| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Delta Search gelöscht... noch Viren ja oder nein?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.02.2013, 21:43
| #1 |
| |  Delta Search gelöscht... noch Viren ja oder nein? Hallo Sehr geehrter Trojaner Team mein kleiner Bruder hat leider ohne meine Genehmigung ein paar Programme installiert. Ich konnte durch die Foren in Eurem Board zwar Delta Search und Movie2kdownloader löschen, jedoch will ich sicher gehen, dass mein Computer auch frei von Viren und Trojanern ist, daher wollte ich euch fragen, wie soll ich vorgehen... Ich Danke schon einmal im Voraus... MfG Kilah_43 |
|
24.02.2013, 11:13
| #2 |
| /// Helfer-Team  | Delta Search gelöscht... noch Viren ja oder nein? Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
__________________ |
|
24.02.2013, 19:38
| #3 |
| | Delta Search gelöscht... noch Viren ja oder nein? Hier sind die LogfilesOTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 24.02.2013 19:17:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Privat\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 59,53% Memory free 5,93 Gb Paging File | 4,70 Gb Available in Paging File | 79,27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,54 Gb Total Space | 63,20 Gb Free Space | 43,73% Space Free | Partition Type: NTFS Drive F: | 143,45 Gb Total Space | 121,90 Gb Free Space | 84,98% Space Free | Partition Type: NTFS Computer Name: PRIVAT-PC | User Name: Privat | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Privat\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Benzle\WiFiSendServer\WiFiSendServer.exe () PRC - C:\Users\Privat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com) PRC - C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) PRC - C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.) PRC - C:\Programme\Acer\Acer Bio Protection\BASVC.exe () PRC - C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) PRC - C:\Programme\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe (CyberLink) PRC - C:\Programme\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink) PRC - C:\Programme\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.) PRC - C:\Programme\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe () PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\Privat\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Programme\Common Files\SPBA\upeksvr.exe (UPEK Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Benzle\WiFiSendServer\WiFiSendServer.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Programme\Benzle\WiFiSendServer\WebKit.dll () MOD - C:\Programme\Benzle\WiFiSendServer\libxml2.dll () MOD - C:\Programme\Benzle\WiFiSendServer\JavaScriptCore.dll () MOD - C:\Programme\Benzle\WiFiSendServer\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\PLFSetI.exe () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (ST2012_Svc) -- C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe () SRV - (CyberLink PowerDVD 11.0 Service) -- C:\Programme\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe (CyberLink) SRV - (CyberLink PowerDVD 11.0 Monitor Service) -- C:\Programme\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink) SRV - (CLHNServiceForPowerDVD) -- C:\Programme\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe () SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found DRV - (ahuy76rr) -- File not found DRV - (vwhid) -- C:\Windows\System32\drivers\vwhid.sys (Windows (R) Win 7 DDK provider) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (AlfaFF) -- C:\Windows\System32\drivers\AlfaFF.sys (Alfa Corporation) DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Programme\CyberLink\PowerDVD11\Common\NavFilter\000.fcl (CyberLink Corp.) DRV - (ntk_PowerDVD) -- C:\Programme\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys (Cyberlink Corp.) DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys () DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E F2 85 1F A3 A0 CC 01 [binary data] IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\..\SearchScopes\{D0EF81A6-313D-491B-84F6-7EBF06EB0F7B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=IMB&o=15785&src=kw&q={searchTerms}&locale=&apn_ptnrs=HQ&apn_dtid=YYYYYYYYDE&apn_uid=c0152214-75f9-436f-9660-f4ea7617855c&apn_sauid=7425AA07-D8FB-4686-87C1-4AA1D5C0634A IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.selectedEngine: "Delta Search" FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1426 FF - prefs.js..extensions.enabledAddons: %7BE0B8C461-F8FB-49b4-8373-FE32E9252800%7D:5.4.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Privat\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.04.10 11:25:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 13:37:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 13:37:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.11 22:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Extensions [2013.02.23 21:23:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\68ae93pt.default\extensions [2013.01.11 22:16:42 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\68ae93pt.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2012.11.11 15:22:18 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\68ae93pt.