Delta Search

markusg · 19.02.2013, 13:41

ja, steht ja oben.

xreason · 19.02.2013, 13:47

achso, bei mir hat das beim ersten ausführen direkt nachgefragt

Ich habe bei vielen Sachen unbekannt angegeben, da ich mich einfach nicht mit diesen auskenne, oder ich bereits vergessen habe was diese auf meinem Computer zu suchen haben:

Adobe AIR Adobe Systems Incorporated 26.12.2011 3.1.0.4880 notwendig
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 07.02.2013 6,00MB 11.5.502.149 notwendig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 08.02.2013 6,00MB 11.5.502.149 notwendig
Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 27.12.2012 168MB 10.1.4 notwendig
Age of Empires® III: Complete Collection 27.04.2012 notwendig
Akamai NetSession Interface Akamai Technologies, Inc 12.02.2013 unbekannt
Akamai NetSession Interface Service 10.11.2011 unbekannt
Apple Application Support Apple Inc. 14.09.2012 64,5MB 2.2.2 notwendig
Apple Mobile Device Support Apple Inc. 14.09.2012 23,7MB 6.0.0.59 notwendig
Apple Software Update Apple Inc. 17.09.2011 2,38MB 2.1.3.127 notwendig
Assassin's Creed Ubisoft 25.03.2011 1.00 unnötig
ATI Catalyst Install Manager ATI Technologies, Inc. 05.02.2011 22,1MB 3.0.765.0 unbekannt
Batman: Arkham Asylum Eidos Interactive Limited 26.01.2012 1.0.0.0 notwendig
Batman: Arkham City™ Rocksteady 18.09.2012 notwendig
BitTorrent 07.02.2011 7.1.0 unnötig
BittorrentBar_DE Toolbar BittorrentBar_DE 07.02.2011 6.2.7.3 unnötig
Bonjour Apple Inc. 14.09.2012 2,04MB 3.0.0.10 unbekannt
Borderlands 23.03.2011 1.0 unnötig
BrickForce 1.9.87 Infernum Productions AG 14.05.2012 1.9.87 notwendig
Browser Configuration Utility DeviceVM Inc. 05.02.2011 3,14MB 1.0.10.0 unbekannt
Call of Duty 4: Modern Warfare Infinity Ward 18.04.2012 notwendig
Call of Duty: Black Ops II 13.11.2012 notwendig
Call of Duty: Black Ops II - Multiplayer 13.11.2012 notwendig
Call of Duty: Black Ops II - Zombies 13.11.2012 notwendig
Call of Duty: Modern Warfare 3 Infinity Ward - Sledgehammer Games 20.01.2012 notwendig
Call of Duty: Modern Warfare 3 - Multiplayer Infinity Ward - Sledgehammer Games 20.01.2012 notwendig
Call of Duty: World at War Activision 13.11.2012 notwendig
Camtasia Studio 7 TechSmith Corporation 07.02.2011 218MB 7.0.1 unnötig
Canyon USB2.0 PC Camera(0050.2009.1224.3006) PixArt 08.06.2011 0050.2009.1224.3006 notwendig
CCleaner Piriform 23.01.2013 3.27 notwendig
CDBurnerXP CDBurnerXP 21.07.2011 16,8MB 4.3.8.2568 notwendig
CloneDVD2 Elaborate Bytes 06.03.2011 2.9.2.8 notwendig
Combat Arms EU 07.02.2011 unnötig
Conduit Engine Conduit Ltd. 07.02.2011 unbekannt
Delta Chrome Toolbar DeltaInstaller 16.02.2013 3,00KB 1.0.0.0 unbekannt
Delta toolbar Delta 16.02.2013 1.8.10.0 unbekannt
devolo dLAN Cockpit devolo AG 26.12.2011 1.0 notwendig
devolo dLAN Wireless extender Konfiguration devolo AG 05.02.2011 1.0.0.0 notwendig
devolo dLAN-Konfigurationsassistent devolo AG 26.12.2011 20.0.0.0 notwendig
devolo EasyClean devolo AG 05.02.2011 3.0.0.0 notwendig
devolo EasyShare devolo AG 05.02.2011 4.0.0.0 notwendig
devolo Informer devolo AG 26.12.2011 28.0.0.0 notwendig
Diablo III Blizzard Entertainment 29.09.2012 1.0.4.11327 notwendig
DivX-Setup DivX, LLC 27.02.2011 2.4.0.6 notwendig
Dota 2 31.01.2013 notwendig
Dragon Age II Electronic Arts, Inc. 19.03.2011 5,89GB 1.00 unnötig
Drakonia Configurator 23.12.2012 11,7MB unbekannt
DU Meter Hagel Technologies Ltd. 21.10.2012 9,84MB 6.01 unnötig
Dual-Core Optimizer AMD 26.01.2012 86,0KB 1.1.4.0169 unbekannt
Dustforce 07.12.2012 notwendig
EPU 05.02.2011 1.02.20 unbekannt
