Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Chatzum als Suchmaschine in Google Chrome

Chatzum als Suchmaschine in Google Chrome


Plagegeister aller Art und deren Bekämpfung: Chatzum als Suchmaschine in Google Chrome

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 23.02.2013, 18:16   #1
Roperi
 
Chatzum als Suchmaschine in Google Chrome - Standard

Chatzum als Suchmaschine in Google Chrome


Guten Tag zusammen,

mein Sohnemann hat sich wohl o.g. Trojaner (ist das wirklich ein Trojaner?) eingefangen, und wir würden uns über Eure Unterstützung bei der Bereinigung des Rechners sehr freuen. Allen Beteiligten vorab schon mal ganz lieben Dank.

Gruß Roperi

OTL Log

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.02.2013 17:26:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Leon\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 69,07% Memory free
8,00 Gb Paging File | 6,53 Gb Available in Paging File | 81,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 383,41 Gb Free Space | 82,32% Space Free | Partition Type: NTFS
 
Computer Name: LEON-PC | User Name: Leon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.23 17:20:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leon\Desktop\OTL.exe
PRC - [2013.02.15 13:08:24 | 001,597,864 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2013.02.15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012.12.25 18:52:35 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2012.12.14 11:08:52 | 002,255,360 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.15 13:08:20 | 000,988,584 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2013.01.22 04:22:06 | 020,320,680 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012.12.18 18:28:50 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL.dll
MOD - [2012.12.11 09:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.12.11 09:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.12.11 09:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.02.15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.12 15:16:23 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.25 18:52:35 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2012.12.14 11:08:50 | 002,466,304 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.11.29 09:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.09.19 11:29:44 | 002,365,792 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.12.13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2010.10.05 15:25:34 | 000,288,256 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.25 19:13:45 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.09.12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010.12.13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.09.19 05:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2009.08.20 10:00:10 | 000,664,576 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.02.13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2012.09.19 10:50:50 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?orig=DS&affid=61&cztbid=1760051773&q={searchTerms}
IE - HKLM\..\SearchScopes\{1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 3C 18 97 CC FB CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Leon\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Leon\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.12.25 19:13:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.12.25 19:13:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.12.25 19:13:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.25 19:11:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.12.25 19:11:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leon\AppData\Roaming\mozilla\Extensions
[2013.02.23 16:56:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leon\AppData\Roaming\mozilla\Firefox\Profiles\b1l1ommf.default\Extensions
[2013.02.12 15:18:10 | 000,000,746 | ---- | M] () -- C:\Users\Leon\AppData\Roaming\mozilla\firefox\profiles\b1l1ommf.default\searchplugins\ChatZum.xml
[2012.12.25 19:11:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Leon\AppData\Local\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Leon\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Leon\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.374_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Leon\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Google Drive = C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: ChatZum.com -  Easy Pictures zoom. = C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpcjmidkkgldeplajgnbpjkfpmpeepb\1.0.10_0\
CHR - Extension: Google Mail = C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2016BCB6-DB85-4AB8-8F2E-74D8EE294BEA}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.23 17:20:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Leon\Desktop\OTL.exe
[2013.02.17 17:36:03 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\SCE
[2013.02.13 13:44:19 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Macromedia
[2013.02.13 13:44:19 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Adobe
[2013.02.12 15:16:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.02.12 15:16:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.02.12 15:14:43 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\MCEdit
[2013.02.10 20:41:08 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\ElevatedDiagnostics
[2013.02.09 17:54:17 | 000,000,000 | ---D | C] -- C:\Users\Leon\Desktop\world
[2013.02.09 16:35:44 | 000,000,000 | ---D | C] -- C:\Users\Leon\Desktop\Minecraft Server
[2013.02.09 16:31:47 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\LogMeIn Hamachi
[2013.02.09 16:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.02.09 16:30:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013.02.09 14:12:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
