Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Ich werde "imp.js von tracker.tradedoubler.com" nicht los

Ich werde "imp.js von tracker.tradedoubler.com" nicht los


Plagegeister aller Art und deren Bekämpfung: Ich werde "imp.js von tracker.tradedoubler.com" nicht los

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 16.03.2013, 17:43   #1
micha64546
 
Ich werde "imp.js von tracker.tradedoubler.com" nicht los - Standard

Ich werde "imp.js von tracker.tradedoubler.com" nicht los


Hallo zusammen, seit einiger Zeit erscheint immer "Möchten sie imp.js (226 Bytes) von tracker.tradedoubler.com öffnen oder speichern?"

Habe schon einiges versucht, werde "es" aber nicht los!

Wer kann helfen?

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.03.2013 17:44:31 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\micha\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 68,43% Memory free
3,74 Gb Paging File | 2,44 Gb Available in Paging File | 65,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 173,14 Gb Free Space | 74,38% Space Free | Partition Type: NTFS
 
Computer Name: MICHA-PC | User Name: micha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.16 17:38:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\micha\Desktop\OTL.exe
PRC - [2013.03.15 22:27:42 | 000,255,992 | ---- | M] (Microsoft Corporation) -- C:\Users\micha\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2013.03.13 22:25:17 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\micha\AppData\Roaming\Yontoo\YontooDesktop.exe
PRC - [2013.03.13 22:25:17 | 000,023,552 | ---- | M] (Microsoft) -- C:\Programme\Yontoo\Y2Desktop.Updater.exe
PRC - [2013.03.11 15:52:48 | 000,101,888 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\micha\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgui.exe
PRC - [2012.12.10 11:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgfws.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgidsagent.exe
PRC - [2012.10.30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgrsx.exe
PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.10.22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgnsx.exe
PRC - [2012.10.22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgemcx.exe
PRC - [2012.10.22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgcsrvx.exe
PRC - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2012.07.17 14:49:00 | 000,194,304 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2012.07.03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe
PRC - [2012.06.08 16:02:06 | 000,087,368 | ---- | M] (Nero AG) -- C:\Programme\HTC\HTC Sync Manager\HSMServiceEntry.exe
PRC - [2012.04.13 09:12:00 | 000,088,576 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.01.08 13:15:24 | 001,118,208 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Programme\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe
PRC - [2009.12.07 12:49:24 | 000,040,960 | ---- | M] (Realtek) -- C:\Programme\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe
PRC - [2009.02.26 17:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.09.29 14:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.23 03:28:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.10 19:28:46 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 19:28:06 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 19:27:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.10 19:27:54 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 19:27:44 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.10.05 11:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010.11.05 02:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe C:\Users\micha\AppData\Roaming\Yontoo\YontooDesktop.exe -- (Yontoo Desktop Updater)
SRV - [2013.03.13 18:00:56 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.11 15:52:48 | 000,101,888 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.10 11:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.06.08 16:02:06 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService)
SRV - [2012.04.13 09:12:00 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.12.07 12:49:24 | 000,040,960 | ---- | M] (Realtek) [Auto | Running] -- C:\Programme\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe -- (Realtek87B)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.02.26 17:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.09.29 14:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\micha\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.11.15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012.10.22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012.10.15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.10.02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.09.21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.09.21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012.09.21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012.09.14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012.09.04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.23 09:24:58 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.03.31 03:13:28 | 000,379,904 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009.10.26 22:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.07.14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.06.24 10:59:10 | 000,167,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Programme\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {7DFE5036-B3EB-4C2B-B84E-D22A6033B05A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-561185452-2098543723-1992313556-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-561185452-2098543723-1992313556-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-561185452-2098543723-1992313556-1000\..\SearchScopes,DefaultScope = {7DFE5036-B3EB-4C2B-B84E-D22A6033B05A}
IE - HKU\S-1-5-21-561185452-2098543723-1992313556-1000\..\SearchScopes\{015083B5-2245-48BF-8AB0-3DFD41FF3206}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
IE - HKU\S-1-5-21-561185452-2098543723-1992313556-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-561185452-2098543723-1992313556-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-561185452-2098543723-1992313556-1000\..\SearchScopes\{7DFE5036-B3EB-4C2B-B84E-D22A6033B05A}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3241949&CUI=UN24033145281412015&UM=1
IE - HKU\S-1-5-21-561185452-2098543723-1992313556-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\micha\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\micha\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.03.09 12:54:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013.03.12 16:39:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.03.09 12:54:41 | 000,000,000 | ---D | M]
 