ESL Wire 1.15.3 Turtle Entertainment GmbH 19.02.2013 59,7MB notwendig
Fallout 3 Bethesda Softworks 21.04.2011 1.00.0000 unnötig
Far Cry 3 Ubisoft 15.12.2012 1.04 notwendig
File Type Assistant Trusted Software 25.02.2011 1,87MB notwendig
Flyff Gala Networks Europe Limited 06.05.2011 Flyff unnötig
Fraps (remove only) 08.02.2011 notwendig
Free File Viewer 2011 Bitberry Software 25.02.2011 unbekannt
FreeArc 0.666 Bulat Ziganshin 01.03.2012 0.666 unbekannt
Freeze.com NetAssistant Freeze.com 12.02.2013 3.8.3 unbekannt
Game Jackal Command Center v4.1.1.2 SlySoft Inc. 05.03.2011 14,5MB unbekannt
Google Chrome Google Inc. 27.02.2011 24.0.1312.57 notwendig
Google Toolbar for Internet Explorer Google Inc. 15.01.2013 7.4.3607.2246 notwendig
Gorky17 16.10.2011 unnötig
Green Line 4 Sprachtrainer Klett 31.03.2011 1.00.000 unnötig
iLivid Bandoo Media Inc. 15.06.2011 1.80.0.107492 unnötig
iTunes Apple Inc. 14.09.2012 180MB 10.7.0.21 notwendig
Java 7 Update 11 Oracle 28.01.2013 130MB 7.0.110 notwendig
Java(TM) 6 Update 22 Oracle 11.02.2011 97,0MB 6.0.220 notwendig
Java(TM) 6 Update 24 Oracle 13.03.2011 94,8MB 6.0.240 notwendig
Java(TM) 6 Update 25 (64-bit) Oracle 02.05.2011 91,4MB 6.0.250 notwendig
JDownloader 0.9 AppWork GmbH 16.02.2013 0.9 unbekannt
Kaspersky Internet Security 2013 Kaspersky Lab 17.02.2013 13.0.1.4190 notwendig
Kingdoms of Amalur Reckoning 27.03.2012 unnötig
League of Legends Riot Games 19.08.2011 1.02.0000 notwendig
Left 4 Dead 2 Valve 21.01.2012 notwendig
LIMBO 06.03.2012 notwendig
Logitech Gaming Software 5.02 Logitech 05.02.2011 9,30MB 5.02.116 notwendig
Magicka Arrowhead Game Studios AB 06.03.2012 notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 18.02.2013 18,4MB 1.70.0.1100 notwendig
Max Payne 3 Rockstar Games 16.06.2012 1.0.0.0 notwendig
McAfee Security Scan Plus McAfee, Inc. 09.02.2013 10,2MB 3.0.318.3 unnötig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 05.02.2011 38,8MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 05.02.2011 2,93MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Extended Microsoft Corporation 22.03.2011 51,9MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 22.03.2011 10,6MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Corporation 22.03.2011 83,4MB 4.0.30319 unbekannt
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 19.09.2012 31,3MB 3.5.88.0 unbekannt
Microsoft Games for Windows Marketplace Microsoft Corporation 19.09.2012 6,03MB 3.5.50.0 unbekannt
Microsoft Help Viewer 1.0 Microsoft Corporation 22.03.2011 3,97MB 1.0.30319 unbekannt
Microsoft Help Viewer 1.0 Language Pack - DEU Microsoft Corporation 22.03.2011 1,95MB 1.0.30319 unbekannt
Microsoft IntelliPoint 8.0 Microsoft 24.02.2011 38,0MB 8.01.249.0 unbekannt
Microsoft IntelliType Pro 8.1 Microsoft 28.04.2011 8.15.406.0 unbekannt
Microsoft Silverlight Microsoft Corporation 22.03.2011 14,9MB 3.0.40818.0 unbekannt
Microsoft SQL Server Compact 3.5 SP2 DEU Microsoft Corporation 22.03.2011 3,69MB 3.5.8080.0 unbekannt
Microsoft SQL Server Compact 3.5 SP2 x64 DEU Microsoft Corporation 22.03.2011 4,81MB 3.5.8080.0 unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 26.01.2012 2,38MB 8.0.59193 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 06.10.2011 910KB 9.0.21022 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 17.04.2011 252KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 05.02.2011 788KB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 06.06.2011 1,69MB 9.0.21022 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 30.03.2011 234KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 09.02.2011 596KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 11.02.2011 596KB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 Microsoft Corporation 22.03.2011 599KB 9.0.30729.4974 unbekannt
