Firefox - Redirect auf

massalode · 16.08.2012, 21:34

Hallo Trojaner-Board,

ich habe seit heute nachmittag ein Problem mit Firefox: Wenn ich auf irgendeine Seite gehen will, erfolgt anscheinend eine Weiterleitung auf go.timedirect.ru (in der Adressleiste steht dann: hxxp://go.timedirect.ru/?id=49983&go=1000000&close=1000000&hash=5fef3eff51dc719c4a9f565a742d78f2&domain=%ED%E5+%EE%EF%F0%E5%E4%E5%EB%E5%ED&rref=&adult=), welche dann von Firefox als "attackierende Website" gemeldet wird.
Daraufhin hab ich Malwarebytes laufen lassen mit dem folgenden Ergebnis:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.16.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jan :: JEAN-LUC [Administrator]

16.08.2012 18:22:09
mbam-log-2012-08-16 (18-22-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 522399
Laufzeit: 2 Stunde(n), 10 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jan\Downloads\SoftonicDownloader_fuer_danys-virtual-drum.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jan\Downloads\SoftonicDownloader_fuer_hydrogen.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Anschließend hab ich den Rechner neugestartet, das Problem besteht aber weiterhin.
Also hab ich jetzt, wie empfohlen, den Scan mit OTL durchgeführt.
Logfile vom Defogger (wurde früher schonmal in anderem Zusammenhang verwendet, daher das frühe Datum. Seitdem aber auch kein "Re-enable")

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:19 on 21/10/2011 (Jan)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

OTL-Logfile (Extras.txt wurde nicht erstellt?)

Code:

ATTFilter

OTL logfile created on: 16.08.2012 22:11:46 - Run 5
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Jan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 58,79% Memory free
7,99 Gb Paging File | 6,22 Gb Available in Paging File | 77,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,07 Gb Total Space | 99,94 Gb Free Space | 22,16% Space Free | Partition Type: NTFS
Drive D: | 270,45 Gb Total Space | 209,30 Gb Free Space | 77,39% Space Free | Partition Type: NTFS
Drive E: | 4,79 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: JEAN-LUC | User Name: Jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2012.08.16 22:02:41 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Downloads\OTL.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.19 03:00:10 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.09.08 15:55:10 | 000,888,488 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011.09.02 15:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011.08.15 15:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.06.28 21:30:33 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2011.06.28 21:30:33 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.28 11:35:24 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.16 18:45:40 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.09 13:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2010.02.01 23:51:56 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.02.01 23:51:52 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.10.15 11:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
PRC - [2009.10.15 11:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009.09.17 21:05:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
PRC - [2009.06.25 04:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009.06.25 00:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2007.02.04 13:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 09:50:24 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
MOD - [2012.06.14 09:49:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 09:49:35 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.10 10:24:14 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012.05.10 01:02:06 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.10 01:02:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.10 01:02:01 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.10 01:01:49 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:58:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.02.13 16:32:16 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.02.09 13:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2010.02.09 13:34:00 | 000,365,888 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll
MOD - [2010.02.09 13:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2010.02.09 13:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2010.02.09 13:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2010.02.09 13:34:00 | 000,046,400 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll
MOD - [2010.02.09 13:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
MOD - [2009.10.15 11:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
MOD - [2009.10.15 11:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009.10.15 11:10:16 | 000,588,272 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll
MOD - [2009.09.28 08:52:34 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
MOD - [2009.09.11 20:05:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.06.29 06:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.06.25 12:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2007.02.12 10:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2012.08.15 15:44:48 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.14 13:47:18 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.19 03:00:10 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.09.02 15:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.06.28 21:30:33 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.06.28 21:30:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 11:35:24 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.11.15 20:31:04 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV - [2009.11.15 20:28:44 | 000,948,224 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV - [2009.11.15 20:26:26 | 000,690,688 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
SRV - [2009.09.17 21:05:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009.06.29 06:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.06 02:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.28 21:30:34 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.28 21:30:34 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.07.12 10:55:39 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010.02.11 12:31:30 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.11.19 02:06:22 | 000,020,992 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt)
DRV:64bit: - [2009.11.19 02:06:20 | 000,012,800 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet)
DRV:64bit: - [2009.11.04 17:54:06 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009.11.04 17:54:06 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009.11.04 17:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009.11.04 17:47:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009.10.30 14:39:54 | 000,460,864 | ---- | M] (BEHRINGER) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BUSB2902.sys -- (BEHRINGER_2902)
DRV:64bit: - [2009.10.30 14:39:54 | 000,049,728 | ---- | M] (BEHRINGER) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\busbwdm.sys -- (BUSB_AUDIO_WDM)
DRV:64bit: - [2009.09.17 20:33:00 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.29 06:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.06.26 06:23:30 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.06.25 13:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.18 16:15:16 | 000,041,032 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfebopk.sys -- (mfebopk)
DRV:64bit: - [2009.06.15 21:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.22 16:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.05.22 11:18:20 | 000,069,152 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdgx64.sys -- (O2MDGRDR)