[2013.02.09 14:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2013.02.09 14:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam
[2013.02.09 14:11:29 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.02.03 17:54:10 | 000,000,000 | ---D | C] -- C:\Users\Leon\Documents\Neuer Ordner
[2013.02.03 17:49:22 | 009,548,526 | ---- | C] (HalfBaked                                                   ) -- C:\Users\Leon\Desktop\setup_hotpot_6303.exe
[2013.02.03 15:48:28 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Skype
[2013.02.03 15:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.03 15:48:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.03 15:48:16 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.03 15:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.01.30 16:45:41 | 000,019,000 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe
[2013.01.30 16:45:05 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2013.01.30 16:45:04 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2013.01.30 16:45:03 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2013.01.30 16:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2013.01.30 16:44:55 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\TuneUp Software
[2013.01.30 16:44:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013
[2013.01.30 16:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.01.30 16:44:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.01.30 16:44:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.01.30 16:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotPotatoes 6
[2013.01.30 16:44:02 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files (x86)\Common Files\keyhelp.ocx
[2013.01.30 16:44:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HotPotatoes6
[2013.01.27 15:39:53 | 000,000,000 | ---D | C] -- C:\Users\Leon\Desktop\RPG Maker VX Ace-AmULet
[2013.01.27 15:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG MAKER VX Ace
[2013.01.27 15:39:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enterbrain
[2013.01.27 15:37:33 | 000,000,000 | ---D | C] -- C:\Users\Leon\Desktop\Screenshots
[2013.01.27 15:37:33 | 000,000,000 | ---D | C] -- C:\Users\Leon\Desktop\SAO
[2013.01.27 15:37:32 | 000,000,000 | ---D | C] -- C:\Users\Leon\Desktop\Vokaloid
[2013.01.27 15:37:32 | 000,000,000 | ---D | C] -- C:\Users\Leon\Desktop\Victorious
[2013.01.27 15:37:26 | 000,000,000 | ---D | C] -- C:\Users\Leon\Desktop\Scratch
[2013.01.27 15:37:15 | 000,000,000 | ---D | C] -- C:\Users\Leon\Desktop\Monsuno
[2013.01.27 15:37:15 | 000,000,000 | ---D | C] -- C:\Users\Leon\Desktop\Kingdom hearts
[2013.01.27 15:37:15 | 000,000,000 | ---D | C] -- C:\Users\Leon\Desktop\Inazuma eleven
[2013.01.27 15:37:06 | 000,000,000 | ---D | C] -- C:\Users\Leon\Desktop\Fairy Tail
[2013.01.27 15:37:06 | 000,000,000 | ---D | C] -- C:\Users\Leon\Desktop\detectiv conan
[2013.01.27 15:37:00 | 000,000,000 | ---D | C] -- C:\Users\Leon\Desktop\bildas
[2013.01.26 14:31:54 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Windows Live Writer
[2013.01.26 14:31:54 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\Windows Live Writer
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.23 17:25:28 | 000,000,000 | ---- | M] () -- C:\Users\Leon\defogger_reenable
[2013.02.23 17:23:24 | 000,376,832 | ---- | M] () -- C:\Users\Leon\Desktop\gmer_2.1.19081.exe
[2013.02.23 17:20:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leon\Desktop\OTL.exe
[2013.02.23 17:20:51 | 000,050,477 | ---- | M] () -- C:\Users\Leon\Desktop\Defogger.exe
[2013.02.23 17:17:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-521820614-1869992409-4097073498-1000UA.job
[2013.02.23 17:05:26 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.23 17:05:26 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.23 16:58:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.23 16:57:56 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.23 16:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.23 16:17:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-521820614-1869992409-4097073498-1000Core.job
[2013.02.22 19:14:36 | 000,007,615 | ---- | M] () -- C:\Users\Leon\Desktop\Bla.jpg
[2013.02.17 17:35:06 | 000,002,483 | ---- | M] () -- C:\Users\Leon\Desktop\PlanetSide 2 PSG.lnk
[2013.02.16 11:38:29 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.16 11:38:29 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.16 11:38:29 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.16 11:38:29 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.16 11:38:29 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.14 13:42:15 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.12 15:17:12 | 000,000,635 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.02.12 13:39:18 | 000,000,660 | ---- | M] () -- C:\Users\Leon\Desktop\Minecraft_Server - Verknüpfung.lnk
[2013.02.11 19:17:11 | 000,000,553 | ---- | M] () -- C:\Users\Leon\Desktop\server.properties
[2013.02.09 16:30:56 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2013.02.09 14:12:23 | 000,002,043 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2013.02.03 20:26:20 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.03 17:55:37 | 000,001,023 | ---- | M] () -- C:\Users\Leon\Desktop\HotPotatoes 6.lnk
[2013.02.03 17:49:14 | 009,548,526 | ---- | M] (HalfBaked                                                   ) -- C:\Users\Leon\Desktop\setup_hotpot_6303.exe
[2013.02.01 23:09:54 | 000,002,321 | ---- | M] () -- C:\Users\Leon\Desktop\Google Chrome.lnk
[2013.01.30 17:40:56 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.27 19:30:45 | 000,001,230 | ---- | M] () -- C:\Users\Leon\Desktop\Calculator.lnk
[2013.01.26 14:47:52 | 001,282,560 | ---- | M] () -- C:\Users\Leon\Desktop\stressre.exe
 