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2012.09.19 13:05:42 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\68ae93pt.default\extensions\ich@maltegoetz.de [2012.09.20 21:04:37 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\firefox\profiles\68ae93pt.default\extensions\personas@christopher.beard.xpi [2012.12.11 13:14:37 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\firefox\profiles\68ae93pt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.02.14 19:00:08 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\firefox\profiles\68ae93pt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.06 13:37:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.04.10 11:25:08 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2013.02.06 13:37:11 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.22 09:49:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 15:26:06 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.22 09:49:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.22 09:49:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.22 09:49:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.22 09:49:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKU\S-1-5-21-4042933089-19693313-36808641-1000\..\Toolbar\WebBrowser: (no name) - {FF88A983-649D-4207-9336-9B999280B436} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RemoteControl11] C:\Programme\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKLM..\Run: [WiFiSendServer] C:\Program Files\Benzle\WiFiSendServer\WiFiSendServer.exe () O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) O4 - HKU\S-1-5-21-4042933089-19693313-36808641-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-4042933089-19693313-36808641-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKU\S-1-5-21-4042933089-19693313-36808641-1000..\Run: [Octoshape Streaming Services] C:\Users\Privat\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Privat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Privat\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Privat\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB61003B-4978-42E6-9C36-F3543897C5D1}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{fa7dfc24-1c2d-11e1-85a0-00238b19cc66}\Shell - "" = AutoRun O33 - MountPoints2\{fa7dfc24-1c2d-11e1-85a0-00238b19cc66}\Shell\AutoRun\command - "" = I:\setup.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.24 19:16:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Privat\Desktop\OTL.exe [2013.02.23 21:29:14 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Privat\Desktop\TFC.exe [2013.02.23 21:17:57 | 004,189,792 | ---- | C] (Piriform Ltd) -- C:\Users\Privat\Desktop\ccsetup327.exe [2013.02.22 18:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013.02.22 18:27:53 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Local\PutLockerDownloader [2013.02.22 18:27:33 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com [2013.02.22 18:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\Movie2KDownloader.com [2013.02.17 17:48:35 | 000,000,000 | ---D | C] -- C:\Users\Privat\Desktop\Summer cem [2013.02.16 10:43:40 | 000,000,000 | ---D | C] -- C:\Users\Privat\Desktop\subway surfer origin [2013.02.16 10:41:06 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Roaming\DiskAid [2013.02.16 10:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskAid [2013.02.16 10:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\DigiDNA [2013.02.16 10:40:22 | 004,088,160 | ---- | C] (DigiDNA ) -- C:\Users\Privat\Desktop\DiskAid_5_45.exe [2013.02.16 10:37:20 | 000,000,000 | ---D | C] -- C:\Users\Privat\Desktop\Subway+Cheat+By+Appl3Fre4k [2013.02.14 17:28:35 | 000,000,000 | ---D | C] -- C:\Users\Privat\Desktop\Kollegah_und_Farid_Bang_-_Jung_Brutal_Gutaussehend_2_(Premium_Edition) [2013.02.14 00:24:10 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.02.14 00:24:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.02.14 00:24:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.02.14 00:24:07 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.02.14 00:24:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.02.14 00:24:06 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.02.14 00:24:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.02.14 00:24:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.02.13 18:59:56 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.02.13 18:59:44 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.02.13 18:59:42 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.02.13 18:59:39 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013.02.13 18:59:36 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013.02.06 13:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.01.31 11:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server [2013.01.31 11:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\PMS [2013.01.31 11:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\PS3 Media Server [2013.01.29 19:49:41 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Roaming\Spyware Terminator [2013.01.29 19:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator [2013.01.29 19:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012 [2013.01.29 19:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator [2013.01.29 19:47:25 | 000,937,208 | ---- | C] (Crawler.com ) -- C:\Users\Privat\Desktop\SpywareTerminatorSetup.exe [2013.01.28 12:23:37 | 000,000,000 | ---D | C] -- C:\Users\Privat\Desktop\Hotmail [2013.01.28 06:18:22 | 000,023,200 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\vwhid.sys [2013.01.28 06:18:20 | 000,015,008 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\hidkmdf.sys [2013.01.26 15:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\DISCIPLINE [2013.01.26 14:50:42 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2013.01.26 14:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2013.01.26 14:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite ========== Files - Modified Within 30 Days ========== [2013.02.24 19:17:24 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.24 19:17:24 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.24 19:16:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Privat\Desktop\OTL.exe [2013.02.24 19:11:53 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job [2013.02.24 19:10:43 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe [2013.02.24 19:09:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.24 19:09:42 | 2388,283,392 | -HS- | M] () -- C:\hiberfil.sys [2013.02.24 19:05:37 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.23 21:29:16 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Privat\Desktop\TFC.exe [2013.02.23 21:23:14 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.02.23 21:21:01 | 000,587,671 | ---- | M] () -- C:\Users\Privat\Desktop\adwcleaner0.exe [2013.02.23 21:19:29 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.02.23 21:18:09 | 004,189,792 | ---- | M] (Piriform Ltd) -- C:\Users\Privat\Desktop\ccsetup327.exe [2013.02.22 18:27:33 | 000,000,878 | ---- | M] () -- C:\Users\Privat\Desktop\Movie2KDownloader.lnk [2013.02.22 18:27:07 | 000,188,792 | ---- | M] () -- C:\Users\Privat\Desktop\manta_2.exe [2013.02.16 18:56:35 | 198,821,081 | ---- | M] () -- C:\Users\Privat\Desktop\Sommer_Jam_Sessions_Hamburg.rar [2013.02.16 17:57:32 | 009,853,218 | ---- | M] () -- C:\Users\Privat\Desktop\Upl0ad3d_by_R4F.rar.part [2013.02.16 10:41:02 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\DiskAid.lnk [2013.02.16 10:40:37 | 004,088,160 | ---- | M] (DigiDNA ) -- C:\Users\Privat\Desktop\DiskAid_5_45.exe [2013.02.15 23:44:11 | 000,000,713 | ---- | M] () -- C:\Users\Privat\Desktop\Subway+Cheat+By+Appl3Fre4k.rar [2013.02.14 17:31:43 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.14 17:31:43 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.14 17:31:43 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.14 17:31:43 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.14 11:04:50 | 000,408,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.09 20:53:55 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.02.09 20:53:55 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.01.31 12:21:49 | 075,018,846 | ---- | M] () -- C:\Users\Privat\Desktop\Club-Taksim Compilation Volume 7.mp3 [2013.01.31 11:55:39 | 000,000,956 | ---- | M] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk [2013.01.31 11:53:50 | 033,934,236 | ---- | M] () -- C:\Users\Privat\Desktop\pms-setup-windows-1.72.0.exe [2013.01.30 12:57:14 | 000,001,051 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.01.30 12:56:56 | 000,001,021 | ---- | M] () -- C:\Users\Privat\Desktop\Dropbox.lnk [2013.01.29 19:49:40 | 000,001,004 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk [2013.01.29 19:47:33 | 000,937,208 | ---- | M] (Crawler.com ) -- C:\Users\Privat\Desktop\SpywareTerminatorSetup.exe [2013.01.28 12:21:09 | 005,003,592 | ---- | M] () -- C:\Users\Privat\Desktop\Hotmail.zip [2013.01.28 06:18:22 | 000,023,200 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\vwhid.sys [2013.01.28 06:18:20 | 000,015,008 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\hidkmdf.sys [2013.01.26 14:50:42 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2013.01.26 14:47:09 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk ========== Files Created - No Company Name ========== [2013.02.23 21:23:04 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.02.23 21:20:54 | 000,587,671 | ---- | C] () -- C:\Users\Privat\Desktop\adwcleaner0.exe [2013.02.23 21:19:29 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.02.22 18:27:33 | 000,000,878 | ---- | C] () -- C:\Users\Privat\Desktop\Movie2KDownloader.lnk [2013.02.22 18:26:50 | 000,188,792 | ---- | C] () -- C:\Users\Privat\Desktop\manta_2.exe [2013.02.16 17:51:11 | 198,821,081 | ---- | C] () -- C:\Users\Privat\Desktop\Sommer_Jam_Sessions_Hamburg.rar [2013.02.16 17:49:24 | 009,853,218 | ---- | C] () -- C:\Users\Privat\Desktop\Upl0ad3d_by_R4F.rar.part [2013.02.16 10:41:02 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\DiskAid.lnk [2013.02.16 10:10:01 | 000,000,713 | ---- | C] () -- C:\Users\Privat\Desktop\Subway+Cheat+By+Appl3Fre4k.rar [2013.01.31 11:57:20 | 075,018,846 | ---- | C] () -- C:\Users\Privat\Desktop\Club-Taksim Compilation Volume 7.mp3 [2013.01.31 