| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Searchnu406, Babylon ToolbarWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.01.2013, 18:47
| #1 |
 |  Searchnu406, Babylon Toolbar Hallo alle zusammen, ich habe mir leider einiges eingefangen. Jedes Mal wenn mein Neffe am PC war, kam etwas neues dazu und jetzt weiß ich leider nicht mehr weiter... Ich habe mich nun hier informiert und versuche, so gut ich es kann, schon gepostete Abläufe abzuarbeiten anhand dieses Posts http://www.trojaner-board.de/112464-...com-410-a.html 1. Den Defogger hab ich gestartet 2.Malwarebytes Logdateien: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.24.09 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Miri :: MIRI-PC [limitiert] Schutz: Aktiviert 24.01.2013 17:16:10 mbam-log-2013-01-24 (17-16-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 365783 Laufzeit: 54 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 13 HKCR\CLSID\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} (PUP.Datamngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{1FDC0B61-91AC-4157-9B27-CAD9A09AB67E} (PUP.Datamngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\BrowserConnection.Loader.1 (PUP.Datamngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\BrowserConnection.Loader (PUP.Datamngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Daten: Search-Results Toolbar -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Program Files (x86)\Search Results Toolbar\Datamngr\BrowserConnection.dll (PUP.Datamngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (PUP.Datamngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Miri\AppData\Local\Temp\blabbers-ff-le.xpi (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Die zweite Logdatei von Malwarebytes: Code:
ATTFilter 2013/01/24 17:06:10 +0100 MIRI-PC Miri MESSAGE Starting protection
2013/01/24 17:06:11 +0100 MIRI-PC Miri MESSAGE Protection started successfully
2013/01/24 17:06:11 +0100 MIRI-PC Miri MESSAGE Starting IP protection
2013/01/24 17:06:13 +0100 MIRI-PC Miri MESSAGE IP Protection started successfully
2013/01/24 17:06:22 +0100 MIRI-PC Miri MESSAGE Starting database refresh
2013/01/24 17:06:22 +0100 MIRI-PC Miri MESSAGE Stopping IP protection
2013/01/24 17:06:22 +0100 MIRI-PC Miri MESSAGE IP Protection stopped successfully
2013/01/24 17:06:25 +0100 MIRI-PC Miri MESSAGE Database refreshed successfully
2013/01/24 17:06:25 +0100 MIRI-PC Miri MESSAGE Starting IP protection
2013/01/24 17:06:27 +0100 MIRI-PC Miri MESSAGE IP Protection started successfully
2013/01/24 17:07:29 +0100 MIRI-PC Miri IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 7012, Process: firefox.exe)
2013/01/24 17:07:29 +0100 MIRI-PC Miri IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 7015, Process: firefox.exe)
2013/01/24 17:12:14 +0100 MIRI-PC Miri MESSAGE Executing scheduled update: Daily
2013/01/24 17:12:16 +0100 MIRI-PC Miri MESSAGE Database already up-to-date
2013/01/24 17:14:48 +0100 MIRI-PC Miri MESSAGE Starting database refresh
2013/01/24 17:14:48 +0100 MIRI-PC Miri MESSAGE Stopping IP protection
2013/01/24 17:14:48 +0100 MIRI-PC Miri MESSAGE IP Protection stopped successfully
2013/01/24 17:14:51 +0100 MIRI-PC Miri MESSAGE Database refreshed successfully
2013/01/24 17:14:51 +0100 MIRI-PC Miri MESSAGE Starting IP protection
2013/01/24 17:14:52 +0100 MIRI-PC Miri MESSAGE IP Protection started successfully
2013/01/24 18:20:27 +0100 MIRI-PC (null) MESSAGE Starting protection
2013/01/24 18:20:27 +0100 MIRI-PC (null) MESSAGE Protection started successfully
2013/01/24 18:20:27 +0100 MIRI-PC (null) MESSAGE Starting IP protection
2013/01/24 18:20:30 +0100 MIRI-PC (null) MESSAGE IP Protection started successfully
2013/01/24 18:26:37 +0100 MIRI-PC Miri IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 1317, Process: firefox.exe)
2013/01/24 18:26:37 +0100 MIRI-PC Miri IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 1318, Process: firefox.exe)
so nun der OTL text Code:
ATTFilter OTL logfile created on: 24.01.2013 19:01:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Miri\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 62,62% Memory free 7,73 Gb Paging File | 6,02 Gb Available in Paging File | 77,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 354,79 Gb Total Space | 302,34 Gb Free Space | 85,22% Space Free | Partition Type: NTFS Drive D: | 110,88 Gb Total Space | 92,02 Gb Free Space | 82,99% Space Free | Partition Type: NTFS Computer Name: MIRI-PC | User Name: Miri | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Miri\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\Miri\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Users\Miri\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Users\Miri\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files\IB Updater\ExtensionUpdaterService.exe () PRC - C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe (Bandoo Media Inc) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL () ========== Services (SafeList) ========== SRV:64bit: - (IB Updater) -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe () SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Users\Miri\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Users\Miri\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (SpyHunter 4 Service) -- C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (Enigma Software Group USA, LLC.) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (EsgScanner) -- C:\Windows\SysNative\drivers\EsgScanner.sys () DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys () DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation) DRV:64bit: - (BcmVWL) -- C:\Windows\SysNative\drivers\bcmvwl64.sys (Broadcom Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (SSPORT) -- C:\Windows\SysWOW64\drivers\SSPORT.SYS (Samsung Electronics) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=559&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=6011184082854680&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=559&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=6011184082854680&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C1 EE CA 76 C5 3F CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=559&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=6011184082854680&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "MyStart Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406" FF - prefs.js..extensions.enabledAddons: ffxtlbr@incredibar.com:1.5.0 FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 FF - prefs.js..extensions.enabledAddons: addlyrics@addlyrics.net:1.3 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=559&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=6011184082854680&o=APN10645&q=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.01.21 20:04:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013.01.21 20:04:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.24 16:08:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\addlyrics@addlyrics.net: C:\Users\Miri\AppData\Local\AddLyrics\FF\ [2013.01.21 20:04:39 | 000,000,000 | ---D | M] [2012.12.05 07:21:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miri\AppData\Roaming\mozilla\Extensions [2013.01.21 20:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miri\AppData\Roaming\mozilla\Firefox\Profiles\yi9eupfl.default\extensions [2012.12.05 07:21:07 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\Miri\AppData\Roaming\mozilla\Firefox\Profiles\yi9eupfl.