DRV:64bit: - [2009.05.14 02:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2006.11.01 20:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012.04.10 21:04:32 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV - [2011.05.16 14:44:53 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004.06.10 10:25:04 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\usbhub.sys -- (usbhub)
DRV - [2004.06.10 10:25:04 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\usbehci.sys -- (usbehci)
DRV - [2004.06.10 10:25:04 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\usbuhci.sys -- (usbuhci)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2F2D2473-D43B-45EB-B3FE-926C6EDCA04D}
IE:64bit: - HKLM\..\SearchScopes\{2F2D2473-D43B-45EB-B3FE-926C6EDCA04D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {9E08E378-FD33-4267-A18E-05D08A0A34E6}
IE - HKLM\..\SearchScopes\{D9D72F8C-8F48-4B3D-952B-22724847F085}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://g.uk.msn.com/uscon/8 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {9E08E378-FD33-4267-A18E-05D08A0A34E6}
IE - HKCU\..\SearchScopes\{9E08E378-FD33-4267-A18E-05D08A0A34E6}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.14 13:47:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.16 18:19:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.18 09:51:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.01.30 00:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions
[2010.01.30 00:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.08.09 21:37:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\npilqiao.default\extensions
[2011.04.27 14:58:04 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\npilqiao.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010.10.29 20:26:37 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\npilqiao.default\extensions\vshare@toolbar
[2010.02.11 12:33:26 | 000,002,055 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\npilqiao.default\searchplugins\daemon-search.xml
[2011.07.11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\npilqiao.default\searchplugins\startsear.xml
[2012.06.25 20:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.25 20:15:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2011.08.13 15:27:04 | 000,090,118 | ---- | M] () (No name found) -- C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
[2012.08.14 13:47:19 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.08.31 12:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2012.06.27 22:01:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.27 22:01:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.27 22:01:23 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.27 22:01:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.27 22:01:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.27 22:01:23 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B326610-3CDF-4B5F-8C10-A6F61629A41A}: NameServer = 134.93.8.13 134.93.8.159
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CB6C3EC-E35F-48DB-AF15-659134C433AD}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6AD365C-35D7-4DE3-8DC1-BCF8D8292591}: DhcpNameServer = 134.93.48.210 134.93.48.196
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.04.02 20:17:47 | 000,132,016 | R--- | M] (InstallShield Software Corporation) - E:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.03.26 01:35:42 | 000,004,286 | R--- | M] () - E:\autorun.ico -- [ UDF ]
O32 - AutoRun File - [2008.03.26 01:35:42 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008.03.26 01:35:57 | 000,000,382 | R--- | M] () - E:\autorun.ini -- [ UDF ]
O33 - MountPoints2\{09369562-16f9-11df-82d4-0026b9aa91ce}\Shell - "" = AutoRun
O33 - MountPoints2\{09369562-16f9-11df-82d4-0026b9aa91ce}\Shell\AutoRun\command - "" = G:\wubi.exe --cdmenu
O33 - MountPoints2\{62e2856f-2f69-11df-a5e8-0026b9aa91ce}\Shell - "" = AutoRun
O33 - MountPoints2\{62e2856f-2f69-11df-a5e8-0026b9aa91ce}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\{ab9952a1-093c-11df-b76a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ab9952a1-093c-11df-b76a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2008.04.02 20:17:47 | 000,132,016 | R--- | M] (InstallShield Software Corporation)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.16 18:19:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.09 21:19:14 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Gegengift
[2012.08.09 19:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.08.09 19:39:06 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miranda IM
[2002.03.11 11:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
[2002.03.11 10:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.16 21:38:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.16 21:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.16 20:55:24 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.16 20:55:24 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.16 20:46:46 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.16 20:46:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.16 20:45:53 | 3217,264,640 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.16 18:20:32 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.16 18:14:19 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.08.15 21:23:13 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.08.15 21:23:13 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.15 21:19:50 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.08.15 19:55:28 | 000,361,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.15 19:53:04 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.08.15 19:53:04 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.08.15 19:51:48 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.08.13 21:57:05 | 006,073,561 | ---- | M] () -- C:\Users\Jan\Desktop\DA.pdf
[2012.08.12 22:04:14 | 019,366,014 | ---- | M] () -- C:\Users\Jan\00 - GTA Rock 1.wav
[2012.08.12 22:04:01 | 019,464,318 | ---- | M] () -- C:\Users\Jan\00 - GTA Rock 2.wav
[2012.08.12 21:59:17 | 003,053,568 | ---- | M] () -- C:\Users\Jan\Desktop\00 - Tiki Lounge God.mp3