11:55:39 | 000,000,956 | ---- | C] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk [2013.01.31 11:52:11 | 033,934,236 | ---- | C] () -- C:\Users\Privat\Desktop\pms-setup-windows-1.72.0.exe [2013.01.29 19:49:44 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2013.01.29 19:49:40 | 000,001,004 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk [2013.01.28 12:20:59 | 005,003,592 | ---- | C] () -- C:\Users\Privat\Desktop\Hotmail.zip [2013.01.26 15:11:04 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DISCIPLINE.LNK [2013.01.26 14:47:09 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.08.30 17:00:31 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI [2012.08.30 16:59:55 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2012.08.30 16:59:55 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2012.08.30 16:59:55 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2012.06.03 21:01:07 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2012.06.03 20:59:19 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012.04.19 17:54:38 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.11.18 16:56:20 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe [2011.11.18 11:16:54 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll [2011.11.11 20:02:02 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2011.11.11 20:02:02 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2011.11.11 20:02:02 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe [2011.11.11 20:02:02 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.02.2013 19:17:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Privat\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,97 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 59,53% Memory free
5,93 Gb Paging File | 4,70 Gb Available in Paging File | 79,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,54 Gb Total Space | 63,20 Gb Free Space | 43,73% Space Free | Partition Type: NTFS
Drive F: | 143,45 Gb Total Space | 121,90 Gb Free Space | 84,98% Space Free | Partition Type: NTFS
Computer Name: PRIVAT-PC | User Name: Privat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E4333A-9DC5-4647-97F0-C2CBD6A5DB32}" = lport=445 | protocol=6 | dir=in | app=system |
"{01AC9AE3-83B0-468A-9544-A6D94E14AC0B}" = rport=138 | protocol=17 | dir=out | app=system |
"{08868640-98C0-42E9-935D-101965AF83C3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{18C6A4B5-6AD5-4586-ADDE-74B5BCE66AF4}" = lport=56990 | protocol=17 | dir=in | name=pando media booster |
"{1FB9CE76-5548-4100-9A2D-8D70106A448C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{213D739C-28BB-49E1-8D69-DA691E5A22C4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{327F6DB8-525B-48D6-88CD-C5F82FB435CC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3F5389E1-1CB0-4EC0-A339-D041619F07F5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{49C0BD07-F0C7-44F7-A723-61A2212F7BF8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{4E64E6E0-54B3-4AEF-8524-6C00935CE921}" = lport=139 | protocol=6 | dir=in | app=system |
"{57F213D7-D790-4F8C-8B08-8A65E1FA0AC6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5C19B4B7-C759-4328-8811-0BAD1C18AE64}" = lport=138 | protocol=17 | dir=in | app=system |
"{5D77F721-4FDD-42FE-A0AC-9BE83F499360}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5F42D157-BF6F-4D18-98AB-8CCE92D7AB86}" = rport=139 | protocol=6 | dir=out | app=system |
"{64F28DAB-E14D-4EFA-9B40-3F4E366CCE3D}" = rport=445 | protocol=6 | dir=out | app=system |
"{6AD4AC01-E5BC-4A18-8768-A4B4E7763C11}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{76B9B207-11A1-4279-B866-DF3DA79CBA49}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{78C168BC-F729-4966-A5A0-3DBF4C8441EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79A53E58-C919-4064-95F5-409297D62EE0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7D233836-5422-49D5-BDFD-E20F559E0AFF}" = lport=56990 | protocol=17 | dir=in | name=pando media booster |
"{851FA95B-5C35-405F-A0BD-60CF7CAEA855}" = lport=56990 | protocol=6 | dir=in | name=pando media booster |
"{8AC4D329-6C47-496A-81B5-9D3373F98B71}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8BFB10BA-2ED6-467E-9B11-A3EB455F9209}" = lport=56990 | protocol=6 | dir=in | name=pando media booster |
"{91420414-943E-4CA1-9F8B-960537433F68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A4B7B8BD-B4B9-496C-84A1-D515501A2E03}" = rport=137 | protocol=17 | dir=out | app=system |
"{C64F5D06-461F-4AA9-91C8-74BA7F991592}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C8402DD3-561F-4445-9D57-7B8179846225}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D22A1B69-DDBA-4773-ABC0-522B73E71A63}" = lport=137 | protocol=17 | dir=in | app=system |
"{DCECDA9D-8917-45DC-B902-FC19B397988F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E0F2911D-2CE0-4216-B6E7-AD63E6DCB2BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0507353E-347B-4E02-BF12-A2810950A54F}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{0BAA3D67-7708-473A-A6B2-5B8583DCE468}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0D7C63C1-AEC9-47D6-B417-8C30570FB7FA}" = dir=in | app=c:\program files\cyberlink\powerdvd11\pdvd11serv.exe |
