Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Polizei Virus (https://www.trojaner-board.de/130500-polizei-virus.html)

yourajassef 02.02.2013 14:03

Polizei Virus
 
Hallo Trojaner-Board-Team,
das hat mich auch erwischt : Polizei Virus der meinen Computer gesperrt hat.

Ich habe schon auch schon ähnliche Themen sowie "Vorgehen beim Verschlüsselungs-Trojaner" im Forum gelesen.

Ich habe Malwarebaytes installiert. Es wird jetzt durchgeführt (vollständiges Prüfen)

OTL habe ich auch installiert.

Ich habe Windows Vista 32 Bit

Ich bedanke mich für die Weiterhilfe

Viele Grüße

Youssef

cosinus 02.02.2013 17:43

:hallo:

Zitat:

Ich habe Malwarebaytes installiert. Es wird jetzt durchgeführt (vollständiges Prüfen)

OTL habe ich auch installiert.
Schön, toll, und wo sind die Logs dazu? :glaskugel:

yourajassef 02.02.2013 20:37

Hallo,
sorry das hat ewig gedauert bis der test fertig war.
Hier die Logs (Ich habe nichts gelöscht, OTL habe ich noch nicht ausgeführt. Ich warte auf Eure Anweisungen):

Code:

Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.02.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
yourajassef :: YOURAJASSEF-PC [Administrator]

Schutz: Aktiviert

02.02.2013 13:52:10
MBAM-log-2013-02-02 (20-35-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 444089
Laufzeit: 2 Stunde(n), 11 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 67
HKCR\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Keine Aktion durchgeführt.
HKCR\CLSID\{396CFC12-932D-496b-A0A8-5D7201E105E1} (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{573F4ABB-A1A2-44ED-9BA9-A8DAD40AAC46} (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F} (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\CLSID\{74C22317-5B90-471f-9AD2-FEC049870A16} (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.Scopes (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Keine Aktion durchgeführt.
HKCR\ClickPotatoLiteAx.Info (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\ClickPotatoLiteAx.Info.1 (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.Dwnldr (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.HbAx (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.HbAx.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.HbGuru (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.HbInfoBand (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.IEButton (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.IEButton.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.IEButtonA (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.ReportData (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.Reporter (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.RprtCtrl (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.Stock (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.Stock.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\AppID\CmndFF.DLL (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\AppID\mozillaps.dll (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCU\Software\clickpotatolitesa (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|ShopperReports 3.1.69.0 (Adware.HotBar) -> Daten:  -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E8790771B5765B5A37AD97 (Malware.Trace) -> Daten:  -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|ShopperReports@ShopperReports.com (ShopperReports) -> Daten: C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Daten: C:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox\extensions -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 24
C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Users\yourajassef\AppData\Roaming\ClickPotatoLite (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Users\yourajassef\AppData\Roaming\ShopperReports3 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ClickPotatoLite (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Program Files\ClickPotatoLite\bin (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Program Files\ClickPotatoLite\bin\10.0.668.0 (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox\extensions (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox\extensions\plugins (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\chrome\content (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64} (Adware.ScanQuery) -> Keine Aktion durchgeführt.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome (Adware.ScanQuery) -> Keine Aktion durchgeführt.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults (Adware.ScanQuery) -> Keine Aktion durchgeführt.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults\preferences (Adware.ScanQuery) -> Keine Aktion durchgeführt.

Infizierte Dateien: 44
C:\Program Files\ShopperReports3\bin\3.1.69.0\CmndFF.dll (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Users\yourajassef\wgsdgsdgdsgsd.exe (Spyware.Zbot.ED) -> Keine Aktion durchgeführt.
C:\Users\yourajassef\AppData\Local\Temp\RarSFX0\MegaplaySetup.exe (Adware.Seeearch) -> Keine Aktion durchgeführt.
C:\Users\yourajassef\AppData\Local\Temp\RarSFX0\seeearch.exe (Adware.Dropper) -> Keine Aktion durchgeführt.
C:\Users\yourajassef\AppData\Local\Temp\RarSFX1\MegaplaySetup.exe (Adware.Seeearch) -> Keine Aktion durchgeführt.
C:\Users\yourajassef\AppData\Local\Temp\RarSFX1\seeearch.exe (Adware.Dropper) -> Keine Aktion durchgeführt.
C:\Users\yourajassef\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\65a237f5-716f3b3f (Spyware.Zbot.ED) -> Keine Aktion durchgeführt.
C:\Users\yourajassef\Downloads\Neuer Ordner\Megaplayer.exe (Adware.Seeearch) -> Keine Aktion durchgeführt.
C:\Users\yourajassef\Downloads\Neuer Ordner\fifa_12_iphone_rar_downloader.exe (Adware.EasyDownloads) -> Keine Aktion durchgeführt.
D:\usb micha\Programme\Ptedit50\Addins\AddinSet.exe (Virus.Expiro) -> Keine Aktion durchgeführt.
D:\von festplatte\Windows 7\expandedSetup\boot\bootsect.exe (Virus.Expiro) -> Keine Aktion durchgeführt.
D:\von festplatte\Windows 7\expandedSetup\sources\dism.exe (Virus.Expiro) -> Keine Aktion durchgeführt.
D:\von festplatte\Windows 7\expandedSetup\sources\dismhost.exe (Virus.Expiro) -> Keine Aktion durchgeführt.
D:\von festplatte\Windows 7\expandedSetup\sources\rollback.exe (Virus.Expiro) -> Keine Aktion durchgeführt.
D:\von festplatte\Windows 7\expandedSetup\sources\setup.exe (Virus.Expiro) -> Keine Aktion durchgeführt.
D:\von festplatte\Windows 7\expandedSetup\sources\dlmanifests\microsoft-windows-iasserver-migplugin\iasmigreader.exe (Virus.Expiro) -> Keine Aktion durchgeführt.
D:\von festplatte\Windows 7\expandedSetup\support\migwiz\mighost.exe (Virus.Expiro) -> Keine Aktion durchgeführt.
D:\von festplatte\Windows 7\expandedSetup\support\migwiz\migwiz.exe (Virus.Expiro) -> Keine Aktion durchgeführt.
D:\von festplatte\Windows 7\expandedSetup\support\migwiz\postmig.exe (Virus.Expiro) -> Keine Aktion durchgeführt.
D:\von festplatte\Windows 7\expandedSetup\support\migwiz\cable\cableinst.exe (Virus.Expiro) -> Keine Aktion durchgeführt.
D:\von festplatte\Windows 7\expandedSetup\support\tools\gbunicnv.exe (Virus.Expiro) -> Keine Aktion durchgeführt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0\link.ico (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\chrome\content\infopane.js (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\chrome\content\InfoPane.xul (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\components\BrowserExtensionFF.dll (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\components\BrowserExtensionFF.xpt (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\About Us.lnk (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\Customer Support.lnk (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome.manifest (Adware.ScanQuery) -> Keine Aktion durchgeführt.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\install.rdf (Adware.ScanQuery) -> Keine Aktion durchgeführt.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome\scanquery.jar (Adware.ScanQuery) -> Keine Aktion durchgeführt.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults\preferences\prefs.js (Adware.ScanQuery) -> Keine Aktion durchgeführt.

(Ende)

Hallo Trojaner-board-Team,

nun habe ich auch OTL durchgeführt. Hier sind die 2 Logs:

Vielen Dank im Voraus

OTL:

Code:

OTL logfile created on: 02.02.2013 22:23:51 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\yourajassef\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 28,09% Memory free
6,19 Gb Paging File | 3,70 Gb Available in Paging File | 59,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 10,40 Gb Free Space | 10,65% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 8,20 Gb Free Space | 8,39% Space Free | Partition Type: NTFS
Drive E: | 102,78 Gb Total Space | 7,43 Gb Free Space | 7,23% Space Free | Partition Type: NTFS
Drive F: | 232,83 Gb Total Space | 15,52 Gb Free Space | 6,66% Space Free | Partition Type: FAT32
 
Computer Name: YOURAJASSEF-PC | User Name: yourajassef | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\yourajassef\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\yourajassef\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\McAfee Security Scan\3.0.313\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee Security Scan\3.0.313\McCHSvc.exe (McAfee, Inc.)
PRC - C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Programme\Dell\DELL Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.313\McCHSvc.exe (McAfee, Inc.)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (Netaapl) -- system32\DRIVERS\netaapl.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (gqorbfjs) -- C:\Windows\system32\drivers\gqorbfjs.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=342&systemid=406&sr=0&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dimadimaraja.com/
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AA 01 10 1C D1 02 CC 01  [binary data]
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100842&mntrId=ee08035c00000000000000ff6ecd1ed9
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=342&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\..\SearchScopes\{A89B7D27-C3ED-4FAA-83E3-02E014612E5F}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = hxxp://10.5.0.253:3128
 
========== FireFox ==========
 
FF - prefs.js..CT2319825.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.rajacasablanca.com"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: ClickPotatoLite%40ClickPotatoLite.com:10.0.668.0
FF - prefs.js..extensions.enabledAddons: %7BDE9265D8-D55D-4286-9DC4-F8D8A0CA2F64%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\PROGRA~1\MOZILL~1\plugins\NpFv522.dll (1 mal 1 Software GmbH)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ShopperReports@ShopperReports.com: C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions [2011.04.27 19:58:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox\extensions [2011.04.27 19:58:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F3D26C8-9907-48ff-BC74-B8C572D317BF}: C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win [2012.01.05 18:01:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F0963A3-1658-4fde-9585-23A25CC288BF}: C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win [2012.01.05 18:01:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.28 11:49:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.27 01:01:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.27 01:01:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox [2011.04.28 22:53:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Users\yourajassef\AppData\Roaming\Mozilla\Firefox\Profiles/gfjmy2pc.default\extensions\specialsavings@superfish.com [2012.10.20 19:37:54 | 000,000,000 | ---D | M]
 