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} [2013.01.21 20:04:31 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Miri\AppData\Roaming\mozilla\Firefox\Profiles\yi9eupfl.default\extensions\ffxtlbr@incredibar.com [2012.11.14 07:38:14 | 000,002,536 | ---- | M] () -- C:\Users\Miri\AppData\Roaming\mozilla\firefox\profiles\yi9eupfl.default\searchplugins\browsemngr.xml [2013.01.21 20:04:11 | 000,002,203 | ---- | M] () -- C:\Users\Miri\AppData\Roaming\mozilla\firefox\profiles\yi9eupfl.default\searchplugins\MyStart Search.xml [2012.12.05 07:21:04 | 000,002,687 | ---- | M] () -- C:\Users\Miri\AppData\Roaming\mozilla\firefox\profiles\yi9eupfl.default\searchplugins\Search_Results.xml [2013.01.24 16:08:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.19 15:50:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.12.05 07:21:09 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION [2013.01.21 20:04:39 | 000,000,000 | ---D | M] ("AddLyrics") -- C:\USERS\MIRI\APPDATA\LOCAL\ADDLYRICS\FF [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.14 07:38:00 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.12.05 07:21:04 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.searchnu.com/406 CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.searchnu.com/406 CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll CHR - Extension: IB Updater = C:\Users\Miri\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.557_0\ CHR - Extension: AddLyrics = C:\Users\Miri\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdlfddggdloaadnphbhejknhaggjaeld\1.3_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll () O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media Inc) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll File not found O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll () O2 - BHO: (AddLyrics) - {4145006D-47F8-42F2-8186-2225AAFECDD3} - C:\Users\Miri\AppData\Local\AddLyrics\AddLyrics.dll (AddLyrics) O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe (Dell Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE (Bandoo Media Inc) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DAE1FB2-A554-409F-BF46-286DB1B6B874}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB8513AF-7F65-445B-B685-4C52C43BA379}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll (Bandoo Media Inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll (Bandoo Media Inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll (Bandoo Media Inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll (Bandoo Media Inc) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.01.24 16:17:47 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{f3d70334-0b94-11e2-b7ce-f04da25262bb}\Shell - "" = AutoRun O33 - MountPoints2\{f3d70334-0b94-11e2-b7ce-f04da25262bb}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.24 17:05:32 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\Programs [2013.01.24 17:04:49 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Roaming\Malwarebytes [2013.01.24 17:04:45 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2013.01.24 17:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.24 17:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.24 17:04:41 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.24 17:04:41 | 000,000,000 | ---D | C] -- C:\Users\Miri\Malwarebytes' Anti-Malware [2013.01.24 16:17:27 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2013.01.24 16:17:26 | 000,000,000 | ---D | C] -- C:\sh4ldr [2013.01.24 16:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.01.24 16:16:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.01.21 20:16:32 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2013.01.21 20:04:39 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\AddLyrics [2013.01.21 20:04:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Incredibar.com [2013.01.21 20:04:23 | 000,608,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100.dll [2013.01.21 20:04:23 | 000,035,328 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2013.01.21 20:04:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT [2013.01.21 20:04:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ARFC [2013.01.21 20:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\IB Updater [2013.01.21 20:03:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2013.01.19 15:50:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.14 21:04:21 | 000,000,000 | ---D | C] -- C:\Users\Miri\Desktop\küche [2013.01.12 16:43:14 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.12 16:43:14 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.12 16:42:54 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.12 16:42:49 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.01.12 16:42:46 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.01.12 16:42:46 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.01.12 16:42:46 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.01.12 16:42:46 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.01.12 16:42:46 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.01.12 16:42:46 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.01.12 16:42:46 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.01.12 16:42:46 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.01.12 16:42:46 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.01.12 16:42:46 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.01.12 16:42:46 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.01.12 16:42:46 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.01.12 