[2012.08.12 21:03:22 | 004,800,853 | ---- | M] () -- C:\Users\Jan\Desktop\02 - Birdie.mp3
[2012.08.12 19:53:58 | 005,282,633 | ---- | M] () -- C:\Users\Jan\Desktop\04 - Jimmy Carter.mp3
[2012.08.12 19:52:42 | 057,826,186 | ---- | M] () -- C:\Users\Jan\Desktop\Stockholm Syndrome.rar
[2012.08.12 19:43:32 | 002,281,472 | ---- | M] () -- C:\Users\Jan\Desktop\00 - Along the Way (Cover).mp3
[2012.08.12 19:23:48 | 003,622,032 | ---- | M] () -- C:\Users\Jan\Desktop\05 - Sekt zum Frühstück.mp3
[2012.08.12 19:19:49 | 002,815,678 | ---- | M] () -- C:\Users\Jan\Desktop\00 - First Time.mp3
[2012.08.12 19:18:39 | 003,047,050 | ---- | M] () -- C:\Users\Jan\00 - When Johnny Comes Marching.....mp3
[2012.08.12 19:18:29 | 001,843,927 | ---- | M] () -- C:\Users\Jan\00 - Rain.mp3
[2012.08.12 19:04:34 | 004,070,158 | ---- | M] () -- C:\Users\Jan\Desktop\00 - Walk This Way - Album Version.mp3
[2012.08.12 19:01:38 | 002,247,741 | ---- | M] () -- C:\Users\Jan\Desktop\00 - Shawn Michaels.mp3
[2012.08.12 19:00:29 | 000,392,191 | ---- | M] () -- C:\Users\Jan\Desktop\00 - quackpacktheme.wav
[2012.08.12 18:52:22 | 000,848,945 | ---- | M] () -- C:\Users\Jan\Desktop\Thorsten.mp3
[2012.08.12 18:48:18 | 001,811,617 | ---- | M] () -- C:\Users\Jan\00 - 08 - LA Resistance (Medley).mp3
[2012.08.12 18:48:14 | 001,505,984 | ---- | M] () -- C:\Users\Jan\00 - 06 - What Would Brian Boitano Do.mp3
[2012.08.12 18:48:09 | 001,201,292 | ---- | M] () -- C:\Users\Jan\00 - 05 - Kyle's Mom's A Bitch.mp3
[2012.08.12 18:48:07 | 001,056,260 | ---- | M] () -- C:\Users\Jan\00 - 02 - Uncle FUCKA.mp3
[2012.08.12 18:46:14 | 003,943,180 | ---- | M] () -- C:\Users\Jan\00 - 03-ost-america_fuck_yeah.mp3
[2012.08.12 18:45:58 | 002,134,327 | ---- | M] () -- C:\Users\Jan\00 - 01-ost-everyone_has_aids.mp3
[2012.08.12 15:26:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012.08.11 00:25:07 | 000,064,225 | ---- | M] () -- C:\Users\Jan\Desktop\Auftragen der Streuung.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.13 21:56:49 | 006,073,561 | ---- | C] () -- C:\Users\Jan\Desktop\DA.pdf
[2012.08.12 21:58:40 | 019,464,318 | ---- | C] () -- C:\Users\Jan\00 - GTA Rock 2.wav
[2012.08.12 21:58:40 | 019,366,014 | ---- | C] () -- C:\Users\Jan\00 - GTA Rock 1.wav
[2012.08.12 21:58:05 | 003,053,568 | ---- | C] () -- C:\Users\Jan\Desktop\00 - Tiki Lounge God.mp3
[2012.08.12 21:02:25 | 004,800,853 | ---- | C] () -- C:\Users\Jan\Desktop\02 - Birdie.mp3
[2012.08.12 19:53:11 | 005,282,633 | ---- | C] () -- C:\Users\Jan\Desktop\04 - Jimmy Carter.mp3
[2012.08.12 19:44:07 | 057,826,186 | ---- | C] () -- C:\Users\Jan\Desktop\Stockholm Syndrome.rar
[2012.08.12 19:43:11 | 002,281,472 | ---- | C] () -- C:\Users\Jan\Desktop\00 - Along the Way (Cover).mp3
[2012.08.12 19:23:16 | 003,622,032 | ---- | C] () -- C:\Users\Jan\Desktop\05 - Sekt zum Frühstück.mp3
[2012.08.12 19:19:12 | 002,815,678 | ---- | C] () -- C:\Users\Jan\Desktop\00 - First Time.mp3
[2012.08.12 19:17:39 | 003,047,050 | ---- | C] () -- C:\Users\Jan\00 - When Johnny Comes Marching.....mp3
[2012.08.12 19:17:39 | 001,843,927 | ---- | C] () -- C:\Users\Jan\00 - Rain.mp3
[2012.08.12 19:03:59 | 004,070,158 | ---- | C] () -- C:\Users\Jan\Desktop\00 - Walk This Way - Album Version.mp3
[2012.08.12 19:01:18 | 002,247,741 | ---- | C] () -- C:\Users\Jan\Desktop\00 - Shawn Michaels.mp3
[2012.08.12 19:00:24 | 000,392,191 | ---- | C] () -- C:\Users\Jan\Desktop\00 - quackpacktheme.wav
[2012.08.12 18:52:13 | 000,848,945 | ---- | C] () -- C:\Users\Jan\Desktop\Thorsten.mp3
[2012.08.12 18:47:31 | 001,811,617 | ---- | C] () -- C:\Users\Jan\00 - 08 - LA Resistance (Medley).mp3
[2012.08.12 18:47:31 | 001,505,984 | ---- | C] () -- C:\Users\Jan\00 - 06 - What Would Brian Boitano Do.mp3
[2012.08.12 18:47:31 | 001,201,292 | ---- | C] () -- C:\Users\Jan\00 - 05 - Kyle's Mom's A Bitch.mp3
[2012.08.12 18:47:31 | 001,056,260 | ---- | C] () -- C:\Users\Jan\00 - 02 - Uncle FUCKA.mp3
[2012.08.12 18:45:21 | 003,943,180 | ---- | C] () -- C:\Users\Jan\00 - 03-ost-america_fuck_yeah.mp3
[2012.08.12 18:45:21 | 002,134,327 | ---- | C] () -- C:\Users\Jan\00 - 01-ost-everyone_has_aids.mp3
[2012.08.12 13:56:07 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012.08.11 00:25:05 | 000,064,225 | ---- | C] () -- C:\Users\Jan\Desktop\Auftragen der Streuung.pdf
[2012.03.03 22:10:28 | 000,000,600 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\winscp.rnd
[2012.03.03 22:04:03 | 000,000,600 | ---- | C] () -- C:\Users\Jan\AppData\Local\PUTTY.RND
[2012.02.25 01:14:43 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012.02.16 02:05:11 | 000,000,854 | ---- | C] () -- C:\Users\Jan\.recently-used.xbel
[2012.01.04 19:52:08 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.11.01 19:14:55 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.10.30 14:06:45 | 000,007,605 | ---- | C] () -- C:\Users\Jan\AppData\Local\Resmon.ResmonCfg
[2011.10.21 18:19:53 | 000,000,188 | ---- | C] () -- C:\Users\Jan\defogger_reenable
[2011.08.25 15:06:23 | 000,000,000 | ---- | C] () -- C:\Users\Jan\AppData\Local\{BD4BD322-074B-451C-B2B2-E5CEEF597A57}
[2011.08.19 16:59:39 | 000,000,300 | ---- | C] () -- C:\Users\Jan\.Xauthority
[2011.06.05 13:54:05 | 000,000,000 | ---- | C] () -- C:\Users\Jan\AppData\Local\{91C454F8-D096-4781-AE3D-4319EF20608B}
[2011.05.16 14:45:39 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.05.16 14:45:39 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.03.05 18:55:52 | 000,282,296 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.03.05 18:55:50 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.03.05 18:55:50 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.01.12 18:27:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.06.06 00:29:48 | 000,000,047 | ---- | C] () -- C:\Users\Jan\.gtk-bookmarks
[2009.08.20 16:30:46 | 142,534,369 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2009.08.20 16:29:58 | 009,818,624 | ---- | C] () -- C:\Program Files\openofficeorg31.msi
[2009.08.19 10:07:26 | 000,000,336 | ---- | C] () -- C:\Program Files\setup.ini
[2009.03.26 12:36:32 | 000,451,928 | ---- | C] () -- C:\Program Files\setup.exe
[2004.01.26 18:15:29 | 000,233,472 | R--- | C] () -- C:\Users\Jan\AppData\Roaming\MafiaSetup.exe
 