[2012.05.20 20:10:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yourajassef\AppData\Roaming\mozilla\Extensions
[2012.12.14 20:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yourajassef\AppData\Roaming\mozilla\Firefox\Profiles\gfjmy2pc.default\extensions
[2012.10.20 19:37:54 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\yourajassef\AppData\Roaming\mozilla\Firefox\Profiles\gfjmy2pc.default\extensions\specialsavings@superfish.com
[2012.12.14 20:12:12 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\yourajassef\AppData\Roaming\mozilla\firefox\profiles\gfjmy2pc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.10.04 20:02:36 | 000,002,101 | ---- | M] () -- C:\Users\yourajassef\AppData\Roaming\mozilla\firefox\profiles\gfjmy2pc.default\searchplugins\googlede.xml
[2013.01.19 18:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.01.19 18:48:06 | 000,000,000 | ---D | M] (ScanQuery) -- C:\Programme\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}
[2011.04.27 19:58:46 | 000,000,000 | ---D | M] (ClickPotatoLite Component) -- C:\PROGRAM FILES\CLICKPOTATOLITE\BIN\10.0.668.0\FIREFOX\EXTENSIONS
[2013.01.19 18:48:06 | 000,000,000 | ---D | M] (ScanQuery) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}
[2011.04.09 00:19:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013.01.19 18:48:40 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.09.21 11:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll
[2012.05.28 11:48:40 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012.06.09 13:26:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.04 12:00:04 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.08.31 16:29:41 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.09 13:26:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.09 13:26:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.10 22:24:41 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012.06.09 13:26:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.09 13:26:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (eCard Client Initiator) - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Programme\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000..\Run: [DELL Webcam Manager] C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000..\Run: [svñhîst] C:\Users\yourajassef\wgsdgsdgdsgsd.exe ()
O4 - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000..\Run: [Xvid] C:\Programme\Xvid\CheckUpdate.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\yourajassef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\yourajassef\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2027C885-E4F7-4ACC-92F8-0EF34481D55D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32AA4F81-6594-4EEB-A8DF-E8758EAA08D1}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6ECD1ED9-2AF2-49AD-92B3-53112338A2BC}: DhcpNameServer = 134.108.34.5 134.108.34.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7684A6C-BDED-4E33-8A09-976C4CE9B654}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O24 - Desktop WallPaper: C:\Users\yourajassef\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\yourajassef\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.02 21:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.02 21:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.02.02 21:05:30 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.02.02 14:16:52 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\Desktop\ddd
[2013.02.02 13:51:41 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.02.02 13:48:41 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Roaming\Malwarebytes
[2013.02.02 13:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.02 13:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.02 13:48:24 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.02.02 13:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.02.02 13:29:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\yourajassef\Desktop\OTL.exe
[2013.02.02 11:36:16 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{FA64E702-B458-40E3-9168-E40E168717C0}
[2013.02.01 15:30:51 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{84734E89-DCEA-416B-95DD-4901C7B8D5CF}
[2013.01.31 18:47:23 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{4E7C9939-30D0-470A-AE68-62608B9CAD1C}
[2013.01.30 22:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.01.30 16:31:33 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{F7CEB9F6-B0B1-4FDF-93F1-717F1C65F9FD}
[2013.01.29 22:58:11 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{F6CE08B8-61F3-41C7-8167-BB28A32692A9}
[2013.01.28 21:09:14 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{483C6E8A-58E3-4FDC-AFD0-6DDB9A87BC2F}
[2013.01.28 07:50:37 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{8A8D83FB-69B8-47AC-8F24-AB24CAE95D81}
[2013.01.27 10:19:23 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{61DE3AA7-E19B-41D9-80F4-DBE6A0A7976B}
[2013.01.27 01:11:13 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\Documents\DELL Webcam Center
[2013.01.27 01:11:03 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Roaming\Creative
[2013.01.27 01:01:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Reallusion
[2013.01.27 01:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Reallusion
[2013.01.27 00:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2013.01.27 00:59:45 | 005,627,904 | ---- | C] (Reallusion Inc.) -- C:\Windows\System32\LiveCamVirtual.ocx
[2013.01.27 00:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative
[2013.01.27 00:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\Creative Live! Cam
[2013.01.27 00:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL
[2013.01.27 00:57:53 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2013.01.26 18:14:01 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{6B17BB85-6FC3-4665-B020-4FED96DE1CCF}
[2013.01.25 21:10:46 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\Desktop\25.01.2013
[2013.01.25 20:58:08 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{F141443B-E818-4EC7-9A8F-1485D7F06711}
[2013.01.25 17:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam
[2013.01.25 16:54:42 | 000,024,576 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\OEM02Srv.exe
[2013.01.25 16:54:42 | 000,007,424 | ---- | C] (EyePower Games Pte. Ltd.) -- C:\Windows\System32\drivers\OEM02Vfx.sys
[2013.01.25 16:54:41 | 000,235,520 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\OEM02Dev.sys
[2013.01.25 16:54:41 | 000,040,960 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\OEM02Pin.dll
[2013.01.25 16:54:41 | 000,036,864 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
[2013.01.25 16:54:41 | 000,032,768 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\OEM02Hwx.dll
[2013.01.25 16:54:41 | 000,020,480 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\OEM02Pin.crl
[2013.01.25 16:54:40 | 000,385,024 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\OEM02Cvw.dll
[2013.01.25 16:54:40 | 000,331,776 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\OEM02Cvw.crl
[2013.01.25 16:54:38 | 000,028,672 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\OEM02Cfg.exe
[2013.01.25 16:54:37 | 000,141,376 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\OEM02Afx.sys
[2013.01.25 16:54:30 | 000,036,864 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\CtCamMgr.dll
[2013.01.25 08:13:32 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{F830E3BE-2CEC-494D-9EF5-1A3E422FC67E}
[2013.01.24 19:39:09 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{4F91E7A1-7D33-4E10-AB89-ECA7FE71DABE}
[2013.01.24 17:58:26 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Roaming\Movier
[2013.01.24 17:58:07 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movier
[2013.01.24 17:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movier
[2013.01.24 17:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\Movier
[2013.01.24 17:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Cutter
[2013.01.24 17:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\FreeVideoCutter.exe
[2013.01.24 17:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
[2013.01.24 17:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
[2013.01.24 07:38:28 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{A16A40D4-94D1-41F1-BF80-8A8C98A29624}
[2013.01.23 16:30:42 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{BC1D8181-AEF0-4C0F-B015-50899F0A6B9B}
[2013.01.22 22:56:00 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{4BD4BFFB-5CB8-40B4-AF7E-5435D9C4CD91}
[2013.01.22 07:09:16 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{8CE1F9D2-0DCA-4226-AF88-824286F2D47B}
[2013.01.21 13:03:29 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{0DE0DBD8-B77E-4E8B-A059-38215C7B982C}
[2013.01.20 22:28:21 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\Desktop\raja turquie
[2013.01.19 18:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.19 18:29:01 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{8921E137-2CD3-4C9E-B033-966E09F1CB3C}
[2013.01.18 20:30:31 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{743F50AF-CCD7-474B-AEC7-B981EBE2B5D4}
[2013.01.16 21:09:32 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{F2EDB183-C9BE-420E-A93E-121C9AEEF1B1}
[2013.01.15 07:14:16 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{3867AAA0-5425-42F5-B084-DFC3002507CD}
[2013.01.14 19:14:00 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{D2018EA6-E7FF-4B84-8AFC-C4D3ED236647}
[2013.01.13 12:20:04 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{6D8F47C2-846A-488C-879D-2DBA678B11E5}
[2013.01.12 11:59:15 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{A5125E27-51D3-4AB2-9E0D-BA58B0E8B9AD}
[2013.01.11 21:45:53 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{E8A54474-05F4-4E7B-8238-CF9E1FCF1464}
[2013.01.10 21:23:09 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{3137AC19-5A43-4F92-856F-0F39813E2BB1}
[2013.01.09 19:58:50 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.09 19:58:30 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013.01.09 19:45:17 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{475B9CA3-694E-4D8A-B7A8-8F1E54CCD231}
[2013.01.08 20:34:30 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{EF7D25D6-447D-43BA-B90C-39878FB941E3}
[2013.01.07 16:47:44 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{9656D099-B7BE-47AF-AADE-F3F45B5AF0BB}
[2013.01.06 19:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013.01.06 14:56:26 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{F5BEC2D7-07DE-4C5A-956B-5AB181480BF4}
[2013.01.05 23:15:34 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{E7336A64-AEF3-43C6-B458-694F382F2977}
[2013.01.05 11:15:18 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{2D07432B-D6F3-42D7-B7D8-1F968C054814}
[2013.01.04 21:34:38 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{6FCC1796-F8A5-47C7-B955-CB3D4B41F3A3}
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.02 22:19:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.02 21:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.02 21:11:24 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.02 21:11:24 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.02 21:05:36 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.02 16:19:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.02 13:51:41 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.02.02 13:48:32 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.02 13:29:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\yourajassef\Desktop\OTL.exe
[2013.02.02 13:18:03 | 000,032,441 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.02.02 13:17:58 | 000,032,441 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.02.02 13:17:58 | 000,002,473 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
[2013.02.02 13:11:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.02 13:11:15 | 3217,113,088 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.02 12:24:00 | 000,095,744 | RHS- | M] () -- C:\Users\yourajassef\wgsdgsdgdsgsd.exe
[2013.02.02 12:00:01 | 000,203,776 | ---- | M] () -- C:\Users\yourajassef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.31 09:35:35 | 000,632,530 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.31 09:35:35 | 000,599,188 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.31 09:35:35 | 000,127,566 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.31 09:35:35 | 000,105,202 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.30 22:39:24 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.01.30 22:39:24 | 000,001,911 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.01.30 11:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.01.27 13:27:24 | 000,000,680 | ---- | M] () -- C:\Users\yourajassef\AppData\Local\d3d9caps.dat
[2013.01.27 01:01:43 | 000,000,076 | RHS- | M] () -- C:\Windows\CT4CET.bin
[2013.01.26 23:28:36 | 000,044,135 | ---- | M] () -- C:\Users\yourajassef\Desktop\aaaa.jpg
[2013.01.25 21:53:28 | 517,202,359 | ---- | M] () -- C:\Users\yourajassef\Documents\IMG_2641.wmv
[2013.01.25 21:31:10 | 308,036,647 | ---- | M] () -- C:\Users\yourajassef\Documents\IMG_2665.wmv
[2013.01.24 22:50:37 | 000,000,957 | ---- | M] () -- C:\Users\yourajassef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.24 22:49:46 | 000,000,937 | ---- | M] () -- C:\Users\yourajassef\Desktop\Dropbox.lnk
[2013.01.24 20:13:45 | 060,964,084 | ---- | M] () -- C:\Users\yourajassef\Desktop\ButKachani.wmv
[2013.01.24 17:58:08 | 000,000,776 | ---- | M] () -- C:\Users\yourajassef\Desktop\Movier.lnk
[2013.01.24 17:57:45 | 007,850,112 | ---- | M] () -- C:\Users\yourajassef\Desktop\Movier-Installer_1.0.17.exe
[2013.01.24 17:40:42 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Free Video Cutter.lnk
[2013.01.16 23:54:43 | 268,922,635 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.14 21:52:07 | 003,741,925 | ---- | M] () -- C:\Users\yourajassef\Desktop\TvQuran.com__112.mp3
[2013.01.10 21:59:18 | 000,374,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.08 21:35:31 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.01.08 21:35:31 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013.02.02 21:05:36 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.02 13:48:32 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.02 13:11:15 | 3217,113,088 | -HS- | C] () -- C:\hiberfil.sys
[2013.02.02 12:24:00 | 000,095,744 | RHS- | C] () -- C:\Users\yourajassef\wgsdgsdgdsgsd.exe
[2013.01.30 22:39:24 | 000,001,911 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.01.27 01:01:43 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2013.01.25 21:47:40 | 517,202,359 | ---- | C] () -- C:\Users\yourajassef\Documents\IMG_2641.wmv
[2013.01.25 21:28:24 | 308,036,647 | ---- | C] () -- C:\Users\yourajassef\Documents\IMG_2665.wmv
[2013.01.25 16:54:42 | 000,057,656 | ---- | C] () -- C:\Windows\System32\drivers\OEM02Pvc.bmp
[2013.01.25 16:54:41 | 000,057,656 | ---- | C] () -- C:\Windows\System32\drivers\OEM02PC.bmp
[2013.01.25 16:54:40 | 000,260,330 | ---- | C] () -- C:\Windows\System32\OEM02Cvw.bff
[2013.01.25 16:54:37 | 000,004,510 | ---- | C] () -- C:\Windows\OEM002.uns
[2013.01.24 22:48:18 | 000,044,135 | ---- | C] () -- C:\Users\yourajassef\Desktop\aaaa.jpg
[2013.01.24 20:12:01 | 060,964,084 | ---- | C] () -- C:\Users\yourajassef\Desktop\ButKachani.wmv
[2013.01.24 19:28:41 | 001,972,106 | ---- | C] () -- C:\Users\yourajassef\Desktop\1 (970).JPG
[2013.01.24 17:58:08 | 000,000,776 | ---- | C] () -- C:\Users\yourajassef\Desktop\Movier.lnk
[2013.01.24 17:57:10 | 007,850,112 | ---- | C] () -- C:\Users\yourajassef\Desktop\Movier-Installer_1.0.17.exe
[2013.01.24 17:40:41 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Free Video Cutter.lnk
[2013.01.14 21:51:56 | 003,741,925 | ---- | C] () -- C:\Users\yourajassef\Desktop\TvQuran.com__112.mp3
[2013.01.06 19:14:38 | 000,000,957 | ---- | C] () -- C:\Users\yourajassef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.08.26 21:16:49 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2012.06.25 19:45:16 | 000,004,096 | -H-- | C] () -- C:\Users\yourajassef\AppData\Local\keyfile3.drm
[2012.03.16 17:47:49 | 000,010,639 | ---- | C] () -- C:\Users\yourajassef\Yotahri_elster_2048.pfx
[2012.01.15 22:10:48 | 000,000,263 | ---- | C] () -- C:\Users\yourajassef\.swfinfo
[2012.01.11 00:27:52 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2012.01.10 19:05:19 | 000,001,263 | ---- | C] () -- C:\Windows\isxdlge2.ini
[2011.12.08 19:35:53 | 000,000,600 | ---- | C] () -- C:\Users\yourajassef\AppData\Roaming\winscp.rnd
[2011.10.23 12:54:54 | 000,001,492 | ---- | C] () -- C:\Users\yourajassef\.recently-used.xbel
[2011.08.03 09:03:53 | 000,000,552 | ---- | C] () -- C:\Users\yourajassef\AppData\Local\d3d8caps.dat
[2011.06.22 21:24:52 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.06.13 10:59:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.06.13 10:59:30 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.06.12 21:02:04 | 000,123,728 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.04.24 13:48:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.04.24 13:40:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.04.24 13:40:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.04.05 12:26:22 | 000,032,441 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.04.05 12:00:05 | 000,203,776 | ---- | C] () -- C:\Users\yourajassef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.05 11:58:17 | 000,032,441 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.04.04 15:33:01 | 000,000,680 | ---- | C] () -- C:\Users\yourajassef\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\yourajassef\Desktop\raja 3- 0 Fus 16.09.2012 -m2.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\yourajassef\Desktop\JAMELC~1.AVI:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\yourajassef\Desktop\10062009080.mp4:TOC.WMV

< End of report >

und Extras:

Code:

OTL Extras logfile created on: 02.02.2013 22:23:51 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\yourajassef\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 28,09% Memory free
6,19 Gb Paging File | 3,70 Gb Available in Paging File | 59,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 10,40 Gb Free Space | 10,65% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 8,20 Gb Free Space | 8,39% Space Free | Partition Type: NTFS
Drive E: | 102,78 Gb Total Space | 7,43 Gb Free Space | 7,23% Space Free | Partition Type: NTFS
Drive F: | 232,83 Gb Total Space | 15,52 Gb Free Space | 6,66% Space Free | Partition Type: FAT32
 