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 30.04.2011 13,6MB 10.0.30319 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 28.01.2012 11,1MB 10.0.40219 unbekannt
Microsoft Visual C++ 2010 Express - DEU Microsoft Corporation 22.03.2011 10.0.30319 unbekannt
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU Microsoft Corporation 22.03.2011 4,31MB 10.0.30319unbekannt
Microsoft WSE 3.0 Runtime Microsoft Corp. 19.04.2011 942KB 3.0.5305.0 unbekannt
Microsoft XNA Framework Redistributable 3.1 Microsoft Corporation 06.06.2011 7,55MB 3.1.10527.0 unbekannt
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 13.01.2012 1,27MB 4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 13.01.2012 1,39MB 4.20.9876.0 unbekannt
NetLimiter 3 Locktime Software s.r.o. 13.03.2011 10,9MB 3.0.0.10 unnötig
Notepad++ 02.05.2011 5.9 notwendig
NVIDIA Grafiktreiber 275.33 NVIDIA Corporation 06.07.2011 275.33 notwendig
NVIDIA HD-Audiotreiber 1.1.13.1 NVIDIA Corporation 05.02.2011 1.1.13.1 notwendig
NVIDIA PhysX-Systemsoftware 9.10.0514 NVIDIA Corporation 05.02.2011 9.10.0514 notwendig
NVIDIA Update 1.3.5 NVIDIA Corporation 06.07.2011 1.3.5 notwendig
OpenOffice.org 3.3 OpenOffice.org 11.02.2011 414MB 3.3.9567 notwendig
Origin Electronic Arts, Inc. 15.06.2011 8.1.0.1556 notwendig
Paint.NET v3.5.8 dotPDN LLC 13.03.2011 10,4MB 3.58.0 notwendig
Pando Media Booster Pando Networks Inc. 01.02.2012 5,46MB 2.6.0.2 unbekannt
PlanetSide 2 Sony Online Entertainment 12.02.2013 1.0.3.183 notwendig
Plantronics® GameCom 780 Software for Dolby® Headphone Plantronics 26.12.2012 1.00.0001 notwendig
Portal 2 Valve 06.03.2012 notwendig
PriceGong 2.1.0 PriceGong 07.02.2011 2.1.0 unbekannt
PunkBuster Services Even Balance, Inc. 15.12.2012 0.993 unbekannt
QuickTime Apple Inc. 03.08.2012 73,2MB 7.72.80.56 notwendig
Rayman Origins Ubisoft 02.04.2012 1.00 unnötig
Realtek Ethernet Controller Driver For Windows 7 Realtek 05.02.2011 7.21.531.2010 unbekannt
Registry Mechanic 10.0 PC Tools 25.07.2011 32,8MB 10.0 unbekannt
Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 05.02.2011 1,02MB 2.0.4.0 unbekannt
Resident Evil 4 1.10 06.07.2011 unnötig
Revo Uninstaller Pro 2.5.8 VS Revo Group, Ltd. 27.04.2012 54,2MB 2.5.8 unnötig
Rockstar Games Social Club Rockstar Games 26.08.2012 1.0.9.7 notwendig
S.T.A.L.K.E.R. - Call Of Pripyat [v1.6.01] bitComposer Games 19.05.2011 1.6.01 notwendig
S4 League_EU 08.03.2011 1.00.0000 notwendig
S4 League_EU 05.02.2011 1.00.0000 notwendig
Serious Sam HD: The First Encounter Croteam 20.01.2012 notwendig
ShotOnline OnNet 01.02.2012 1.0 unnötig
Skype Click to Call Skype Technologies S.A. 30.05.2012 10,6MB 5.10.9560 notwendig
Skype™ 6.1 Skype Technologies S.A. 07.02.2013 21,1MB 6.1.129 notwendig
Source SDK Base 2007 Valve 29.09.2012 notwendig
Sprachtrainer Fonts Ernst Klett Verlag GmbH 31.03.2011 0,97MB 1.00.01 unnötig
Steam Valve Corporation 20.01.2012 35,4MB 1.0.0.0 notwendig
Sudden Strike II 30.03.2011 unbekannt
Super Meat Boy 20.01.2012 notwendig
Surf Canyon Search Engine Assistant Surf Canyon 07.02.2011 3.1.2 unbekannt
TeamSpeak 3 Client TeamSpeak Systems GmbH 12.02.2013 notwendig
The Binding Of Isaac 20.01.2012 notwendig
The Elder Scrolls V: Skyrim Bethesda Game Studios 20.01.2012 notwendig
TurboV EVO 05.02.2011 1.02.32 unbekannt

