BFC1C2B7F}" = mCPlug
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AliceHilfe 1.0.0.1" = AliceHilfe
"Athan" = Athan Basic 4.1
"AVS Media Player_is1" = AVS Media Player 4.1.7.92
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Chipcardmaster_is1" = Chipcardmaster 6.86
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)  
"DELL Webcam Center" = DELL Webcam Center
"DELL Webcam Manager" = DELL Webcam Manager
"ElsterFormular 13.1.0.8394p" = ElsterFormular
"f42012" = f4 2012
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"ImgBurn" = ImgBurn
"KVK Viewer" = KVK Viewer
"LowRateVoip_is1" = LowRateVoip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Movier" = Movier 1.0.17
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenVPN" = OpenVPN 2.1.3
"ProInst" = Intel(R) PROSet/Wireless Software
"RealPlayer 15.0" = RealPlayer
"SopCast" = SopCast 3.0.3
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.3
"WEKA Internetführer Qualität" = WEKA Internetführer Qualität
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"winscp3_is1" = WinSCP 4.3.5
"WinX Free MOV to WMV Converter_is1" = WinX Free MOV to WMV Converter 4.1.3
"Xvid Video Codec 1.3.1" = Xvid Video Codec
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.01.2013 19:48:34 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7300
 
Error - 30.01.2013 19:48:34 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7300
 
Error - 30.01.2013 19:48:35 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 30.01.2013 19:48:35 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8299
 
Error - 30.01.2013 19:48:35 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8299
 
Error - 30.01.2013 19:48:36 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 30.01.2013 19:48:36 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9297
 
Error - 30.01.2013 19:48:36 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9297
 
Error - 30.01.2013 19:48:37 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 30.01.2013 19:48:37 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10311
 
[ Media Center Events ]
Error - 20.12.2011 18:04:10 | Computer Name = yourajassef-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 20.12.2011 18:04:25 | Computer Name = yourajassef-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 20.12.2011 18:10:30 | Computer Name = yourajassef-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 02.02.2013 08:07:45 | Computer Name = yourajassef-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 02.02.2013 08:07:52 | Computer Name = yourajassef-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 02.02.2013 08:08:01 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 02.02.2013 08:08:01 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 02.02.2013 08:08:34 | Computer Name = yourajassef-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 02.02.2013 08:09:03 | Computer Name = yourajassef-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 02.02.2013 08:10:02 | Computer Name = yourajassef-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 02.02.2013 08:12:59 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 02.02.2013 08:12:59 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 02.02.2013 08:12:59 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
__________________

Geändert von yourajassef (02.02.2013 um 20:58 Uhr)

Alt 03.02.2013, 01:35   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizei Virus - Standard

Polizei Virus



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.02.2013, 11:02   #5
yourajassef
 
Polizei Virus - Standard

Polizei Virus



Test läuft, sorry ich habe vorhin geschrieben, dass dies nicht funktioniert

Hallo Cosinus ,

hier die Logfile mbar-log-2013-02-03 (11-32-34) (vor dem Rechnerneustart):

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.01.18.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
yourajassef :: YOURAJASSEF-PC [administrator]

03.02.2013 11:32:34
mbar-log-2013-02-03 (11-32-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31543
Time elapsed: 28 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 75
HKLM\SOFTWARE\CLASSES\APPID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\APPID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\APPID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\APPID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\APPID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{396CFC12-932D-496b-A0A8-5D7201E105E1} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{573F4ABB-A1A2-44ed-9BA9-A8DAD40AAC46} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{71E02280-5212-45C3-B174-4D5A35DA254F} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{74C22317-5B90-471f-9AD2-FEC049870A16} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.Scopes (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{DA6305B9-0869-4235-8C1D-533A65E639E5} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{AEBF09E2-0C15-43C8-99BF-928C645D98A0} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{E6961C59-CFCE-4CCD-B794-BC78DB98413A} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ClickPotatoLiteAx.Info (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ClickPotatoLiteAx.Info.1 (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.IEButtonA (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.IEButton (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.IEButton.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.RprtCtrl (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.HbAx (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.HbAx.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.HbGuru (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.Dwnldr (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.HbInfoBand (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.Reporter (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.ReportData (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Delete on reboot.
HKCU\SOFTWARE\clickpotatolitesa (Adware.ClickPotato) -> Delete on reboot.
HKCU\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.Stock (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.Stock.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\APPID\BRNstIE.DLL (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\APPID\CmndFF.DLL (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\APPID\MenuButtonIE.DLL (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\APPID\mozillaps.dll (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\APPID\Pltfrm.DLL (Adware.ClickPotato) -> Delete on reboot.

Registry Values Detected: 4
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\USER AGENT\POST PLATFORM|ShopperReports 3.1.69.0 (Adware.HotBar) -> Data:  -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\USER AGENT\POST PLATFORM|SRS_IT_E8790771B5765B5A37AD97 (Malware.Trace) -> Data:  -> Delete on reboot.
HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ShopperReports@ShopperReports.com (ShopperReports) -> Data: C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions -> Delete on reboot.
HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Data: C:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox\extensions -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 24
c:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Delete on reboot.
c:\Users\yourajassef\AppData\Roaming\ClickPotatoLite (Adware.ClickPotato) -> Delete on reboot.
c:\Users\yourajassef\AppData\Roaming\ShopperReports3 (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ClickPotatoLite (Adware.ClickPotato) -> Delete on reboot.
c:\Program Files\ClickPotatoLite\bin (Adware.ClickPotato) -> Delete on reboot.
c:\Program Files\ClickPotatoLite\bin\10.0.668.0 (Adware.ClickPotato) -> Delete on reboot.
c:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox (Adware.ClickPotato) -> Delete on reboot.
c:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox\extensions (Adware.ClickPotato) -> Delete on reboot.
c:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox\extensions\plugins (Adware.ClickPotato) -> Delete on reboot.
c:\Program Files\ShopperReports3 (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0 (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0\firefox (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\chrome\content (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64} (Adware.ScanQuery) -> Delete on reboot.
c:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome (Adware.ScanQuery) -> Delete on reboot.
c:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults (Adware.ScanQuery) -> Delete on reboot.
c:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults\preferences (Adware.ScanQuery) -> Delete on reboot.

Files Detected: 27
c:\Users\yourajassef\AppData\Local\Temp\RarSFX0\MegaplaySetup.exe (Adware.Seeearch) -> Delete on reboot.
c:\Users\yourajassef\AppData\Local\Temp\RarSFX0\seeearch.exe (Adware.Dropper) -> Delete on reboot.
c:\Users\yourajassef\AppData\Local\Temp\RarSFX1\MegaplaySetup.exe (Adware.Seeearch) -> Delete on reboot.
c:\Users\yourajassef\AppData\Local\Temp\RarSFX1\seeearch.exe (Adware.Dropper) -> Delete on reboot.
c:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Delete on reboot.
c:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Delete on reboot.
c:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Delete on reboot.
c:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Delete on reboot.
c:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Delete on reboot.
c:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0\link.ico (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\chrome\content\infopane.js (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\chrome\content\InfoPane.xul (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\components\BrowserExtensionFF.dll (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\components\BrowserExtensionFF.xpt (Adware.ShopperReports) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\About Us.lnk (Adware.ShopperReports) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\Customer Support.lnk (Adware.ShopperReports) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome.manifest (Adware.ScanQuery) -> Delete on reboot.
c:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\install.rdf (Adware.ScanQuery) -> Delete on reboot.
c:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome\scanquery.jar (Adware.ScanQuery) -> Delete on reboot.
c:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults\preferences\prefs.js (Adware.ScanQuery) -> Delete on reboot.

