Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Avira fand mehrere ADWARE/Yontoo.Gen + Install Core.Gen

Avira fand mehrere ADWARE/Yontoo.Gen + Install Core.Gen


Log-Analyse und Auswertung: Avira fand mehrere ADWARE/Yontoo.Gen + Install Core.Gen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 14.02.2013, 18:50   #1
Gogsl
 
Avira fand mehrere ADWARE/Yontoo.Gen + Install Core.Gen - Ausrufezeichen

Avira fand mehrere ADWARE/Yontoo.Gen + Install Core.Gen


Hallo liebe Leute!

Nutze meinen PC fast ausschließlich zum Daddeln, doch jetzt holte mich die Realität ein...
Gestern erhellte mich mein AVIRA... Anscheinend hab ich einigen Müll auf den Platten welcher mein System spürbar bremst. Außerdem benutze ich hin und wieder Onlinebanking und brauch deswegen mehr Sicherheit.

Den ersten Schritten bin ich gefolgt ... Defogger / OTL / Gmer .. haben ihre Pflicht erfüllt..

Defogger:

Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:45 on 14/02/2013 (Gogsl)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
OTL:

Zitat:
OTL logfile created on: 14.02.2013 17:48:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gogsl\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

15,98 Gb Total Physical Memory | 13,64 Gb Available Physical Memory | 85,37% Memory free
31,96 Gb Paging File | 29,21 Gb Available in Paging File | 91,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 20,31 Gb Free Space | 18,19% Space Free | Partition Type: NTFS
Drive D: | 2,54 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 931,51 Gb Total Space | 669,98 Gb Free Space | 71,92% Space Free | Partition Type: NTFS

Computer Name: GOGSL-PC | User Name: Gogsl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.02.14 17:46:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gogsl\Desktop\OTL.exe
PRC - [2013.01.18 15:13:05 | 000,541,608 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013.01.16 17:27:06 | 002,550,224 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2012.12.10 19:32:14 | 001,573,576 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.12.10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.12.03 21:55:49 | 001,354,736 | ---- | M] (Valve Corporation) -- E:\Program Files (x86)\steam\steam.exe
PRC - [2012.11.06 20:36:02 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2012.10.04 15:34:36 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2012.08.15 18:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.08.14 00:43:16 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


========== Modules (No Company Name) ==========

MOD - [2013.01.26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Users\Gogsl\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
MOD - [2013.01.26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Users\Gogsl\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013.01.26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Users\Gogsl\AppData\Local\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013.01.26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Users\Gogsl\AppData\Local\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013.01.26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Users\Gogsl\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2013.01.18 15:13:10 | 000,647,168 | ---- | M] () -- E:\Program Files (x86)\steam\sdl.dll
MOD - [2013.01.18 15:13:05 | 020,320,240 | ---- | M] () -- E:\Program Files (x86)\steam\bin\libcef.dll
MOD - [2013.01.18 15:13:04 | 001,100,800 | ---- | M] () -- E:\Program Files (x86)\steam\bin\avcodec-53.dll
MOD - [2013.01.18 15:13:04 | 000,969,640 | ---- | M] () -- E:\Program Files (x86)\steam\bin\chromehtml.dll
MOD - [2013.01.18 15:13:04 | 000,192,000 | ---- | M] () -- E:\Program Files (x86)\steam\bin\avformat-53.dll
MOD - [2013.01.18 15:13:04 | 000,124,416 | ---- | M] () -- E:\Program Files (x86)\steam\bin\avutil-51.dll
MOD - [2013.01.16 17:27:06 | 002,550,224 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013.01.16 17:26:01 | 002,212,304 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2012.11.06 20:36:02 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012.12.19 20:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.12.19 15:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2013.01.18 15:13:05 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.01.16 17:27:06 | 002,550,224 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.12.09 13:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.12.19 21:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.12.19 21:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 20:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.11.06 12:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.05.02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.25 10:26:34 | 000,115,272 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.07 19:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2011.05.10 15:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2011.04.21 19:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 15:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.03.04 15:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.12.17 23:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009.11.18 00:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.08.09 22:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012.04.09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004.04.10 08:43:54 | 000,004,608 | ---- | M] (cansoft@livewiredev.com) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\mbmiodrvr.sys -- (mbmiodrvr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=18e8df18000000000000bc5ff41de626
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=18e8df18000000000000bc5ff41de626
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=18e8df18000000000000bc5ff41de626
IE - HKCU\..\SearchScopes\{B514C233-7D4B-4673-8D2A-39A4C2793261}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=E7B10BF2-6CA1-4172-AC8E-B2CF8BFAD84B&apn_sauid=3C717B1B-D1EC-4A1C-99E9-2580CE7A1B66
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gogsl\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gogsl\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.6.4\FF [2012.05.31 18:32:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.02.13 19:18:08 | 000,000,000 | ---D | M]