markusg · 19.02.2013, 17:31

deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Assassin's
BitTorrent : beide
Borderlands
Browser Configuration
Camtasia
Combat
Conduit
Delta : alle
Dragon Age
Drakonia
DU Meter
EPU
Fallout
Flyff
Free File
FreeArc
Freeze
Game
Google Toolbar : bitte verzichte auf toolbars, sind ein Risiko, verlangsamen den Browser.
Gorky17
Green
iLivid
Java : alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
JDownloader
Kingdoms
McAfee
NetLimiter
PriceGong
Rayman
Registry Mechanic
Resident
Revo : behalten, is nützlich bei Problemen mit Deinstalationen.
ShotOnline
Sprachtrainer
Sudden
Surf Canyon
TurboV

Öffne CCleaner analysieren, starten, PC neustarten.
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

xreason · 20.02.2013, 17:43

Ich bin noch beim Deinstallieren aber delta-search ist jetzt auf jeden Fall weg.

markusg · 20.02.2013, 17:44

bitte lass solche Zwischenposts weg.

xreason · 20.02.2013, 18:30

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.112 - Datei am 20/02/2013 um 18:08:23 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Timo - TIMO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Timo\Downloads\adwcleaner0.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ConduitEngine
Ordner Gelöscht : C:\Program Files (x86)\Delta
Ordner Gelöscht : C:\Program Files (x86)\Free Offers from Freeze.com
Ordner Gelöscht : C:\Program Files (x86)\Windows iLivid Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Yontoo
Ordner Gelöscht : C:\ProgramData\~0
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\nge\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\nge\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\nge\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\nge\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\nge\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Timo\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Timo\AppData\Local\ConduitEngine
Ordner Gelöscht : C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Ordner Gelöscht : C:\Users\Timo\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Timo\AppData\LocalLow\BittorrentBar_DE
Ordner Gelöscht : C:\Users\Timo\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Timo\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Timo\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\Timo\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Timo\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Timo\AppData\LocalLow\ShoppingReport2
Ordner Gelöscht : C:\Users\Timo\AppData\Roaming\Babylon

***** [Registrierungsdatenbank] *****

Daten Gelöscht : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll
Daten Gelöscht : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BittorrentBar_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ShoppingReport2
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5C89CB6-DDD2-42EE-A077-0CEFD3A838D5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Surf Canyon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA7406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Bandoo
Schlüssel Gelöscht : HKLM\Software\BittorrentBar_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A8EF3E5-5E0E-41CE-B0D9-AC4456163DF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA7406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BittorrentBar_DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16448

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=119370&tt=060411_def&babsrc=HP_ss&mntrId=d0c9404b000000000000bcaec51fc960 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=bfus&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.12] : homepage = "hxxp://www.delta-search.com/?affID=119370&tt=060411_def&babsrc=HP_ss&mntrId=d0c94[...]
Gelöscht [l.16] : urls_to_restore_on_startup = [ "hxxp://www.delta-search.com/?affID=119370&tt=060411_def&ba[...]
Gelöscht [l.50] : search_url = "hxxp://dts.search-results.com/sr?src=crb&appid=102&systemid=406&q={searchTerms}[...]
Gelöscht [l.1967] : homepage = "hxxp://www.delta-search.com/?affID=119370&tt=060411_def&babsrc=HP_ss&mntrId=d0c9404b[...]
Gelöscht [l.3168] : urls_to_restore_on_startup = [ "hxxp://www.delta-search.com/?affID=119370&tt=060411_def&babsr[...]

Datei : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\nge\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [18176 octets] - [20/02/2013 18:08:23]

########## EOF - C:\AdwCleaner[S1].txt - [18237 octets] ##########

--- --- ---

markusg · 20.02.2013, 18:59

Hi,
starte mal neu.
Lade bitte Hitmanpro:
HitmanPro - Download - Filepony
Doppelklick, Lizenz, Testlizenz
Scan, nichts löschen.
Weiter, Log als XML exportiern und posten, bzw packen und anhängen.

xreason · 21.02.2013, 16:16

Code:

ATTFilter

HitmanPro 3.7.2.188
www.hitmanpro.com

   Computer name . . . . : TIMO-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Timo-PC\Timo
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2013-02-21 15:54:58
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 55s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 2
   Traces  . . . . . . . : 212