(end)
         
vielen Dank

nach dem Neustart habe ich das nochmal durchgeführt --> keine Objekte gefunden.
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.01.18.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
yourajassef :: YOURAJASSEF-PC [administrator]

03.02.2013 12:24:35
mbar-log-2013-02-03 (12-24-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31405
Time elapsed: 35 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         


Geändert von yourajassef (03.02.2013 um 11:09 Uhr)

Alt 03.02.2013, 22:24   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizei Virus - Standard

Polizei Virus



Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus.

aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
--> Polizei Virus

Alt 04.02.2013, 02:47   #7
yourajassef
 
Polizei Virus - Standard

Polizei Virus



Hallo,
hier die Logfile GMER:
was ich noch sagen wollte: Ich bekomme immer diese Meldung (von Malwarebytes) angezeigt wenn ich meinen Rechner neustarte:

soll ich das erstmal ignorieren?

GMER:
Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-04 02:34:34
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 Hitachi_HTS543232L9A300 rev.FB4OC40C 298,09GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\YOURAJ~1\AppData\Local\Temp\ffldraob.sys


---- User code sections - GMER 2.0 ----

.text  C:\Program Files\Real\RealPlayer\Update\realsched.exe[3536] kernel32.dll!SetUnhandledExceptionFilter  7755A8B5 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- User IAT/EAT - GMER 2.0 ----

IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                 [74887817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                  [748CB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]              [7488BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]        [7487F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                  [748875E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]               [7487E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]   [748B73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]      [7488DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]              [7487FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]               [7487FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                [748771CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]        [7490CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]           [748AC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]              [7487D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                        [74876853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                       [7487687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]          [74882AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free]                       [6D46F3FB] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- EOF - GMER 2.0 ----
         
aswMBR folgt...

Mit aswMBR hat es beim ersten Mal nicht geklappt.
Der Scan konnte gestartet werden. Nach etwa 3 Minuten ist der Rechner abgestürzt (blauer Fenster) hier:



Ich musste dann den Rechner neustarten.

Beim 2. Mal hat es geklappt. Ich bekam allerdings die Frage ob ich mit der aktuellen Virendefinition von AVAST! mein System scannen will nicht.

Hier die Logfile:

Vielen Dank

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-04 03:05:42
-----------------------------
03:05:42.403    OS Version: Windows 6.0.6002 Service Pack 2
03:05:42.403    Number of processors: 2 586 0xF0A
03:05:42.403    ComputerName: YOURAJASSEF-PC  UserName: yourajassef
03:05:45.149    Initialize success
03:05:59.891    AVAST engine defs: 13020301
03:06:12.059    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
03:06:12.059    Disk 0 Vendor: Hitachi_HTS543232L9A300 FB4OC40C Size: 305245MB BusType: 3
03:06:12.090    Disk 0 MBR read successfully
03:06:12.090    Disk 0 MBR scan
03:06:12.106    Disk 0 Windows VISTA default MBR code
03:06:12.121    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       100000 MB offset 2048
03:06:12.168    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       100000 MB offset 204802048
03:06:12.230    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       105243 MB offset 409602048
03:06:12.262    Disk 0 scanning sectors +625139712
03:06:12.371    Disk 0 scanning C:\Windows\system32\drivers
03:07:03.492    Service scanning
03:07:25.722    Service MpKslfbc17801 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C3614417-77D7-47EF-93C5-9AF3F459DE8F}\MpKslfbc17801.sys **LOCKED** 32
03:08:02.710    Modules scanning
03:08:35.485    Disk 0 trace - called modules:
03:08:35.516    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll intelide.sys PCIIDEX.SYS atapi.sys 
03:08:35.516    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85bf4528]
03:08:35.516    3 CLASSPNP.SYS[8a7ab8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x8551c390]
03:08:36.530    AVAST engine scan C:\Windows
03:08:49.026    AVAST engine scan C:\Windows\system32
03:18:19.160    AVAST engine scan C:\Windows\system32\drivers
03:19:07.567    AVAST engine scan C:\Users\yourajassef
03:50:35.765    File: C:\Users\yourajassef\Downloads\Neuer Ordner\lowratevoip.exe  **INFECTED** Win32:Malware-gen
03:51:12.487    File: C:\Users\yourajassef\Downloads\Neuer Ordner\software_informer.exe  **INFECTED** Win32:Malware-gen
03:53:13.886    AVAST engine scan C:\ProgramData
03:56:40.805    Scan finished successfully
03:57:34.843    Disk 0 MBR has been saved successfully to "C:\Users\yourajassef\Desktop\MBR.dat"
03:57:35.140    The log file has been saved successfully to "C:\Users\yourajassef\Desktop\aswMBR.txt"
         

Alt 04.02.2013, 11:06   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizei Virus - Standard

Polizei Virus



Zitat:
Database version: v2013.01.18.09
Ehm, warum du Malwarebytes anti-rootkit vorher nicht aktualisiert?
Nachdem du es gestartet hast gibt es da extra einen Button der nach neuen Signaturen schaut. Bitte nochmal richtig machen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.02.2013, 11:23   #9
yourajassef
 
Polizei Virus - Standard

Polizei Virus



oh sorry, weil ich es installiert und es gleich benutzt habe. Ich dachte dann, dass es die letzte Version hatte.

Was soll ich nochmal wiederholen?
nur mbar oder auch die Schritte danach: GMER und aswMBR?

Danke

Alt 04.02.2013, 11:44   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizei Virus - Standard

Polizei Virus



Du hattest ja auch die neueste Version, aber nicht die neuesten Signaturen!
Einfach mbar.exe nochmal starten, nachdem Start MUSST du updaten! Steht ja auch in der Anleitung!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.02.2013, 14:24   #11
yourajassef
 
Polizei Virus - Standard

Polizei Virus



Hallo Cosinus,
ich habe es nochmal gemacht. Diesmal mit den neusten Signaturen --> keine Malware gefunden.

hier:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.02.04.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
yourajassef :: YOURAJASSEF-PC [administrator]

04.02.2013 14:21:34
mbar-log-2013-02-04 (14-21-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31387
Time elapsed: 29 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 04.02.2013, 15:05   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizei Virus - Standard

Polizei Virus



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.02.2013, 19:11   #13
yourajassef
 