========== Files Created - No Company Name ==========
 
[2013.02.23 17:25:28 | 000,000,000 | ---- | C] () -- C:\Users\Leon\defogger_reenable
[2013.02.23 17:23:21 | 000,376,832 | ---- | C] () -- C:\Users\Leon\Desktop\gmer_2.1.19081.exe
[2013.02.23 17:20:11 | 000,050,477 | ---- | C] () -- C:\Users\Leon\Desktop\Defogger.exe
[2013.02.22 19:14:33 | 000,007,615 | ---- | C] () -- C:\Users\Leon\Desktop\Bla.jpg
[2013.02.17 17:35:06 | 000,002,513 | ---- | C] () -- C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2 PSG.lnk
[2013.02.17 17:35:06 | 000,002,483 | ---- | C] () -- C:\Users\Leon\Desktop\PlanetSide 2 PSG.lnk
[2013.02.12 15:17:02 | 000,000,635 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.02.12 15:16:25 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.09 18:07:13 | 000,000,660 | ---- | C] () -- C:\Users\Leon\Desktop\Minecraft_Server - Verknüpfung.lnk
[2013.02.09 16:30:56 | 000,000,926 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2013.02.09 16:08:59 | 000,000,553 | ---- | C] () -- C:\Users\Leon\Desktop\server.properties
[2013.02.09 14:12:23 | 000,002,043 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2013.02.03 15:48:17 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.30 16:45:01 | 000,002,201 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2013.01.30 16:44:06 | 000,001,023 | ---- | C] () -- C:\Users\Leon\Desktop\HotPotatoes 6.lnk
[2013.01.27 19:30:45 | 000,001,230 | ---- | C] () -- C:\Users\Leon\Desktop\Calculator.lnk
[2013.01.27 15:37:32 | 001,282,560 | ---- | C] () -- C:\Users\Leon\Desktop\stressre.exe
[2012.12.25 19:31:22 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.25 18:27:09 | 000,017,408 | ---- | C] () -- C:\Users\Leon\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.15 15:14:20 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\.minecraft
[2013.01.30 16:44:55 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\TuneUp Software
[2013.01.26 17:38:18 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


Extra Log

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23.02.2013 17:26:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Leon\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 69,07% Memory free
8,00 Gb Paging File | 6,53 Gb Available in Paging File | 81,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 383,41 Gb Free Space | 82,32% Space Free | Partition Type: NTFS
 