16:42:45 | 002,745,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.01.12 16:42:45 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.01.12 16:42:45 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.01.12 16:42:45 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.01.12 16:42:45 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.01.12 16:42:45 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.01.12 16:42:45 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.01.12 16:42:45 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.01.12 16:42:45 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.01.12 16:42:45 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.01.12 16:42:45 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.01.12 16:42:45 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.01.12 16:42:44 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.01.12 16:42:44 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.01.12 16:42:44 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.01.12 16:42:44 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.01.12 16:42:44 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.01.12 16:42:44 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.01.12 16:42:44 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.01.12 16:42:44 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.01.12 16:42:11 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.01.12 16:42:10 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.01.12 16:42:07 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.01.12 16:42:07 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.01.12 16:42:07 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.01.12 16:42:07 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.12 16:42:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.01.12 16:42:07 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.01.12 16:42:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.01.12 16:42:07 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.12 16:42:07 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.12 16:42:07 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.01.12 16:42:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.12 16:42:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.12 16:42:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.12 16:42:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.12 16:42:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.12 16:42:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.12 16:42:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.12 16:42:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.12 16:42:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.12 16:42:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.12 16:42:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.12 16:42:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.01.12 16:42:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.01.12 16:42:06 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.12 16:42:06 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.12 16:42:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.12 16:42:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.12 16:42:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.12 16:42:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.12 16:42:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.12 16:42:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.12 16:42:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.12 16:42:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.12 16:42:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.01.05 19:59:51 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Miri\Desktop\*.tmp files -> C:\Users\Miri\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.24 18:55:49 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.24 18:55:49 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.24 18:53:47 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.24 18:53:47 | 000,655,516 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.24 18:53:47 | 000,618,912 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.24 18:53:47 | 000,130,684 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.24 18:53:47 | 000,107,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.24 18:48:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.24 18:47:52 | 3111,534,592 | -HS- | M] () -- C:\hiberfil.sys [2013.01.24 18:01:23 | 000,000,168 | ---- | M] () -- C:\Users\Miri\defogger_reenable [2013.01.24 17:05:59 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.24 16:17:47 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2013.01.24 16:08:34 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.24 14:26:18 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.24 14:26:18 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.21 20:16:32 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2013.01.21 20:04:40 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\AddLyrics update.job [2013.01.21 20:04:31 | 000,000,448 | ---- | M] () -- C:\user.js [2013.01.21 20:04:00 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.01.18 18:42:33 | 000,002,263 | ---- | M] () -- C:\Users\Miri\Desktop\Google Chrome.lnk [2013.01.13 11:05:52 | 000,416,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.05 19:59:45 | 357,195,458 | ---- | M] () -- C:\Windows\MEMORY.DMP [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Miri\Desktop\*.tmp files -> C:\Users\Miri\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.24 18:01:23 | 000,000,168 | ---- | C] () -- C:\Users\Miri\defogger_reenable [2013.01.24 17:05:59 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.24 16:17:47 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2013.01.24 16:17:30 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys [2013.01.21 20:04:40 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\AddLyrics update.job [2013.01.21 20:04:31 | 000,000,448 | ---- | C] () -- C:\user.js [2013.01.21 20:04:23 | 001,261,936 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe [2013.01.21 20:04:00 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.01.05 19:59:45 | 357,195,458 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.12.08 15:55:05 | 000,042,553 | ---- | C] () -- C:\Users\Miri\lachsrolle.jpg [2012.12.08 15:52:49 | 000,013,910 | ---- | C] () -- C:\Users\Miri\mandarine lebkuchen.jpg [2012.08.28 16:15:51 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe [2012.08.27 18:11:59 | 001,497,952 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.02 12:26:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.10.26 00:38:40 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011.10.26 00:38:40 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.09.12 21:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Files - Unicode (All) ========== [2012.12.19 17:09:00 | 013,558,640 | ---- | M] ()(C:\Users\Miri\Desktop\DJ StarSunglasses - ?? Party And Club Mixtape .mp3) -- C:\Users\Miri\Desktop\DJ StarSunglasses - ♥♫ Party And Club Mixtape .mp3 [2012.12.19 17:08:45 | 013,558,640 | ---- | C] ()(C:\Users\Miri\Desktop\DJ StarSunglasses - ?? Party And Club Mixtape .mp3) -- C:\Users\Miri\Desktop\DJ StarSunglasses - ♥♫ Party And Club Mixtape .mp3 < End of report > Code:
ATTFilter OTL Extras logfile created on: 24.01.2013 19:01:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Miri\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 62,62% Memory free
7,73 Gb Paging File | 6,02 Gb Available in Paging File | 77,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 354,79 Gb Total Space | 302,34 Gb Free Space | 85,22% Space Free | Partition Type: NTFS
Drive D: | 110,88 Gb Total Space | 92,02 Gb Free Space | 82,99% Space Free | Partition Type: NTFS
Computer Name: MIRI-PC | User Name: Miri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CBEC863-CA79-463F-9FE1-DE142700F80B}" = rport=138 | protocol=17 | dir=out | app=system |
"{12BEB070-6F53-4803-BC7B-2A1A19FAECDC}" = lport=138 | protocol=17 | dir=in | app=system |
"{197D55F7-1CDB-4AA9-87AC-73FDF21FEC57}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1AB144BD-BB9C-4C70-A707-3D35118769BE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1F75045D-D096-4D14-BD63-950C14ED8787}" = lport=137 | protocol=17 | dir=in | app=system |
"{448184EF-B21D-4035-8675-2D1B2D01B460}" = rport=445 | protocol=6 | dir=out | app=system |
"{45A1EB55-2C62-44D5-91EB-33EE17161600}" = lport=139 | protocol=6 | dir=in | app=system |
"{50217FF7-5375-4A16-9D3F-0CDA0A08FDC2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5363F64D-CB49-4646-9E06-C0CBDB51EC49}" = lport=2869 | protocol=6 | dir=in | app=system |
"{61418193-49FC-4CFF-9B09-2E5112094739}" = rport=10243 | protocol=6 | dir=out | app=system |
"{689FB1AC-3532-4916-BDEC-522579F36A49}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7866D321-24E0-4E21-9CAB-719DEAAED506}" = lport=445 | protocol=6 | dir=in | app=system |
"{78FF75F2-F627-4F33-8881-705A97021E96}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{87563EDA-04DC-41A4-9772-CBD463D95C3A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D5247CA-F578-4BF9-9CBF-FFCAFB53CD59}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C44A9612-8863-4AC6-BBFB-CE5901F6D539}" = rport=137 | protocol=17 | dir=out | app=system |
"{CA4DE952-688E-4969-AD5B-F4FCAB7B55CC}" = rport=139 | protocol=6 | dir=out | app=system |
"{CCBC2FA5-6B4C-419A-91E3-0A53F6218D3E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D727E66B-7800-4051-A9B3-072F44E4F0E7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DB8180B4-B961-49D8-896C-F04435479F8D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EA7B223B-B64C-432A-8605-D54F5B20B444}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F3FBDDAD-9C08-47EA-A8B0-7B8DD9D3AB31}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F70C4149-2C1B-487E-AF76-58C2B58E5B5A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{F953D546-EF15-423C-8D91-FF0661253063}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FB6355A-7C03-4BB8-9910-E2503857167C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{15E51CE8-3804-48B4-8D63-BE07392554B5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1C1F32E9-3F61-4D0F-86F5-F29ABD72C8F3}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{1D5906D7-BF59-4E03-8317-11DF38D7FDF3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{38E72E96-4CCD-4861-960C-135E2168051A}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{417765C1-8289-4104-9173-3FE3CC52F10D}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{41ED4680-93C5-4B94-AA35-03E78D274023}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{451F575D-26E4-40FC-BBFB-BB3909BDC087}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{45597912-BDB4-4052-A4A2-8F6B813BF503}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4E40B574-1B35-4EF1-A636-9CA4C12201B9}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{4E83E77C-9852-411C-87E1-CF81EA534965}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50245969-7A31-4B4F-9A37-227AA3B6A1BA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{50A82327-2114-4F22-B946-008705AB1B69}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6DFC64C1-084E-4417-B44D-340D662F5789}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7FA27AAB-7636-45DD-996B-C1EADD644D58}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{81FE34C0-4B31-4FBA-B425-D2F30861F1D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{83AA98A0-3AC6-428B-9509-D6D72E9F6F2C}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{896671B2-ADDB-4A5D-80B3-C0F49A8AA438}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{937F7BAB-E3EF-443D-8F81-3C3F668619E0}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{94C99450-8178-4D0F-8FF9-372308A8937B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{959A1243-FEF0-4576-BBA9-45439A720279}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A586C0BD-4086-40B5-9B5A-9C8AECBA5AB4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AA02C593-EA8F-4D44-BA15-AA2953D79EBA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B43168E2-A29E-4562-A5E2-1D95A9276D87}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B648A574-CB58-46B1-8B84-28566F46E0CE}" = protocol=6 | dir=out | app=system |
"{BA6DA60E-A69A-4178-A326-11DBA9186A45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BDAB73B7-D390-454B-9D37-E9524323F0D8}" = protocol=17 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe |
"{C3695305-525D-4C5A-93AD-6456FB94764B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C3B6691B-BD79-4CB7-BC0D-DCAA2E959E25}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CB2E01DF-F8C0-474D-A5E3-2668B3F34411}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D1DD12BE-A78B-4205-9D95-D8F4B29FDD47}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4E33BA5-660B-427E-9DC9-241E8D4B4778}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DEE0209C-E639-494A-BFE9-82268A75DE1B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DF0C555D-213F-4AC0-93F6-908F28A6E23C}" = protocol=6 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe |
"{E17AC9C5-D3B0-42A5-B3D0-D0A7D8006450}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E9A97DA3-73F3-4D6C-BCD0-16402A56A253}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{04543BA4-6C5F-4A98-9DC9-54EC8945C62E}C:\program files (x86)\spiceworks\httpd\bin\spiceworks-httpd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spiceworks\httpd\bin\spiceworks-httpd.exe |
"TCP Query User{63C26B9E-3CF8-4A7A-B4F3-E8D049AEEDE1}C:\program files (x86)\spiceworks\bin\spiceworks.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spiceworks\bin\spiceworks.exe |
"TCP Query User{7AAEA872-81CA-44D7-B69C-449AB400CACA}C:\program files (x86)\spiceworks\bin\spiceworks.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spiceworks\bin\spiceworks.exe |
"TCP Query User{DBF6CCED-CF81-42E2-8308-3869152196D6}C:\program files (x86)\spiceworks\httpd\bin\spiceworks-httpd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spiceworks\httpd\bin\spiceworks-httpd.exe |
"UDP Query User{2FF83616-C458-46ED-AB56-228DE21011AE}C:\program files (x86)\spiceworks\httpd\bin\spiceworks-httpd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spiceworks\httpd\bin\spiceworks-httpd.exe |
"UDP Query User{580C3F6F-482B-488C-BF8B-81345BC4672E}C:\program files (x86)\spiceworks\httpd\bin\spiceworks-httpd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spiceworks\httpd\bin\spiceworks-httpd.exe |
"UDP Query User{AE79B03B-B037-480C-A60A-C170667CCC4F}C:\program files (x86)\spiceworks\bin\spiceworks.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spiceworks\bin\spiceworks.exe |
"UDP Query User{EE7D7DE9-715F-4A8E-8A1C-567F5118F87F}C:\program files (x86)\spiceworks\bin\spiceworks.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spiceworks\bin\spiceworks.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.557
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}" = SpyHunter
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AF09E130E2FD4D1BEFD1B9132AE624BAE0364719" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501)
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WNLT" = IB Updater Service
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"addlyrics@addlyrics.net" = AddLyrics
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"iLivid" = iLivid
"ilividtoolbarguid" = Search-Results Toolbar
"incredibar" = Incredibar Toolbar on IE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Samsung CLP-320 Series" = Wartung Samsung CLP-320 Series
"Spiceworks-Nmap" = Nmap 5.61-Spiceworks
"WinRAR archiver" = WinRAR archiver
"xp-AntiSpy" = xp-AntiSpy 3.98-2
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.12.2012 06:13:00 | Computer Name = Miri-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10000
Error - 22.12.2012 06:13:00 | Computer Name = Miri-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10000
Error - 31.12.2012 09:37:04 | Computer Name = Miri-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 31.12.2012 09:37:04 | Computer Name = Miri-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1419
Error - 31.12.2012 09:37:04 | Computer Name = Miri-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1419
Error - 05.01.2013 13:02:53 | Computer Name = Miri-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ipmGui.exe, Version: 12.3.0.15, Zeitstempel:
0x4fa05906 Name des fehlerhaften Moduls: mfc100u.dll, Version: 10.0.40219.1, Zeitstempel:
0x4d5f29b6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001ebd1a ID des fehlerhaften Prozesses:
0x154 Startzeit der fehlerhaften Anwendung: 0x01cdeb6680248b3f Pfad der fehlerhaften
Anwendung: C:\program files (x86)\avira\antivir desktop\ipmGui.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\mfc100u.dll Berichtskennung: bde68282-5759-11e2-a080-f04da25262bb
Error - 11.01.2013 16:28:47 | Computer Name = Miri-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 11.01.2013 16:28:47 | Computer Name = Miri-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9999
Error - 11.01.2013 16:28:47 | Computer Name = Miri-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9999
Error - 12.01.2013 11:38:42 | Computer Name = Miri-PC | Source = System Restore | ID = 8193
Description =
[ Broadcom Wireless LAN Events ]
Error - 24.01.2013 02:37:14 | Computer Name = Miri-PC | Source = WLAN-Tray | ID = 0
Description = 07:37:13, Thu, Jan 24, 13 Error - Unable to gain access to user store
[ System Events ]
Error - 28.11.2012 15:31:58 | Computer Name = Miri-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 28.11.2012 15:32:04 | Computer Name = Miri-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 28.11.2012 15:32:38 | Computer Name = Miri-PC | Source = WMPNetworkSvc | ID = 866287
Description =
Error - 28.11.2012 15:33:39 | Computer Name = Miri-PC | Source = WMPNetworkSvc | ID = 866287
Description =
Error - 29.11.2012 12:34:42 | Computer Name = Miri-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 29.11.2012 12:34:44 | Computer Name = Miri-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 29.11.2012 12:35:20 | Computer Name = Miri-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 29.11.2012 12:35:22 | Computer Name = Miri-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 29.11.2012 12:35:53 | Computer Name = Miri-PC | Source = WMPNetworkSvc | ID = 866287
Description =
Error - 29.11.2012 12:37:03 | Computer Name = Miri-PC | Source = WMPNetworkSvc | ID = 866287
Description =
< End of report >
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-01-24 19:15:22 ----------------------------- 19:15:22.224 OS Version: Windows x64 6.1.7600 19:15:22.224 Number of processors: 4 586 0x2505 19:15:22.224 ComputerName: MIRI-PC UserName: Miri 19:15:24.444 Initialize success 19:16:48.587 AVAST engine defs: 13012400 19:19:50.437 The log file has been saved successfully to "C:\Users\Miri\Desktop\aswMBR.txt" 4. aswMBR aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-01-24 19:15:22 ----------------------------- 19:15:22.224 OS Version: Windows x64 6.1.7600 19:15:22.224 Number of processors: 4 586 0x2505 19:15:22.224 ComputerName: MIRI-PC UserName: Miri 19:15:24.444 Initialize success 19:16:48.587 AVAST engine defs: 13012400 19:19:50.437 The log file has been saved successfully to "C:\Users\Miri\Desktop\aswMBR.txt" 5. tssd Killer die erste, sry dass mit dem ZIP hab ich net hinbekommen Code:
ATTFilter 19:26:33.0427 4176 s3cap - ok