   Objects scanned . . . : 1.829.293
   Files scanned . . . . : 41.563
   Remnants scanned  . . : 746.122 files / 1.041.608 keys

Suspicious files ____________________________________________________________

   C:\Users\Admin\AppData\Local\PunkBuster\COD4\pb\pbcl.dll
      Size . . . . . . . : 956.558 bytes
      Age  . . . . . . . : 478.7 days (2011-10-31 23:10:10)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 567AB086A18F5447AB036192A40837C4FB9679BDB54BE2DCF99F90F4BA83BCC9
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Admin\AppData\Local\PunkBuster\COD4\pb\pbcls.dll
      Size . . . . . . . : 956.558 bytes
      Age  . . . . . . . : 478.7 days (2011-10-31 23:10:10)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 567AB086A18F5447AB036192A40837C4FB9679BDB54BE2DCF99F90F4BA83BCC9
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Timo\AppData\Local\PunkBuster\COD4\pb\pbcls.dll
      Size . . . . . . . : 956.558 bytes
      Age  . . . . . . . : 477.0 days (2011-11-02 16:41:35)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 567AB086A18F5447AB036192A40837C4FB9679BDB54BE2DCF99F90F4BA83BCC9
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Timo\AppData\Local\PunkBuster\COD4\pb\PnkBstrK.sys
      Size . . . . . . . : 138.160 bytes
      Age  . . . . . . . : 718.6 days (2011-03-06 00:28:01)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 171C32702C73ECD6EAD6A120C5E0BCE649444BE4068C4ECA4C548644DF151A5E
      RSA Key Size . . . : 1024
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Timo\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
      Size . . . . . . . : 953.886 bytes
      Age  . . . . . . . : 68.1 days (2012-12-15 14:26:30)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Timo\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
      Size . . . . . . . : 138.032 bytes
      Age  . . . . . . . : 68.1 days (2012-12-15 14:26:48)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : ABAF3FACF01E10E4C685F79C3B9E5D2118B3CF8629C4277EBE035B2A10474148
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Timo\AppData\Local\PunkBuster\HEROES\pb\pbcl.dll
      Size . . . . . . . : 947.283 bytes
      Age  . . . . . . . : 591.8 days (2011-07-10 21:13:25)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 26898E20DB3E20E2986684F1726D3421B0EA9D381F4BD56D6370AAE63973F5B8
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Timo\AppData\Local\PunkBuster\HEROES\pb\PnkBstrK.sys
      Size . . . . . . . : 139.080 bytes
      Age  . . . . . . . : 591.8 days (2011-07-10 21:14:19)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : FAE59652245B6F30D2B5173E1EBC7079F8BBB1CBAC168BBF151AE81879F26AB7
      RSA Key Size . . . : 1024
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Timo\AppData\Local\PunkBuster\WAW\pb\pbcl.dll
      Size . . . . . . . : 733.004 bytes
      Age  . . . . . . . : 673.3 days (2011-04-20 09:12:19)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 8715126E77E8E6F98B4487C11B4656ADAC59145A86D56A0370F2FAE86E40FDC7
      Fuzzy  . . . . . . : 25.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.


Malware remnants ____________________________________________________________

   HKU\S-1-5-21-3772474302-332197646-2498302637-1000\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.Hotbar) -> Deleted
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.Hotbar) -> Deleted

Potential Unwanted Programs _________________________________________________

   HKU\S-1-5-21-3772474302-332197646-2498302637-1000\Software\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000\Software\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000\Software\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000\Software\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000\Software\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000\Software\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000\Software\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Wow6432Node\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Wow6432Node\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Wow6432Node\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Wow6432Node\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Wow6432Node\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Wow6432Node\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1004_Classes\Wow6432Node\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1004_Classes\Wow6432Node\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1004_Classes\Wow6432Node\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1004_Classes\Wow6432Node\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1004_Classes\Wow6432Node\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1004_Classes\Wow6432Node\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1004_Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1005\Software\DataMngr\ (SearchQU)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1005\Software\DataMngr_Toolbar\ (SearchQU)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}\ (SearchQU)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1006\Software\DataMngr\ (SearchQU)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1006\Software\DataMngr_Toolbar\ (SearchQU)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}\ (SearchQU)