Computer Name: YOURAJASSEF-PC | User Name: yourajassef | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03059126-6CB4-43D4-BDBF-A031107EE97F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0B7F8B21-2A74-4082-9372-684D7122EB81}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0CCEF4AE-27CB-4080-BEC4-FD846619BE95}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0E37FEEC-1FCD-4C39-BFFD-DD595BF45421}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0E76D8F8-782D-4A6A-AB9E-D7649CCA4AFF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{10BD1224-E1C8-48B9-8699-5B6C0441E59D}" = lport=137 | protocol=17 | dir=in | app=system |
"{12DFFAA0-E077-4ABD-AB27-36862BBF45A6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{187FE10B-8F38-440C-9ACD-9029BB25C9CA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1E8C8A76-7896-4A87-8BD1-B2F5079AD86F}" = rport=139 | protocol=6 | dir=out | app=system |
"{3E440A65-6FCA-4DF4-914E-DF6DC60F3FB6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{628EEA2D-5A36-47B2-96B4-B19546B9AC4F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{67787834-6546-4EC1-A3AD-28E8E21386D0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7A5E3E13-2F4F-4CF1-A1F2-816B2FEC7583}" = rport=138 | protocol=17 | dir=out | app=system |
"{A785ACBC-24F8-4853-A93C-F210E005D510}" = lport=138 | protocol=17 | dir=in | app=system |
"{B1DEAD7F-7E11-416D-B489-BBDA1101C6D4}" = lport=445 | protocol=6 | dir=in | app=system |
"{D5414D7E-4DC2-4E0F-819F-42F4356748B3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D5C703C8-0550-4451-BB88-8D259E9750E4}" = rport=137 | protocol=17 | dir=out | app=system |
"{E6E55199-771C-4DB7-8E6A-AEB7FE1A4110}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F423E876-25CB-45B8-9F66-A1610849AA51}" = lport=139 | protocol=6 | dir=in | app=system |
"{F985D30C-FD70-4043-AD52-A2F4A693538A}" = rport=445 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18B9229E-CF8C-4420-A006-3C8B5955034E}" = dir=in | app=c:\users\youraj~1\appdata\local\temp\ibtmp213d533\component_342.decrpt |
"{261DBC74-3451-4850-89E4-81BECCF6861C}" = protocol=17 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe |
"{2651EC9D-F3C3-4F9E-9C97-818C4AC43F33}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2856D390-C4BC-42C0-B8F3-A3381B1E9AC8}" = protocol=17 | dir=in | app=c:\program files\easy downloads\easydownloads.exe |
"{30ADEDB5-3245-4EF7-B05D-6F30D8A3241F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{40451F3E-A74C-46F7-B4E2-008A3C06C157}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{470A4959-9ADC-439D-92F3-6142251560EE}" = protocol=17 | dir=in | app=c:\program files\easy downloads\easydl.exe |
"{48F1EFF5-6471-4181-9D21-CCDF7797A944}" = protocol=17 | dir=in | app=c:\users\yourajassef\appdata\roaming\dropbox\bin\dropbox.exe |
"{4ACB4E8C-FE60-40F5-A2DF-DF55DD5C2E82}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5A0334E3-B647-417D-9D41-ADF77E688183}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{648D75E2-1F6E-49D4-A6EB-2D0F2BFD1731}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6578C3B4-5D10-45A2-917A-565B3F4D480F}" = dir=in | app=c:\users\youraj~1\appdata\local\temp\ibtmp213d533\component_369 |
"{6781C032-630A-4818-9292-F95242C80CA1}" = protocol=6 | dir=in | app=c:\users\yourajassef\desktop\pes\pes2011.exe |
"{73408EAF-25B4-4A5F-AE30-0051CB77F774}" = protocol=6 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe |
"{95B99259-8009-453C-9ECC-4F38AF51DF3B}" = protocol=6 | dir=in | app=c:\users\yourajassef\appdata\roaming\dropbox\bin\dropbox.exe |
"{9B885F6A-24B3-4ACD-9A84-30C384111DFF}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{9EBDC443-74F4-4D0C-A91A-B9393FB0A71C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A0B9E01E-5FC5-48BC-8BFD-A709CBEE41B9}" = dir=in | app=c:\users\youraj~1\appdata\local\temp\ibtmp213d533\component_567 |
"{A25FE531-6D3E-4F95-B07B-FD2A1BAB9B48}" = dir=in | app=c:\users\youraj~1\appdata\local\temp\ibtmp213d533\component_369 |
"{B60E8BA6-AFBD-4E9D-B209-198C3AFD0163}" = protocol=17 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe |
"{B6A47838-D0D5-4364-A387-13D997D89A32}" = protocol=6 | dir=in | app=c:\program files\easy downloads\easydl.exe |
"{BABBB2F6-5058-4EA9-B701-728080B535AD}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{BEC041D9-A012-41B9-8AC4-03CBB5B42001}" = dir=in | app=c:\users\youraj~1\appdata\local\temp\ibtmp213d533\component_369 |
"{C5C29834-B4F6-4759-9471-CA36315F77E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D2E028F3-F996-441A-BEDC-0A87F5FFD4D0}" = protocol=17 | dir=in | app=c:\users\yourajassef\desktop\pes\pes2011.exe |
"{D6099798-7299-4B17-A0C0-8983D2840062}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D73FBB7C-B072-492B-B67C-E4FA8580B18D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E6AB0DCB-90AD-4C8D-8A04-F2B58F5069EB}" = protocol=6 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe |
"{EA95D05E-86B8-49F4-A5FB-36C57101EB41}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EBE65627-A1E6-4CDD-BC20-9B5106B60B29}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F850F406-90DE-4BC4-8AEE-69C68551C48C}" = protocol=6 | dir=in | app=c:\program files\easy downloads\easydownloads.exe |
"{F8C420A5-E8FA-4042-9514-642D22E4169B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{1D5B9381-49CD-4086-A89F-773343E8CBB5}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{609405B5-C1A5-4F34-A1DD-CDA441D16613}C:\program files\lowratevoip.com\lowratevoip\lowratevoip.exe" = protocol=6 | dir=in | app=c:\program files\lowratevoip.com\lowratevoip\lowratevoip.exe |
"TCP Query User{6A88EBBE-CEC1-48E2-83F7-BF7E964E6743}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{75324174-AC0F-4895-9DEA-ECF0E9FEF07E}C:\program files\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\fifa 12\game\fifa.exe |
"TCP Query User{90313453-931D-4041-958B-36DF9157B760}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{AF4401F7-5ABA-4C08-B715-87FC5D3312DA}C:\program files\simpletv\tv.exe" = protocol=6 | dir=in | app=c:\program files\simpletv\tv.exe |
"TCP Query User{BB3D3209-D9D1-4A04-A025-DA4F42BD8A2C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{DCAE5AC3-A323-4CE1-8F11-28B0BCCB310E}C:\users\yourajassef\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\yourajassef\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{DDB854CB-04AD-427C-99EA-42A735B0F456}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{E68532B8-F64D-401C-8322-878BFD7BE043}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{05799B4A-5711-44C5-9EC2-780BE9EBA0BB}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{3863BAD4-800E-4ACF-A456-97F54A822526}C:\program files\lowratevoip.com\lowratevoip\lowratevoip.exe" = protocol=17 | dir=in | app=c:\program files\lowratevoip.com\lowratevoip\lowratevoip.exe |
"UDP Query User{4FE613CE-7DDF-4300-B60F-C4B40D74812C}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{58DAD19B-4608-4BA8-A5D6-8362CF911FCD}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{611B2B63-935B-491C-8CE5-A5AD6864120F}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{62C78A7E-4986-4E53-B3ED-2A1D462B99AD}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{7553BA3D-DA51-4F85-B52A-6C4B7AE4BAC6}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{A441A6BF-BF0E-4C75-BA5F-05813FB34C5A}C:\program files\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\fifa 12\game\fifa.exe |
"UDP Query User{C78FEF38-D2F3-4FD2-8B7E-68A08EF7ED52}C:\program files\simpletv\tv.exe" = protocol=17 | dir=in | app=c:\program files\simpletv\tv.exe |
"UDP Query User{EAB7AA71-AD5F-400A-B8D1-1FD59636D9C1}C:\users\yourajassef\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\yourajassef\appdata\roaming\dropbox\bin\dropbox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 30
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94895EA7-873E-4FCB-9C7B-DD3F7019D618}_is1" = Free Video Cutter
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A513029-E500-4A1C-8809-8D58B5546E7F}" = AusweisApp
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C411EF9-6EBA-46E3-8132-EDADF1CC0B16}" = SCR3xxx Smart Card Reader
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3DF3D05-DE2A-476A-A384-08FCD58D9FE7}" = USB Game Controller
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F32ED8B1-2442-4B0E-8DEC-3F3BFC1C2B7F}" = mCPlug
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AliceHilfe 1.0.0.1" = AliceHilfe
"Athan" = Athan Basic 4.1
"AVS Media Player_is1" = AVS Media Player 4.1.7.92
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Chipcardmaster_is1" = Chipcardmaster 6.86
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719) 
"DELL Webcam Center" = DELL Webcam Center
"DELL Webcam Manager" = DELL Webcam Manager
"ElsterFormular 13.1.0.8394p" = ElsterFormular
"f42012" = f4 2012
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"ImgBurn" = ImgBurn
"KVK Viewer" = KVK Viewer
"LowRateVoip_is1" = LowRateVoip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Movier" = Movier 1.0.17
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenVPN" = OpenVPN 2.1.3
"ProInst" = Intel(R) PROSet/Wireless Software
"RealPlayer 15.0" = RealPlayer
"SopCast" = SopCast 3.0.3
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.3
"WEKA Internetführer Qualität" = WEKA Internetführer Qualität
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"winscp3_is1" = WinSCP 4.3.5
"WinX Free MOV to WMV Converter_is1" = WinX Free MOV to WMV Converter 4.1.3
"Xvid Video Codec 1.3.1" = Xvid Video Codec
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.01.2013 19:48:34 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7300
 
Error - 30.01.2013 19:48:34 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7300
 
Error - 30.01.2013 19:48:35 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 30.01.2013 19:48:35 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8299
 
Error - 30.01.2013 19:48:35 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8299
 
Error - 30.01.2013 19:48:36 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 30.01.2013 19:48:36 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9297
 
Error - 30.01.2013 19:48:36 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9297
 
Error - 30.01.2013 19:48:37 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 30.01.2013 19:48:37 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10311
 
[ Media Center Events ]
Error - 20.12.2011 18:04:10 | Computer Name = yourajassef-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 20.12.2011 18:04:25 | Computer Name = yourajassef-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 20.12.2011 18:10:30 | Computer Name = yourajassef-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 02.02.2013 08:07:45 | Computer Name = yourajassef-PC | Source = DCOM | ID = 10005
Description =
 
Error - 02.02.2013 08:07:52 | Computer Name = yourajassef-PC | Source = DCOM | ID = 10005
Description =
 
Error - 02.02.2013 08:08:01 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 02.02.2013 08:08:01 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 02.02.2013 08:08:34 | Computer Name = yourajassef-PC | Source = DCOM | ID = 10005
Description =
 
Error - 02.02.2013 08:09:03 | Computer Name = yourajassef-PC | Source = DCOM | ID = 10005
Description =
 
Error - 02.02.2013 08:10:02 | Computer Name = yourajassef-PC | Source = DCOM | ID = 10005
Description =
 
Error - 02.02.2013 08:12:59 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 02.02.2013 08:12:59 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 02.02.2013 08:12:59 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >


cosinus 03.02.2013 01:35

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Malwarebytes Anti-Rootkit http://img.trojaner-board.de/malware...otkit/logo.png

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

yourajassef 03.02.2013 11:02

Test läuft, sorry ich habe vorhin geschrieben, dass dies nicht funktioniert :)

Hallo Cosinus :),

hier die Logfile mbar-log-2013-02-03 (11-32-34) (vor dem Rechnerneustart):

Code:

Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.01.18.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
yourajassef :: YOURAJASSEF-PC [administrator]

03.02.2013 11:32:34
mbar-log-2013-02-03 (11-32-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31543
Time elapsed: 28 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 75
HKLM\SOFTWARE\CLASSES\APPID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\APPID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\APPID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\APPID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\APPID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{396CFC12-932D-496b-A0A8-5D7201E105E1} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{573F4ABB-A1A2-44ed-9BA9-A8DAD40AAC46} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{71E02280-5212-45C3-B174-4D5A35DA254F} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{74C22317-5B90-471f-9AD2-FEC049870A16} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.Scopes (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{DA6305B9-0869-4235-8C1D-533A65E639E5} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{AEBF09E2-0C15-43C8-99BF-928C645D98A0} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{E6961C59-CFCE-4CCD-B794-BC78DB98413A} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ClickPotatoLiteAx.Info (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ClickPotatoLiteAx.Info.1 (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.IEButtonA (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.IEButton (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.IEButton.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.RprtCtrl (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.HbAx (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.HbAx.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.HbGuru (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.Dwnldr (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.HbInfoBand (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.Reporter (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.ReportData (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Delete on reboot.
HKCU\SOFTWARE\clickpotatolitesa (Adware.ClickPotato) -> Delete on reboot.
HKCU\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.Stock (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShopperReports.Stock.1 (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\APPID\BRNstIE.DLL (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\APPID\CmndFF.DLL (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\APPID\MenuButtonIE.DLL (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\APPID\mozillaps.dll (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\APPID\Pltfrm.DLL (Adware.ClickPotato) -> Delete on reboot.