19:26:33.0443 4176 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
19:26:33.0443 4176 SamSs - ok
19:26:33.0443 4176 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
19:26:33.0443 4176 sbp2port - ok
19:26:33.0474 4176 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:26:33.0474 4176 SCardSvr - ok
19:26:33.0474 4176 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:26:33.0474 4176 scfilter - ok
19:26:33.0536 4176 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
19:26:33.0536 4176 Schedule - ok
19:26:33.0583 4176 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:26:33.0583 4176 SCPolicySvc - ok
19:26:33.0599 4176 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:26:33.0599 4176 SDRSVC - ok
19:26:33.0630 4176 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:26:33.0630 4176 secdrv - ok
19:26:33.0646 4176 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
19:26:33.0646 4176 seclogon - ok
19:26:33.0661 4176 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:26:33.0661 4176 SENS - ok
19:26:33.0661 4176 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:26:33.0661 4176 SensrSvc - ok
19:26:33.0677 4176 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:26:33.0677 4176 Serenum - ok
19:26:33.0677 4176 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:26:33.0677 4176 Serial - ok
19:26:33.0677 4176 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:26:33.0677 4176 sermouse - ok
19:26:33.0708 4176 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
19:26:33.0708 4176 SessionEnv - ok
19:26:33.0708 4176 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
19:26:33.0708 4176 sffdisk - ok
19:26:33.0708 4176 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:26:33.0708 4176 sffp_mmc - ok
19:26:33.0724 4176 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
19:26:33.0724 4176 sffp_sd - ok
19:26:33.0724 4176 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:26:33.0724 4176 sfloppy - ok
19:26:33.0739 4176 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:26:33.0755 4176 SharedAccess - ok
19:26:33.0770 4176 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:26:33.0770 4176 ShellHWDetection - ok
19:26:33.0770 4176 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:26:33.0770 4176 SiSRaid2 - ok
19:26:33.0786 4176 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:26:33.0786 4176 SiSRaid4 - ok
19:26:33.0973 4176 [ 183F04C6742902F33039913A96F5B574 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:26:33.0989 4176 Skype C2C Service - ok
Code:
ATTFilter 19:26:33.0427 4176 s3cap - ok
19:26:33.0443 4176 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
19:26:33.0443 4176 SamSs - ok
19:26:33.0443 4176 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
19:26:33.0443 4176 sbp2port - ok
19:26:33.0474 4176 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:26:33.0474 4176 SCardSvr - ok
19:26:33.0474 4176 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:26:33.0474 4176 scfilter - ok
19:26:33.0536 4176 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
19:26:33.0536 4176 Schedule - ok
19:26:33.0583 4176 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:26:33.0583 4176 SCPolicySvc - ok
19:26:33.0599 4176 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:26:33.0599 4176 SDRSVC - ok
19:26:33.0630 4176 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:26:33.0630 4176 secdrv - ok
19:26:33.0646 4176 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
19:26:33.0646 4176 seclogon - ok
19:26:33.0661 4176 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:26:33.0661 4176 SENS - ok
19:26:33.0661 4176 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:26:33.0661 4176 SensrSvc - ok
19:26:33.0677 4176 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:26:33.0677 4176 Serenum - ok
19:26:33.0677 4176 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:26:33.0677 4176 Serial - ok
19:26:33.0677 4176 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:26:33.0677 4176 sermouse - ok
19:26:33.0708 4176 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
19:26:33.0708 4176 SessionEnv - ok
19:26:33.0708 4176 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
19:26:33.0708 4176 sffdisk - ok
19:26:33.0708 4176 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:26:33.0708 4176 sffp_mmc - ok
19:26:33.0724 4176 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
19:26:33.0724 4176 sffp_sd - ok
19:26:33.0724 4176 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:26:33.0724 4176 sfloppy - ok
19:26:33.0739 4176 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:26:33.0755 4176 SharedAccess - ok
19:26:33.0770 4176 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:26:33.0770 4176 ShellHWDetection - ok
19:26:33.0770 4176 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:26:33.0770 4176 SiSRaid2 - ok
19:26:33.0786 4176 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:26:33.0786 4176 SiSRaid4 - ok
19:26:33.0973 4176 [ 183F04C6742902F33039913A96F5B574 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:26:33.0989 4176 Skype C2C Service - ok
|
|
24.01.2013, 21:20
| #2 |
| /// TB-Ausbilder  | Searchnu406, Babylon Toolbar Wenn du schon TDSSKliller benutzt, was du nicht sollst, und wenn du das Thema eines anderen Nacharbeitest, was du nicht sollst, dann poste hier bitte auch das ganze Logfile.
__________________ Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.  Bitte Lesen: Regeln für die Bereinigung Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
Gelesen und verstanden?
__________________ |
|
24.01.2013, 21:21
| #3 |
| | Searchnu406, Babylon Toolbar also Ihr Lieben,
__________________schon mal ganz großen respekt an euch!! und vielen lieben dank!!! |
|
24.01.2013, 21:53
| #4 |
| | Searchnu406, Babylon Toolbar 5. 7zip puh geschafft! Oh gott mir war nicht bewusst, dass ich eigentlich ALLES falsch mache... tut mir leid... |
|
24.01.2013, 22:28
| #5 |
| /// TB-Ausbilder | Searchnu406, Babylon Toolbar Nö, du hättest noch viel mehr falsch machen können  ))Schritt 1: Deinstallation von Programmen Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen Schritt 3: Temporäre Dateien löschen mit TFC Schritt 4: Scan mit DDS+ (mit attach) Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
24.01.2013, 22:37
| #6 |
| /// TB-Ausbilder | Searchnu406, Babylon Toolbar Fragen nur hier stellen. Ich denke dass meine Anleitung ganz deutlich geschrieben ist. Also alle Toolbars die du nicht absichtlich installiert hast und das andere Zeugs sofern du es findetst.