========== LOP Check ==========
 
[2012.01.26 12:57:19 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Amazon
[2010.07.11 01:54:28 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Astroburn Lite
[2010.01.31 17:38:32 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Canon
[2010.02.20 17:47:55 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2010.02.11 12:41:18 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DAEMON Tools Lite
[2010.10.23 23:20:30 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.19 16:39:26 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\gtk-2.0
[2010.09.17 15:25:50 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Miranda
[2010.02.13 16:36:19 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\OpenOffice.org
[2011.05.25 14:26:23 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\PCDr
[2010.01.29 22:46:17 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\ScanSoft
[2010.01.30 00:47:16 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Thunderbird
[2010.12.28 01:58:23 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\WildTangent
[2012.08.12 15:26:00 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012.08.15 19:51:48 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011.10.27 09:48:05 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.08.16 18:14:19 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 

< End of report >

Ich würde mich über jede Hilfe sehr freuen

Gruß
Jan

cosinus · 18.08.2012, 11:09

Code:

ATTFilter

C:\Users\Jan\Downloads\SoftonicDownloader_fuer_danys-virtual-drum.exe

Vermüllte Software von Softonic scheint gerade stark in Mode zu sein!

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
Dein Anti-Virus-Programm während des Scans deaktivieren.

Button (<< klick) drücken.
- Firefox-User:
  Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User:
  müssen das Installieren eines ActiveX Elements erlauben.
Setze den einen Haken bei Yes, i accept the Terms of Use.
Drücke den Button.
Warte bis die Komponenten herunter geladen wurden.
Setze einen Haken bei "Scan archives".
Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
drücken.
Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

Klicke Finish.
Browser schließen.

Drücke bitte die

+ R Taste und kopiere folgenden Text in das Ausführen Fenster.

Code:

ATTFilter

"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"

Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:

ATTFilter

"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"

Poste nun den Inhalt der log.txt.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

massalode · 19.08.2012, 21:38

Hallo Cosinus,

danke für deine Antwort. Den Hinweis zu Softonic werde ich in Zukunft berücksichtigen.