Polizei Virus - Standard

Polizei Virus



Hallo

hier die Logfile
Code:
ATTFilter
ComboFix 13-02-03.03 - yourajassef 04.02.2013  18:57:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.1918 [GMT 1:00]
ausgeführt von:: c:\users\yourajassef\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\FreeVideoCutter.exe
c:\program files\FreeVideoCutter.exe\avcodec-54.dll
c:\program files\FreeVideoCutter.exe\avdevice-54.dll
c:\program files\FreeVideoCutter.exe\avfilter-2.dll
c:\program files\FreeVideoCutter.exe\avformat-54.dll
c:\program files\FreeVideoCutter.exe\avresample-0.dll
c:\program files\FreeVideoCutter.exe\avutil-51.dll
c:\program files\FreeVideoCutter.exe\ffmpeg.exe
c:\program files\FreeVideoCutter.exe\FreeVideoCutter.exe
c:\program files\FreeVideoCutter.exe\FreeVideoCutter.ini
c:\program files\FreeVideoCutter.exe\postproc-52.dll
c:\program files\FreeVideoCutter.exe\swresample-0.dll
c:\program files\FreeVideoCutter.exe\swscale-2.dll
c:\program files\FreeVideoCutter.exe\unins000.dat
c:\program files\FreeVideoCutter.exe\unins000.exe
c:\program files\Seeearch
c:\program files\Seeearch\tbcore3.dll
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\unin0407.exe
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-04 bis 2013-02-04  ))))))))))))))))))))))))))))))
.
.
2013-02-04 02:18 . 2013-01-08 04:57	6991832	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{80939C28-25FA-47A2-BDDC-C70C4002A6E1}\mpengine.dll
2013-02-03 01:32 . 2013-01-08 04:57	6991832	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-02 20:05 . 2013-02-02 20:05	--------	d-----w-	c:\program files\Common Files\Skype
2013-02-02 20:05 . 2013-02-02 20:05	--------	d-----r-	c:\program files\Skype
2013-02-02 12:48 . 2013-02-02 12:48	--------	d-----w-	c:\users\yourajassef\AppData\Roaming\Malwarebytes
2013-02-02 12:48 . 2013-02-02 12:48	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-02 12:48 . 2013-02-02 12:48	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-02-02 12:48 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-27 00:11 . 2013-01-27 00:11	--------	d-----w-	c:\users\yourajassef\AppData\Roaming\Creative
2013-01-27 00:01 . 2013-01-27 00:01	76	--sh--r-	c:\windows\CT4CET.bin
2013-01-27 00:01 . 2013-01-27 00:01	--------	d-----w-	c:\program files\Common Files\Reallusion
2013-01-26 23:59 . 2007-02-14 11:27	5627904	----a-w-	c:\windows\system32\LiveCamVirtual.ocx
2013-01-26 23:59 . 2013-01-26 23:59	--------	d-----w-	c:\program files\Common Files\Creative
2013-01-26 23:58 . 2013-01-26 23:59	--------	d-----w-	c:\program files\Creative Live! Cam
2013-01-26 23:57 . 2013-01-27 00:01	--------	d-----w-	c:\program files\Creative
2013-01-25 15:54 . 2007-03-05 16:45	7424	----a-w-	c:\windows\system32\drivers\OEM02Vfx.sys
2013-01-25 15:54 . 2007-03-01 23:00	24576	----a-w-	c:\windows\system32\OEM02Srv.exe
2013-01-25 15:54 . 2007-07-17 23:02	40960	----a-w-	c:\windows\system32\OEM02Pin.dll
2013-01-25 15:54 . 2007-07-17 23:02	235520	----a-w-	c:\windows\system32\drivers\OEM02Dev.sys
2013-01-25 15:54 . 2007-05-09 23:01	36864	----a-w-	c:\windows\OEM02Mon.exe
2013-01-25 15:54 . 2007-05-09 23:01	20480	----a-w-	c:\windows\system32\OEM02Pin.crl
2013-01-25 15:54 . 2007-02-01 23:00	32768	----a-w-	c:\windows\system32\OEM02Hwx.dll
2013-01-25 15:54 . 2007-07-17 23:03	385024	----a-w-	c:\windows\system32\OEM02Cvw.dll
2013-01-25 15:54 . 2007-06-24 23:02	331776	----a-w-	c:\windows\system32\OEM02Cvw.crl
2013-01-25 15:54 . 2007-06-10 23:01	28672	----a-w-	c:\windows\OEM02Cfg.exe
2013-01-25 15:54 . 2007-06-07 23:00	141376	----a-w-	c:\windows\system32\drivers\OEM02Afx.sys
2013-01-25 15:54 . 2005-07-06 23:07	36864	----a-w-	c:\windows\system32\CtCamMgr.dll
2013-01-24 16:58 . 2013-01-25 15:34	--------	d-----w-	c:\users\yourajassef\AppData\Roaming\Movier
2013-01-24 16:58 . 2013-01-24 16:58	--------	d-----w-	c:\program files\Movier
2013-01-24 16:24 . 2013-01-24 16:24	--------	d-----w-	c:\program files\Digiarty
2013-01-09 18:58 . 2012-11-23 01:35	2048000	----a-w-	c:\windows\system32\win32k.sys
2013-01-09 18:58 . 2012-11-20 04:22	204288	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-09 18:57 . 2012-11-02 10:19	1400832	----a-w-	c:\windows\system32\msxml6.dll
2013-01-06 18:17 . 2013-01-06 18:17	--------	d-----w-	c:\program files\Dropbox
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 10:53 . 2011-04-06 12:08	232336	------w-	c:\windows\system32\MpSigStub.exe
2013-01-08 20:35 . 2012-06-08 08:58	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-08 20:35 . 2011-08-01 12:14	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 13:12 . 2012-12-20 21:22	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-20 21:22	293376	----a-w-	c:\windows\system32\atmfd.dll
2012-11-28 10:09 . 2012-11-28 10:09	740840	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E11B82C9-2DA7-4D8D-A275-D963867DB595}\gapaengine.dll
2012-11-14 02:09 . 2012-12-15 14:23	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-15 14:23	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-15 14:23	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-15 14:23	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-15 14:23	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-15 14:23	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-13 01:29 . 2012-12-14 19:15	2048	----a-w-	c:\windows\system32\tzres.dll
2006-06-15 19:33 . 2013-01-27 00:01	233472	----a-w-	c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 17:43 . 2013-01-27 00:01	204895	----a-w-	c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 13:41 . 2013-01-27 00:01	77824	----a-w-	c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 12:10 . 2013-01-27 00:01	426081	----a-w-	c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 11:19 . 2013-01-27 00:01	458752	----a-w-	c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 17:35 . 2013-01-27 00:01	139264	----a-w-	c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 10:10 . 2013-01-27 00:01	204800	----a-w-	c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 10:42 . 2013-01-27 00:01	106496	----a-w-	c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 10:22 . 2013-01-27 00:01	212992	----a-w-	c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 10:21 . 2013-01-27 00:01	167936	----a-w-	c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2013-01-19 17:48 . 2013-01-19 17:48	262552	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}]
2011-04-14 04:37	252832	----a-w-	c:\program files\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{C9EE92B7-EDD5-4ad9-8029-2EC6818E653A}]
2011-11-17 09:14	3075520	----a-w-	c:\program files\AusweisApp\siqeCardClient.ols
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\yourajassef\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\yourajassef\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\yourajassef\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\yourajassef\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-05-28 296056]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\yourajassef\Desktop\mbar\mbar.exe" [2013-01-18 1358408]
.
c:\users\yourajassef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\yourajassef\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2011-10-20 295606]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.313\SSScheduler.exe [2012-10-26 271808]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSL6CED0895
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-08 20:35]
.
2013-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-05 11:20]
.
2013-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-05 11:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.dimadimaraja.com/
uInternet Settings,ProxyServer = hxxp://10.5.0.253:3128
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\yourajassef\AppData\Roaming\Mozilla\Firefox\Profiles\gfjmy2pc.default\
FF - prefs.js: browser.search.selectedEngine - Google.de
FF - prefs.js: browser.startup.homepage - www.rajacasablanca.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
Toolbar-10 - (no file)
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Athan - c:\windows\iun6002.exe
AddRemove-RealPlayer 15.0 - c:\program files\real\realplayer\Update\r1puninst.exe
AddRemove-WEKA Internetführer Qualität - c:\windows\unin0407.exe
AddRemove-{94895EA7-873E-4FCB-9C7B-DD3F7019D618}_is1 - c:\program files\FreeVideoCutter.exe\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-02-04 19:04
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-02-04  19:08:52
ComboFix-quarantined-files.txt  2013-02-04 18:08
.
Vor Suchlauf: 9.062.752.256 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 10.478.845.952 Bytes frei
.
- - End Of File - - 4783B00B47894C276FABD82811581E4B
         

Alt 04.02.2013, 21:18   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizei Virus - Standard

Polizei Virus



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.02.2013, 22:11   #15
yourajassef
 
Polizei Virus - Standard

Polizei Virus



Adw Cleaner:

Code:
ATTFilter
# AdwCleaner v2.110 - Datei am 04/02/2013 um 22:05:40 erstellt
# Aktualisiert am 03/02/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : yourajassef - YOURAJASSEF-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\yourajassef\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\yourajassef\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\yourajassef\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\yourajassef\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\yourajassef\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\yourajassef\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\yourajassef\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\yourajassef\AppData\LocalLow\ShopperReports3
Ordner Gelöscht : C:\Users\yourajassef\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\yourajassef\AppData\Roaming\Mozilla\Firefox\Profiles\gfjmy2pc.default\extensions\specialsavings@superfish.com
Ordner Gelöscht : C:\Users\yourajassef\AppData\Roaming\Mozilla\Firefox\Profiles\gfjmy2pc.default\Smartbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ShopperReports3
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\GamePlayLabs
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\seeearch
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{65C994A2-C65A-4A20-BA92-AADAFC0DCE49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2965494
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@superfish.com]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\yourajassef\AppData\Roaming\Mozilla\Firefox\Profiles\gfjmy2pc.default\prefs.js

Gelöscht : user_pref("CT2319825.1000082.isPlayDisplay", "true");
Gelöscht : user_pref("CT2319825.1000082.state", "{\"state\":\"stopped\",\"text\":\"1Live\",\"description\":\"1L[...]
Gelöscht : user_pref("CT2319825.1000234.TWC_TMP_city", "STUTTGART");
Gelöscht : user_pref("CT2319825.1000234.TWC_TMP_country", "DE");
Gelöscht : user_pref("CT2319825.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2319825.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2319825.FirstTime", "true");
Gelöscht : user_pref("CT2319825.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2319825.ID", "50978732");
Gelöscht : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Gelöscht : user_pref("CT2319825.UserID", "UN51417685906338356");
Gelöscht : user_pref("CT2319825.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2319825.autoDisableScopes", -1);
Gelöscht : user_pref("CT2319825.browser.search.defaultthis.engineName", true);
Gelöscht : user_pref("CT2319825.defaultSearch", "true");
Gelöscht : user_pref("CT2319825.embeddedsData", "[{\"appId\":\"128898076802619666\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT2319825.enableAlerts", "always");
Gelöscht : user_pref("CT2319825.enableSearchFromAddressBar", "true");
Gelöscht : user_pref("CT2319825.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT2319825.fixPageNotFoundError", "true");
Gelöscht : user_pref("CT2319825.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2319825.fixUrls", true);
Gelöscht : user_pref("CT2319825.installId", "ConduitNSISIntegration");
Gelöscht : user_pref("CT2319825.installType", "ConduitNSISIntegration");
Gelöscht : user_pref("CT2319825.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2319825.isNewTabEnabled", true);
Gelöscht : user_pref("CT2319825.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2319825.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2319825.keyword", true);
Gelöscht : user_pref("CT2319825.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FR[...]
Gelöscht : user_pref("CT2319825.openThankYouPage", "false");
Gelöscht : user_pref("CT2319825.openUninstallPage", "true");
Gelöscht : user_pref("CT2319825.search.searchAppId", "128898076802619666");
Gelöscht : user_pref("CT2319825.search.searchCount", "0");
Gelöscht : user_pref("CT2319825.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2319825.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2319825.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2319825.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gelöscht : user_pref("CT2319825.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1349375918881");
Gelöscht : user_pref("CT2319825.serviceLayer_services_appsMetadata_lastUpdate", "1349376743166");
Gelöscht : user_pref("CT2319825.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1349375921357");
Gelöscht : user_pref("CT2319825.serviceLayer_services_login_10.10.27.6_lastUpdate", "1349376743003");
Gelöscht : user_pref("CT2319825.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1349375921399");
Gelöscht : user_pref("CT2319825.serviceLayer_services_searchAPI_lastUpdate", "1349375917725");
Gelöscht : user_pref("CT2319825.serviceLayer_services_serviceMap_lastUpdate", "1349375917340");
Gelöscht : user_pref("CT2319825.serviceLayer_services_toolbarContextMenu_lastUpdate", "1349375921219");
Gelöscht : user_pref("CT2319825.serviceLayer_services_toolbarSettings_lastUpdate", "1349376742955");
Gelöscht : user_pref("CT2319825.serviceLayer_services_translation_lastUpdate", "1349375918677");
Gelöscht : user_pref("CT2319825.settingsINI", true);
Gelöscht : user_pref("CT2319825.shouldFirstTimeDialog", "false");
Gelöscht : user_pref("CT2319825.smartbar.CTID", "CT2319825");
Gelöscht : user_pref("CT2319825.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2319825.smartbar.homepage", true);
Gelöscht : user_pref("CT2319825.smartbar.isHidden", false);
Gelöscht : user_pref("CT2319825.smartbar.toolbarName", "Winload ");
Gelöscht : user_pref("CT2319825.toolbarBornServerTime", "4-10-2012");
Gelöscht : user_pref("CT2319825.toolbarCurrentServerTime", "4-10-2012");
Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=1[...]
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "Winload Customized Web Search");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825[...]
Gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=3[...]
Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT2319825");
Gelöscht : user_pref("browser.search.defaultenginename", "Search Results");
Gelöscht : user_pref("browser.search.order.1", "Search Results");
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=[...]

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\yourajassef\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [14795 octets] - [04/02/2013 22:05:40]

########## EOF - C:\AdwCleaner[S1].txt - [14856 octets] ##########
         
OTL:

Code:
ATTFilter
OTL logfile created on: 04.02.2013 22:13:39 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\yourajassef\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,21% Memory free
6,19 Gb Paging File | 4,79 Gb Available in Paging File | 77,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 9,55 Gb Free Space | 9,78% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 8,21 Gb Free Space | 8,41% Space Free | Partition Type: NTFS
Drive E: | 102,78 Gb Total Space | 7,43 Gb Free Space | 7,23% Space Free | Partition Type: NTFS
Drive F: | 232,83 Gb Total Space | 15,68 Gb Free Space | 6,73% Space Free | Partition Type: FAT32
 
Computer Name: YOURAJASSEF-PC | User Name: yourajassef | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\yourajassef\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\yourajassef\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\McAfee Security Scan\3.0.313\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.313\McCHSvc.exe (McAfee, Inc.)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (Netaapl) -- system32\DRIVERS\netaapl.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (gqorbfjs) -- C:\Windows\system32\drivers\gqorbfjs.sys File not found
DRV - (catchme) -- C:\Users\YOURAJ~1\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dimadimaraja.com/
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AA 01 10 1C D1 02 CC 01  [binary data]
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\..\SearchScopes\{A89B7D27-C3ED-4FAA-83E3-02E014612E5F}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = hxxp://10.5.0.253:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.rajacasablanca.com"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\PROGRA~1\MOZILL~1\plugins\NpFv522.dll (1 mal 1 Software GmbH)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F3D26C8-9907-48ff-BC74-B8C572D317BF}: C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win [2012.01.05 18:01:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F0963A3-1658-4fde-9585-23A25CC288BF}: C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win [2012.01.05 18:01:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.28 11:49:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.27 01:01:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.27 01:01:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox [2011.04.28 22:53:25 | 000,000,000 | ---D | M]
 