__________________ --> Searchnu406, Babylon Toolbar |
|
24.01.2013, 22:49
| #7 |
| | Searchnu406, Babylon Toolbar While installing Babylon toolbar , you also agreed to install the following secondary applications. In order to remove them, please go to Add/Remove programs and select Uninstall/Remove. Name Publisher Avira Free Antivirus Avira DAEMON Tools Lite DT Soft Ltd Microsoft Office Enterprise 2007 Microsoft Corporation Google Chrome Google Inc. iLivid Bandoo Media Inc Incredibar Toolbar on IE Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation Mozilla Firefox 16.0.2 (x86 de) Mozilla Mozilla Maintenance Service Mozilla Wartung Samsung CLP-320 Series Samsung Electronics Co., Ltd. Nmap 5.61-Spiceworks WinRAR archiver Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. Cisco LEAP Module Cisco Systems, Inc. Apple Application Support Apple Inc. Cisco EAP-FAST Module Cisco Systems, Inc. Apple Software Update Apple Inc. MSXML 4.0 SP2 (KB954430) Microsoft Corporation Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation Adobe Reader X (10.1.5) - Deutsch Adobe Systems Incorporated Skype Click to Call Skype Technologies S.A. Skype™ 6.0 Skype Technologies S.A. Cisco PEAP Module Cisco Systems, Inc. Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation MSXML 4.0 SP2 (KB973688) Was bedeutet das jetzt? |
|
24.01.2013, 23:23
| #8 |
| /// TB-Ausbilder | Searchnu406, Babylon Toolbar Bedeutet, dass du den Schritt erstmal überspringen darfst.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
24.01.2013, 23:45
| #9 |
| | Searchnu406, Babylon ToolbarCode:
ATTFilter # AdwCleaner v2.108 - Logfile created 01/24/2013 at 23:36:40
# Updated 24/01/2013 by Xplode
# Operating system : Windows 7 Ultimate (64 bits)
# User : Miri - MIRI-PC
# Boot Mode : Normal
# Running from : C:\Users\Miri\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\yi9eupfl.default\searchplugins\browsemngr.xml
File Deleted : C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\yi9eupfl.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\yi9eupfl.default\searchplugins\Search_Results.xml
Folder Deleted : C:\Program Files (x86)\BabylonToolbar
Folder Deleted : C:\Program Files (x86)\BrowserCompanion
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\Miri\AppData\Local\Temp\{f34c9277-6577-4dff-b2d7-7d58092f272f}
Folder Deleted : C:\Users\Miri\AppData\LocalLow\incredibar.com
Folder Deleted : C:\Users\Miri\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Miri\AppData\Roaming\BrowserCompanion
Folder Deleted : C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\yi9eupfl.default\extensions\ffxtlbr@incredibar.com
***** [Registry] *****
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\5348bddb238eb48
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\iLividSRTB
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec
Key Deleted : HKLM\SOFTWARE\Wow6432Node\5348bddb238eb48
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Mozilla Firefox v16.0.2 (de)
File : C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\yi9eupfl.default\prefs.js
C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\yi9eupfl.default\user.js ... Deleted !
Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb216?a=6R8S1KCHKZ&i=26");
Deleted : user_pref("browser.search.defaultenginename", "MyStart Search");
Deleted : user_pref("browser.search.order.1", "Search Results");
Deleted : user_pref("browser.search.selectedEngine", "MyStart Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/406");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "82e46479000000000000f04da25262bb");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15658");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.87:38:09");
Deleted : user_pref("extensions.enabledAddons", "ffxtlbr@incredibar.com:1.5.0,{972ce4c6-7e08-4474-a285-3208198[...]
Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1359019390509");
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Deleted : user_pref("extensions.incredibar.cntry", "DE");
Deleted : user_pref("extensions.incredibar.dfltLng", "EN");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.dfltlng", "en");
Deleted : user_pref("extensions.incredibar.dfltsrch", "false");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.hrdid", "0");
Deleted : user_pref("extensions.incredibar.id", "");
Deleted : user_pref("extensions.incredibar.instlday", "");
Deleted : user_pref("extensions.incredibar.instlref", "");
Deleted : user_pref("extensions.incredibar.isDcmntCmplt", false);
Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Deleted : user_pref("extensions.incredibar.keywordurl", "");
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.newtab", "false");
Deleted : user_pref("extensions.incredibar.newtaburl", "");
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.prtnrid", "");
Deleted : user_pref("extensions.incredibar.sg", "free");
Deleted : user_pref("extensions.incredibar.smplGrp", "free");
Deleted : user_pref("extensions.incredibar.smplgrp", "free");
Deleted : user_pref("extensions.incredibar.srch", "");
Deleted : user_pref("extensions.incredibar.srchprvdr", "");
Deleted : user_pref("extensions.incredibar.tlbrid", "base");
Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "");
Deleted : user_pref("extensions.incredibar.vrsn", "");
Deleted : user_pref("extensions.incredibar.vrsnts", "");
Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=559&systemid=406&apn[...]
*************************
AdwCleaner[S1].txt - [13502 octets] - [24/01/2013 23:36:40]
########## EOF - C:\AdwCleaner[S1].txt - [13563 octets] ##########
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT .DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 31.05.2012 22:32:43 System Uptime: 24.01.2013 23:39:32 (0 hours ago) . Motherboard: Dell Inc. | | 0PJTXT Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz | U2E1 | 2381/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 355 GiB total, 304,22 GiB free. D: is FIXED (NTFS) - 111 GiB total, 92,015 GiB free. E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP44: 22.12.2012 11:07:03 - Windows Update RP45: 22.12.2012 11:17:19 - Windows Update RP46: 30.12.2012 11:00:26 - Windows Update RP47: 04.01.2013 15:36:21 - Windows Update RP49: 12.01.2013 17:58:01 - Windows Update RP50: 18.01.2013 18:47:17 - Windows Update RP51: 21.01.2013 20:16:58 - Device Driver Package Install: DT Soft Ltd System devices RP52: 22.01.2013 17:26:54 - Windows Update RP53: 24.01.2013 16:16:43 - Installed SpyHunter RP54: 24.01.2013 22:35:58 - Removed SpyHunter RP55: 24.01.2013 23:33:32 - Configured Microsoft Office Enterprise 2007 . ==== Installed Programs ====================== . 7-Zip 9.20 7-Zip Uninstaller Adobe Reader X (10.1.5) - Deutsch Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Bonjour Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module DW WLAN Card Utility iTunes Malwarebytes Anti-Malware Version 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft Office Access MUI (German) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (German) 2007 Microsoft Office Groove MUI (German) 2007 Microsoft Office InfoPath MUI (German) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (German) 2007 Microsoft Office Outlook MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Publisher MUI (German) 2007 Microsoft Office Shared 64-bit MUI (German) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office Word MUI (German) 2007 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 16.0.2 (x86 de) Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nmap 5.61-Spiceworks Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Skype Click to Call Skype™ 6.0 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Wartung Samsung CLP-320 Series WIDCOMM Bluetooth Software Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501) WinRAR archiver . ==== End Of File =========================== Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Miri at 23:48:11 on 2013-01-24
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1033.18.3957.2553 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Users\Miri\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Users\Miri\Malwarebytes' Anti-Malware\mbamservice.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\Samsung\PanelMgr\caller64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{5DAE1FB2-A554-409F-BF46-286DB1B6B874} : DHCPNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\yi9eupfl.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-10-26 204288]
R2 MBAMScheduler;MBAMScheduler;C:\Users\Miri\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-24 398184]
R2 MBAMService;MBAMService;C:\Users\Miri\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-24 682344]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2012-6-1 20984]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2012-6-1 53800]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-6-1 35104]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-6-1 74280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-24 24176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
.