Registry Values Detected: 4
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\USER AGENT\POST PLATFORM|ShopperReports 3.1.69.0 (Adware.HotBar) -> Data:  -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\USER AGENT\POST PLATFORM|SRS_IT_E8790771B5765B5A37AD97 (Malware.Trace) -> Data:  -> Delete on reboot.
HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ShopperReports@ShopperReports.com (ShopperReports) -> Data: C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions -> Delete on reboot.
HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Data: C:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox\extensions -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 24
c:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Delete on reboot.
c:\Users\yourajassef\AppData\Roaming\ClickPotatoLite (Adware.ClickPotato) -> Delete on reboot.
c:\Users\yourajassef\AppData\Roaming\ShopperReports3 (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ClickPotatoLite (Adware.ClickPotato) -> Delete on reboot.
c:\Program Files\ClickPotatoLite\bin (Adware.ClickPotato) -> Delete on reboot.
c:\Program Files\ClickPotatoLite\bin\10.0.668.0 (Adware.ClickPotato) -> Delete on reboot.
c:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox (Adware.ClickPotato) -> Delete on reboot.
c:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox\extensions (Adware.ClickPotato) -> Delete on reboot.
c:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox\extensions\plugins (Adware.ClickPotato) -> Delete on reboot.
c:\Program Files\ShopperReports3 (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0 (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0\firefox (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\chrome\content (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64} (Adware.ScanQuery) -> Delete on reboot.
c:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome (Adware.ScanQuery) -> Delete on reboot.
c:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults (Adware.ScanQuery) -> Delete on reboot.
c:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults\preferences (Adware.ScanQuery) -> Delete on reboot.

Files Detected: 27
c:\Users\yourajassef\AppData\Local\Temp\RarSFX0\MegaplaySetup.exe (Adware.Seeearch) -> Delete on reboot.
c:\Users\yourajassef\AppData\Local\Temp\RarSFX0\seeearch.exe (Adware.Dropper) -> Delete on reboot.
c:\Users\yourajassef\AppData\Local\Temp\RarSFX1\MegaplaySetup.exe (Adware.Seeearch) -> Delete on reboot.
c:\Users\yourajassef\AppData\Local\Temp\RarSFX1\seeearch.exe (Adware.Dropper) -> Delete on reboot.
c:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Delete on reboot.
c:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Delete on reboot.
c:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Delete on reboot.
c:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Delete on reboot.
c:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Delete on reboot.
c:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0\link.ico (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\chrome\content\infopane.js (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\chrome\content\InfoPane.xul (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\components\BrowserExtensionFF.dll (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\components\BrowserExtensionFF.xpt (Adware.ShopperReports) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\About Us.lnk (Adware.ShopperReports) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\Customer Support.lnk (Adware.ShopperReports) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk (Adware.ShopperReports) -> Delete on reboot.
c:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome.manifest (Adware.ScanQuery) -> Delete on reboot.
c:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\install.rdf (Adware.ScanQuery) -> Delete on reboot.
c:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome\scanquery.jar (Adware.ScanQuery) -> Delete on reboot.
c:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults\preferences\prefs.js (Adware.ScanQuery) -> Delete on reboot.

(end)

vielen Dank

nach dem Neustart habe ich das nochmal durchgeführt --> keine Objekte gefunden.
Code:

Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.01.18.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
yourajassef :: YOURAJASSEF-PC [administrator]

03.02.2013 12:24:35
mbar-log-2013-02-03 (12-24-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31405
Time elapsed: 35 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


cosinus 03.02.2013 22:24

Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus.

aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

yourajassef 04.02.2013 02:47

Hallo,
hier die Logfile GMER:
was ich noch sagen wollte: Ich bekomme immer diese Meldung (von Malwarebytes) angezeigt wenn ich meinen Rechner neustarte:
http://img5.fotos-hochladen.net/uplo...l1pwk4e9od.jpg
soll ich das erstmal ignorieren?

GMER:
Code:

GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-04 02:34:34
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 Hitachi_HTS543232L9A300 rev.FB4OC40C 298,09GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\YOURAJ~1\AppData\Local\Temp\ffldraob.sys


---- User code sections - GMER 2.0 ----

.text  C:\Program Files\Real\RealPlayer\Update\realsched.exe[3536] kernel32.dll!SetUnhandledExceptionFilter  7755A8B5 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- User IAT/EAT - GMER 2.0 ----

IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [74887817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                  [748CB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]              [7488BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]        [7487F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                  [748875E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [7487E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [748B73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]      [7488DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]              [7487FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [7487FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                [748771CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]        [7490CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [748AC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]              [7487D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                        [74876853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [7487687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]          [74882AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2108] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free]                      [6D46F3FB] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- EOF - GMER 2.0 ----

aswMBR folgt...

Mit aswMBR hat es beim ersten Mal nicht geklappt.
Der Scan konnte gestartet werden. Nach etwa 3 Minuten ist der Rechner abgestürzt (blauer Fenster) hier:

http://img5.fotos-hochladen.net/uplo...7rsjamqv80.jpg

Ich musste dann den Rechner neustarten.

Beim 2. Mal hat es geklappt. Ich bekam allerdings die Frage ob ich mit der aktuellen Virendefinition von AVAST! mein System scannen will nicht.

Hier die Logfile:

Vielen Dank

Code:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-04 03:05:42
-----------------------------
03:05:42.403    OS Version: Windows 6.0.6002 Service Pack 2
03:05:42.403    Number of processors: 2 586 0xF0A
03:05:42.403    ComputerName: YOURAJASSEF-PC  UserName: yourajassef
03:05:45.149    Initialize success
03:05:59.891    AVAST engine defs: 13020301
03:06:12.059    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
03:06:12.059    Disk 0 Vendor: Hitachi_HTS543232L9A300 FB4OC40C Size: 305245MB BusType: 3
03:06:12.090    Disk 0 MBR read successfully
03:06:12.090    Disk 0 MBR scan
03:06:12.106    Disk 0 Windows VISTA default MBR code
03:06:12.121    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      100000 MB offset 2048
03:06:12.168    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      100000 MB offset 204802048
03:06:12.230    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      105243 MB offset 409602048
03:06:12.262    Disk 0 scanning sectors +625139712
03:06:12.371    Disk 0 scanning C:\Windows\system32\drivers
03:07:03.492    Service scanning
03:07:25.722    Service MpKslfbc17801 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C3614417-77D7-47EF-93C5-9AF3F459DE8F}\MpKslfbc17801.sys **LOCKED** 32
03:08:02.710    Modules scanning
03:08:35.485    Disk 0 trace - called modules:
03:08:35.516    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll intelide.sys PCIIDEX.SYS atapi.sys
03:08:35.516    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85bf4528]
03:08:35.516    3 CLASSPNP.SYS[8a7ab8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x8551c390]
03:08:36.530    AVAST engine scan C:\Windows
03:08:49.026    AVAST engine scan C:\Windows\system32
03:18:19.160    AVAST engine scan C:\Windows\system32\drivers
03:19:07.567    AVAST engine scan C:\Users\yourajassef
03:50:35.765    File: C:\Users\yourajassef\Downloads\Neuer Ordner\lowratevoip.exe  **INFECTED** Win32:Malware-gen
03:51:12.487    File: C:\Users\yourajassef\Downloads\Neuer Ordner\software_informer.exe  **INFECTED** Win32:Malware-gen
03:53:13.886    AVAST engine scan C:\ProgramData
03:56:40.805    Scan finished successfully
03:57:34.843    Disk 0 MBR has been saved successfully to "C:\Users\yourajassef\Desktop\MBR.dat"
03:57:35.140    The log file has been saved successfully to "C:\Users\yourajassef\Desktop\aswMBR.txt"


cosinus 04.02.2013 11:06

Zitat:

Database version: v2013.01.18.09
Ehm, warum du malwarebytes anti-rootkit vorher nicht aktualisiert?
Nachdem du es gestartet hast gibt es da extra einen Button der nach neuen Signaturen schaut. Bitte nochmal richtig machen

yourajassef 04.02.2013 11:23

oh sorry, weil ich es installiert und es gleich benutzt habe. Ich dachte dann, dass es die letzte Version hatte.

Was soll ich nochmal wiederholen?
nur mbar oder auch die Schritte danach: GMER und aswMBR?

Danke

cosinus 04.02.2013 11:44

Du hattest ja auch die neueste Version, aber nicht die neuesten Signaturen!
Einfach mbar.exe nochmal starten, nachdem Start MUSST du updaten! Steht ja auch in der Anleitung! :)

http://img.trojaner-board.de/malware...-rootkit/4.png

yourajassef 04.02.2013 14:24

Hallo Cosinus,
ich habe es nochmal gemacht. Diesmal mit den neusten Signaturen :) --> keine Malware gefunden.

hier:

Code:

Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.02.04.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
yourajassef :: YOURAJASSEF-PC [administrator]

04.02.2013 14:21:34
mbar-log-2013-02-04 (14-21-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31387
Time elapsed: 29 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


cosinus 04.02.2013 15:05

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

yourajassef 04.02.2013 19:11

Hallo :)

hier die Logfile
Code:

ComboFix 13-02-03.03 - yourajassef 04.02.2013  18:57:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3069.1918 [GMT 1:00]
ausgeführt von:: c:\users\yourajassef\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\FreeVideoCutter.exe
c:\program files\FreeVideoCutter.exe\avcodec-54.dll
c:\program files\FreeVideoCutter.exe\avdevice-54.dll
c:\program files\FreeVideoCutter.exe\avfilter-2.dll
c:\program files\FreeVideoCutter.exe\avformat-54.dll
c:\program files\FreeVideoCutter.exe\avresample-0.dll
c:\program files\FreeVideoCutter.exe\avutil-51.dll
c:\program files\FreeVideoCutter.exe\ffmpeg.exe
c:\program files\FreeVideoCutter.exe\FreeVideoCutter.exe
c:\program files\FreeVideoCutter.exe\FreeVideoCutter.ini
c:\program files\FreeVideoCutter.exe\postproc-52.dll
c:\program files\FreeVideoCutter.exe\swresample-0.dll
c:\program files\FreeVideoCutter.exe\swscale-2.dll
c:\program files\FreeVideoCutter.exe\unins000.dat
c:\program files\FreeVideoCutter.exe\unins000.exe
c:\program files\Seeearch
c:\program files\Seeearch\tbcore3.dll
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\unin0407.exe
D:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-01-04 bis 2013-02-04  ))))))))))))))))))))))))))))))
.
.
2013-02-04 02:18 . 2013-01-08 04:57        6991832        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{80939C28-25FA-47A2-BDDC-C70C4002A6E1}\mpengine.dll
2013-02-03 01:32 . 2013-01-08 04:57        6991832        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-02 20:05 . 2013-02-02 20:05        --------        d-----w-        c:\program files\Common Files\Skype
2013-02-02 20:05 . 2013-02-02 20:05        --------        d-----r-        c:\program files\Skype
2013-02-02 12:48 . 2013-02-02 12:48        --------        d-----w-        c:\users\yourajassef\AppData\Roaming\Malwarebytes
2013-02-02 12:48 . 2013-02-02 12:48        --------        d-----w-        c:\programdata\Malwarebytes
2013-02-02 12:48 . 2013-02-02 12:48        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2013-02-02 12:48 . 2012-12-14 15:49        21104        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-01-27 00:11 . 2013-01-27 00:11        --------        d-----w-        c:\users\yourajassef\AppData\Roaming\Creative
2013-01-27 00:01 . 2013-01-27 00:01        76        --sh--r-        c:\windows\CT4CET.bin
2013-01-27 00:01 . 2013-01-27 00:01        --------        d-----w-        c:\program files\Common Files\Reallusion
2013-01-26 23:59 . 2007-02-14 11:27        5627904        ----a-w-        c:\windows\system32\LiveCamVirtual.ocx
2013-01-26 23:59 . 2013-01-26 23:59        --------        d-----w-        c:\program files\Common Files\Creative
2013-01-26 23:58 . 2013-01-26 23:59        --------        d-----w-        c:\program files\Creative Live! Cam
2013-01-26 23:57 . 2013-01-27 00:01        --------        d-----w-        c:\program files\Creative
2013-01-25 15:54 . 2007-03-05 16:45        7424        ----a-w-        c:\windows\system32\drivers\OEM02Vfx.sys
2013-01-25 15:54 . 2007-03-01 23:00        24576        ----a-w-        c:\windows\system32\OEM02Srv.exe
2013-01-25 15:54 . 2007-07-17 23:02        40960        ----a-w-        c:\windows\system32\OEM02Pin.dll
2013-01-25 15:54 . 2007-07-17 23:02        235520        ----a-w-        c:\windows\system32\drivers\OEM02Dev.sys
2013-01-25 15:54 . 2007-05-09 23:01        36864        ----a-w-        c:\windows\OEM02Mon.exe
2013-01-25 15:54 . 2007-05-09 23:01        20480        ----a-w-        c:\windows\system32\OEM02Pin.crl
2013-01-25 15:54 . 2007-02-01 23:00        32768        ----a-w-        c:\windows\system32\OEM02Hwx.dll
2013-01-25 15:54 . 2007-07-17 23:03        385024        ----a-w-        c:\windows\system32\OEM02Cvw.dll
2013-01-25 15:54 . 2007-06-24 23:02        331776        ----a-w-        c:\windows\system32\OEM02Cvw.crl
2013-01-25 15:54 . 2007-06-10 23:01        28672        ----a-w-        c:\windows\OEM02Cfg.exe
2013-01-25 15:54 . 2007-06-07 23:00        141376        ----a-w-        c:\windows\system32\drivers\OEM02Afx.sys
2013-01-25 15:54 . 2005-07-06 23:07        36864        ----a-w-        c:\windows\system32\CtCamMgr.dll
2013-01-24 16:58 . 2013-01-25 15:34        --------        d-----w-        c:\users\yourajassef\AppData\Roaming\Movier
2013-01-24 16:58 . 2013-01-24 16:58        --------        d-----w-        c:\program files\Movier
2013-01-24 16:24 . 2013-01-24 16:24        --------        d-----w-        c:\program files\Digiarty
2013-01-09 18:58 . 2012-11-23 01:35        2048000        ----a-w-        c:\windows\system32\win32k.sys
2013-01-09 18:58 . 2012-11-20 04:22        204288        ----a-w-        c:\windows\system32\ncrypt.dll
2013-01-09 18:57 . 2012-11-02 10:19        1400832        ----a-w-        c:\windows\system32\msxml6.dll
2013-01-06 18:17 . 2013-01-06 18:17        --------        d-----w-        c:\program files\Dropbox
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 10:53 . 2011-04-06 12:08        232336        ------w-        c:\windows\system32\MpSigStub.exe
2013-01-08 20:35 . 2012-06-08 08:58        697864        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-01-08 20:35 . 2011-08-01 12:14        74248        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 13:12 . 2012-12-20 21:22        34304        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-20 21:22        293376        ----a-w-        c:\windows\system32\atmfd.dll
2012-11-28 10:09 . 2012-11-28 10:09        740840        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E11B82C9-2DA7-4D8D-A275-D963867DB595}\gapaengine.dll
2012-11-14 02:09 . 2012-12-15 14:23        1800704        ----a-w-        c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-15 14:23        1427968        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-15 14:23        1129472        ----a-w-        c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-15 14:23        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-15 14:23        420864        ----a-w-        c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-15 14:23        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-11-13 01:29 . 2012-12-14 19:15        2048        ----a-w-        c:\windows\system32\tzres.dll
2006-06-15 19:33 . 2013-01-27 00:01        233472        ----a-w-        c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 17:43 . 2013-01-27 00:01        204895        ----a-w-        c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 13:41 . 2013-01-27 00:01        77824        ----a-w-        c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 12:10 . 2013-01-27 00:01        426081        ----a-w-        c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 11:19 . 2013-01-27 00:01        458752        ----a-w-        c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 17:35 . 2013-01-27 00:01        139264        ----a-w-        c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 10:10 . 2013-01-27 00:01        204800        ----a-w-        c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 10:42 . 2013-01-27 00:01        106496        ----a-w-        c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 10:22 . 2013-01-27 00:01        212992        ----a-w-        c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 10:21 . 2013-01-27 00:01        167936        ----a-w-        c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2013-01-19 17:48 . 2013-01-19 17:48        262552        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}]
2011-04-14 04:37        252832        ----a-w-        c:\program files\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{C9EE92B7-EDD5-4ad9-8029-2EC6818E653A}]
2011-11-17 09:14        3075520        ----a-w-        c:\program files\AusweisApp\siqeCardClient.ols
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\yourajassef\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\yourajassef\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\yourajassef\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\yourajassef\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-05-28 296056]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\yourajassef\Desktop\mbar\mbar.exe" [2013-01-18 1358408]
.
c:\users\yourajassef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\yourajassef\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2011-10-20 295606]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.313\SSScheduler.exe [2012-10-26 271808]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSL6CED0895
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-08 20:35]
.
2013-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-05 11:20]
.
2013-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-05 11:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.dimadimaraja.com/
uInternet Settings,ProxyServer = hxxp://10.5.0.253:3128
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\yourajassef\AppData\Roaming\Mozilla\Firefox\Profiles\gfjmy2pc.default\
FF - prefs.js: browser.search.selectedEngine - Google.de
FF - prefs.js: browser.startup.homepage - www.rajacasablanca.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
Toolbar-10 - (no file)
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Athan - c:\windows\iun6002.exe
AddRemove-RealPlayer 15.0 - c:\program files\real\realplayer\Update\r1puninst.exe
AddRemove-WEKA Internetführer Qualität - c:\windows\unin0407.exe
AddRemove-{94895EA7-873E-4FCB-9C7B-DD3F7019D618}_is1 - c:\program files\FreeVideoCutter.exe\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-02-04 19:04
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-02-04  19:08:52
ComboFix-quarantined-files.txt  2013-02-04 18:08
.
Vor Suchlauf: 9.062.752.256 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 10.478.845.952 Bytes frei
.
- - End Of File - - 4783B00B47894C276FABD82811581E4B


cosinus 04.02.2013 21:18

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

yourajassef 04.02.2013 22:11

Adw Cleaner:

Code:

# AdwCleaner v2.110 - Datei am 04/02/2013 um 22:05:40 erstellt
# Aktualisiert am 03/02/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : yourajassef - YOURAJASSEF-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\yourajassef\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\yourajassef\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\yourajassef\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\yourajassef\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\yourajassef\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\yourajassef\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\yourajassef\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\yourajassef\AppData\LocalLow\ShopperReports3
Ordner Gelöscht : C:\Users\yourajassef\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\yourajassef\AppData\Roaming\Mozilla\Firefox\Profiles\gfjmy2pc.default\extensions\specialsavings@superfish.com
Ordner Gelöscht : C:\Users\yourajassef\AppData\Roaming\Mozilla\Firefox\Profiles\gfjmy2pc.default\Smartbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ShopperReports3
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\GamePlayLabs
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\seeearch
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{65C994A2-C65A-4A20-BA92-AADAFC0DCE49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2965494
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@superfish.com]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\yourajassef\AppData\Roaming\Mozilla\Firefox\Profiles\gfjmy2pc.default\prefs.js

Gelöscht : user_pref("CT2319825.1000082.isPlayDisplay", "true");
Gelöscht : user_pref("CT2319825.1000082.state", "{\"state\":\"stopped\",\"text\":\"1Live\",\"description\":\"1L[...]
Gelöscht : user_pref("CT2319825.1000234.TWC_TMP_city", "STUTTGART");
Gelöscht : user_pref("CT2319825.1000234.TWC_TMP_country", "DE");
Gelöscht : user_pref("CT2319825.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2319825.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2319825.FirstTime", "true");
Gelöscht : user_pref("CT2319825.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2319825.ID", "50978732");
Gelöscht : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Gelöscht : user_pref("CT2319825.UserID", "UN51417685906338356");
Gelöscht : user_pref("CT2319825.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2319825.autoDisableScopes", -1);
Gelöscht : user_pref("CT2319825.browser.search.defaultthis.engineName", true);
Gelöscht : user_pref("CT2319825.defaultSearch", "true");
Gelöscht : user_pref("CT2319825.embeddedsData", "[{\"appId\":\"128898076802619666\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT2319825.enableAlerts", "always");
Gelöscht : user_pref("CT2319825.enableSearchFromAddressBar", "true");
Gelöscht : user_pref("CT2319825.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT2319825.fixPageNotFoundError", "true");
Gelöscht : user_pref("CT2319825.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2319825.fixUrls", true);
Gelöscht : user_pref("CT2319825.installId", "ConduitNSISIntegration");
Gelöscht : user_pref("CT2319825.installType", "ConduitNSISIntegration");
Gelöscht : user_pref("CT2319825.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2319825.isNewTabEnabled", true);
Gelöscht : user_pref("CT2319825.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2319825.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2319825.keyword", true);
Gelöscht : user_pref("CT2319825.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FR[...]
Gelöscht : user_pref("CT2319825.openThankYouPage", "false");
Gelöscht : user_pref("CT2319825.openUninstallPage", "true");
Gelöscht : user_pref("CT2319825.search.searchAppId", "128898076802619666");
Gelöscht : user_pref("CT2319825.search.searchCount", "0");
Gelöscht : user_pref("CT2319825.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2319825.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2319825.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2319825.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gelöscht : user_pref("CT2319825.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1349375918881");
Gelöscht : user_pref("CT2319825.serviceLayer_services_appsMetadata_lastUpdate", "1349376743166");
Gelöscht : user_pref("CT2319825.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1349375921357");
Gelöscht : user_pref("CT2319825.serviceLayer_services_login_10.10.27.6_lastUpdate", "1349376743003");
Gelöscht : user_pref("CT2319825.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1349375921399");
Gelöscht : user_pref("CT2319825.serviceLayer_services_searchAPI_lastUpdate", "1349375917725");
Gelöscht : user_pref("CT2319825.serviceLayer_services_serviceMap_lastUpdate", "1349375917340");
Gelöscht : user_pref("CT2319825.serviceLayer_services_toolbarContextMenu_lastUpdate", "1349375921219");
Gelöscht : user_pref("CT2319825.serviceLayer_services_toolbarSettings_lastUpdate", "1349376742955");
Gelöscht : user_pref("CT2319825.serviceLayer_services_translation_lastUpdate", "1349375918677");
Gelöscht : user_pref("CT2319825.settingsINI", true);
Gelöscht : user_pref("CT2319825.shouldFirstTimeDialog", "false");
Gelöscht : user_pref("CT2319825.smartbar.CTID", "CT2319825");
Gelöscht : user_pref("CT2319825.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2319825.smartbar.homepage", true);
Gelöscht : user_pref("CT2319825.smartbar.isHidden", false);
Gelöscht : user_pref("CT2319825.smartbar.toolbarName", "Winload ");
Gelöscht : user_pref("CT2319825.toolbarBornServerTime", "4-10-2012");
Gelöscht : user_pref("CT2319825.toolbarCurrentServerTime", "4-10-2012");
Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=1[...]
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "Winload Customized Web Search");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825[...]
Gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=3[...]
Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT2319825");
Gelöscht : user_pref("browser.search.defaultenginename", "Search Results");
Gelöscht : user_pref("browser.search.order.1", "Search Results");
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=[...]

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\yourajassef\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [14795 octets] - [04/02/2013 22:05:40]

########## EOF - C:\AdwCleaner[S1].txt - [14856 octets] ##########

OTL:

Code:

OTL logfile created on: 04.02.2013 22:13:39 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\yourajassef\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,21% Memory free
6,19 Gb Paging File | 4,79 Gb Available in Paging File | 77,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 9,55 Gb Free Space | 9,78% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 8,21 Gb Free Space | 8,41% Space Free | Partition Type: NTFS
Drive E: | 102,78 Gb Total Space | 7,43 Gb Free Space | 7,23% Space Free | Partition Type: NTFS
Drive F: | 232,83 Gb Total Space | 15,68 Gb Free Space | 6,73% Space Free | Partition Type: FAT32
 
Computer Name: YOURAJASSEF-PC | User Name: yourajassef | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\yourajassef\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\yourajassef\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\McAfee Security Scan\3.0.313\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.313\McCHSvc.exe (McAfee, Inc.)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (Netaapl) -- system32\DRIVERS\netaapl.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (gqorbfjs) -- C:\Windows\system32\drivers\gqorbfjs.sys File not found
DRV - (catchme) -- C:\Users\YOURAJ~1\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dimadimaraja.com/
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AA 01 10 1C D1 02 CC 01  [binary data]
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\..\SearchScopes\{A89B7D27-C3ED-4FAA-83E3-02E014612E5F}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = hxxp://10.5.0.253:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.rajacasablanca.com"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\PROGRA~1\MOZILL~1\plugins\NpFv522.dll (1 mal 1 Software GmbH)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F3D26C8-9907-48ff-BC74-B8C572D317BF}: C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win [2012.01.05 18:01:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F0963A3-1658-4fde-9585-23A25CC288BF}: C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win [2012.01.05 18:01:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.28 11:49:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.27 01:01:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.27 01:01:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox [2011.04.28 22:53:25 | 000,000,000 | ---D | M]
 