[2012.08.12 08:29:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\micha\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\micha\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\micha\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\micha\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Mail = C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.02.23 13:41:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files\FileConverter_1.3\prxtbFile.dll̀ File not found
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files\FileConverter_1.3\prxtbFile.dll̀ File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-561185452-2098543723-1992313556-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-561185452-2098543723-1992313556-1000\..\Toolbar\WebBrowser: (FileConverter 1.3 Toolbar) - {78E516EF-11DE-47A1-8364-A99B917EC5EE} - C:\Programme\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-561185452-2098543723-1992313556-1000..\Run: [SkyDrive] C:\Users\micha\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-561185452-2098543723-1992313556-1000..\Run: [Yontoo Desktop] C:\Users\micha\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
O4 - Startup: C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\micha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-561185452-2098543723-1992313556-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-561185452-2098543723-1992313556-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect125.cab (GMNRev Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0860B0DC-7BD4-4183-8874-4631B6D0F36F}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.16 17:38:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\micha\Desktop\OTL.exe
[2013.03.14 19:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.03.14 19:10:08 | 000,000,000 | ---D | C] -- C:\Users\micha\AppData\Roaming\HTML Executable
[2013.03.14 19:07:56 | 000,000,000 | ---D | C] -- C:\Users\micha\AppData\Roaming\AVG2013
[2013.03.14 19:06:36 | 000,000,000 | ---D | C] -- C:\Users\micha\AppData\Roaming\TuneUp Software
[2013.03.14 19:04:56 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013.03.14 19:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013.03.14 19:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013.03.14 19:02:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.03.14 19:02:02 | 000,000,000 | ---D | C] -- C:\Users\micha\AppData\Local\MFAData
[2013.03.14 19:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013.03.14 19:02:02 | 000,000,000 | ---D | C] -- C:\Users\micha\AppData\Local\Avg2013
[2013.03.14 18:42:12 | 000,000,000 | ---D | C] -- C:\Users\micha\AppData\Roaming\Yontoo
[2013.03.14 18:42:12 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2013.03.14 18:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.03.12 17:41:12 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.03.12 17:40:57 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2013.03.12 17:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013.03.12 17:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013.03.12 17:37:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SkyDrive
[2013.03.12 17:37:00 | 000,000,000 | R--D | C] -- C:\Users\micha\SkyDrive
[2013.03.12 17:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013.03.12 17:35:28 | 000,000,000 | ---D | C] -- C:\Users\micha\AppData\Local\Windows Live
[2013.03.12 17:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2013.03.12 16:39:11 | 000,000,000 | ---D | C] -- C:\Users\micha\Documents\Freemake
[2013.03.12 16:39:10 | 000,000,000 | ---D | C] -- C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2013.03.12 16:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2013.03.12 16:39:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2013.03.12 16:38:43 | 000,000,000 | ---D | C] -- C:\Users\micha\AppData\Roaming\OpenCandy
[2013.03.12 16:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake
[2013.03.12 16:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013.03.12 16:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\FileConverter_1.3
[2013.03.12 16:33:30 | 000,000,000 | ---D | C] -- C:\Users\micha\AppData\Local\Conduit
[2013.03.12 16:08:53 | 000,000,000 | ---D | C] -- C:\Users\micha\AppData\Roaming\vlc
[2013.03.12 16:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.03.12 16:08:23 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013.03.09 22:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY
[2013.03.09 12:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2013.03.09 12:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2013.02.23 16:59:52 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\micha\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.23 13:58:00 | 002,347,384 | ---- | C] (ESET) -- C:\Users\micha\Desktop\esetsmartinstaller_enu.exe
[2013.02.23 13:44:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.23 13:30:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.23 13:30:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.23 13:30:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.23 13:29:26 | 005,034,320 | R--- | C] (Swearware) -- C:\Users\micha\Desktop\ComboFix.exe