Cookies _____________________________________________________________________

   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad-emea.doubleclick.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.ad-srv.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adc-serv.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.dyntracker.de
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adlegend.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.digitalpoint.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.intergi.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.trafficjunky.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adtechus.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.nsadev.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:clicksor.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:exoclick.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:livejasmin.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:mm.chitika.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:myroitracking.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:overture.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:purpleporno.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:rts.phn.doublepimp.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.solocpm.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.emjcd.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.purpleporno.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:youpornos.tv
   C:\Users\nge\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\nge\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.ad-srv.net
   C:\Users\nge\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adc-serv.net
   C:\Users\nge\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\nge\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
   C:\Users\nge\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad4game.com
   C:\Users\nge\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\nge\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.glispa.com
   C:\Users\nge\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.metricsmedia.de
   C:\Users\nge\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\nge\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Users\nge\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\nge\AppData\Local\Google\Chrome\User Data\Default\Cookies:dailymotionpoc.112.2o7.net
   C:\Users\nge\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\nge\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\nge\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\nge\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornme.com
   C:\Users\nge\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\nge\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\nge\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
   C:\Users\nge\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\nge\AppData\Local\Google\Chrome\User Data\Default\Cookies:swingersblog.nude-beach-sex.com
   C:\Users\nge\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\nge\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
   C:\Users\nge\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.swingersblog.nude-beach-sex.com
   C:\Users\nge\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:112.2o7.net
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:1xxx.cqcounter.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:2horny247.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:777xxporn.com.htmlwww.777xporn.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad-emea.doubleclick.net
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.ad-srv.net
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adtechus.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adult-empire.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:african-porn.org
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:alphaporno.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:babes4porn.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:care2.112.2o7.net
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:clickbank.net
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:dailymotionpoc.112.2o7.net
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:dasporntube.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:de.sitestat.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:de.youporn.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:dextersporn.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:discoverfreeporn.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:e-hotsex.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:failfunsexy.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:firstsexvirgin.tumblr.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:guj.122.2o7.net
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:hardsextube.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:hellporno.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:hotandsexy99.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:kaspersky.122.2o7.net
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:lokalportal24de.112.2o7.net
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsofthalo.122.2o7.net
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:msnportal.112.2o7.net
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:oracle.112.2o7.net
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornerbros.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornhub.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornmd.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:porntack.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:premiumtv.122.2o7.net
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexandsubmission.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexandsubmissions.org
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexiestwebgirls.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexualdetails.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexy-tipp.to
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexy-wallpaper-area.ch
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexyads.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexyandfunny.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:share-sexy.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.popscreen.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:underwatersexblog.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:virtuasexygirls.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:vporn.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.777xxporn.com.htmlwww.777xporn.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.dextersporn.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.failfunsexy.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.hardsextube.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.pornhub.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.sexandsubmission.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.sexandsubmissions.org
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.sexy-tipp.to
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.sexy-wallpaper-area.ch
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.sexyandfunny.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.sexywallpapershere.net
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.virtuasexygirls.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.youporn.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:youporn.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:youpornos.info
   C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\6YTVPASB.txt
   C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\8I96F311.txt
   C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\P7HIFL09.txt
   C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\PPLPKV0L.txt
   C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\Y8267RJ2.txt

markusg · 21.02.2013, 17:21

Hitman Pro noch mal starten, alles löschen außer die, die zu PunkBuster gehören.
Neustarten, neues otl log bitte.

xreason · 22.02.2013, 18:37

Ich habe Hitman Pro gestartet und den Scan durchgeführt, aber ich finde die "löschen" Funktion nicht

markusg · 22.02.2013, 19:30

testlizenz aktiviert?
http://www.trojaner-board.de/99424-c...o-scannen.html

xreason · 23.02.2013, 16:13

OK

Code:

ATTFilter

HitmanPro 3.7.2.188
www.hitmanpro.com
 
   Computer name . . . . : TIMO-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Timo-PC\Timo
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (28 days left)
 
   Scan date . . . . . . : 2013-02-23 16:08:02
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 3s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 47
 
   Objects scanned . . . : 1.830.110
   Files scanned . . . . : 41.498
   Remnants scanned  . . : 746.507 files / 1.042.105 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\Admin\AppData\Local\PunkBuster\COD4\pb\pbcl.dll
      Size . . . . . . . : 956.558 bytes
      Age  . . . . . . . : 480.7 days (2011-10-31 23:10:10)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 567AB086A18F5447AB036192A40837C4FB9679BDB54BE2DCF99F90F4BA83BCC9
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
 
   C:\Users\Admin\AppData\Local\PunkBuster\COD4\pb\pbcls.dll
      Size . . . . . . . : 956.558 bytes
      Age  . . . . . . . : 480.7 days (2011-10-31 23:10:10)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 567AB086A18F5447AB036192A40837C4FB9679BDB54BE2DCF99F90F4BA83BCC9
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
 