[2012.05.20 20:10:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yourajassef\AppData\Roaming\mozilla\Extensions
[2013.02.04 22:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yourajassef\AppData\Roaming\mozilla\Firefox\Profiles\gfjmy2pc.default\extensions
[2012.12.14 20:12:12 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\yourajassef\AppData\Roaming\mozilla\firefox\profiles\gfjmy2pc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.10.04 20:02:36 | 000,002,101 | ---- | M] () -- C:\Users\yourajassef\AppData\Roaming\mozilla\firefox\profiles\gfjmy2pc.default\searchplugins\googlede.xml
[2013.02.03 11:39:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.04.09 00:19:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013.01.19 18:48:40 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.09.21 11:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll
[2012.05.28 11:48:40 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012.06.09 13:26:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 16:29:41 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.09 13:26:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.09 13:26:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.09 13:26:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.09 13:26:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2013.02.04 19:04:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (eCard Client Initiator) - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Programme\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000..\Run: [Xvid] C:\Programme\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\yourajassef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\yourajassef\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2027C885-E4F7-4ACC-92F8-0EF34481D55D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32AA4F81-6594-4EEB-A8DF-E8758EAA08D1}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6ECD1ED9-2AF2-49AD-92B3-53112338A2BC}: DhcpNameServer = 134.108.34.5 134.108.34.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7684A6C-BDED-4E33-8A09-976C4CE9B654}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O24 - Desktop WallPaper: C:\Users\yourajassef\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\yourajassef\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.04 19:08:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.04 19:08:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.04 18:55:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.04 18:55:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.04 18:55:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.04 18:55:08 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.02.04 18:51:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.04 18:50:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.04 18:48:28 | 005,029,686 | R--- | C] (Swearware) -- C:\Users\yourajassef\Desktop\ComboFix.exe
[2013.02.04 13:49:29 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{3D49DF56-918B-43FC-9963-9296664B7150}
[2013.02.04 04:00:11 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\Desktop\meldungen
[2013.02.04 02:53:24 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\yourajassef\Desktop\aswMBR.exe
[2013.02.04 01:48:48 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{EECA3D53-289A-44D6-AF84-F93F1B84E660}
[2013.02.03 11:47:03 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{381C03C7-B504-49BA-86B5-1E6B776C5129}
[2013.02.03 10:53:16 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\Desktop\mbar
[2013.02.02 23:36:38 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{A114BDA7-8913-44DA-85D4-AB7D7652D391}
[2013.02.02 21:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.02 21:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.02.02 21:05:30 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.02.02 14:16:52 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\Desktop\ddd
[2013.02.02 13:48:41 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Roaming\Malwarebytes
[2013.02.02 13:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.02 13:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.02 13:48:24 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.02.02 13:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.02.02 13:29:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\yourajassef\Desktop\OTL.exe
[2013.02.02 11:36:16 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{FA64E702-B458-40E3-9168-E40E168717C0}
[2013.02.01 15:30:51 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{84734E89-DCEA-416B-95DD-4901C7B8D5CF}
[2013.01.31 18:47:23 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{4E7C9939-30D0-470A-AE68-62608B9CAD1C}
[2013.01.30 22:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.01.30 16:31:33 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{F7CEB9F6-B0B1-4FDF-93F1-717F1C65F9FD}
[2013.01.29 22:58:11 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{F6CE08B8-61F3-41C7-8167-BB28A32692A9}
[2013.01.28 21:09:14 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{483C6E8A-58E3-4FDC-AFD0-6DDB9A87BC2F}
[2013.01.28 07:50:37 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{8A8D83FB-69B8-47AC-8F24-AB24CAE95D81}
[2013.01.27 10:19:23 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{61DE3AA7-E19B-41D9-80F4-DBE6A0A7976B}
[2013.01.27 01:11:13 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\Documents\DELL Webcam Center
[2013.01.27 01:11:03 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Roaming\Creative
[2013.01.27 01:01:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Reallusion
[2013.01.27 01:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Reallusion
[2013.01.27 00:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2013.01.27 00:59:45 | 005,627,904 | ---- | C] (Reallusion Inc.) -- C:\Windows\System32\LiveCamVirtual.ocx
[2013.01.27 00:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative
[2013.01.27 00:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\Creative Live! Cam
[2013.01.27 00:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL
[2013.01.27 00:57:53 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2013.01.26 18:14:01 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{6B17BB85-6FC3-4665-B020-4FED96DE1CCF}
[2013.01.25 21:10:46 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\Desktop\25.01.2013
[2013.01.25 20:58:08 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{F141443B-E818-4EC7-9A8F-1485D7F06711}
[2013.01.25 17:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam
[2013.01.25 16:54:42 | 000,024,576 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\OEM02Srv.exe
[2013.01.25 16:54:42 | 000,007,424 | ---- | C] (EyePower Games Pte. Ltd.) -- C:\Windows\System32\drivers\OEM02Vfx.sys
[2013.01.25 16:54:41 | 000,235,520 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\OEM02Dev.sys
[2013.01.25 16:54:41 | 000,040,960 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\OEM02Pin.dll
[2013.01.25 16:54:41 | 000,036,864 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
[2013.01.25 16:54:41 | 000,032,768 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\OEM02Hwx.dll
[2013.01.25 16:54:41 | 000,020,480 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\OEM02Pin.crl
[2013.01.25 16:54:40 | 000,385,024 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\OEM02Cvw.dll
[2013.01.25 16:54:40 | 000,331,776 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\OEM02Cvw.crl
[2013.01.25 16:54:38 | 000,028,672 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\OEM02Cfg.exe
[2013.01.25 16:54:37 | 000,141,376 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\OEM02Afx.sys
[2013.01.25 16:54:30 | 000,036,864 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\CtCamMgr.dll
[2013.01.25 08:13:32 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{F830E3BE-2CEC-494D-9EF5-1A3E422FC67E}
[2013.01.24 19:39:09 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{4F91E7A1-7D33-4E10-AB89-ECA7FE71DABE}
[2013.01.24 17:58:26 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Roaming\Movier
[2013.01.24 17:58:07 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movier
[2013.01.24 17:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movier
[2013.01.24 17:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\Movier
[2013.01.24 17:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Cutter
[2013.01.24 17:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
[2013.01.24 17:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
[2013.01.24 07:38:28 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{A16A40D4-94D1-41F1-BF80-8A8C98A29624}
[2013.01.23 16:30:42 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{BC1D8181-AEF0-4C0F-B015-50899F0A6B9B}
[2013.01.22 22:56:00 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{4BD4BFFB-5CB8-40B4-AF7E-5435D9C4CD91}
[2013.01.22 07:09:16 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{8CE1F9D2-0DCA-4226-AF88-824286F2D47B}
[2013.01.21 13:03:29 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{0DE0DBD8-B77E-4E8B-A059-38215C7B982C}
[2013.01.20 22:28:21 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\Desktop\raja turquie
[2013.01.19 18:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.19 18:29:01 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{8921E137-2CD3-4C9E-B033-966E09F1CB3C}
[2013.01.18 20:30:31 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{743F50AF-CCD7-474B-AEC7-B981EBE2B5D4}
[2013.01.16 21:09:32 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{F2EDB183-C9BE-420E-A93E-121C9AEEF1B1}
[2013.01.15 07:14:16 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{3867AAA0-5425-42F5-B084-DFC3002507CD}
[2013.01.14 19:14:00 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{D2018EA6-E7FF-4B84-8AFC-C4D3ED236647}
[2013.01.13 12:20:04 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{6D8F47C2-846A-488C-879D-2DBA678B11E5}
[2013.01.12 11:59:15 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{A5125E27-51D3-4AB2-9E0D-BA58B0E8B9AD}
[2013.01.11 21:45:53 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{E8A54474-05F4-4E7B-8238-CF9E1FCF1464}
[2013.01.10 21:23:09 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{3137AC19-5A43-4F92-856F-0F39813E2BB1}
[2013.01.09 19:58:50 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.09 19:58:30 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013.01.09 19:45:17 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{475B9CA3-694E-4D8A-B7A8-8F1E54CCD231}
[2013.01.08 20:34:30 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{EF7D25D6-447D-43BA-B90C-39878FB941E3}
[2013.01.07 16:47:44 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{9656D099-B7BE-47AF-AADE-F3F45B5AF0BB}
[2013.01.06 19:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013.01.06 14:56:26 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{F5BEC2D7-07DE-4C5A-956B-5AB181480BF4}
[2013.01.05 23:15:34 | 000,000,000 | ---D | C] -- C:\Users\yourajassef\AppData\Local\{E7336A64-AEF3-43C6-B458-694F382F2977}
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.04 22:08:15 | 000,002,473 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
[2013.02.04 22:08:13 | 000,032,441 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.02.04 22:08:07 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.04 22:07:59 | 000,032,441 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.02.04 22:07:49 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.04 22:07:49 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.04 22:07:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.04 22:07:33 | 3219,173,376 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.04 22:04:28 | 000,582,111 | ---- | M] () -- C:\Users\yourajassef\Desktop\adwcleaner.exe
[2013.02.04 22:03:10 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.04 22:03:05 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.04 19:04:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.02.04 18:48:45 | 005,029,686 | R--- | M] (Swearware) -- C:\Users\yourajassef\Desktop\ComboFix.exe
[2013.02.04 04:07:08 | 000,137,342 | ---- | M] () -- C:\Users\yourajassef\Desktop\00000.jpg
[2013.02.04 03:57:35 | 000,000,512 | ---- | M] () -- C:\Users\yourajassef\Desktop\MBR.dat
[2013.02.04 03:02:24 | 322,924,287 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.02.04 02:54:25 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\yourajassef\Desktop\aswMBR.exe
[2013.02.04 01:54:04 | 000,365,568 | ---- | M] () -- C:\Users\yourajassef\Desktop\gmer_2.0.18454.exe
[2013.02.04 01:51:21 | 000,012,814 | ---- | M] () -- C:\Users\yourajassef\Desktop\fehlermeldung.jpg
[2013.02.03 10:59:17 | 000,029,455 | ---- | M] () -- C:\Users\yourajassef\Desktop\1.jpg
[2013.02.03 10:43:11 | 013,562,257 | ---- | M] () -- C:\Users\yourajassef\Desktop\mbar-1.01.0.1017.zip
[2013.02.03 10:41:50 | 000,013,997 | ---- | M] () -- C:\Users\yourajassef\Desktop\S+TOdLM+.htm.part.htm
[2013.02.02 21:05:36 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.02 13:48:32 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.02 13:29:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\yourajassef\Desktop\OTL.exe
[2013.02.02 12:00:01 | 000,203,776 | ---- | M] () -- C:\Users\yourajassef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.31 09:35:35 | 000,632,530 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.31 09:35:35 | 000,599,188 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.31 09:35:35 | 000,127,566 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.31 09:35:35 | 000,105,202 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.30 22:39:24 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.01.30 22:39:24 | 000,001,911 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.01.30 11:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.01.27 13:27:24 | 000,000,680 | ---- | M] () -- C:\Users\yourajassef\AppData\Local\d3d9caps.dat
[2013.01.27 01:01:43 | 000,000,076 | RHS- | M] () -- C:\Windows\CT4CET.bin
[2013.01.26 23:28:36 | 000,044,135 | ---- | M] () -- C:\Users\yourajassef\Desktop\aaaa.jpg
[2013.01.25 21:53:28 | 517,202,359 | ---- | M] () -- C:\Users\yourajassef\Documents\IMG_2641.wmv
[2013.01.25 21:31:10 | 308,036,647 | ---- | M] () -- C:\Users\yourajassef\Documents\IMG_2665.wmv
[2013.01.24 22:50:37 | 000,000,957 | ---- | M] () -- C:\Users\yourajassef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.24 22:49:46 | 000,000,937 | ---- | M] () -- C:\Users\yourajassef\Desktop\Dropbox.lnk
[2013.01.24 20:13:45 | 060,964,084 | ---- | M] () -- C:\Users\yourajassef\Desktop\ButKachani.wmv
[2013.01.24 17:58:08 | 000,000,776 | ---- | M] () -- C:\Users\yourajassef\Desktop\Movier.lnk
[2013.01.24 17:57:45 | 007,850,112 | ---- | M] () -- C:\Users\yourajassef\Desktop\Movier-Installer_1.0.17.exe
[2013.01.24 17:40:42 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Free Video Cutter.lnk
[2013.01.14 21:52:07 | 003,741,925 | ---- | M] () -- C:\Users\yourajassef\Desktop\TvQuran.com__112.mp3
[2013.01.10 21:59:18 | 000,374,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.08 21:35:31 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.01.08 21:35:31 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013.02.04 22:04:26 | 000,582,111 | ---- | C] () -- C:\Users\yourajassef\Desktop\adwcleaner.exe
[2013.02.04 18:55:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.04 18:55:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.04 18:55:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.04 18:55:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.04 18:55:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.04 04:07:07 | 000,137,342 | ---- | C] () -- C:\Users\yourajassef\Desktop\00000.jpg
[2013.02.04 03:57:34 | 000,000,512 | ---- | C] () -- C:\Users\yourajassef\Desktop\MBR.dat
[2013.02.04 01:53:59 | 000,365,568 | ---- | C] () -- C:\Users\yourajassef\Desktop\gmer_2.0.18454.exe
[2013.02.04 01:51:21 | 000,012,814 | ---- | C] () -- C:\Users\yourajassef\Desktop\fehlermeldung.jpg
[2013.02.03 10:59:17 | 000,029,455 | ---- | C] () -- C:\Users\yourajassef\Desktop\1.jpg
[2013.02.03 10:43:38 | 013,562,257 | ---- | C] () -- C:\Users\yourajassef\Desktop\mbar-1.01.0.1017.zip
[2013.02.03 10:41:45 | 000,013,997 | ---- | C] () -- C:\Users\yourajassef\Desktop\S+TOdLM+.htm.part.htm
[2013.02.02 21:05:36 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.02 13:48:32 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.02 13:11:15 | 3219,173,376 | -HS- | C] () -- C:\hiberfil.sys
[2013.01.30 22:39:24 | 000,001,911 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.01.27 01:01:43 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2013.01.25 21:47:40 | 517,202,359 | ---- | C] () -- C:\Users\yourajassef\Documents\IMG_2641.wmv
[2013.01.25 21:28:24 | 308,036,647 | ---- | C] () -- C:\Users\yourajassef\Documents\IMG_2665.wmv
[2013.01.25 16:54:42 | 000,057,656 | ---- | C] () -- C:\Windows\System32\drivers\OEM02Pvc.bmp
[2013.01.25 16:54:41 | 000,057,656 | ---- | C] () -- C:\Windows\System32\drivers\OEM02PC.bmp
[2013.01.25 16:54:40 | 000,260,330 | ---- | C] () -- C:\Windows\System32\OEM02Cvw.bff
[2013.01.25 16:54:37 | 000,004,510 | ---- | C] () -- C:\Windows\OEM002.uns
[2013.01.24 22:48:18 | 000,044,135 | ---- | C] () -- C:\Users\yourajassef\Desktop\aaaa.jpg
[2013.01.24 20:12:01 | 060,964,084 | ---- | C] () -- C:\Users\yourajassef\Desktop\ButKachani.wmv
[2013.01.24 19:28:41 | 001,972,106 | ---- | C] () -- C:\Users\yourajassef\Desktop\1 (970).JPG
[2013.01.24 17:58:08 | 000,000,776 | ---- | C] () -- C:\Users\yourajassef\Desktop\Movier.lnk
[2013.01.24 17:57:10 | 007,850,112 | ---- | C] () -- C:\Users\yourajassef\Desktop\Movier-Installer_1.0.17.exe
[2013.01.24 17:40:41 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Free Video Cutter.lnk
[2013.01.14 21:51:56 | 003,741,925 | ---- | C] () -- C:\Users\yourajassef\Desktop\TvQuran.com__112.mp3
[2013.01.06 19:14:38 | 000,000,957 | ---- | C] () -- C:\Users\yourajassef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.08.26 21:16:49 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2012.06.25 19:45:16 | 000,004,096 | -H-- | C] () -- C:\Users\yourajassef\AppData\Local\keyfile3.drm
[2012.03.16 17:47:49 | 000,010,639 | ---- | C] () -- C:\Users\yourajassef\Yotahri_elster_2048.pfx
[2012.01.15 22:10:48 | 000,000,263 | ---- | C] () -- C:\Users\yourajassef\.swfinfo
[2012.01.11 00:27:52 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2012.01.10 19:05:19 | 000,001,263 | ---- | C] () -- C:\Windows\isxdlge2.ini
[2011.12.08 19:35:53 | 000,000,600 | ---- | C] () -- C:\Users\yourajassef\AppData\Roaming\winscp.rnd
[2011.10.23 12:54:54 | 000,001,492 | ---- | C] () -- C:\Users\yourajassef\.recently-used.xbel
[2011.08.03 09:03:53 | 000,000,552 | ---- | C] () -- C:\Users\yourajassef\AppData\Local\d3d8caps.dat
[2011.06.22 21:24:52 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.06.13 10:59:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.06.13 10:59:30 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.06.12 21:02:04 | 000,123,728 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.04.24 13:48:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.04.24 13:40:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.04.24 13:40:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.04.05 12:26:22 | 000,032,441 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.04.05 12:00:05 | 000,203,776 | ---- | C] () -- C:\Users\yourajassef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.05 11:58:17 | 000,032,441 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.04.04 15:33:01 | 000,000,680 | ---- | C] () -- C:\Users\yourajassef\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\yourajassef\Desktop\raja 3- 0 Fus 16.09.2012 -m2.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\yourajassef\Desktop\JAMELC~1.AVI:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\yourajassef\Desktop\10062009080.mp4:TOC.WMV