[2013.02.22 17:41:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.22 17:40:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.09.27 19:57:56 | 017,813,784 | ---- | C] (Dropbox, Inc.) -- C:\Users\micha\Dropbox 1.4.17.exe
[2012.08.29 16:15:42 | 003,927,560 | ---- | C] (Piriform Ltd) -- C:\Users\micha\ccsetup322.exe
[2012.08.11 16:17:27 | 007,280,088 | ---- | C] (Dark Byte                                                   ) -- C:\Users\micha\CheatEngine62.exe
[2012.05.24 20:09:03 | 160,724,984 | ---- | C] (HTC Corporation                                              ) -- C:\Users\micha\setup_3.2.10 (1).exe
[2012.05.07 12:23:41 | 001,960,816 | ---- | C] (DriverBoost) -- C:\Users\micha\DriverBoostPro_Setup.exe
[2012.05.07 12:09:24 | 009,209,368 | ---- | C] (Acer Incorporated) -- C:\Users\micha\LiveUpdater.exe
[2012.03.08 17:17:34 | 003,628,016 | ---- | C] (Piriform Ltd) -- C:\Users\micha\ccsetup316.exe
[2012.02.19 20:23:38 | 000,313,936 | ---- | C] (Softonic) -- C:\Users\micha\SoftonicDownloader_fuer_multi-timer.exe
[2011.11.20 17:39:36 | 010,132,608 | ---- | C] (Geek Software GmbH                                          ) -- C:\Users\micha\pdf24-creator.exe
[2011.11.17 19:24:14 | 006,473,436 | ---- | C] (Dark Byte                                                   ) -- C:\Users\micha\CheatEngine61.exe
[2011.11.16 19:25:26 | 012,925,584 | ---- | C] (Nullsoft, Inc.) -- C:\Users\micha\winamp5622_full_emusic-7plus_de-de.exe
[2011.11.07 10:32:46 | 011,703,104 | ---- | C] (EASEUS                                                      ) -- C:\Users\micha\EASEUS_PartitionMaster_9.1.exe
[2011.10.30 18:38:31 | 009,075,640 | ---- | C] (Vuze Inc.) -- C:\Users\micha\Vuze_Installer.exe
[2011.10.27 19:29:45 | 020,367,424 | ---- | C] (The GIMP Team                                               ) -- C:\Users\micha\gimp-2.6.11-i686-setup-1.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.16 17:38:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\micha\Desktop\OTL.exe
[2013.03.16 17:37:28 | 000,000,000 | ---- | M] () -- C:\Users\micha\defogger_reenable
[2013.03.16 17:33:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.16 17:08:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-561185452-2098543723-1992313556-1000UA.job
[2013.03.16 17:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.16 16:33:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.16 12:33:31 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.16 12:33:31 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.16 12:25:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.16 12:25:45 | 1504,137,216 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.15 20:08:01 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-561185452-2098543723-1992313556-1000Core.job
[2013.03.14 21:14:04 | 000,002,364 | ---- | M] () -- C:\Users\micha\Desktop\Google Chrome.lnk
[2013.03.14 19:12:34 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.03.14 18:41:25 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2013.03.14 18:40:39 | 000,000,000 | ---- | M] () -- C:\END
[2013.03.12 21:04:37 | 000,002,060 | ---- | M] () -- C:\Users\micha\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013.03.12 21:04:37 | 000,001,989 | ---- | M] () -- C:\Users\micha\Desktop\Avira DE-Cleaner.lnk
[2013.03.12 16:39:10 | 000,001,314 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2013.03.12 16:08:38 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.03.12 15:53:04 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.03.12 15:04:19 | 000,003,951 | ---- | M] () -- C:\Users\micha\.recently-used.xbel
[2013.03.11 21:26:07 | 000,272,380 | ---- | M] () -- C:\Windows\hpwins20.dat
[2013.03.11 21:05:26 | 000,067,623 | ---- | M] () -- C:\Users\micha\Desktop\HP Installationsfehler – Windows 7.hta
[2013.03.10 09:04:46 | 000,410,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.03.09 18:59:01 | 000,123,362 | ---- | M] () -- C:\Users\micha\Desktop\IMAG0314.jpg
[2013.03.09 12:53:51 | 000,001,345 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2013.03.09 12:53:31 | 000,002,105 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013.03.09 12:21:59 | 000,708,282 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.09 12:21:59 | 000,663,560 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.09 12:21:59 | 000,151,886 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.09 12:21:59 | 000,124,832 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.02 08:09:04 | 000,000,326 | ---- | M] () -- C:\Users\micha\Desktop\HP Druckerdiagnosetools.url
[2013.02.23 17:00:26 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.23 16:59:53 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\micha\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.23 13:58:36 | 002,347,384 | ---- | M] (ESET) -- C:\Users\micha\Desktop\esetsmartinstaller_enu.exe
[2013.02.23 13:41:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.02.23 13:29:37 | 005,034,320 | R--- | M] (Swearware) -- C:\Users\micha\Desktop\ComboFix.exe
[2013.02.20 21:01:56 | 000,242,691 | ---- | M] () -- C:\Users\micha\Toll.jpg
[2013.02.20 21:01:27 | 002,212,650 | ---- | M] () -- C:\Users\micha\Toll.xcf
 