   C:\Users\Timo\AppData\Local\PunkBuster\COD4\pb\pbcls.dll
      Size . . . . . . . : 956.558 bytes
      Age  . . . . . . . : 479.0 days (2011-11-02 16:41:35)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 567AB086A18F5447AB036192A40837C4FB9679BDB54BE2DCF99F90F4BA83BCC9
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
 
   C:\Users\Timo\AppData\Local\PunkBuster\COD4\pb\PnkBstrK.sys
      Size . . . . . . . : 138.160 bytes
      Age  . . . . . . . : 720.7 days (2011-03-06 00:28:01)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 171C32702C73ECD6EAD6A120C5E0BCE649444BE4068C4ECA4C548644DF151A5E
      RSA Key Size . . . : 1024
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.
 
   C:\Users\Timo\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
      Size . . . . . . . : 953.886 bytes
      Age  . . . . . . . : 70.1 days (2012-12-15 14:26:30)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
 
   C:\Users\Timo\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
      Size . . . . . . . : 138.032 bytes
      Age  . . . . . . . : 70.1 days (2012-12-15 14:26:48)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : ABAF3FACF01E10E4C685F79C3B9E5D2118B3CF8629C4277EBE035B2A10474148
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.
 
   C:\Users\Timo\AppData\Local\PunkBuster\HEROES\pb\pbcl.dll
      Size . . . . . . . : 947.283 bytes
      Age  . . . . . . . : 593.8 days (2011-07-10 21:13:25)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 26898E20DB3E20E2986684F1726D3421B0EA9D381F4BD56D6370AAE63973F5B8
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
 
   C:\Users\Timo\AppData\Local\PunkBuster\HEROES\pb\PnkBstrK.sys
      Size . . . . . . . : 139.080 bytes
      Age  . . . . . . . : 593.8 days (2011-07-10 21:14:19)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : FAE59652245B6F30D2B5173E1EBC7079F8BBB1CBAC168BBF151AE81879F26AB7
      RSA Key Size . . . : 1024
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.
 
   C:\Users\Timo\AppData\Local\PunkBuster\WAW\pb\pbcl.dll
      Size . . . . . . . : 733.004 bytes
      Age  . . . . . . . : 675.3 days (2011-04-20 09:12:19)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 8715126E77E8E6F98B4487C11B4656ADAC59145A86D56A0370F2FAE86E40FDC7
      Fuzzy  . . . . . . : 25.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
 
 
Potential Unwanted Programs _________________________________________________
 
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000\Software\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000\Software\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000\Software\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000\Software\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000\Software\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000\Software\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000\Software\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Wow6432Node\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Wow6432Node\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Wow6432Node\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Wow6432Node\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Wow6432Node\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Wow6432Node\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1004_Classes\Wow6432Node\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1004_Classes\Wow6432Node\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1004_Classes\Wow6432Node\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1004_Classes\Wow6432Node\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1004_Classes\Wow6432Node\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1004_Classes\Wow6432Node\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1004_Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1005\Software\DataMngr\ (SearchQU)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1005\Software\DataMngr_Toolbar\ (SearchQU)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}\ (SearchQU)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1006\Software\DataMngr\ (SearchQU)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1006\Software\DataMngr_Toolbar\ (SearchQU)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}\ (SearchQU)
 
Cookies _____________________________________________________________________
 
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:de.sitestat.com

Ich habe nicht bemerkt, dass er es direkt nach dem Scan macht wenn man auf weiter klickt.....

markusg · 25.02.2013, 16:46

hi,
ok poste ein neues otl log bitte.

xreason · 25.02.2013, 19:18

Code:

ATTFilter

HitmanPro 3.7.2.189
www.hitmanpro.com

   Computer name . . . . : TIMO-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Timo-PC\Timo
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (26 days left)

   Scan date . . . . . . : 2013-02-25 18:52:32
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 39s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 47

   Objects scanned . . . : 1.832.841
   Files scanned . . . . : 42.180
   Remnants scanned  . . : 748.494 files / 1.042.167 keys