Computer Name: LEON-PC | User Name: Leon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3A63B1B8-7606-49CD-A43E-9CD21942EEDC}" = lport=25565 | protocol=6 | dir=in | name=minecraft server | 
"{3F470133-C15C-4EF4-80A5-61D4881CB736}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{C0317D97-6094-4768-A9AE-B5F7A8B6F1EA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01052CF1-B940-48E9-A7DB-4FC522E4DC84}" = protocol=58 | dir=in | app=system | 
"{0A66F66A-789C-43C6-A819-BAFB223B27DD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{0C42E327-3180-4CB7-8F3A-A2D62DB9860A}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe | 
"{0CC800E3-4EBE-4336-B55A-91F9B54586CA}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe | 
"{268563AC-BD41-4E1F-9E42-3CC97F9B16F2}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe | 
"{27E228BC-6619-448A-B6B5-42C831FA01A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{31E9497B-C4EA-4245-8720-AC29F6F1DCDD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{347D9772-6EA2-421C-82C9-2F9AC27C9370}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{453A7458-ED19-4B39-A4B5-8E7ADA16599B}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{47D4B7C7-E15A-4827-8B08-00092A599703}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe | 
"{4DDA096C-5957-457B-9493-0D416431F6CC}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{53275F3F-BAAC-4D7A-90AC-2984E7A2ECC5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vvvvvv\vvvvvv.exe | 
"{653B24DE-A9B6-4048-9BB5-1D79894BB24C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{6D33FA85-75BB-42FE-9FD3-192FD9CB18B3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{6EBE0412-922D-4B29-A4BE-616D8038B482}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{761B99F3-CB58-4C4F-BA8F-233B45AE8E2D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{79040881-532A-451C-92C8-CE254E5248B9}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe | 
"{907718D9-AE51-4013-9A6C-B7B1BD2E4944}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vvvvvv\vvvvvv.exe | 
"{9545FA6E-BC01-4B94-8161-1F9A9C424117}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe | 
"{96E92DF1-B92A-4345-8DCC-8193D0743F07}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{A2696DFE-6C79-480D-96DB-2E7438889D04}" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe | 
"{AD97A8C0-B282-4628-B01F-6B4F76D24D4D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{B058385B-2034-402B-A2FC-9C85DC9A12B7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{B21442FD-E084-4E78-81DD-FAAE0F52ABEE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{B7B26732-7F58-42C5-8729-C09224EE8E85}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BA7C38B4-C839-4428-8C6D-809799DA1DBC}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{BC72DE46-5194-4831-884D-5C228CBC5C49}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{BC90F407-CAB2-4D8E-8856-C1AE3F401962}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{BFF7C3C0-A81F-4AAF-9813-F30DE1596474}" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe | 
"{C2020CE2-C6E4-4B97-A444-62131BD34BF8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vvvvvv\vvvvvv.exe | 
"{C867008F-51F8-4ADF-955F-9E59C64830A9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe | 
"{CAEC5F6F-FE98-4738-A433-4B9E4931F09D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{DA068100-772E-48FD-B139-5D48FB10CE5B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{E0A3ED2B-D496-4205-95B4-383A85D2847B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{E68CDC0A-F7C5-4828-9388-8504B68818C1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vvvvvv\vvvvvv.exe | 
"{F13B2A7C-1B9D-4483-B9C2-248C4A068943}" = dir=in | app=c:\users\leon\appdata\local\microsoft\skydrive\skydrive.exe | 
"{F2F77760-008E-4523-90A8-A2BAEFBBA758}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe | 
"{F634FE6D-BB20-42A3-876E-209DAE2AFFCE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"TCP Query User{7923EF30-7D1E-4D53-9C0B-DADAC1A68C37}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{A75FFAF8-F2F7-4A1F-BB13-5C73BC3C1D73}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe | 
"UDP Query User{3AF4A0E5-B745-4304-AA4B-154387A1ED15}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{415CDB5E-5A48-4944-94AF-636BFEAB0BC1}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{5E2D7D76-30DE-4DDE-B416-9B0B925EBFEC}" = WD SmartWare Drive Manager
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.1
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B531332-0D5D-4B3B-A22C-8330DEA695A7}" = LogMeIn Hamachi
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"hotpot_is1" = HotPotatoes v 6.3.0.3
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"RPGVXAce_E_is1" = RPG MAKER VX Ace
"Steam App 12110" = Grand Theft Auto: Vice City
"Steam App 400" = Portal
"Steam App 620" = Portal 2
"Steam App 70300" = VVVVVV
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"SkyDriveSetup.exe" = Microsoft SkyDrive
"soe-PlanetSide 2 PSG" = PlanetSide 2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.02.2013 08:56:11 | Computer Name = Leon-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 19.02.2013 08:56:11 | Computer Name = Leon-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 19.02.2013 08:56:11 | Computer Name = Leon-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 19.02.2013 08:56:11 | Computer Name = Leon-PC | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 19.02.2013 10:15:17 | Computer Name = Leon-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PlanetSide2.exe, Version: 0.0.0.0,
 Zeitstempel: 0x511bfeca  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x48b04f40  ID des fehlerhaften
 Prozesses: 0x4c0  Startzeit der fehlerhaften Anwendung: 0x01ce0ea99a722c45  Pfad der
 fehlerhaften Anwendung: C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide
 2 PSG\PlanetSide2.exe  Pfad des fehlerhaften Moduls: unknown  Berichtskennung: c8d981a5-7a9e-11e2-b63b-e0cb4ed824a8
 