[2012.05.20 20:10:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yourajassef\AppData\Roaming\mozilla\Extensions
[2013.02.04 22:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yourajassef\AppData\Roaming\mozilla\Firefox\Profiles\gfjmy2pc.default\extensions
[2012.12.14 20:12:12 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\yourajassef\AppData\Roaming\mozilla\firefox\profiles\gfjmy2pc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.10.04 20:02:36 | 000,002,101 | ---- | M] () -- C:\Users\yourajassef\AppData\Roaming\mozilla\firefox\profiles\gfjmy2pc.default\searchplugins\googlede.xml
[2013.02.03 11:39:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.04.09 00:19:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013.01.19 18:48:40 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.09.21 11:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll
[2012.05.28 11:48:40 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012.06.09 13:26:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 16:29:41 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.09 13:26:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.09 13:26:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.09 13:26:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.09 13:26:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2013.02.04 19:04:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (eCard Client Initiator) - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Programme\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000..\Run: [Xvid] C:\Programme\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\yourajassef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\yourajassef\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2027C885-E4F7-4ACC-92F8-0EF34481D55D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32AA4F81-6594-4EEB-A8DF-E8758EAA08D1}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6ECD1ED9-2AF2-49AD-92B3-53112338A2BC}: DhcpNameServer = 134.108.34.5 134.108.34.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7684A6C-BDED-4E33-8A09-976C4CE9B654}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O24 - Desktop WallPaper: C:\Users\yourajassef\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\yourajassef\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.04 19:08:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.04 19:08:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.04 18:55:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.04 18:55:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.04 18:55:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.04 18:55:08 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.02.04 18:51:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.04 18:50:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.04 18:48:28 | 005,029,686 | R--- | C] (Swearware) -- C:\Users\yourajassef\Desktop\ComboFix.exe
[2013.02.04 13:49:29 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{3D49DF56-918B-43FC-9963-9296664B7150}
[2013.02.04 04:00:11 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\Desktop\meldungen
[2013.02.04 02:53:24 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\yourajassef\Desktop\aswMBR.exe
[2013.02.04 01:48:48 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{EECA3D53-289A-44D6-AF84-F93F1B84E660}
[2013.02.03 11:47:03 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{381C03C7-B504-49BA-86B5-1E6B776C5129}
[2013.02.03 10:53:16 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\Desktop\mbar
[2013.02.02 23:36:38 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{A114BDA7-8913-44DA-85D4-AB7D7652D391}
[2013.02.02 21:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.02 21:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.02.02 21:05:30 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.02.02 14:16:52 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\Desktop\ddd
[2013.02.02 13:48:41 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Roaming\Malwarebytes
[2013.02.02 13:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.02 13:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.02 13:48:24 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.02.02 13:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.02.02 13:29:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\yourajassef\Desktop\OTL.exe
[2013.02.02 11:36:16 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{FA64E702-B458-40E3-9168-E40E168717C0}
[2013.02.01 15:30:51 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{84734E89-DCEA-416B-95DD-4901C7B8D5CF}
[2013.01.31 18:47:23 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{4E7C9939-30D0-470A-AE68-62608B9CAD1C}
[2013.01.30 22:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.01.30 16:31:33 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{F7CEB9F6-B0B1-4FDF-93F1-717F1C65F9FD}
[2013.01.29 22:58:11 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{F6CE08B8-61F3-41C7-8167-BB28A32692A9}
[2013.01.28 21:09:14 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{483C6E8A-58E3-4FDC-AFD0-6DDB9A87BC2F}
[2013.01.28 07:50:37 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{8A8D83FB-69B8-47AC-8F24-AB24CAE95D81}
[2013.01.27 10:19:23 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{61DE3AA7-E19B-41D9-80F4-DBE6A0A7976B}
[2013.01.27 01:11:13 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\Documents\DELL Webcam Center
[2013.01.27 01:11:03 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Roaming\Creative
[2013.01.27 01:01:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Reallusion
[2013.01.27 01:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Reallusion
[2013.01.27 00:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2013.01.27 00:59:45 | 005,627,904 | ---- | C] (Reallusion Inc.) -- C:\Windows\System32\LiveCamVirtual.ocx
[2013.01.27 00:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative
[2013.01.27 00:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\Creative Live! Cam
[2013.01.27 00:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL
[2013.01.27 00:57:53 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2013.01.26 18:14:01 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{6B17BB85-6FC3-4665-B020-4FED96DE1CCF}
[2013.01.25 21:10:46 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\Desktop\25.01.2013
[2013.01.25 20:58:08 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{F141443B-E818-4EC7-9A8F-1485D7F06711}
[2013.01.25 17:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam
[2013.01.25 16:54:42 | 000,024,576 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\OEM02Srv.exe
[2013.01.25 16:54:42 | 000,007,424 | ---- | C] (EyePower Games Pte. Ltd.) -- C:\Windows\System32\drivers\OEM02Vfx.sys
[2013.01.25 16:54:41 | 000,235,520 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\OEM02Dev.sys
[2013.01.25 16:54:41 | 000,040,960 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\OEM02Pin.dll
[2013.01.25 16:54:41 | 000,036,864 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
[2013.01.25 16:54:41 | 000,032,768 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\OEM02Hwx.dll
[2013.01.25 16:54:41 | 000,020,480 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\OEM02Pin.crl
[2013.01.25 16:54:40 | 000,385,024 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\OEM02Cvw.dll
[2013.01.25 16:54:40 | 000,331,776 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\OEM02Cvw.crl
[2013.01.25 16:54:38 | 000,028,672 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\OEM02Cfg.exe
[2013.01.25 16:54:37 | 000,141,376 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\OEM02Afx.sys
[2013.01.25 16:54:30 | 000,036,864 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\CtCamMgr.dll
[2013.01.25 08:13:32 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{F830E3BE-2CEC-494D-9EF5-1A3E422FC67E}
[2013.01.24 19:39:09 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{4F91E7A1-7D33-4E10-AB89-ECA7FE71DABE}
[2013.01.24 17:58:26 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Roaming\Movier
[2013.01.24 17:58:07 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movier
[2013.01.24 17:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movier
[2013.01.24 17:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\Movier
[2013.01.24 17:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Cutter
[2013.01.24 17:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
[2013.01.24 17:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
[2013.01.24 07:38:28 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{A16A40D4-94D1-41F1-BF80-8A8C98A29624}
[2013.01.23 16:30:42 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{BC1D8181-AEF0-4C0F-B015-50899F0A6B9B}
[2013.01.22 22:56:00 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{4BD4BFFB-5CB8-40B4-AF7E-5435D9C4CD91}
[2013.01.22 07:09:16 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{8CE1F9D2-0DCA-4226-AF88-824286F2D47B}
[2013.01.21 13:03:29 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{0DE0DBD8-B77E-4E8B-A059-38215C7B982C}
[2013.01.20 22:28:21 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\Desktop\raja turquie
[2013.01.19 18:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.19 18:29:01 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{8921E137-2CD3-4C9E-B033-966E09F1CB3C}
[2013.01.18 20:30:31 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{743F50AF-CCD7-474B-AEC7-B981EBE2B5D4}
[2013.01.16 21:09:32 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{F2EDB183-C9BE-420E-A93E-121C9AEEF1B1}
[2013.01.15 07:14:16 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{3867AAA0-5425-42F5-B084-DFC3002507CD}
[2013.01.14 19:14:00 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{D2018EA6-E7FF-4B84-8AFC-C4D3ED236647}
[2013.01.13 12:20:04 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{6D8F47C2-846A-488C-879D-2DBA678B11E5}