========== Files Created - No Company Name ==========
 
[2013.03.16 17:37:28 | 000,000,000 | ---- | C] () -- C:\Users\micha\defogger_reenable
[2013.03.14 19:06:37 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.03.14 18:40:39 | 000,000,000 | ---- | C] () -- C:\END
[2013.03.12 21:04:37 | 000,002,060 | ---- | C] () -- C:\Users\micha\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013.03.12 21:04:37 | 000,001,989 | ---- | C] () -- C:\Users\micha\Desktop\Avira DE-Cleaner.lnk
[2013.03.12 17:40:48 | 000,001,287 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013.03.12 17:40:37 | 000,001,356 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013.03.12 17:40:18 | 000,002,468 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013.03.12 17:37:00 | 000,002,176 | ---- | C] () -- C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2013.03.12 16:39:10 | 000,001,314 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2013.03.12 16:08:38 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.03.12 15:53:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.03.12 15:04:19 | 000,003,951 | ---- | C] () -- C:\Users\micha\.recently-used.xbel
[2013.03.11 21:05:25 | 000,067,623 | ---- | C] () -- C:\Users\micha\Desktop\HP Installationsfehler – Windows 7.hta
[2013.03.09 18:57:35 | 000,123,362 | ---- | C] () -- C:\Users\micha\Desktop\IMAG0314.jpg
[2013.03.09 12:54:22 | 000,001,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2013.03.09 12:53:51 | 000,001,345 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2013.03.09 12:53:31 | 000,002,105 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013.03.09 12:49:47 | 000,272,380 | ---- | C] () -- C:\Windows\hpwins20.dat
[2013.03.09 12:49:47 | 000,001,678 | ---- | C] () -- C:\Windows\hpwmdl20.dat
[2013.03.09 11:25:53 | 000,001,678 | ---- | C] () -- C:\Windows\hpwmdl20.dat.temp
[2013.03.02 08:09:04 | 000,000,326 | ---- | C] () -- C:\Users\micha\Desktop\HP Druckerdiagnosetools.url
[2013.02.23 13:30:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.23 13:30:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.23 13:30:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.22 17:41:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.22 17:41:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.20 21:01:56 | 000,242,691 | ---- | C] () -- C:\Users\micha\Toll.jpg
[2013.02.20 21:01:27 | 002,212,650 | ---- | C] () -- C:\Users\micha\Toll.xcf
[2013.01.22 08:24:05 | 001,814,725 | ---- | C] () -- C:\Users\micha\2013-01-22 08.18.39.jpg
[2012.12.22 07:08:37 | 000,005,278 | ---- | C] () -- C:\Users\micha\cc_20121222_070832.reg
[2012.12.15 20:45:15 | 002,774,400 | ---- | C] () -- C:\Users\micha\de_windows_keyfinder_2012_x86.exe
[2012.11.27 18:30:21 | 000,000,348 | ---- | C] () -- C:\Users\micha\Sandh  Mannh 27.11.rtf
[2012.11.06 16:42:10 | 000,041,931 | ---- | C] () -- C:\Users\micha\479922_435525343176066_1899941813_n.jpg
[2012.11.05 16:27:09 | 000,004,401 | ---- | C] () -- C:\Users\micha\Ihr Antrag für eine Kfz-Versicherung bei der Kravag KfzPolice-Plus.html
[2012.11.01 19:15:41 | 002,817,989 | ---- | C] () -- C:\Users\micha\Scannen0001.jpg
[2012.11.01 19:15:40 | 000,970,904 | ---- | C] () -- C:\Users\micha\Scannen0001.pdf
[2012.10.30 05:27:51 | 000,007,514 | ---- | C] () -- C:\Users\micha\mieterselbstauskunft.pdf
[2012.10.23 13:44:08 | 005,154,304 | ---- | C] () -- C:\Users\micha\fpe_setup_en.msi
[2012.10.10 21:29:15 | 000,059,904 | ---- | C] () -- C:\Users\micha\AppData\Local\cnjohxhw
[2012.10.10 21:27:11 | 000,000,000 | ---- | C] () -- C:\Users\micha\AppData\Roaming\SharedSettings.ccs
[2012.10.02 13:29:21 | 000,865,194 | ---- | C] () -- C:\Users\micha\zusage_kautionsversicherung.pdf
[2012.10.01 16:05:31 | 000,000,439 | ---- | C] () -- C:\Users\micha\qrcode (1).png