Error - 23.02.2013 11:57:14 | Computer Name = Leon-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1512
Description = Die Registrierungsdatei konnte nicht entladen werden. Der für die 
Registrierung verwendete Arbeitsspeicher wurde nicht freigegeben. Dieses wird oft
 durch Dienste verursacht, die unter einem Benutzerkonto ausgeführt werden. Versuchen
 Sie die Dienste entweder unter dem Konto "LocalService" oder "NetworkService" auszuführen.
      Details - Das Medium ist schreibgeschützt.  
 
Error - 23.02.2013 12:24:04 | Computer Name = Leon-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Leon\Downloads\SoftonicDownloader_fuer_hot-potatoes.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 23.02.2013 12:24:11 | Computer Name = Leon-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Leon\Downloads\SoftonicDownloader_fuer_mcedit
 (1).exe". Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung
 erforderliche Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven
 Komponentenversion.  In Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 23.02.2013 12:24:14 | Computer Name = Leon-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Leon\Downloads\SoftonicDownloader_fuer_mcedit.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 23.02.2013 12:24:20 | Computer Name = Leon-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Leon\Downloads\SoftonicDownloader_fuer_minecraft-server.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
[ System Events ]
Error - 19.02.2013 08:56:11 | Computer Name = Leon-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 19.02.2013 09:27:22 | Computer Name = Leon-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?02.?2013 um 14:25:40 unerwartet heruntergefahren.
 
Error - 19.02.2013 09:29:45 | Computer Name = Leon-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?02.?2013 um 14:27:22 unerwartet heruntergefahren.
 
Error - 19.02.2013 09:50:35 | Computer Name = Leon-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?02.?2013 um 14:48:39 unerwartet heruntergefahren.
 
Error - 19.02.2013 09:57:44 | Computer Name = Leon-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?02.?2013 um 14:51:35 unerwartet heruntergefahren.
 
Error - 19.02.2013 11:38:42 | Computer Name = Leon-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 19.02.2013 15:58:09 | Computer Name = Leon-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 20.02.2013 08:37:08 | Computer Name = Leon-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?02.?2013 um 20:57:48 unerwartet heruntergefahren.
 
Error - 22.02.2013 15:51:13 | Computer Name = Leon-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 22.02.2013 17:27:39 | Computer Name = Leon-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
--- --- ---



Gmer Log

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19081 - hxxp://www.gmer.net
Rootkit scan 2013-02-23 17:48:02
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD501LJ rev.CR100-13 465,76GB
Running: gmer_2.1.19081.exe; Driver: C:\Users\Leon\AppData\Local\Temp\kxldapog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              00000000769a1465 2 bytes [9A, 76]
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             00000000769a14bb 2 bytes [9A, 76]
.text  ...                                                                                                                                     * 2
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[2252] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                                      0000000073b911a8 2 bytes [B9, 73]
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[2252] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                                0000000073b913a8 2 bytes [B9, 73]
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[2252] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                                    0000000073b91422 2 bytes [B9, 73]
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[2252] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19                             0000000073b91498 2 bytes [B9, 73]
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4372] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate                          0000000074e9549c 5 bytes JMP 00000001001f0800
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                00000000769a1465 2 bytes [9A, 76]
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155               00000000769a14bb 2 bytes [9A, 76]
.text  ...                                                                                                                                     * 2
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000769a1465 2 bytes [9A, 76]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000769a14bb 2 bytes [9A, 76]
.text  ...                                                                                                                                     * 2