[2013.01.12 11:59:15 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{A5125E27-51D3-4AB2-9E0D-BA58B0E8B9AD}
[2013.01.11 21:45:53 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{E8A54474-05F4-4E7B-8238-CF9E1FCF1464}
[2013.01.10 21:23:09 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{3137AC19-5A43-4F92-856F-0F39813E2BB1}
[2013.01.09 19:58:50 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.09 19:58:30 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013.01.09 19:45:17 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{475B9CA3-694E-4D8A-B7A8-8F1E54CCD231}
[2013.01.08 20:34:30 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{EF7D25D6-447D-43BA-B90C-39878FB941E3}
[2013.01.07 16:47:44 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{9656D099-B7BE-47AF-AADE-F3F45B5AF0BB}
[2013.01.06 19:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013.01.06 14:56:26 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{F5BEC2D7-07DE-4C5A-956B-5AB181480BF4}
[2013.01.05 23:15:34 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{E7336A64-AEF3-43C6-B458-694F382F2977}
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.04 22:08:15 | 000,002,473 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
[2013.02.04 22:08:13 | 000,032,441 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.02.04 22:08:07 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.04 22:07:59 | 000,032,441 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.02.04 22:07:49 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.04 22:07:49 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.04 22:07:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.04 22:07:33 | 3219,173,376 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.04 22:04:28 | 000,582,111 | ---- | M] () -- C:\Users\yourajassef\Desktop\adwcleaner.exe
[2013.02.04 22:03:10 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.04 22:03:05 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.04 19:04:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.02.04 18:48:45 | 005,029,686 | R--- | M] (Swearware) -- C:\Users\yourajassef\Desktop\ComboFix.exe
[2013.02.04 04:07:08 | 000,137,342 | ---- | M] () -- C:\Users\yourajassef\Desktop\00000.jpg
[2013.02.04 03:57:35 | 000,000,512 | ---- | M] () -- C:\Users\yourajassef\Desktop\MBR.dat
[2013.02.04 03:02:24 | 322,924,287 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.02.04 02:54:25 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\yourajassef\Desktop\aswMBR.exe
[2013.02.04 01:54:04 | 000,365,568 | ---- | M] () -- C:\Users\yourajassef\Desktop\gmer_2.0.18454.exe
[2013.02.04 01:51:21 | 000,012,814 | ---- | M] () -- C:\Users\yourajassef\Desktop\fehlermeldung.jpg
[2013.02.03 10:59:17 | 000,029,455 | ---- | M] () -- C:\Users\yourajassef\Desktop\1.jpg
[2013.02.03 10:43:11 | 013,562,257 | ---- | M] () -- C:\Users\yourajassef\Desktop\mbar-1.01.0.1017.zip
[2013.02.03 10:41:50 | 000,013,997 | ---- | M] () -- C:\Users\yourajassef\Desktop\S+TOdLM+.htm.part.htm
[2013.02.02 21:05:36 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.02 13:48:32 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.02 13:29:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\yourajassef\Desktop\OTL.exe
[2013.02.02 12:00:01 | 000,203,776 | ---- | M] () -- C:\Users\yourajassef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.31 09:35:35 | 000,632,530 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.31 09:35:35 | 000,599,188 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.31 09:35:35 | 000,127,566 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.31 09:35:35 | 000,105,202 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.30 22:39:24 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.01.30 22:39:24 | 000,001,911 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.01.30 11:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.01.27 13:27:24 | 000,000,680 | ---- | M] () -- C:\Users\yourajassef\AppData\Local\d3d9caps.dat
[2013.01.27 01:01:43 | 000,000,076 | RHS- | M] () -- C:\Windows\CT4CET.bin
[2013.01.26 23:28:36 | 000,044,135 | ---- | M] () -- C:\Users\yourajassef\Desktop\aaaa.jpg
[2013.01.25 21:53:28 | 517,202,359 | ---- | M] () -- C:\Users\yourajassef\Documents\IMG_2641.wmv
[2013.01.25 21:31:10 | 308,036,647 | ---- | M] () -- C:\Users\yourajassef\Documents\IMG_2665.wmv
[2013.01.24 22:50:37 | 000,000,957 | ---- | M] () -- C:\Users\yourajassef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.24 22:49:46 | 000,000,937 | ---- | M] () -- C:\Users\yourajassef\Desktop\Dropbox.lnk
[2013.01.24 20:13:45 | 060,964,084 | ---- | M] () -- C:\Users\yourajassef\Desktop\ButKachani.wmv
[2013.01.24 17:58:08 | 000,000,776 | ---- | M] () -- C:\Users\yourajassef\Desktop\Movier.lnk
[2013.01.24 17:57:45 | 007,850,112 | ---- | M] () -- C:\Users\yourajassef\Desktop\Movier-Installer_1.0.17.exe
[2013.01.24 17:40:42 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Free Video Cutter.lnk
[2013.01.14 21:52:07 | 003,741,925 | ---- | M] () -- C:\Users\yourajassef\Desktop\TvQuran.com__112.mp3
[2013.01.10 21:59:18 | 000,374,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.08 21:35:31 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.01.08 21:35:31 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013.02.04 22:04:26 | 000,582,111 | ---- | C] () -- C:\Users\yourajassef\Desktop\adwcleaner.exe
[2013.02.04 18:55:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.04 18:55:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.04 18:55:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.04 18:55:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.04 18:55:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.04 04:07:07 | 000,137,342 | ---- | C] () -- C:\Users\yourajassef\Desktop\00000.jpg
[2013.02.04 03:57:34 | 000,000,512 | ---- | C] () -- C:\Users\yourajassef\Desktop\MBR.dat
[2013.02.04 01:53:59 | 000,365,568 | ---- | C] () -- C:\Users\yourajassef\Desktop\gmer_2.0.18454.exe
[2013.02.04 01:51:21 | 000,012,814 | ---- | C] () -- C:\Users\yourajassef\Desktop\fehlermeldung.jpg
[2013.02.03 10:59:17 | 000,029,455 | ---- | C] () -- C:\Users\yourajassef\Desktop\1.jpg
[2013.02.03 10:43:38 | 013,562,257 | ---- | C] () -- C:\Users\yourajassef\Desktop\mbar-1.01.0.1017.zip
[2013.02.03 10:41:45 | 000,013,997 | ---- | C] () -- C:\Users\yourajassef\Desktop\S+TOdLM+.htm.part.htm
[2013.02.02 21:05:36 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.02 13:48:32 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.02 13:11:15 | 3219,173,376 | -HS- | C] () -- C:\hiberfil.sys
[2013.01.30 22:39:24 | 000,001,911 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.01.27 01:01:43 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2013.01.25 21:47:40 | 517,202,359 | ---- | C] () -- C:\Users\yourajassef\Documents\IMG_2641.wmv
[2013.01.25 21:28:24 | 308,036,647 | ---- | C] () -- C:\Users\yourajassef\Documents\IMG_2665.wmv
[2013.01.25 16:54:42 | 000,057,656 | ---- | C] () -- C:\Windows\System32\drivers\OEM02Pvc.bmp
[2013.01.25 16:54:41 | 000,057,656 | ---- | C] () -- C:\Windows\System32\drivers\OEM02PC.bmp
[2013.01.25 16:54:40 | 000,260,330 | ---- | C] () -- C:\Windows\System32\OEM02Cvw.bff
[2013.01.25 16:54:37 | 000,004,510 | ---- | C] () -- C:\Windows\OEM002.uns
[2013.01.24 22:48:18 | 000,044,135 | ---- | C] () -- C:\Users\yourajassef\Desktop\aaaa.jpg
[2013.01.24 20:12:01 | 060,964,084 | ---- | C] () -- C:\Users\yourajassef\Desktop\ButKachani.wmv
[2013.01.24 19:28:41 | 001,972,106 | ---- | C] () -- C:\Users\yourajassef\Desktop\1 (970).JPG
[2013.01.24 17:58:08 | 000,000,776 | ---- | C] () -- C:\Users\yourajassef\Desktop\Movier.lnk
[2013.01.24 17:57:10 | 007,850,112 | ---- | C] () -- C:\Users\yourajassef\Desktop\Movier-Installer_1.0.17.exe
[2013.01.24 17:40:41 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Free Video Cutter.lnk
[2013.01.14 21:51:56 | 003,741,925 | ---- | C] () -- C:\Users\yourajassef\Desktop\TvQuran.com__112.mp3
[2013.01.06 19:14:38 | 000,000,957 | ---- | C] () -- C:\Users\yourajassef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.08.26 21:16:49 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2012.06.25 19:45:16 | 000,004,096 | -H-- | C] () -- C:\Users\yourajassef\AppData\Local\keyfile3.drm
[2012.03.16 17:47:49 | 000,010,639 | ---- | C] () -- C:\Users\yourajassef\Yotahri_elster_2048.pfx
[2012.01.15 22:10:48 | 000,000,263 | ---- | C] () -- C:\Users\yourajassef\.swfinfo
[2012.01.11 00:27:52 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2012.01.10 19:05:19 | 000,001,263 | ---- | C] () -- C:\Windows\isxdlge2.ini
[2011.12.08 19:35:53 | 000,000,600 | ---- | C] () -- C:\Users\yourajassef\AppData\Roaming\winscp.rnd
[2011.10.23 12:54:54 | 000,001,492 | ---- | C] () -- C:\Users\yourajassef\.recently-used.xbel
[2011.08.03 09:03:53 | 000,000,552 | ---- | C] () -- C:\Users\yourajassef\AppData\Local\d3d8caps.dat
[2011.06.22 21:24:52 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.06.13 10:59:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.06.13 10:59:30 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.06.12 21:02:04 | 000,123,728 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.04.24 13:48:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.04.24 13:40:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.04.24 13:40:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.04.05 12:26:22 | 000,032,441 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.04.05 12:00:05 | 000,203,776 | ---- | C] () -- C:\Users\yourajassef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.05 11:58:17 | 000,032,441 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.04.04 15:33:01 | 000,000,680 | ---- | C] () -- C:\Users\yourajassef\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\yourajassef\Desktop\raja 3- 0 Fus 16.09.2012 -m2.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\yourajassef\Desktop\JAMELC~1.AVI:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\yourajassef\Desktop\10062009080.mp4:TOC.WMV