"{0EEE8F6D-88DA-42BB-8604-744D9B52D569}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{11C9C6B1-C9BE-4D25-B1AD-7C32E10782FC}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{12F1CFAD-936E-490A-B08B-4D359430699D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{21FA552D-ECE9-4501-9E42-D76D324C073C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2A3CBEB2-9A99-4AD2-8123-5D388EA374DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2BC0F701-8909-4677-A4F2-BD705B9AACF7}" = protocol=17 | dir=in | app=c:\users\privat\appdata\roaming\dropbox\bin\dropbox.exe |
"{3097CE50-D923-4F8C-B878-A173DB0A3BCA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{34225C76-8BBC-452E-9248-71F85995C65B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{356D3735-9945-40EC-AF59-77F2186D8B93}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4FB13D71-C82C-449F-9342-104D68248DA5}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{52384759-5F68-408B-BDB3-F0FCE41A4C33}" = dir=in | app=c:\program files\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe |
"{59D5A5FB-4D5A-4569-ADA9-6CF002363DBC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{67EC013B-6935-40FD-BC81-8BB2B9CA1642}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{705DA1EF-D66B-4FF2-9337-D66274C5C4FC}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{7D1D1523-B9A9-4763-A638-6D29A0C7DE99}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{83193F97-280B-4D0A-A9F9-8D5DA963211E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{834799E9-CFBB-4D22-990B-1ED5694C5601}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{892D45D0-93A6-4A8B-A1E3-ACF03727C842}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{96BFA4C3-DEAE-4513-845C-0A33941D5FAF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{971F0CD9-DF7F-478B-85AF-D585EE1FA9B4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9D9D46F7-53ED-48A1-BB98-22605B114EA4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A28FC066-E136-4124-94E2-A663EFB143F3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A2C76C64-CD81-4C16-834C-3F9E67C24B06}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A32C957D-045F-4FC6-ABD6-81E87C873EDD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A3AD7CA5-59FD-4CF9-805C-891B2301A55A}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{ABCC6F1D-BF29-4D4A-96EA-F57216D5F957}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B0165E38-E823-48ED-BDF7-11C84650DBF5}" = dir=in | app=c:\program files\cyberlink\powerdvd11\powerdvd11.exe |
"{B56A929B-86C3-4B38-B193-665927D4B650}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BB9D7A5C-03DB-4341-9BE1-00EBA7C2EA17}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BC8A14EB-6C73-4339-A08E-AABAC405EB00}" = protocol=6 | dir=in | app=c:\users\privat\appdata\roaming\dropbox\bin\dropbox.exe |
"{BD24ECAC-847A-4159-B4A2-6B5AE9947F76}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BF94B057-0765-4BC0-AC10-9209AD462807}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C4D53B91-6538-4873-8CD4-DD8449795189}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CA7F94D4-A68A-49CC-87FE-6143C2F58102}" = protocol=6 | dir=out | app=system |
"{CD4C54C3-11BA-43B6-AA6A-3E0B30C05127}" = dir=in | app=c:\program files\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe |
"{DBC19C6C-3D1C-4DF7-8421-A0D24812DA8E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{E65ABB29-BB2D-4E8B-88CC-89A6F1A5E0CD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E7E12469-6301-4DF4-B6DD-9F92B06A839C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{E853099B-AFBC-4103-9A99-F2EC6059642D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF76C4B4-DE66-4377-AECD-E97DABF0E456}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F1667519-AB0D-41F1-8890-06DB414A1701}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{F6C0E763-C9E0-4450-B392-46E1CCA0C4AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FBC134FE-C393-48F0-B70A-E5548AA85380}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"TCP Query User{14B318BD-60DC-4A7B-B888-C59E89A7FDC4}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"TCP Query User{1C089700-C11E-41D3-9994-9AE47FD11916}C:\program files\benzle\wifisendserver\wifisendserver.exe" = protocol=6 | dir=in | app=c:\program files\benzle\wifisendserver\wifisendserver.exe |
"TCP Query User{3BFEA5F8-BE04-4ED5-A83C-7328D984501A}C:\users\privat\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\privat\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{6A709476-3292-4539-8C36-E12D5B0084B1}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
"TCP Query User{A718706D-B534-46D8-BEF3-2A0E5E2861FD}C:\program files\benzle\wifisendserver\wifisendserver.exe" = protocol=6 | dir=in | app=c:\program files\benzle\wifisendserver\wifisendserver.exe |
"TCP Query User{B128460E-D854-4B4A-8360-3E43F3B91DDB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{D612DF72-9E0C-42A8-8433-A6AE8C50FD1F}C:\users\privat\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\privat\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{F27B8651-D4CF-4A6B-8988-3BA08AA2683F}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{1578CC61-297E-4790-A6C3-0F8AED3732CC}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