=============== Created Last 30 ================
.
2013-01-24 20:28:13 -------- d-----w- C:\Users\Miri\AppData\Local\7-Zip Uninstaller
2013-01-24 16:05:32 -------- d-----w- C:\Users\Miri\AppData\Local\Programs
2013-01-24 16:04:49 -------- d-----w- C:\Users\Miri\AppData\Roaming\Malwarebytes
2013-01-24 16:04:45 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2013-01-24 16:04:44 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-24 16:04:41 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-24 16:04:41 -------- d-----w- C:\Users\Miri\Malwarebytes' Anti-Malware
2013-01-24 15:17:26 -------- d-----w- C:\Program Files\Enigma Software Group
2013-01-24 15:16:30 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-01-24 15:08:31 261600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2013-01-22 16:27:53 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B12A891-5076-4FDD-8728-5EC9A1FD1884}\mpengine.dll
2013-01-21 19:04:23 608080 ----a-w- C:\Windows\System32\msvcp100.dll
2013-01-12 15:43:14 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-12 15:43:14 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-12 15:41:09 3147264 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2012-12-16 16:52:02 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:40:45 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:25:27 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:25:19 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-07 05:41:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 05:35:34 2745856 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 05:04:20 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 04:57:38 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 03:21:08 45568 ----a-w- C:\Windows\SysWow64\oflc-nz.rs
2012-11-30 05:50:00 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:50:00 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:50:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:49:28 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:46:35 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:43:53 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 05:06:50 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 05:06:49 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:33:03 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:56:36 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:56:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:56:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:56:33 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:51:41 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:51:41 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:51:41 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:51:41 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-22 10:32:45 801280 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 09:33:26 627712 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:55:59 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 05:10:07 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:34:27 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:49:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:30:41 2001408 ----a-w- C:\Windows\System32\msxml6.dll
2012-11-02 05:30:40 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-11-02 05:27:51 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 04:50:33 1388544 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-11-02 04:50:33 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-11-02 04:48:28 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
.
============= FINISH: 23:48:59,55 ===============
|
|
25.01.2013, 16:19
| #10 |
| /// TB-Ausbilder | Searchnu406, Babylon Toolbar Bevor es weitergeht: Besteht das Problem noch?
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
25.01.2013, 18:42
| #11 |
| | Searchnu406, Babylon Toolbar ja, es besteht noch. es öffnet sich zwar wieder firefox, ABER wenn man etwas sucht, wird es mit der incredibar geöffnet. |
|
25.01.2013, 18:49
| #12 |
| /// TB-Ausbilder | Searchnu406, Babylon Toolbar Hm das ist neu, dann müssen wir mal graben ... Scan mit Combofix
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
25.01.2013, 20:32
| #13 |
| | Searchnu406, Babylon Toolbar ist es normal, dass mein desktop schwarz wird und gar nichts mehr reagiert? |
|
25.01.2013, 20:54
| #14 |
| /// TB-Ausbilder | Searchnu406, Babylon Toolbar Nein. Alternativ im abgesicherten Modus ausführen: So funktioniert es:Abgesicherter Modus zur Bereinigung Dieser besondere Startmodus wird von einem User normalerweise nicht benötigt oder benutzt. Für uns ist er jedoch ein großartiges Hilfsmittel, da beim Start des Computers nur sehr wenige Komponenten geladen und so störende Bestandteile (und meistens auch die Malware) eben nicht mitgestartet werden. Um in diesen Modus zu gelangen mußt du während des Neustarts deines Computers im richtigen Moment (oder einfach so oft bis es soweit ist) die F8-Taste drücken und es wird ein Auswahlmenü erscheinen, von dem folgende drei Punkte wichtig sind: Abgesicherter ModusWähle mit den Pfeiltasten Abgesicherter Modus mit Netzwerktreibern aus und drücke Enter.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
26.01.2013, 10:36
| #15 |
| | Searchnu406, Babylon Toolbar Guten Morgen, so jetzt hab ich ne Nacht drüber geschlafen und jetzt geht mein Laptop wieder. Aber ich finde keine Combofix datei. Soll ich Combofix nochmal im gesicherten Zustand laufen lassen oder wie gehe ich jetzt vor? |
|
| Themen zu Searchnu406, Babylon Toolbar |
| .dll, addlyrics, anti-malware, appdata, autostart, babylon toolbar, babylontoolbar, bandoo, code, enigma, esgscanner.sys, explorer, files, gelöscht, helper, install.exe, logdateien, mfc100u.dll, microsoft, neues, neustart, neustart., nicht mehr, port, process, quarantäne, search, search results toolbar, searchnu406, services, software, speicher, temp, test, version, zusammen |
Linear-Darstellung