< End of report >
         
Extras:

Code:
ATTFilter
OTL Extras logfile created on: 04.02.2013 22:13:39 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\yourajassef\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,21% Memory free
6,19 Gb Paging File | 4,79 Gb Available in Paging File | 77,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 9,55 Gb Free Space | 9,78% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 8,21 Gb Free Space | 8,41% Space Free | Partition Type: NTFS
Drive E: | 102,78 Gb Total Space | 7,43 Gb Free Space | 7,23% Space Free | Partition Type: NTFS
Drive F: | 232,83 Gb Total Space | 15,68 Gb Free Space | 6,73% Space Free | Partition Type: FAT32
 
Computer Name: YOURAJASSEF-PC | User Name: yourajassef | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03059126-6CB4-43D4-BDBF-A031107EE97F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0B7F8B21-2A74-4082-9372-684D7122EB81}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{0CCEF4AE-27CB-4080-BEC4-FD846619BE95}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0E37FEEC-1FCD-4C39-BFFD-DD595BF45421}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0E76D8F8-782D-4A6A-AB9E-D7649CCA4AFF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{10BD1224-E1C8-48B9-8699-5B6C0441E59D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{12DFFAA0-E077-4ABD-AB27-36862BBF45A6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{187FE10B-8F38-440C-9ACD-9029BB25C9CA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{1E8C8A76-7896-4A87-8BD1-B2F5079AD86F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3E440A65-6FCA-4DF4-914E-DF6DC60F3FB6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{628EEA2D-5A36-47B2-96B4-B19546B9AC4F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{67787834-6546-4EC1-A3AD-28E8E21386D0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7A5E3E13-2F4F-4CF1-A1F2-816B2FEC7583}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A785ACBC-24F8-4853-A93C-F210E005D510}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B1DEAD7F-7E11-416D-B489-BBDA1101C6D4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D5414D7E-4DC2-4E0F-819F-42F4356748B3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D5C703C8-0550-4451-BB88-8D259E9750E4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E6E55199-771C-4DB7-8E6A-AEB7FE1A4110}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F423E876-25CB-45B8-9F66-A1610849AA51}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F985D30C-FD70-4043-AD52-A2F4A693538A}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18B9229E-CF8C-4420-A006-3C8B5955034E}" = dir=in | app=c:\users\youraj~1\appdata\local\temp\ibtmp213d533\component_342.decrpt | 
"{261DBC74-3451-4850-89E4-81BECCF6861C}" = protocol=17 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe | 
"{2651EC9D-F3C3-4F9E-9C97-818C4AC43F33}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2856D390-C4BC-42C0-B8F3-A3381B1E9AC8}" = protocol=17 | dir=in | app=c:\program files\easy downloads\easydownloads.exe | 
"{30ADEDB5-3245-4EF7-B05D-6F30D8A3241F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{40451F3E-A74C-46F7-B4E2-008A3C06C157}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{470A4959-9ADC-439D-92F3-6142251560EE}" = protocol=17 | dir=in | app=c:\program files\easy downloads\easydl.exe | 
"{48F1EFF5-6471-4181-9D21-CCDF7797A944}" = protocol=17 | dir=in | app=c:\users\yourajassef\appdata\roaming\dropbox\bin\dropbox.exe | 
"{4ACB4E8C-FE60-40F5-A2DF-DF55DD5C2E82}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5A0334E3-B647-417D-9D41-ADF77E688183}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{648D75E2-1F6E-49D4-A6EB-2D0F2BFD1731}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{6578C3B4-5D10-45A2-917A-565B3F4D480F}" = dir=in | app=c:\users\youraj~1\appdata\local\temp\ibtmp213d533\component_369 | 
"{6781C032-630A-4818-9292-F95242C80CA1}" = protocol=6 | dir=in | app=c:\users\yourajassef\desktop\pes\pes2011.exe | 
"{73408EAF-25B4-4A5F-AE30-0051CB77F774}" = protocol=6 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe | 
"{95B99259-8009-453C-9ECC-4F38AF51DF3B}" = protocol=6 | dir=in | app=c:\users\yourajassef\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9B885F6A-24B3-4ACD-9A84-30C384111DFF}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{9EBDC443-74F4-4D0C-A91A-B9393FB0A71C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{A0B9E01E-5FC5-48BC-8BFD-A709CBEE41B9}" = dir=in | app=c:\users\youraj~1\appdata\local\temp\ibtmp213d533\component_567 | 
"{A25FE531-6D3E-4F95-B07B-FD2A1BAB9B48}" = dir=in | app=c:\users\youraj~1\appdata\local\temp\ibtmp213d533\component_369 | 
"{B60E8BA6-AFBD-4E9D-B209-198C3AFD0163}" = protocol=17 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe | 
"{B6A47838-D0D5-4364-A387-13D997D89A32}" = protocol=6 | dir=in | app=c:\program files\easy downloads\easydl.exe | 
"{BABBB2F6-5058-4EA9-B701-728080B535AD}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{BEC041D9-A012-41B9-8AC4-03CBB5B42001}" = dir=in | app=c:\users\youraj~1\appdata\local\temp\ibtmp213d533\component_369 | 
"{C5C29834-B4F6-4759-9471-CA36315F77E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D2E028F3-F996-441A-BEDC-0A87F5FFD4D0}" = protocol=17 | dir=in | app=c:\users\yourajassef\desktop\pes\pes2011.exe | 
"{D6099798-7299-4B17-A0C0-8983D2840062}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D73FBB7C-B072-492B-B67C-E4FA8580B18D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E6AB0DCB-90AD-4C8D-8A04-F2B58F5069EB}" = protocol=6 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe | 
"{EA95D05E-86B8-49F4-A5FB-36C57101EB41}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EBE65627-A1E6-4CDD-BC20-9B5106B60B29}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{F850F406-90DE-4BC4-8AEE-69C68551C48C}" = protocol=6 | dir=in | app=c:\program files\easy downloads\easydownloads.exe | 
"{F8C420A5-E8FA-4042-9514-642D22E4169B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"TCP Query User{1D5B9381-49CD-4086-A89F-773343E8CBB5}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{609405B5-C1A5-4F34-A1DD-CDA441D16613}C:\program files\lowratevoip.com\lowratevoip\lowratevoip.exe" = protocol=6 | dir=in | app=c:\program files\lowratevoip.com\lowratevoip\lowratevoip.exe | 
"TCP Query User{6A88EBBE-CEC1-48E2-83F7-BF7E964E6743}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{75324174-AC0F-4895-9DEA-ECF0E9FEF07E}C:\program files\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\fifa 12\game\fifa.exe | 
"TCP Query User{90313453-931D-4041-958B-36DF9157B760}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{AF4401F7-5ABA-4C08-B715-87FC5D3312DA}C:\program files\simpletv\tv.exe" = protocol=6 | dir=in | app=c:\program files\simpletv\tv.exe | 
"TCP Query User{BB3D3209-D9D1-4A04-A025-DA4F42BD8A2C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{DCAE5AC3-A323-4CE1-8F11-28B0BCCB310E}C:\users\yourajassef\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\yourajassef\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{DDB854CB-04AD-427C-99EA-42A735B0F456}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{E68532B8-F64D-401C-8322-878BFD7BE043}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{05799B4A-5711-44C5-9EC2-780BE9EBA0BB}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{3863BAD4-800E-4ACF-A456-97F54A822526}C:\program files\lowratevoip.com\lowratevoip\lowratevoip.exe" = protocol=17 | dir=in | app=c:\program files\lowratevoip.com\lowratevoip\lowratevoip.exe | 
"UDP Query User{4FE613CE-7DDF-4300-B60F-C4B40D74812C}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{58DAD19B-4608-4BA8-A5D6-8362CF911FCD}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{611B2B63-935B-491C-8CE5-A5AD6864120F}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{62C78A7E-4986-4E53-B3ED-2A1D462B99AD}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{7553BA3D-DA51-4F85-B52A-6C4B7AE4BAC6}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{A441A6BF-BF0E-4C75-BA5F-05813FB34C5A}C:\program files\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\fifa 12\game\fifa.exe | 
"UDP Query User{C78FEF38-D2F3-4FD2-8B7E-68A08EF7ED52}C:\program files\simpletv\tv.exe" = protocol=17 | dir=in | app=c:\program files\simpletv\tv.exe | 
"UDP Query User{EAB7AA71-AD5F-400A-B8D1-1FD59636D9C1}C:\users\yourajassef\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\yourajassef\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 30
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A513029-E500-4A1C-8809-8D58B5546E7F}" = AusweisApp
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C411EF9-6EBA-46E3-8132-EDADF1CC0B16}" = SCR3xxx Smart Card Reader
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3DF3D05-DE2A-476A-A384-08FCD58D9FE7}" = USB Game Controller
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F32ED8B1-2442-4B0E-8DEC-3F3BFC1C2B7F}" = mCPlug
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AliceHilfe 1.0.0.1" = AliceHilfe
"AVS Media Player_is1" = AVS Media Player 4.1.7.92
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Chipcardmaster_is1" = Chipcardmaster 6.86
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)  
"DELL Webcam Center" = DELL Webcam Center
"DELL Webcam Manager" = DELL Webcam Manager
"ElsterFormular 13.1.0.8394p" = ElsterFormular
"f42012" = f4 2012
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"ImgBurn" = ImgBurn
"KVK Viewer" = KVK Viewer
"LowRateVoip_is1" = LowRateVoip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Movier" = Movier 1.0.17
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenVPN" = OpenVPN 2.1.3
"ProInst" = Intel(R) PROSet/Wireless Software
"SopCast" = SopCast 3.0.3
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"winscp3_is1" = WinSCP 4.3.5
"WinX Free MOV to WMV Converter_is1" = WinX Free MOV to WMV Converter 4.1.3
"Xvid Video Codec 1.3.1" = Xvid Video Codec
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 31.01.2013 14:11:46 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1450
 