"UDP Query User{164228F3-1ED6-4ED4-BD9F-000C7EC5521A}C:\users\privat\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\privat\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{3A0037FA-E7BD-491A-B127-2760E0081CF0}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{5C98FAE8-D2E0-4916-8D1B-37D109DC73A8}C:\program files\benzle\wifisendserver\wifisendserver.exe" = protocol=17 | dir=in | app=c:\program files\benzle\wifisendserver\wifisendserver.exe |
"UDP Query User{6ED21E78-9F6C-4DA5-901D-118191999B7C}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{727EA0FB-CBB5-46DF-9108-653F81845D68}C:\users\privat\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\privat\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{9E7AB13F-1849-4A3A-9D09-71A942BAFA0D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{A7158B8A-68B3-4E11-80E2-69628302C58E}C:\program files\benzle\wifisendserver\wifisendserver.exe" = protocol=17 | dir=in | app=c:\program files\benzle\wifisendserver\wifisendserver.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{62813F65-4D78-43AF-A53C-DFAFA122E065}" = Windows Live Messenger
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Acer Acer Bio Protection 6.0.00.16" = Acer Bio Protection
AAU 6.0.00.16
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIMP2" = AIMP2
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"DiskAid_is1" = DiskAid 5.45
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube Download_is1" = Free YouTube Download version 3.1.27.508
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"ImgBurn" = ImgBurn
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PS3 Media Server" = PS3 Media Server
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 1.1.11
"WiFiSendServer" = WiFiSendServer -- iPhone/iPad for your computers
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4042933089-19693313-36808641-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Octoshape Streaming Services" = Octoshape Streaming Services
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.12.2012 06:27:54 | Computer Name = Privat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16208
Error - 08.12.2012 06:27:55 | Computer Name = Privat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 08.12.2012 06:27:55 | Computer Name = Privat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17332
Error - 08.12.2012 06:27:55 | Computer Name = Privat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17332
Error - 08.12.2012 13:23:19 | Computer Name = Privat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 08.12.2012 13:23:19 | Computer Name = Privat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 24941034
Error - 08.12.2012 13:23:19 | Computer Name = Privat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 24941034
Error - 08.12.2012 13:23:20 | Computer Name = Privat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 08.12.2012 13:23:20 | Computer Name = Privat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 24942033
Error - 08.12.2012 13:23:20 | Computer Name = Privat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 24942033
[ System Events ]
Error - 09.02.2013 10:29:34 | Computer Name = Privat-PC | Source = DCOM | ID = 10010
Description =
Error - 13.02.2013 13:51:41 | Computer Name = Privat-PC | Source = DCOM | ID = 10010
Description =
Error - 15.02.2013 18:22:53 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "CyberLink PowerDVD 11.0 Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 16.02.2013 12:39:22 | Computer Name = Privat-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 23.02.2013 16:25:52 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 23.02.2013 16:25:52 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 23.02.2013 16:30:08 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Spyware Terminator 2012 Realtime Shield Service" wurde unerwartet
beendet. Dies ist bereits 1 Mal passiert.
Error - 23.02.2013 17:04:51 | Computer Name = Privat-PC | Source = bowser | ID = 8003
Description =
Error - 24.02.2013 10:23:32 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "CyberLink PowerDVD 11.0 Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 24.02.2013 14:09:50 | Computer Name = Privat-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?02.?2013 um 19:07:59 unerwartet heruntergefahren.
< End of report >
|
|
25.02.2013, 13:24
| #4 |
| /// Helfer-Team | Delta Search gelöscht... noch Viren ja oder nein? Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-4042933089-19693313-36808641-1000\..\SearchScopes\{D0EF81A6-313D-491B-84F6-7EBF06EB0F7B}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=IMB&o=15785&src=kw&q={searchTerms}&locale=&apn_ptnrs=HQ&apn_dtid=YYYYYYYYDE&apn_uid=c0152214-75f9-436f-9660-f4ea7617855c&apn_sauid=7425AA07-D8FB-4686-87C1-4AA1D5C0634A
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
O3 - HKU\S-1-5-21-4042933089-19693313-36808641-1000\..\Toolbar\WebBrowser: (no name) - {FF88A983-649D-4207-9336-9B999280B436} - No CLSID value found.
[2013.02.22 18:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.02.24 19:10:43 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2013.02.23 21:21:01 | 000,587,671 | ---- | M] () -- C:\Users\Privat\Desktop\adwcleaner0.exe