Suspicious files ____________________________________________________________

   C:\Users\Admin\AppData\Local\PunkBuster\COD4\pb\pbcl.dll
      Size . . . . . . . : 956.558 bytes
      Age  . . . . . . . : 482.8 days (2011-10-31 23:10:10)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 567AB086A18F5447AB036192A40837C4FB9679BDB54BE2DCF99F90F4BA83BCC9
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Admin\AppData\Local\PunkBuster\COD4\pb\pbcls.dll
      Size . . . . . . . : 956.558 bytes
      Age  . . . . . . . : 482.8 days (2011-10-31 23:10:10)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 567AB086A18F5447AB036192A40837C4FB9679BDB54BE2DCF99F90F4BA83BCC9
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Timo\AppData\Local\PunkBuster\COD4\pb\pbcls.dll
      Size . . . . . . . : 956.558 bytes
      Age  . . . . . . . : 481.1 days (2011-11-02 16:41:35)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 567AB086A18F5447AB036192A40837C4FB9679BDB54BE2DCF99F90F4BA83BCC9
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Timo\AppData\Local\PunkBuster\COD4\pb\PnkBstrK.sys
      Size . . . . . . . : 138.160 bytes
      Age  . . . . . . . : 722.8 days (2011-03-06 00:28:01)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 171C32702C73ECD6EAD6A120C5E0BCE649444BE4068C4ECA4C548644DF151A5E
      RSA Key Size . . . : 1024
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Timo\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
      Size . . . . . . . : 953.886 bytes
      Age  . . . . . . . : 72.2 days (2012-12-15 14:26:30)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Timo\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
      Size . . . . . . . : 138.032 bytes
      Age  . . . . . . . : 72.2 days (2012-12-15 14:26:48)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : ABAF3FACF01E10E4C685F79C3B9E5D2118B3CF8629C4277EBE035B2A10474148
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Timo\AppData\Local\PunkBuster\HEROES\pb\pbcl.dll
      Size . . . . . . . : 947.283 bytes
      Age  . . . . . . . : 595.9 days (2011-07-10 21:13:25)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 26898E20DB3E20E2986684F1726D3421B0EA9D381F4BD56D6370AAE63973F5B8
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Timo\AppData\Local\PunkBuster\HEROES\pb\PnkBstrK.sys
      Size . . . . . . . : 139.080 bytes
      Age  . . . . . . . : 595.9 days (2011-07-10 21:14:19)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : FAE59652245B6F30D2B5173E1EBC7079F8BBB1CBAC168BBF151AE81879F26AB7
      RSA Key Size . . . : 1024
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Timo\AppData\Local\PunkBuster\WAW\pb\pbcl.dll
      Size . . . . . . . : 733.004 bytes
      Age  . . . . . . . : 677.4 days (2011-04-20 09:12:19)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 8715126E77E8E6F98B4487C11B4656ADAC59145A86D56A0370F2FAE86E40FDC7
      Fuzzy  . . . . . . : 25.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.


Potential Unwanted Programs _________________________________________________

   HKU\S-1-5-21-3772474302-332197646-2498302637-1000\Software\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000\Software\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000\Software\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000\Software\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000\Software\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000\Software\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000\Software\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Wow6432Node\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Wow6432Node\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Wow6432Node\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Wow6432Node\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Wow6432Node\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Wow6432Node\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1000_Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1004_Classes\Wow6432Node\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1004_Classes\Wow6432Node\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1004_Classes\Wow6432Node\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1004_Classes\Wow6432Node\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1004_Classes\Wow6432Node\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1004_Classes\Wow6432Node\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon)
   HKU\S-1-5-21-3772474302-332197646-2498302637-1004_Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon)

Cookies _____________________________________________________________________

   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:de.sitestat.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\KFAS231M.txt

markusg · 25.02.2013, 19:37

wieso wieder hitman? ich wollte otl

19.02.2013, 13:41	#16
markusg /// Malware-holic	Delta Search ja, steht ja oben. __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

20.02.2013, 17:44	#20
markusg /// Malware-holic	Delta Search bitte lass solche Zwischenposts weg. __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

22.02.2013, 19:30	#26
markusg /// Malware-holic	Delta Search testlizenz aktiviert? http://www.trojaner-board.de/99424-c...o-scannen.html __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

25.02.2013, 16:46	#28
markusg /// Malware-holic	Delta Search hi, ok poste ein neues otl log bitte. __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

25.02.2013, 19:37	#30
markusg /// Malware-holic	Delta Search wieso wieder hitman? ich wollte otl __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Delta Search

Plagegeister aller Art und deren Bekämpfung: Delta Search

Delta Search

Delta Search

Delta Search

Delta Search

Delta Search

Delta Search

Delta Search

Delta Search

Delta Search

Delta Search

Delta Search

Delta Search

Delta Search

Delta Search

Delta Search

Ähnliche Themen: Delta Search

20.02.2013, 17:43	#19
xreason	Delta Search Ich bin noch beim Deinstallieren aber delta-search ist jetzt auf jeden Fall weg.

22.02.2013, 18:37	#25
xreason	Delta Search Ich habe Hitman Pro gestartet und den Scan durchgeführt, aber ich finde die "löschen" Funktion nicht