Hier das Ergebnis des ESET-Scans:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ae702733bc467b4da713aa42992afbee
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-18 02:33:37
# local_time=2012-08-18 04:33:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 749576 81823354 4276 0
# compatibility_mode=5893 16776573 100 94 100293 96919948 0 0
# compatibility_mode=8192 67108863 100 0 211 211 0 0
# scanned=220197
# found=2
# cleaned=0
# scan_time=10319
C:\Program Files (x86)\Dany's Virtual Drum 2 (Beta 3)\RECORDING SOFTWARE\HC2Setup.exe	Win32/Somoto application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Dany's Virtual Drum 2 (Beta 3)\RECORDING SOFTWARE\HC2Setup64.exe	Win32/Somoto application (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ae702733bc467b4da713aa42992afbee
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-19 02:33:36
# local_time=2012-08-19 04:33:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 771373 81845151 26073 0
# compatibility_mode=5893 16776573 100 94 122090 96941745 0 0
# compatibility_mode=8192 67108863 100 0 22008 22008 0 0
# scanned=348218
# found=2
# cleaned=0
# scan_time=74920
C:\Program Files (x86)\Dany's Virtual Drum 2 (Beta 3)\RECORDING SOFTWARE\HC2Setup.exe	Win32/Somoto application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Dany's Virtual Drum 2 (Beta 3)\RECORDING SOFTWARE\HC2Setup64.exe	Win32/Somoto application (unable to clean)	00000000000000000000000000000000	I

Ich sollte auch noch erwähnen, dass das Problem mit der Weiterleitung jetzt anscheinend nicht mehr auftritt. Ich habe seit dem ersten Post nur noch Ubuntu verwendet, daher ist mir das erst jetzt aufgefallen.

Gruß
Jan

cosinus · 20.08.2012, 21:40

Zitat:

C:\Program Files (x86)\Dany's Virtual Drum 2 (Beta 3)\RECORDING SOFTWARE\HC2Setup.exe

Aus welcehr Quelle stammt diese setup.exe?

massalode · 20.08.2012, 21:59

Zitat:

Zitat von cosinus

Aus welcehr Quelle stammt diese setup.exe?

Die war bei Dany's Virtual Drum dabei. Das hatte ich damals von hier hxxp://danys-virtual-drum.en.softonic.com/
runtergeladen.

Gruß
Jan

cosinus · 21.08.2012, 13:06

Bitte nichts mehr von Softonic laden!

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

massalode · 21.08.2012, 17:49

Hallo Cosinus,

Zitat:

Zitat von cosinus

Bitte nichts mehr von Softonic laden!

ich werde in Zukunft darauf achten.

Hier das Logfile vom AdwCleaner:

Code:

ATTFilter

# AdwCleaner v1.801 - Logfile created 08/21/2012 at 18:34:16
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jan - JEAN-LUC
# Boot Mode : Normal
# Running from : C:\Users\Jan\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Jan\AppData\Local\AskToolbar
Folder Found : C:\Users\Jan\AppData\Local\Temp\AskSearch
Folder Found : C:\Users\Jan\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\npilqiao.default\extensions\toolbar@ask.com
Folder Found : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\npilqiao.default\extensions\vshare@toolbar
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Found : C:\Program Files (x86)\vShare.tv plugin
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\npilqiao.default\searchplugins\daemon-search.xml
File Found : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\npilqiao.default\searchplugins\Startsear.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\StartSearch
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
[x64] Key Found : HKCU\Software\APN
[x64] Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
[x64] Key Found : HKCU\Software\Ask.com
[x64] Key Found : HKCU\Software\AskToolbar
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKCU\Software\StartSearch
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
[x64] Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\npilqiao.default\prefs.js