[2012.10.01 16:04:05 | 000,000,439 | ---- | C] () -- C:\Users\micha\qrcode.png
[2012.09.27 15:33:07 | 000,029,133 | ---- | C] () -- C:\Users\micha\vwbus.jpg
[2012.09.24 01:19:14 | 000,026,944 | ---- | C] () -- C:\Users\micha\575708_157780711020905_1906227798_n.jpg
[2012.09.24 00:55:57 | 000,069,550 | ---- | C] () -- C:\Users\micha\476621_199584843507158_1517161405_o.jpg
[2012.09.01 09:58:18 | 000,008,478 | ---- | C] () -- C:\Users\micha\Unbenannt.jpg
[2012.09.01 09:55:28 | 000,029,206 | ---- | C] () -- C:\Users\micha\Unbenannt.xcf
[2012.08.29 16:43:30 | 000,202,448 | ---- | C] () -- C:\Users\micha\cc_20120829_174323.reg
[2012.08.23 18:01:48 | 000,157,659 | ---- | C] () -- C:\Users\micha\484530_408249042566756_927274739_n.jpg
[2012.08.19 09:20:27 | 003,363,743 | ---- | C] () -- C:\Users\micha\CardRdr_Jmicron_1.00.16.01_XPx86_A.zip
[2012.08.16 18:32:37 | 000,010,062 | ---- | C] () -- C:\Users\micha\304950_315516081878559_1887497933_n.jpg
[2012.08.16 16:36:23 | 001,477,215 | ---- | C] () -- C:\Users\micha\DOC160812-004 (1).pdf
[2012.08.16 16:33:05 | 000,818,400 | ---- | C] () -- C:\Users\micha\DOC160812-004.pdf
[2012.08.15 15:32:13 | 029,851,432 | ---- | C] () -- C:\Users\micha\CPE_SCAN_DESTINATION_UPDATE_hpcom_001_003.exe
[2012.08.14 17:28:13 | 000,012,222 | ---- | C] () -- C:\Users\micha\LeiderGeil.jpg
[2012.08.05 14:31:36 | 008,163,862 | ---- | C] () -- C:\Users\micha\Application_Acer_1.02.3502_W7x86W7x64_A.zip
[2012.08.05 14:30:51 | 023,872,254 | ---- | C] () -- C:\Users\micha\VGA_Intel_8.15.10.1867_W7x86_A.zip
[2012.06.19 05:16:41 | 000,092,043 | ---- | C] () -- C:\Users\micha\mahnung.pdf
[2012.06.16 09:19:31 | 000,030,277 | ---- | C] () -- C:\Users\micha\577457_240003472779475_837613404_n.jpg
[2012.06.13 19:30:42 | 000,069,051 | ---- | C] () -- C:\Users\micha\380364_431266746906463_609487104_n.jpg
[2012.06.10 17:12:08 | 000,111,530 | ---- | C] () -- C:\Users\micha\USt2009_Silvia_Hamacher.elfo
[2012.06.06 12:42:00 | 000,001,363 | ---- | C] () -- C:\Users\micha\Janine Bewerbung Matthiesen.rtf
[2012.05.16 18:12:04 | 000,080,881 | ---- | C] () -- C:\Users\micha\577019_3247283456784_1107852449_32694894_692021505_n.jpg
[2012.05.13 13:25:19 | 000,066,393 | ---- | C] () -- C:\Users\micha\Versicherungsbestätigung_Endgültige_Zulassung.pdf
[2012.05.13 13:25:07 | 000,066,393 | ---- | C] () -- C:\Users\micha\Versicherungsbestätigung_Endgültige_Zulassung (1).pdf
[2012.04.20 20:30:20 | 000,000,365 | ---- | C] () -- C:\Users\micha\Auszahlungen_janiine90_Jan-21-2012_Apr-19-2012.csv
[2012.04.14 13:40:38 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012.04.14 13:39:14 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.04.10 09:42:53 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012.03.22 08:22:35 | 000,179,665 | ---- | C] () -- C:\Users\micha\SoftKeyRevealer.zip
[2012.03.16 18:53:56 | 021,476,536 | ---- | C] () -- C:\Users\micha\SeaToolsforWindowsSetup-1206.exe
[2012.02.16 04:58:04 | 000,000,203 | ---- | C] () -- C:\Users\micha\Dokument.rtf
[2011.12.29 19:51:49 | 000,010,424 | ---- | C] () -- C:\Users\micha\Michael Stenken.dotx
[2011.12.03 19:38:42 | 000,862,720 | ---- | C] () -- C:\Users\micha\Publikation2.pub
[2011.11.20 19:12:49 | 001,726,549 | ---- | C] () -- C:\Users\micha\Bewerbung für FES.pdf
[2011.11.20 17:46:02 | 001,710,091 | ---- | C] () -- C:\Users\micha\bewerbung1.pdf
[2011.11.20 17:32:19 | 000,017,646 | ---- | C] () -- C:\Users\micha\bewerbung.pdf
[2011.11.20 11:05:03 | 000,000,141 | ---- | C] () -- C:\Users\micha\AppData\Roaming\default.rss
[2011.11.12 10:27:15 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.11.11 14:34:28 | 001,730,953 | ---- | C] () -- C:\Users\micha\Bewerbung mit.pdf
[2011.11.10 14:14:03 | 001,444,140 | ---- | C] () -- C:\Users\micha\Windows 7 Loader 2.0.7 By Daz.rar