[2013.02.13 19:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gogsl\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Gogsl\AppData\Roaming\mozilla\firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2013.02.13 19:18:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

========== Chrome ==========

CHR - homepage: hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=18e8df18000000000000bc5ff41de626
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=18e8df18000000000000bc5ff41de626
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Gogsl\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Gogsl\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Gogsl\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Gogsl\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Gogsl\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Ask Toolbar = C:\Users\Gogsl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.14.33467_0\
CHR - Extension: PriceGong = C:\Users\Gogsl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.4_0\
CHR - Extension: Movie2kDownloader = C:\Users\Gogsl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf\1.0_0\
CHR - Extension: YouTube = C:\Users\Gogsl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Gogsl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Babylon Toolbar = C:\Users\Gogsl\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: Delta Toolbar = C:\Users\Gogsl\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.0_0\
CHR - Extension: AdBlock = C:\Users\Gogsl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.59_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Gogsl\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: BrowserProtect = C:\Users\Gogsl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\
CHR - Extension: Google Mail = C:\Users\Gogsl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Space Planet = C:\Users\Gogsl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb\1.1_0\
CHR - Extension: Ask Toolbar = C:\Users\Gogsl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.14.33467_0\
CHR - Extension: PriceGong = C:\Users\Gogsl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.4_0\
CHR - Extension: Movie2kDownloader = C:\Users\Gogsl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf\1.0_0\
CHR - Extension: YouTube = C:\Users\Gogsl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Gogsl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Babylon Toolbar = C:\Users\Gogsl\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: Delta Toolbar = C:\Users\Gogsl\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.0_0\
CHR - Extension: AdBlock = C:\Users\Gogsl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.59_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Gogsl\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: BrowserProtect = C:\Users\Gogsl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\
CHR - Extension: Google Mail = C:\Users\Gogsl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Space Planet = C:\Users\Gogsl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb\1.1_0\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Steam] E:\Program Files (x86)\steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.7.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.161 83.169.184.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED6084E7-8389-410F-B9F6-7BF5F88CC147}: DhcpNameServer = 83.169.184.161 83.169.184.225
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.01.08 08:08:11 | 000,000,000 | R--D | M] - D:\Autorun -- [ UDF ]
O32 - AutoRun File - [2007.09.17 19:48:04 | 000,263,744 | R--- | M] (Firaxis Games) - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2007.09.20 03:18:35 | 000,006,276 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{018c47c3-9c73-11e1-b871-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{018c47c3-9c73-11e1-b871-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2007.09.17 19:48:04 | 000,263,744 | R--- | M] (Firaxis Games)
O33 - MountPoints2\{99f04521-a6ab-11e1-aefe-bc5ff41de626}\Shell - "" = AutoRun
O33 - MountPoints2\{99f04521-a6ab-11e1-aefe-bc5ff41de626}\Shell\AutoRun\command - "" = F:\INSTALL.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.02.14 17:46:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gogsl\Desktop\OTL.exe
[2013.02.13 19:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2013.02.13 19:18:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2013.02.13 19:18:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.02.13 19:18:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.02.13 19:18:08 | 000,000,000 | ---D | C] -- C:\Users\Gogsl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013.02.13 19:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.02.13 19:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.13 19:18:02 | 000,000,000 | ---D | C] -- C:\Users\Gogsl\AppData\Roaming\Delta
[2013.02.13 19:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2013.02.13 19:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.02.13 19:16:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie2KDownloader.com
[2013.02.13 19:16:32 | 000,000,000 | ---D | C] -- C:\Users\Gogsl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com
[2013.02.13 19:16:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hdvidcodec.com
[2013.02.03 20:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.02.03 20:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.01.28 04:43:37 | 000,000,000 | ---D | C] -- C:\Users\Gogsl\AppData\Roaming\SecondLife
[2013.01.28 04:43:34 | 000,000,000 | ---D | C] -- C:\Users\Gogsl\AppData\Local\SecondLife
[2013.01.28 04:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer
[2013.01.26 22:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.01.25 14:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.01.25 14:28:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013.01.25 14:28:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013.01.25 14:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2013.01.18 15:22:47 | 000,000,000 | ---D | C] -- C:\Users\Gogsl\AppData\Roaming\Skype
[2013.01.18 15:22:42 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.01.18 15:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.01.18 15:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.01.18 15:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.01.17 17:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2013.01.17 17:36:59 | 000,000,000 | ---D | C] -- C:\Users\Gogsl\AppData\Local\APN
[2013.01.17 17:26:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2013.01.17 02:13:17 | 000,000,000 | ---D | C] -- C:\Users\Gogsl\Documents\OpenTTD
[2013.01.17 02:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenTTD

========== Files - Modified Within 30 Days ==========

[2013.02.14 17:46:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gogsl\Desktop\OTL.exe
[2013.02.14 17:45:38 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.14 17:45:38 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.14 17:45:18 | 000,000,000 | ---- | M] () -- C:\Users\Gogsl\defogger_reenable
[2013.02.14 17:44:38 | 000,050,477 | ---- | M] () -- C:\Users\Gogsl\Desktop\Defogger.exe
[2013.02.14 17:42:45 | 001,527,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.14 17:42:45 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.14 17:42:45 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.14 17:42:45 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.14 17:42:45 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.14 17:38:24 | 000,282,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.14 17:38:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.14 17:38:19 | 4278,939,646 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.13 19:16:32 | 000,000,842 | ---- | M] () -- C:\Users\Gogsl\Desktop\HDVidCodec.lnk
[2013.02.13 19:14:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-745365714-1941014534-1510569367-1000UA.job
[2013.02.13 19:14:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-745365714-1941014534-1510569367-1000Core.job
[2013.02.03 20:31:04 | 000,063,562 | ---- | M] () -- C:\Users\Gogsl\Documents\cc_20130203_203053.reg
[2013.02.03 20:29:33 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.02.01 19:16:56 | 000,002,364 | ---- | M] () -- C:\Users\Gogsl\Desktop\Google Chrome.lnk
[2013.01.28 04:43:34 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\Second Life Viewer.lnk
[2013.01.26 22:09:19 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.01.18 15:22:42 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.17 02:13:02 | 000,000,710 | ---- | M] () -- C:\Users\Public\Desktop\OpenTTD.lnk

========== Files Created - No Company Name ==========

[2013.02.14 17:45:18 | 000,000,000 | ---- | C] () -- C:\Users\Gogsl\defogger_reenable
[2013.02.14 17:44:38 | 000,050,477 | ---- | C] () -- C:\Users\Gogsl\Desktop\Defogger.exe
[2013.02.13 19:18:10 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013.02.13 19:16:32 | 000,000,842 | ---- | C] () -- C:\Users\Gogsl\Desktop\HDVidCodec.lnk
[2013.02.03 20:30:55 | 000,063,562 | ---- | C] () -- C:\Users\Gogsl\Documents\cc_20130203_203053.reg
[2013.02.03 20:29:33 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.28 04:43:34 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\Second Life Viewer.lnk
[2013.01.18 15:22:42 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.17 02:13:02 | 000,000,710 | ---- | C] () -- C:\Users\Public\Desktop\OpenTTD.lnk
[2012.12.12 21:48:06 | 000,011,866 | ---- | C] () -- C:\Users\Gogsl\AppData\Roaming\TheHunterSettings_live.bin
[2012.06.19 03:12:48 | 000,000,093 | ---- | C] () -- C:\Users\Gogsl\AppData\Local\fusioncache.dat
[2012.06.19 03:12:18 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.19 00:37:38 | 004,032,098 | ---- | C] () -- C:\Users\Gogsl\AppData\Roaming\minecraft.jar
[2012.05.22 02:20:23 | 000,001,308 | ---- | C] () -- C:\Users\Gogsl\Der plan.rtf
[2012.05.12 22:46:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.05.12 21:51:01 | 000,001,164 | ---- | C] () -- C:\Users\Gogsl\AppData\Local\9A5FF4EA.il
[2012.05.12 21:51:01 | 000,000,280 | ---- | C] () -- C:\Users\Gogsl\AppData\Local\IndexIE_9A5FF4EA.il
[2012.05.03 03:55:52 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.11.29 21:09:34 | 000,000,000 | ---D | M] -- C:\Users\Gogsl\AppData\Roaming\.minecraft
[2012.06.30 16:15:31 | 000,000,000 | ---D | M] -- C:\Users\Gogsl\AppData\Roaming\Babylon
[2012.06.30 16:15:51 | 000,000,000 | ---D | M] -- C:\Users\Gogsl\AppData\Roaming\BabylonToolbar
[2013.02.13 19:18:06 | 000,000,000 | ---D | M] -- C:\Users\Gogsl\AppData\Roaming\Delta
[2012.10.25 10:49:41 | 000,000,000 | ---D | M] -- C:\Users\Gogsl\AppData\Roaming\Firefly Studios
[2012.05.15 15:33:30 | 000,000,000 | ---D | M] -- C:\Users\Gogsl\AppData\Roaming\freeCompressor
[2012.11.06 21:39:59 | 000,000,000 | ---D | M] -- C:\Users\Gogsl\AppData\Roaming\LolClient
[2012.05.31 23:23:16 | 000,000,000 | ---D | M] -- C:\Users\Gogsl\AppData\Roaming\MC
[2013.01.10 12:48:13 | 000,000,000 | ---D | M] -- C:\Users\Gogsl\AppData\Roaming\MotioninJoy
[2012.06.27 13:04:22 | 000,000,000 | ---D | M] -- C:\Users\Gogsl\AppData\Roaming\Mumble
[2013.01.28 04:45:02 | 000,000,000 | ---D | M] -- C:\Users\Gogsl\AppData\Roaming\SecondLife
[2012.06.30 19:22:03 | 000,000,000 | ---D | M] -- C:\Users\Gogsl\AppData\Roaming\six-updater
[2012.06.30 19:17:22 | 000,000,000 | ---D | M] -- C:\Users\Gogsl\AppData\Roaming\six-zsync
[2013.02.06 20:31:48 | 000,000,000 | ---D | M] -- C:\Users\Gogsl\AppData\Roaming\TS3Client
[2012.05.25 23:41:05 | 000,000,000 | ---D | M] -- C:\Users\Gogsl\AppData\Roaming\ts3overlay
[2012.05.21 01:01:01 | 000,000,000 | ---D | M] -- C:\Users\Gogsl\AppData\Roaming\YourFileDownloader