Found : user_pref("browser.search.defaultengine", "Web Search");
Found : user_pref("browser.search.defaultenginename", "Web Search");
Found : user_pref("browser.search.order.1", "Web Search");
Found : user_pref("extensions.asktb.AviraIDW-TS", "1319702220646");
Found : user_pref("extensions.asktb.AviraIDW-XML", "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<button xm[...]
Found : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Found : user_pref("extensions.asktb.cbid", "JM");
Found : user_pref("extensions.asktb.config-updated", false);
Found : user_pref("extensions.asktb.crumb", "2011.07.04+05.15.41-toolbar012iad-DE-VHJpZXIsR2VybWFueQ%3D%3D")[...]
Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Found : user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
Found : user_pref("extensions.asktb.guid", "c606fd24-b2b2-41e2-aaa0-45710d0fbe88");
Found : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Found : user_pref("extensions.asktb.if", "first");
Found : user_pref("extensions.asktb.l", "dis");
Found : user_pref("extensions.asktb.last-config-req", "1322256346966");
Found : user_pref("extensions.asktb.last-v", "3.13.1.100008");
Found : user_pref("extensions.asktb.locale", "de_DE");
Found : user_pref("extensions.asktb.location", "Trier,Germany");
Found : user_pref("extensions.asktb.notification-shown", true);
Found : user_pref("extensions.asktb.o", "100000080");
Found : user_pref("extensions.asktb.qsrc", "2871");
Found : user_pref("extensions.asktb.sa", "NO");
Found : user_pref("extensions.asktb.search-suggestions-enabled", true);
Found : user_pref("extensions.asktb.silent-upgrade", true);
Found : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Found : user_pref("extensions.asktb.themeid", "");
Found : user_pref("extensions.asktb.to", "");
Found : user_pref("vshare.install.date", "1288310400000");
Found : user_pref("vshare.install.finished", "1.0.0");
Found : user_pref("vshare.install.guid", "{1c1177ca-7a78-41df-8771-13ab2be373b6}");
Found : user_pref("vshare.install.isHidden", true);
Found : user_pref("vshare.install.laststatreq", "1305504000000");
Found : user_pref("vshare.install.newtab", false);

*************************

AdwCleaner[R1].txt - [11466 octets] - [21/08/2012 18:34:16]

########## EOF - C:\AdwCleaner[R1].txt - [11595 octets] ##########

Gruß
Jan

cosinus · 30.08.2012, 12:23

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

massalode · 30.08.2012, 16:39

Hallo Cosinus,

hier die Logdatei:

Code:

ATTFilter

# AdwCleaner v1.801 - Logfile created 08/30/2012 at 17:10:53
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jan - JEAN-LUC
# Boot Mode : Normal
# Running from : C:\Users\Jan\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Jan\AppData\Local\AskToolbar
Folder Deleted : C:\Users\Jan\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Jan\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\npilqiao.default\extensions\toolbar@ask.com
Folder Deleted : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\npilqiao.default\extensions\vshare@toolbar
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files (x86)\vShare.tv plugin
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\npilqiao.default\searchplugins\daemon-search.xml
File Deleted : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\npilqiao.default\searchplugins\Startsear.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Ask.com.tmp
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (de)

Profile name : default 
File : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\npilqiao.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Web Search");
Deleted : user_pref("browser.search.defaultenginename", "Web Search");
Deleted : user_pref("browser.search.order.1", "Web Search");
Deleted : user_pref("extensions.asktb.AviraIDW-TS", "1319702220646");
Deleted : user_pref("extensions.asktb.AviraIDW-XML", "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<button xm[...]
Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Deleted : user_pref("extensions.asktb.cbid", "JM");
Deleted : user_pref("extensions.asktb.config-updated", false);
Deleted : user_pref("extensions.asktb.crumb", "2011.07.04+05.15.41-toolbar012iad-DE-VHJpZXIsR2VybWFueQ%3D%3D")[...]
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
Deleted : user_pref("extensions.asktb.guid", "c606fd24-b2b2-41e2-aaa0-45710d0fbe88");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Deleted : user_pref("extensions.asktb.if", "first");
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1322256346966");
Deleted : user_pref("extensions.asktb.last-v", "3.13.1.100008");
Deleted : user_pref("extensions.asktb.locale", "de_DE");
Deleted : user_pref("extensions.asktb.location", "Trier,Germany");
Deleted : user_pref("extensions.asktb.notification-shown", true);
Deleted : user_pref("extensions.asktb.o", "100000080");
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.sa", "NO");
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.asktb.silent-upgrade", true);
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Deleted : user_pref("extensions.asktb.themeid", "");
Deleted : user_pref("extensions.asktb.to", "");
Deleted : user_pref("vshare.install.date", "1288310400000");
Deleted : user_pref("vshare.install.finished", "1.0.0");
Deleted : user_pref("vshare.install.guid", "{1c1177ca-7a78-41df-8771-13ab2be373b6}");
Deleted : user_pref("vshare.install.isHidden", true);
Deleted : user_pref("vshare.install.laststatreq", "1305504000000");
Deleted : user_pref("vshare.install.newtab", false);