< End of report >

Extras:

Code:

OTL Extras logfile created on: 04.02.2013 22:13:39 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\yourajassef\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,21% Memory free
6,19 Gb Paging File | 4,79 Gb Available in Paging File | 77,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 9,55 Gb Free Space | 9,78% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 8,21 Gb Free Space | 8,41% Space Free | Partition Type: NTFS
Drive E: | 102,78 Gb Total Space | 7,43 Gb Free Space | 7,23% Space Free | Partition Type: NTFS
Drive F: | 232,83 Gb Total Space | 15,68 Gb Free Space | 6,73% Space Free | Partition Type: FAT32
 
Computer Name: YOURAJASSEF-PC | User Name: yourajassef | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03059126-6CB4-43D4-BDBF-A031107EE97F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0B7F8B21-2A74-4082-9372-684D7122EB81}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0CCEF4AE-27CB-4080-BEC4-FD846619BE95}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0E37FEEC-1FCD-4C39-BFFD-DD595BF45421}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0E76D8F8-782D-4A6A-AB9E-D7649CCA4AFF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{10BD1224-E1C8-48B9-8699-5B6C0441E59D}" = lport=137 | protocol=17 | dir=in | app=system |
"{12DFFAA0-E077-4ABD-AB27-36862BBF45A6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{187FE10B-8F38-440C-9ACD-9029BB25C9CA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1E8C8A76-7896-4A87-8BD1-B2F5079AD86F}" = rport=139 | protocol=6 | dir=out | app=system |
"{3E440A65-6FCA-4DF4-914E-DF6DC60F3FB6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{628EEA2D-5A36-47B2-96B4-B19546B9AC4F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{67787834-6546-4EC1-A3AD-28E8E21386D0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7A5E3E13-2F4F-4CF1-A1F2-816B2FEC7583}" = rport=138 | protocol=17 | dir=out | app=system |
"{A785ACBC-24F8-4853-A93C-F210E005D510}" = lport=138 | protocol=17 | dir=in | app=system |
"{B1DEAD7F-7E11-416D-B489-BBDA1101C6D4}" = lport=445 | protocol=6 | dir=in | app=system |
"{D5414D7E-4DC2-4E0F-819F-42F4356748B3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D5C703C8-0550-4451-BB88-8D259E9750E4}" = rport=137 | protocol=17 | dir=out | app=system |
"{E6E55199-771C-4DB7-8E6A-AEB7FE1A4110}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F423E876-25CB-45B8-9F66-A1610849AA51}" = lport=139 | protocol=6 | dir=in | app=system |
"{F985D30C-FD70-4043-AD52-A2F4A693538A}" = rport=445 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18B9229E-CF8C-4420-A006-3C8B5955034E}" = dir=in | app=c:\users\youraj~1\appdata\local\temp\ibtmp213d533\component_342.decrpt |
"{261DBC74-3451-4850-89E4-81BECCF6861C}" = protocol=17 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe |
"{2651EC9D-F3C3-4F9E-9C97-818C4AC43F33}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2856D390-C4BC-42C0-B8F3-A3381B1E9AC8}" = protocol=17 | dir=in | app=c:\program files\easy downloads\easydownloads.exe |
"{30ADEDB5-3245-4EF7-B05D-6F30D8A3241F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{40451F3E-A74C-46F7-B4E2-008A3C06C157}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{470A4959-9ADC-439D-92F3-6142251560EE}" = protocol=17 | dir=in | app=c:\program files\easy downloads\easydl.exe |
"{48F1EFF5-6471-4181-9D21-CCDF7797A944}" = protocol=17 | dir=in | app=c:\users\yourajassef\appdata\roaming\dropbox\bin\dropbox.exe |
"{4ACB4E8C-FE60-40F5-A2DF-DF55DD5C2E82}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5A0334E3-B647-417D-9D41-ADF77E688183}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{648D75E2-1F6E-49D4-A6EB-2D0F2BFD1731}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6578C3B4-5D10-45A2-917A-565B3F4D480F}" = dir=in | app=c:\users\youraj~1\appdata\local\temp\ibtmp213d533\component_369 |
"{6781C032-630A-4818-9292-F95242C80CA1}" = protocol=6 | dir=in | app=c:\users\yourajassef\desktop\pes\pes2011.exe |
"{73408EAF-25B4-4A5F-AE30-0051CB77F774}" = protocol=6 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe |
"{95B99259-8009-453C-9ECC-4F38AF51DF3B}" = protocol=6 | dir=in | app=c:\users\yourajassef\appdata\roaming\dropbox\bin\dropbox.exe |
"{9B885F6A-24B3-4ACD-9A84-30C384111DFF}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{9EBDC443-74F4-4D0C-A91A-B9393FB0A71C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A0B9E01E-5FC5-48BC-8BFD-A709CBEE41B9}" = dir=in | app=c:\users\youraj~1\appdata\local\temp\ibtmp213d533\component_567 |
"{A25FE531-6D3E-4F95-B07B-FD2A1BAB9B48}" = dir=in | app=c:\users\youraj~1\appdata\local\temp\ibtmp213d533\component_369 |
"{B60E8BA6-AFBD-4E9D-B209-198C3AFD0163}" = protocol=17 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe |
"{B6A47838-D0D5-4364-A387-13D997D89A32}" = protocol=6 | dir=in | app=c:\program files\easy downloads\easydl.exe |
"{BABBB2F6-5058-4EA9-B701-728080B535AD}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{BEC041D9-A012-41B9-8AC4-03CBB5B42001}" = dir=in | app=c:\users\youraj~1\appdata\local\temp\ibtmp213d533\component_369 |
"{C5C29834-B4F6-4759-9471-CA36315F77E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D2E028F3-F996-441A-BEDC-0A87F5FFD4D0}" = protocol=17 | dir=in | app=c:\users\yourajassef\desktop\pes\pes2011.exe |
"{D6099798-7299-4B17-A0C0-8983D2840062}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D73FBB7C-B072-492B-B67C-E4FA8580B18D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E6AB0DCB-90AD-4C8D-8A04-F2B58F5069EB}" = protocol=6 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe |
"{EA95D05E-86B8-49F4-A5FB-36C57101EB41}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EBE65627-A1E6-4CDD-BC20-9B5106B60B29}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F850F406-90DE-4BC4-8AEE-69C68551C48C}" = protocol=6 | dir=in | app=c:\program files\easy downloads\easydownloads.exe |
"{F8C420A5-E8FA-4042-9514-642D22E4169B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{1D5B9381-49CD-4086-A89F-773343E8CBB5}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{609405B5-C1A5-4F34-A1DD-CDA441D16613}C:\program files\lowratevoip.com\lowratevoip\lowratevoip.exe" = protocol=6 | dir=in | app=c:\program files\lowratevoip.com\lowratevoip\lowratevoip.exe |
"TCP Query User{6A88EBBE-CEC1-48E2-83F7-BF7E964E6743}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{75324174-AC0F-4895-9DEA-ECF0E9FEF07E}C:\program files\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\fifa 12\game\fifa.exe |
"TCP Query User{90313453-931D-4041-958B-36DF9157B760}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{AF4401F7-5ABA-4C08-B715-87FC5D3312DA}C:\program files\simpletv\tv.exe" = protocol=6 | dir=in | app=c:\program files\simpletv\tv.exe |
"TCP Query User{BB3D3209-D9D1-4A04-A025-DA4F42BD8A2C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{DCAE5AC3-A323-4CE1-8F11-28B0BCCB310E}C:\users\yourajassef\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\yourajassef\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{DDB854CB-04AD-427C-99EA-42A735B0F456}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{E68532B8-F64D-401C-8322-878BFD7BE043}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{05799B4A-5711-44C5-9EC2-780BE9EBA0BB}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{3863BAD4-800E-4ACF-A456-97F54A822526}C:\program files\lowratevoip.com\lowratevoip\lowratevoip.exe" = protocol=17 | dir=in | app=c:\program files\lowratevoip.com\lowratevoip\lowratevoip.exe |
"UDP Query User{4FE613CE-7DDF-4300-B60F-C4B40D74812C}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{58DAD19B-4608-4BA8-A5D6-8362CF911FCD}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{611B2B63-935B-491C-8CE5-A5AD6864120F}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{62C78A7E-4986-4E53-B3ED-2A1D462B99AD}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{7553BA3D-DA51-4F85-B52A-6C4B7AE4BAC6}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{A441A6BF-BF0E-4C75-BA5F-05813FB34C5A}C:\program files\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\fifa 12\game\fifa.exe |
"UDP Query User{C78FEF38-D2F3-4FD2-8B7E-68A08EF7ED52}C:\program files\simpletv\tv.exe" = protocol=17 | dir=in | app=c:\program files\simpletv\tv.exe |
"UDP Query User{EAB7AA71-AD5F-400A-B8D1-1FD59636D9C1}C:\users\yourajassef\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\yourajassef\appdata\roaming\dropbox\bin\dropbox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 30
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A513029-E500-4A1C-8809-8D58B5546E7F}" = AusweisApp
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C411EF9-6EBA-46E3-8132-EDADF1CC0B16}" = SCR3xxx Smart Card Reader
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3DF3D05-DE2A-476A-A384-08FCD58D9FE7}" = USB Game Controller
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F32ED8B1-2442-4B0E-8DEC-3F3BFC1C2B7F}" = mCPlug
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AliceHilfe 1.0.0.1" = AliceHilfe
"AVS Media Player_is1" = AVS Media Player 4.1.7.92
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Chipcardmaster_is1" = Chipcardmaster 6.86
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719) 
"DELL Webcam Center" = DELL Webcam Center
"DELL Webcam Manager" = DELL Webcam Manager
"ElsterFormular 13.1.0.8394p" = ElsterFormular
"f42012" = f4 2012
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"ImgBurn" = ImgBurn
"KVK Viewer" = KVK Viewer
"LowRateVoip_is1" = LowRateVoip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Movier" = Movier 1.0.17
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenVPN" = OpenVPN 2.1.3
"ProInst" = Intel(R) PROSet/Wireless Software
"SopCast" = SopCast 3.0.3
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"winscp3_is1" = WinSCP 4.3.5
"WinX Free MOV to WMV Converter_is1" = WinX Free MOV to WMV Converter 4.1.3
"Xvid Video Codec 1.3.1" = Xvid Video Codec
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4277074426-3687905307-1399999662-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 31.01.2013 14:11:46 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1450
 