[2013.02.22 18:27:33 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\movie2kDownloader.com
[2013.02.22 18:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\movie2kDownloader.com
[2013.02.22 18:27:33 | 000,000,878 | ---- | M] () -- C:\Users\Privat\Desktop\movie2kDownloader.lnk
[2013.02.24 19:11:53 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Privat\*.tmp
C:\Users\Privat\AppData\*.dll
C:\Users\Privat\AppData\*.exe
C:\Users\Privat\AppData\Local\Temp\*.exe
C:\Users\Privat\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade Dir bitte  Malwarebytes Anti-Malware
danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
|
|
25.02.2013, 16:58
| #5 |
| | Delta Search gelöscht... noch Viren ja oder nein? die OG Logfiles All processes killed ========== OTL ========== Registry key HKEY_USERS\S-1-5-21-4042933089-19693313-36808641-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D0EF81A6-313D-491B-84F6-7EBF06EB0F7B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0EF81A6-313D-491B-84F6-7EBF06EB0F7B}\ not found. Prefs.js: "Delta Search" removed from browser.search.selectedEngine Registry value HKEY_USERS\S-1-5-21-4042933089-19693313-36808641-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FF88A983-649D-4207-9336-9B999280B436} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF88A983-649D-4207-9336-9B999280B436}\ not found. C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} folder moved successfully. C:\ProgramData\BrowserProtect\2.6.1095.52 folder moved successfully. C:\ProgramData\BrowserProtect folder moved successfully. C:\Windows\KMSEmulator.exe moved successfully. C:\Users\Privat\Desktop\adwcleaner0.exe moved successfully. C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\movie2kDownloader.com folder moved successfully. C:\Program Files\movie2kDownloader.com folder moved successfully. C:\Users\Privat\Desktop\movie2kDownloader.lnk moved successfully. C:\Windows\Tasks\AutoKMS.job moved successfully. ========== FILES ========== File\Folder C:\ProgramData\*.exe not found. File\Folder C:\ProgramData\*.dll not found. File\Folder C:\ProgramData\*.tmp not found. C:\ProgramData\Temp\{F232C87C-6E92-4775-8210-DFE90B7777D9} folder moved successfully. C:\ProgramData\Temp folder moved successfully. File\Folder C:\Users\Privat\*.tmp not found. File\Folder C:\Users\Privat\AppData\*.dll not found. File\Folder C:\Users\Privat\AppData\*.exe not found. C:\Users\Privat\AppData\Local\Temp\ServerUpdater_V0_9_20.exe moved successfully. C:\Users\Privat\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Privat\Desktop\cmd.bat deleted successfully. C:\Users\Privat\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Privat ->Temp folder emptied: 761662 bytes ->Temporary Internet Files folder emptied: 162845 bytes ->FireFox cache emptied: 75667628 bytes ->Flash cache emptied: 2266 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3687 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 73,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02252013_153947 Files\Folders moved on Reboot... File\Folder C:\Users\Privat\AppData\Local\Temp\OICE_4405B91D-4981-40E8-BC9F-8AA71FF01E37.0\7361E14D. not found! File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... Malwarebytes Malwarebytes Anti-Malware (Test) 1.70.0.1100 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.02.25.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Privat :: PRIVAT-PC [Administrator] Schutz: Aktiviert 25.02.2013 15:49:21 mbam-log-2013-02-25 (15-49-21).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 308382 Laufzeit: 1 Stunde(n), 6 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Windows\AutoKMS\AutoKMS.exe (Trojan.Agent.H) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) ADW Cleaner kommt gleich nach Seitdem Neustart öffnet sich mein Notebook nicht mehr richtig, es erscheint nur ein das Acer Symbol und danach erscheint nur noch ein schwarzes Bild... :/ ich musste zur abgesicherten Modus Wechseln.. ahja die adw cleaner logsAdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.113 - Datei am 25/02/2013 um 17:29:20 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : Privat - PRIVAT-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\Privat\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Users\Privat\AppData\Local\PutLockerDownloader
Ordner Gefunden : C:\Users\Privat\AppData\Roaming\dvdvideosoftiehelpers
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.2 (de)
Datei : C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\68ae93pt.default\prefs.js
Gefunden : user_pref("extensions.delta.admin", false);
Gefunden : user_pref("extensions.delta.aflt", "babsst");
Gefunden : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gefunden : user_pref("extensions.delta.autoRvrt", "false");
Gefunden : user_pref("extensions.delta.dfltLng", "en");
Gefunden : user_pref("extensions.delta.excTlbr", false);
Gefunden : user_pref("extensions.delta.id", "06b48b4800000000000000238b19cc66");
Gefunden : user_pref("extensions.delta.instlDay", "15758");
Gefunden : user_pref("extensions.delta.instlRef", "sst");