[2011.11.10 13:03:41 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011.11.10 12:53:46 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011.11.10 12:52:25 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.11.10 07:35:14 | 295,266,400 | ---- | C] () -- C:\Users\micha\OJJ4600_Full_14.exe
[2011.11.02 17:39:20 | 004,952,410 | ---- | C] () -- C:\Users\micha\FTS_RealtekRTL8102EFamilyPCIEFastEthernet_62065022008_1026891.ZIP
[2011.11.02 16:40:25 | 001,322,109 | ---- | C] () -- C:\Users\micha\A26391-K90-Z200-de_web.pdf
[2011.10.31 06:26:04 | 000,001,104 | ---- | C] () -- C:\Users\micha\+Trend+Micro+Internet+Security+Pro+2008.torrent
[2011.10.30 19:16:06 | 000,015,650 | ---- | C] () -- C:\Users\micha\Nero-11.0.11000Pre-ActivatedFullVersionWorking100@www.torrent.to.torrent
[2011.10.29 18:17:29 | 008,867,840 | ---- | C] () -- C:\Users\micha\SeaToolsDOS223ALL.ISO
[2011.10.28 19:47:44 | 062,010,251 | ---- | C] () -- C:\Users\micha\Audio_Realtek_6.0.1.5888_W7x86_A.zip
[2011.10.28 18:54:11 | 002,475,562 | ---- | C] () -- C:\Users\micha\Chipset_Intel_9.1.1.1020_W7x86W7x64_A.zip
[2011.10.26 17:45:24 | 000,060,416 | -H-- | C] () -- C:\Users\micha\LinqBridge.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.03.14 19:12:34 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013.03.14 19:12:34 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013.03.14 19:07:56 | 000,000,000 | ---D | M] -- C:\Users\micha\AppData\Roaming\AVG2013
[2013.03.15 21:32:11 | 000,000,000 | ---D | M] -- C:\Users\micha\AppData\Roaming\Azureus
[2013.03.16 12:27:02 | 000,000,000 | ---D | M] -- C:\Users\micha\AppData\Roaming\Dropbox
[2012.02.21 12:07:27 | 000,000,000 | ---D | M] -- C:\Users\micha\AppData\Roaming\DVDVideoSoft
[2012.02.21 12:07:04 | 000,000,000 | ---D | M] -- C:\Users\micha\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.10 16:06:14 | 000,000,000 | ---D | M] -- C:\Users\micha\AppData\Roaming\elsterformular
[2013.03.12 15:04:19 | 000,000,000 | ---D | M] -- C:\Users\micha\AppData\Roaming\gtk-2.0
[2012.06.30 09:17:05 | 000,000,000 | ---D | M] -- C:\Users\micha\AppData\Roaming\HTC
[2012.06.30 09:17:21 | 000,000,000 | ---D | M] -- C:\Users\micha\AppData\Roaming\HTC Sync
[2013.03.14 19:10:08 | 000,000,000 | ---D | M] -- C:\Users\micha\AppData\Roaming\HTML Executable
[2013.03.12 16:38:43 | 000,000,000 | ---D | M] -- C:\Users\micha\AppData\Roaming\OpenCandy
[2013.03.14 19:06:36 | 000,000,000 | ---D | M] -- C:\Users\micha\AppData\Roaming\TuneUp Software
[2013.03.16 12:26:48 | 000,000,000 | ---D | M] -- C:\Users\micha\AppData\Roaming\Yontoo
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-16 18:57:35
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250315AS rev.0003SDM1 232,89GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\micha\AppData\Local\Temp\ugloypow.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                               ZwNotifyChangeKey [0x8EDF314A]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                               ZwNotifyChangeMultipleKeys [0x8EDF321A]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                               ZwOpenProcess [0x8EDF2D7C]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                               ZwSuspendProcess [0x8EDF2F6A]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                               ZwSuspendThread [0x8EDF3000]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                               ZwTerminateProcess [0x8EDF2E32]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                               ZwTerminateThread [0x8EDF2ECE]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                               ZwWriteVirtualMemory [0x8EDF309C]