Error - 31.01.2013 14:11:47 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 31.01.2013 14:11:47 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2574
 
Error - 31.01.2013 14:11:47 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2574
 
Error - 31.01.2013 14:11:48 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 31.01.2013 14:11:48 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3744
 
Error - 31.01.2013 14:11:48 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3744
 
Error - 31.01.2013 14:11:49 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 31.01.2013 14:11:49 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4851
 
Error - 31.01.2013 14:11:49 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4851
 
[ Media Center Events ]
Error - 20.12.2011 18:04:10 | Computer Name = yourajassef-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 20.12.2011 18:04:25 | Computer Name = yourajassef-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 20.12.2011 18:10:30 | Computer Name = yourajassef-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 04.02.2013 08:48:22 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.02.2013 09:28:08 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.02.2013 09:28:08 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.02.2013 09:28:08 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.02.2013 13:57:01 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 04.02.2013 14:01:10 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 04.02.2013 14:04:43 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 04.02.2013 17:08:42 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.02.2013 17:08:42 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.02.2013 17:08:42 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
Vielen Dank

Geändert von yourajassef (04.02.2013 um 22:25 Uhr)

Antwort

Themen zu Polizei Virus
adware.clickpotato, adware.dropper, adware.easydownloads, adware.hotbar, adware.hotbar.cp, adware.scanquery, adware.seeearch, adware.shopperreports, computer gesperrt, forum, malware.trace, polizei, polizei virus, shopperreports, spyware.zbot.ed, theme, verschlüsselungs-trojaner, virus.expiro, vista 32, windows vista



Ähnliche Themen: Polizei Virus


  1. Polizei virus
    Plagegeister aller Art und deren Bekämpfung - 21.08.2013 (9)
  2. Polizei Virus
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (23)
  3. Polizei-Virus Win XP
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (20)
  4. Polizei Virus
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (10)
  5. Polizei Virus
    Plagegeister aller Art und deren Bekämpfung - 20.10.2012 (28)
  6. Polizei Virus 5.2
    Plagegeister aller Art und deren Bekämpfung - 20.10.2012 (4)
  7. Polizei Virus
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (4)
  8. Polizei Virus
    Plagegeister aller Art und deren Bekämpfung - 29.09.2012 (14)
  9. Polizei Virus
    Log-Analyse und Auswertung - 27.09.2012 (3)
  10. Polizei Virus
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (13)
  11. Polizei Virus Neu?
    Plagegeister aller Art und deren Bekämpfung - 05.09.2012 (1)
  12. Polizei Virus 5.2
    Plagegeister aller Art und deren Bekämpfung - 23.08.2012 (11)
  13. Polizei Einheit 5.2 Virus Österreich Virus
    Log-Analyse und Auswertung - 05.08.2012 (14)
  14. Polizei Virus 5.2
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  15. ----- Polizei Virus -----
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (11)
  16. Task-manager durch virus blockiert, Polizei-virus
    Log-Analyse und Auswertung - 02.04.2012 (1)
  17. Polizei virus
    Log-Analyse und Auswertung - 18.04.2011 (1)

Zum Thema Polizei Virus - Hallo Trojaner-Board-Team, das hat mich auch erwischt : Polizei Virus der meinen Computer gesperrt hat. Ich habe schon auch schon ähnliche Themen sowie "Vorgehen beim Verschlüsselungs-Trojaner" im Forum gelesen. Ich - Polizei Virus...
Archiv
Du betrachtest: Polizei Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.