Gefunden : user_pref("extensions.delta.newTab", false);
Gefunden : user_pref("extensions.delta.prdct", "delta");
Gefunden : user_pref("extensions.delta.prtnrId", "delta");
Gefunden : user_pref("extensions.delta.rvrt", "false");
Gefunden : user_pref("extensions.delta.smplGrp", "none");
Gefunden : user_pref("extensions.delta.tlbrId", "base");
Gefunden : user_pref("extensions.delta.tlbrSrchUrl", "");
Gefunden : user_pref("extensions.delta.vrsn", "1.8.10.0");
Gefunden : user_pref("extensions.delta.vrsnTs", "1.8.10.018:30:50");
Gefunden : user_pref("extensions.delta.vrsni", "1.8.10.0");
*************************
AdwCleaner[R1].txt - [11156 octets] - [23/02/2013 21:21:08]
AdwCleaner[R2].txt - [11217 octets] - [23/02/2013 21:22:32]
AdwCleaner[R3].txt - [2840 octets] - [25/02/2013 17:27:56]
AdwCleaner[R4].txt - [2710 octets] - [25/02/2013 17:29:20]
AdwCleaner[S1].txt - [11092 octets] - [23/02/2013 21:22:57]
########## EOF - C:\AdwCleaner[R4].txt - [2831 octets] ##########
Hier beginnt esAdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.113 - Datei am 25/02/2013 um 17:27:56 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : Privat - PRIVAT-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\Privat\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Users\Privat\AppData\Local\PutLockerDownloader
Ordner Gefunden : C:\Users\Privat\AppData\Roaming\dvdvideosoftiehelpers
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.2 (de)
Datei : C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\68ae93pt.default\prefs.js
Gefunden : user_pref("extensions.delta.admin", false);
Gefunden : user_pref("extensions.delta.aflt", "babsst");
Gefunden : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gefunden : user_pref("extensions.delta.autoRvrt", "false");
Gefunden : user_pref("extensions.delta.dfltLng", "en");
Gefunden : user_pref("extensions.delta.excTlbr", false);
Gefunden : user_pref("extensions.delta.id", "06b48b4800000000000000238b19cc66");
Gefunden : user_pref("extensions.delta.instlDay", "15758");
Gefunden : user_pref("extensions.delta.instlRef", "sst");
Gefunden : user_pref("extensions.delta.newTab", false);
Gefunden : user_pref("extensions.delta.prdct", "delta");
Gefunden : user_pref("extensions.delta.prtnrId", "delta");
Gefunden : user_pref("extensions.delta.rvrt", "false");
Gefunden : user_pref("extensions.delta.smplGrp", "none");
Gefunden : user_pref("extensions.delta.tlbrId", "base");
Gefunden : user_pref("extensions.delta.tlbrSrchUrl", "");
Gefunden : user_pref("extensions.delta.vrsn", "1.8.10.0");
Gefunden : user_pref("extensions.delta.vrsnTs", "1.8.10.018:30:50");
Gefunden : user_pref("extensions.delta.vrsni", "1.8.10.0");
*************************
AdwCleaner[R1].txt - [11156 octets] - [23/02/2013 21:21:08]
AdwCleaner[R2].txt - [11217 octets] - [23/02/2013 21:22:32]
AdwCleaner[R3].txt - [2650 octets] - [25/02/2013 17:27:56]
AdwCleaner[S1].txt - [11092 octets] - [23/02/2013 21:22:57]
########## EOF - C:\AdwCleaner[R3].txt - [2771 octets] ##########
|
|
25.02.2013, 17:54
| #6 |
| /// Helfer-Team | Delta Search gelöscht... noch Viren ja oder nein? Sehr gut!  Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: ESET Online Scanner
danach: Downloade Dir bitte  SecurityCheck und:
__________________ --> Delta Search gelöscht... noch Viren ja oder nein? |
|
25.02.2013, 17:58
| #7 |
| | Delta Search gelöscht... noch Viren ja oder nein? ist es denn normal, dass ich NUR noch im abgesicherten Modus arbeiten kann? i.wie öffnet sich mein notebook normal nicht mehr. es kommt nur noch ein schwarzes Bildschirm beim hochfahren.. das Programm aswMBR öffnet sich und scannt einige Minuten, jedoch stürzt es nach 2-3 minuten jedesmal ab.. Need ur help =( ahja und nebenbei mein firefall avast wird nicht mehr aktiviert, seitdem ich es deaktiviert habe.. |
|
26.02.2013, 12:06
| #8 |
| /// Helfer-Team | Delta Search gelöscht... noch Viren ja oder nein? Normal ist das nicht, kann aber am gecrackten Windows/Office liegen. Die Benutzung von Cracks und Keygens verstoesst gegen unseren Kodex. Schon mal darueber nachgedacht, warum es Cracks gibt? Mit Cracks & Co installiert man sich Hintertueren auf dem Rechner. Kriminelle nutzen solche Rechner als Botnetz fuer ihre Machenschaften. Dein System ist als nicht vertrauenswuerdig einzustufen und du solltest keine sensiblen Sachen wie Homebanking an dem PC betreiben. Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP 1. Datenrettung:
2. Formatieren, Windows neu instalieren:
3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. |
|
26.02.2013, 12:57
| #9 |
| | Delta Search gelöscht... noch Viren ja oder nein? Hmm kann ich nicht einfach Windows Office deinstallieren und gut ist es? Ich habe sehr viele wichtige Daten und die will ich nicht einfach löschen.. Ich habe jetzt eine System Wiederherstellung gemacht und es funktioniert wieder.. |
|
26.02.2013, 13:24
| #10 | |
| /// Helfer-Team | Delta Search gelöscht... noch Viren ja oder nein?Zitat:
|
|
| Themen zu Delta Search gelöscht... noch Viren ja oder nein? |
| board, bruder, compu, computer, delta, delta search, eurem, foren, frage, fragen, installier, kleiner, konnte, loader, löschen, movie, programme, search, troja, trojaner, trojanern, viren |
Linear-Darstellung