---- EOF - GMER 2.1 ----
--- --- ---


Sorry, so soll das bestimmt nicht aussehen. -.-

 

Themen zu Chatzum als Suchmaschine in Google Chrome
adobe reader xi, autorun, bho, error, firefox, flash player, format, google, grand theft auto, helper, home, homepage, install.exe, kaspersky, logfile, mozilla, msvcrt, nvidia update, performersoft, plug-in, realtek, registry, richtlinie, rundll, scan, security, software, suchmaschine, tastatur, trojaner, trojaner?, udp, vice city, windows


« EXP/CVE-2013-0422 (Trojan.FakeAlert) | Adware Fund - was tun? »


Ähnliche Themen: Chatzum als Suchmaschine in Google Chrome


  1. ESET hat Diverses gefunden, Laptop extrem langsam, andauernde Fehlermeldungen Chrome"Ups Google Chrome ...."
    Plagegeister aller Art und deren Bekämpfung - 19.07.2015 (165)
  2. Google Chrome - öffnet eine andere Seite beim Starten von Google Chrome (Win7)
    Plagegeister aller Art und deren Bekämpfung - 19.01.2015 (29)
  3. ich habe seit kurzem eine neue autom. eingestellte Suchmaschine, die heißt: webssearches.com, wie bekomme ich wieder google rein?
    Plagegeister aller Art und deren Bekämpfung - 06.12.2014 (5)
  4. Google Suchmaschine funktioniert nicht mehr Win32?
    Plagegeister aller Art und deren Bekämpfung - 20.11.2014 (4)
  5. Windows 7: Allin1 Converter / Suchmaschine V9 statt Google / Updateports blockiert
    Log-Analyse und Auswertung - 29.05.2014 (11)
  6. Win 7: Google Chrome/Mozilla firefox lässt vermehrt Werbung auf Webseiten zu & Google Suchergebnisse scheinen manipuliert zu sein
    Log-Analyse und Auswertung - 29.04.2014 (8)
  7. Google Suchergebnisse wewrden nicht mehr angezeigt, es öffnet sich teilweise automatisch die Suchmaschine ask
    Plagegeister aller Art und deren Bekämpfung - 15.03.2014 (12)
  8. Google Chrome keine Suchmaschine, keine Auswahl an Suchmaschinen
    Plagegeister aller Art und deren Bekämpfung - 01.03.2014 (7)
  9. Delta Search verändert Suchmaschine in Chrome
    Log-Analyse und Auswertung - 11.08.2013 (15)
  10. ChatZum taucht in chrome und Internet Explorer immer als Startseite auf.
    Plagegeister aller Art und deren Bekämpfung - 12.04.2013 (7)
  11. Startpins Suchmaschine anstatt Google
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (17)
  12. StartPins.com als Suchmaschine statt Google bei Öffnen von neuem Tab
    Plagegeister aller Art und deren Bekämpfung - 23.12.2012 (3)
  13. StartPins.com statt Google. Suchmaschine ausgetrickst.
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (9)
  14. AOL-Suchmaschine hängt sich in Google- und Yahoo-Suche ein
    Plagegeister aller Art und deren Bekämpfung - 01.10.2012 (64)
  15. (doppeltes Log) AOL-Suchmaschine hängt sich in Google- und Yahoo-Suche ein
    Mülltonne - 29.09.2012 (0)
  16. Search.searchcompletion.com übernimmt Google Suchmaschine
    Plagegeister aller Art und deren Bekämpfung - 11.09.2012 (29)
  17. Google Chrome leitet Trojaner-Board Treffer bei Google auf dollarade.com um!
    Diskussionsforum - 07.02.2012 (18)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Chatzum als Suchmaschine in Google Chrome - Guten Tag zusammen, mein Sohnemann hat sich wohl o.g. Trojaner (ist das wirklich ein Trojaner?) eingefangen, und wir würden uns über Eure Unterstützung bei der Bereinigung des Rechners sehr freuen. - Chatzum als Suchmaschine in Google Chrome...
Archiv
Du betrachtest: Chatzum als Suchmaschine in Google Chrome auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19