*************************

AdwCleaner[R1].txt - [11523 octets] - [21/08/2012 18:34:16]
AdwCleaner[S1].txt - [9002 octets] - [30/08/2012 17:10:53]

########## EOF - C:\AdwCleaner[S1].txt - [9130 octets] ##########

Gruß
Jan

cosinus · 30.08.2012, 20:06

Es gibt in der Zwischenzeit eine neue Version vom adwCleaner, bitte neu runterladen und einen neuen Suchlauf damit machen:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

massalode · 30.08.2012, 20:18

Hallo Cosinus,

hier die neue Logdatei:

Code:

ATTFilter

# AdwCleaner v2.000 - Datei am 08/30/2012 um 21:17:00 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Jan - JEAN-LUC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Jan\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Ask.com.tmp

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\npilqiao.default\prefs.js

Gefunden : user_pref("vshare.install.date", "1346340072");
Gefunden : user_pref("vshare.install.finished", "1.0.0");
Gefunden : user_pref("vshare.install.fresh", "false");
Gefunden : user_pref("vshare.install.guid", "{2f48ad34-5a72-4577-bb6c-a37d7cdacfdb}");
Gefunden : user_pref("vshare.install.newtab", false);

*************************

AdwCleaner[R1].txt - [11523 octets] - [21/08/2012 18:34:16]
AdwCleaner[S1].txt - [9117 octets] - [30/08/2012 17:10:53]
AdwCleaner[R2].txt - [1202 octets] - [30/08/2012 21:17:00]

########## EOF - C:\AdwCleaner[R2].txt - [1262 octets] ##########

Gruß
Jan

cosinus · 30.08.2012, 20:21

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

massalode · 31.08.2012, 16:20

Hallo Cosinus,

hier das nächste Logfile:

Code:

ATTFilter

# AdwCleaner v2.000 - Datei am 08/31/2012 um 17:14:00 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Jan - JEAN-LUC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Jan\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\npilqiao.default\prefs.js

Gelöscht : user_pref("extensions.ui.lastCategory", "addons://search/vshare");
Gelöscht : user_pref("vshare.install.fresh", "true");

*************************

AdwCleaner[R1].txt - [11523 octets] - [21/08/2012 18:34:16]
AdwCleaner[S1].txt - [9117 octets] - [30/08/2012 17:10:53]
AdwCleaner[R2].txt - [1331 octets] - [30/08/2012 21:17:00]
AdwCleaner[S2].txt - [2046 octets] - [31/08/2012 16:41:32]
AdwCleaner[R3].txt - [1267 octets] - [31/08/2012 17:13:01]
AdwCleaner[S3].txt - [1200 octets] - [31/08/2012 17:14:00]

########## EOF - C:\AdwCleaner[S3].txt - [1260 octets] ##########

Gruß
Jan

cosinus · 31.08.2012, 19:42

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

massalode · 31.08.2012, 20:10

Hallo Cosinus,

Windows läuft soweit normal.
Im Startmenü ist der Ordner von Malwarebytes' Anti-Malware leer. Allerdings weiß ich nicht, ob er das nicht auch schon vorher war. Sonst scheint alles da zu sein.

Gruß
Jan

31.08.2012, 19:42	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Firefox - Redirect auf Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

Firefox - Redirect auf

Log-Analyse und Auswertung: Firefox - Redirect auf