Error - 31.01.2013 14:11:47 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 31.01.2013 14:11:47 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2574
 
Error - 31.01.2013 14:11:47 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2574
 
Error - 31.01.2013 14:11:48 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 31.01.2013 14:11:48 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3744
 
Error - 31.01.2013 14:11:48 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3744
 
Error - 31.01.2013 14:11:49 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 31.01.2013 14:11:49 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4851
 
Error - 31.01.2013 14:11:49 | Computer Name = yourajassef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4851
 
[ Media Center Events ]
Error - 20.12.2011 18:04:10 | Computer Name = yourajassef-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 20.12.2011 18:04:25 | Computer Name = yourajassef-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 20.12.2011 18:10:30 | Computer Name = yourajassef-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 04.02.2013 08:48:22 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 04.02.2013 09:28:08 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 04.02.2013 09:28:08 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 04.02.2013 09:28:08 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 04.02.2013 13:57:01 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 04.02.2013 14:01:10 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 04.02.2013 14:04:43 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 04.02.2013 17:08:42 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 04.02.2013 17:08:42 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 04.02.2013 17:08:42 | Computer Name = yourajassef-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >

Vielen Dank

cosinus 05.02.2013 08:38

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:

:OTL
DRV - (gqorbfjs) -- C:\Windows\system32\drivers\gqorbfjs.sys File not found
IE - HKU\S-1-5-21-4277074426-3687905307-1399999662-1000\..\SearchScopes\{A89B7D27-C3ED-4FAA-83E3-02E014612E5F}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
[2013.02.04 03:57:34 | 000,000,512 | ---- | C] () -- C:\Users\yourajassef\Desktop\MBR.dat
[2013.01.27 01:01:43 | 000,000,076 | RHS- | M] () -- C:\Windows\CT4CET.bin
[2013.02.03 10:41:45 | 000,013,997 | ---- | C] () -- C:\Users\yourajassef\Desktop\S+TOdLM+.htm.part.htm
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

yourajassef 05.02.2013 09:41

Hallo,

hier:

Code:

All processes killed
========== OTL ==========
Service gqorbfjs stopped successfully!
Service gqorbfjs deleted successfully!
File  C:\Windows\system32\drivers\gqorbfjs.sys File not found not found.
Registry key HKEY_USERS\S-1-5-21-4277074426-3687905307-1399999662-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A89B7D27-C3ED-4FAA-83E3-02E014612E5F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A89B7D27-C3ED-4FAA-83E3-02E014612E5F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll moved successfully.
C:\Users\yourajassef\Desktop\MBR.dat moved successfully.
C:\Windows\CT4CET.bin moved successfully.
C:\Users\yourajassef\Desktop\S+TOdLM+.htm.part.htm moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\yourajassef\Desktop\cmd.bat deleted successfully.
C:\Users\yourajassef\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: yourajassef
->Temp folder emptied: 1028571 bytes
->Temporary Internet Files folder emptied: 10414527 bytes
->Java cache emptied: 3448310 bytes
->FireFox cache emptied: 227467488 bytes
->Apple Safari cache emptied: 130806784 bytes
->Flash cache emptied: 1950 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30758040 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 385,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 02052013_093219

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


cosinus 05.02.2013 09:53

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


yourajassef 05.02.2013 10:11

Hallo,

Malaware: --> keine infizierte Objekte

Code:

Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.05.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
yourajassef :: YOURAJASSEF-PC [Administrator]

Schutz: Aktiviert

05.02.2013 10:04:37
mbam-log-2013-02-05 (10-04-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212716
Laufzeit: 4 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ESET folgt ...

ESET:

Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=c72c194dcad2c7418f3194055ad0e592
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-05 11:38:23
# local_time=2013-02-05 12:38:23 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 56391398 197597031 0 0
# scanned=249706
# found=6
# cleaned=0
# scan_time=8559
C:\Users\yourajassef\Downloads\Neuer Ordner\Megaplayer.exe        probably a variant of Win32/StartPage.JSROPEO trojan        0DB043B9F4D868ED74D8DAD35FE8A37D33DC63E5        I
C:\Users\yourajassef\Downloads\Neuer Ordner\vlc-1.1.9-win32.exe        Win32/StartPage.OIE trojan        1D435CA0C4BA455742225989F95CC529198E86DB        I
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1XHZX0B\upgrade[1].cab        a variant of Win32/Adware.OneStep.Z application        F8E564130624735508A87A52F162FF03253AFA01        I
E:\desktop 2011\LS-DYNA\LSTC_LS-DYNA_V9\legend.001        probably a variant of Win32/Agent.MFFSTCY trojan        B646860190B1A5DBB6A7761F0E7AF1A481C21617        I
E:\desktop 2011\LS-DYNA\LSTC_LS-DYNA_V9.71_WIN32-LND.rar        probably a variant of Win32/Agent.MFFSTCY trojan        96781BE1C1CE8B9711F572430E67E74CB94685C8        I
E:\Downloads\(2) ???? ????? ????.rar        Win32/Bifrose.NEL trojan        BD4CF6D6C8A773323406C40006175CABD9B21693        I

P.S.: die 6 infizierte Dateien, brauche ich alle nicht und kann die gerne löschen :)

cosinus 06.02.2013 09:26

Zitat:

E:\desktop 2011\LS-DYNA\LSTC_LS-DYNA_V9.71_WIN32-LND.rar
Was soll denn das sein?

yourajassef 06.02.2013 10:38

Zitat:

Zitat von cosinus (Beitrag 1006701)
Was soll denn das sein?

LS-DYNA ist ein Simulationsprogramm und wird vorallem für Crashtest-Simulationen angewendet.

Das habe ich mal während meines Studiums gebraucht. Jetzt aber nicht mehr.

Soll ich die Datei einfach löschen?

cosinus 06.02.2013 11:36

Ja löschen. Sieht mir auch aus, als hättest du das Zeug aus irgendeiner dubiosen Quelle. Naja brauchst ja eh nicht mehr

yourajassef 06.02.2013 20:11

Hallo,

ich habe alle 6 Datein unten und alle temporärern Internetdatein gelöscht und den Papierkorb geleert

Zitat:

Zitat von yourajassef
C:\Users\yourajassef\Downloads\Neuer Ordner\Megaplayer.exe probably a variant of Win32/StartPage.JSROPEO trojan 0DB043B9F4D868ED74D8DAD35FE8A37D33DC63E5 I
C:\Users\yourajassef\Downloads\Neuer Ordner\vlc-1.1.9-win32.exe Win32/StartPage.OIE trojan 1D435CA0C4BA455742225989F95CC529198E86DB I
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1XHZX0B\upgrade[1].cab a variant of Win32/Adware.OneStep.Z applicationF8E564130624735508A87A52F162FF03253AFA01 I
E:\desktop 2011\LS-DYNA\LSTC_LS-DYNA_V9\legend.001 probably a variant of Win32/Agent.MFFSTCY trojan B646860190B1A5DBB6A7761F0E7AF1A481C21617 I
E:\desktop 2011\LS-DYNA\LSTC_LS-DYNA_V9.71_WIN32-LND.rar probably a variant of Win32/Agent.MFFSTCY trojan 96781BE1C1CE8B9711F572430E67E74CB94685C8 I
E:\Downloads\(2) ???? ????? ????.rar Win32/Bifrose.NEL trojan BD4CF6D6C8A773323406C40006175CABD9B21693 I


cosinus 06.02.2013 21:49

Sollte dann i.O. sein und sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

yourajassef 06.02.2013 23:52

danke für die Ratschläge:

Ich habe ESET nochmal durchgeführt. Ich habe diesmal auch meine externe Festplatte mitgescant. (F:/)
Wieder 6 Objekte gefunden:
- Die 2 ersten, weiß ich nicht was das ist!
- 3. finde ich irgendwie nicht. Ich konnte bis hier navigieren (C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows) Der Ordner Windows ist aber leer. Ich habe auch die Option "alle Ordner anzeigen" geprüft.
- die 3 letzten habe ich gelöscht

Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=c72c194dcad2c7418f3194055ad0e592
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-06 10:31:52
# local_time=2013-02-06 11:31:52 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 56517007 197722640 0 0
# scanned=294615
# found=6
# cleaned=0
# scan_time=11793
C:\$RECYCLE.BIN\S-1-5-21-4277074426-3687905307-1399999662-1000\$RACPLV0.exe        probably a variant of Win32/StartPage.JSROPEO trojan        0DB043B9F4D868ED74D8DAD35FE8A37D33DC63E5        I
C:\$RECYCLE.BIN\S-1-5-21-4277074426-3687905307-1399999662-1000\$RZKPN0E.exe        Win32/StartPage.OIE trojan        1D435CA0C4BA455742225989F95CC529198E86DB        I
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1XHZX0B\upgrade[1].cab        a variant of Win32/Adware.OneStep.Z application        F8E564130624735508A87A52F162FF03253AFA01        I
F:\Neuer Ordner\mein PC\Yourajassef\fichiers d´installation\Nero 8.1.1.4 en Français + Keygen\Nero 8.1.1.4 en Français + Keygen\Nero 8.x Keygen.exe        probably a variant of Win32/Injector.DW trojan        C17427850F929029849412ED658E83F6F845ED2A        I
F:\Neuer Ordner\mein PC\Yourajassef\fichiers d´installation\MsgPlusLive-450.exe        a variant of Win32/Adware.CiDHelp application        7D4F1B28E7C3735F64C3D68534851C6DABA9E4E3        I
F:\Neuer Ordner\mein PC\Yourajassef\fichiers d´installation\Nero 8.1.1.4 en Français + Keygen.zip        probably a variant of Win32/Injector.DW trojan        E503370B80BA7DD86F010182F4CDF0B488C11C3A        I

Ich bedanke mich nochmal sehr bei Euch und habe noch 2 Fragen.

1- was brauche ich noch von den Programmen, die ich nach Deinen Anweisungen nicht mehr (OTL, gmer, aswMBR, malawarebytes....)?

2- Könntest Du mir den Link zur Bankverbindung (falls eine gibt). Ich will was kleines spenden. Denn das ist ja eine große Leistung, was Ihr hier bringt. Ihr investiert echt viel Zeit.

Danke sehr

cosinus 07.02.2013 00:39

Zitat:

F:\Neuer Ordner\mein PC\Yourajassef\fichiers d´installation\Nero 8.1.1.4 en Français + Keygen.zip
:twak: :pfui:

Warum hast du diesen Dreck auf deinen Datenträgern? :balla:

yourajassef 07.02.2013 06:52

Hallo,
ehrlich gesagt, ich weiß nicht mehr voher ich das hatte. das ist aber sehr alt. wahrscheinlich 8 Jahre alt oder so :)

Zitat:

Zitat von yourajassef
Ich bedanke mich nochmal sehr bei Euch und habe noch 2 Fragen.

1- was brauche ich noch von den Programmen, die ich nach Deinen Anweisungen installiert oder abgespeichert habe, nicht mehr (OTL, gmer, aswMBR, malawarebytes....)? was soll ich löschen und was soll ich beibehalten?

2- Könntest Du mir den Link zur Bankverbindung (falls eine gibt). Ich will was kleines spenden. Denn das ist ja eine große Leistung, was Ihr hier bringt. Ihr investiert echt viel Zeit.

Danke sehr


cosinus 07.02.2013 10:48

Da hast du aber Glück gehabt, wenn ich das am Anfang entdekct hätte wäre das hier der Support gewesen => Neuinstallation von Windows

Lass in Zukunft die Finger von riskantem und illegalem Zeug wie Cracks oder Keygen! :nono:

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

yourajassef 07.02.2013 18:48

ich finde immernoch das hier, obwohl ich alle temp. Internetdateien vor dem scan gelöscht habe!

Code:

C:\$RECYCLE.BIN\S-1-5-21-4277074426-3687905307-1399999662-1000\$RD9W4EM\Temporary Internet Files\Content.IE5\U1XHZX0B\upgrade[1].cab

cosinus 08.02.2013 11:03

TFC - Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

yourajassef 08.02.2013 20:12

Zitat:

Zitat von cosinus (Beitrag 1008069)
TFC - Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Ich habe es gemacht :)

cosinus 10.02.2013 21:50

Ok, Rechner soweit wieder im Lot oder sind noch Probleme offen?

yourajassef 12.02.2013 10:10

Einwandfrei!

letzte Frage: was brauche ich von den Tools noch und was kann ich löschen/Deinstallieren (OTL, gmer, aswMBR, malawarebytes....?)

cosinus 12.02.2013 12:53

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

yourajassef 24.03.2013 11:48

Hallo,
ich war unterwegs :)

Ich habe alle Schritte durchgeführt aber:

JAVA kann ich nicht installieren --> Fehlermeldung: java_sp.dll is corrupt!
Ich habe erfolglos nach Hilfe in unterschiedlichen Foren zu suchen.
Vielleich kannst Du helfen
Danke


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:10 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132