========== Purity Check ==========



< End of report >
Der Rest ist im Anhang!

Ich kann damit garnix anfangen und hoffe daher, dass ich alles Richtig gepostet habe! Übrigens ist mein Profilname mit dem im Windows identisch (zwecks Verdunkelungsgefahr).

Hoffe es gibt jemanden der sich meiner annehmen möchte! ^^

Liebe Grüße Gogsl

 

Themen zu Avira fand mehrere ADWARE/Yontoo.Gen + Install Core.Gen
adblock, adware/yontoo.gen, antivir, autorun, avg, avira, bho, delta toolbar, ebanking, explorer, explorer.exe, firefox, format, google, helper, home, homepage, logfile, microsoft, object, opera, pando media booster, plug-in, programme, realtek, registry, scan, software, system, tarma, windows, winlogon, yontoo


« Delta Search löschen aber wie? | GVU Trojaner - System läßt sich aber im abges. Modus starten »


Ähnliche Themen: Avira fand mehrere ADWARE/Yontoo.Gen + Install Core.Gen


  1. Install Core Gen7 + Adware
    Log-Analyse und Auswertung - 22.04.2015 (16)
  2. Adware/Yontoo.76776
    Log-Analyse und Auswertung - 25.12.2014 (5)
  3. Windows 7: ADWARE/Install Core Gen7 gefunden
    Log-Analyse und Auswertung - 04.04.2014 (11)
  4. Windows 7: Adware Install Core Gen7 gefunden
    Log-Analyse und Auswertung - 27.03.2014 (3)
  5. Install core click run software
    Plagegeister aller Art und deren Bekämpfung - 20.02.2014 (32)
  6. Adware:MSIL/Yontoo
    Plagegeister aller Art und deren Bekämpfung - 10.01.2014 (25)
  7. v9.com und adware yontoo.gen
    Log-Analyse und Auswertung - 07.07.2013 (14)
  8. AdWare.IS.Yontoo.a
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (11)
  9. ADWARE/InstallCore.Gen, ADWARE/Yontoo.Gen und ADWARE/InstallCore.E von AVIRA gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (10)
  10. Avira meldet ADWARE/Yontoo.E.1
    Plagegeister aller Art und deren Bekämpfung - 13.04.2013 (10)
  11. AVIRA meldet ADWARE/Yontoo.Gen Fund
    Log-Analyse und Auswertung - 13.04.2013 (7)
  12. AVIRA-Fund: ADWARE/YONTOO.GEN2 und ESET-Fund: Win32/StartPage.OPH trojan
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (12)
  13. Avira Antivir meldet Adware/Yontoo.Gen
    Plagegeister aller Art und deren Bekämpfung - 11.03.2013 (36)
  14. ADWARE/Yontoo.E.1 gefunden
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (15)
  15. Avira meldet ADWARE/Yontoo.E.1
    Plagegeister aller Art und deren Bekämpfung - 04.01.2013 (12)
  16. F-Secure fand mehrere Trojaner- Spiele stürzen ab, Firefox ebenfalls
    Log-Analyse und Auswertung - 08.11.2011 (7)
  17. avira meldet mehrere funde mit ADWARE im namen - gefährlich?
    Plagegeister aller Art und deren Bekämpfung - 13.04.2011 (15)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Avira fand mehrere ADWARE/Yontoo.Gen + Install Core.Gen - Hallo liebe Leute! Nutze meinen PC fast ausschließlich zum Daddeln, doch jetzt holte mich die Realität ein... Gestern erhellte mich mein AVIRA... Anscheinend hab ich einigen Müll auf den Platten - Avira fand mehrere ADWARE/Yontoo.Gen + Install Core.Gen...
Archiv
Du betrachtest: Avira fand mehrere ADWARE/Yontoo.Gen + Install Core.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131