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                   82A889E9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                     82AC21C2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1357                                                        82AC946C 8 Bytes  [4A, 31, DF, 8E, 1A, 32, DF, ...]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 139F                                                        82AC94B4 4 Bytes  [7C, 2D, DF, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 165F                                                        82AC9774 8 Bytes  [6A, 2F, DF, 8E, 00, 30, DF, ...] {PUSH 0x2f; FISTTP WORD [ESI-0x7120d000]}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 166F                                                        82AC9784 8 Bytes  [32, 2E, DF, 8E, CE, 2E, DF, ...] {XOR CH, [ESI]; FISTTP WORD [ESI-0x7120d132]}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 16E3                                                        82AC97F8 4 Bytes  [9C, 30, DF, 8E]

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Internet Explorer\iexplore.exe[25548] USER32.dll!EnableWindow             76118D02 5 Bytes  JMP 674D9EBC C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[25548] USER32.dll!DialogBoxParamW          76133B9B 5 Bytes  JMP 67431893 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[25548] USER32.dll!DialogBoxIndirectParamW  76143B7F 5 Bytes  JMP 67628F36 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[25548] USER32.dll!DialogBoxParamA          7615CF42 5 Bytes  JMP 67628ED1 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[25548] USER32.dll!DialogBoxIndirectParamA  7615D274 5 Bytes  JMP 67628F9B C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[25548] USER32.dll!MessageBoxIndirectA      7616E869 5 Bytes  JMP 67628E58 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[25548] USER32.dll!MessageBoxIndirectW      7616E963 5 Bytes  JMP 67628DDF C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[25548] USER32.dll!MessageBoxExA            7616E9C9 5 Bytes  JMP 67628D7B C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[25548] USER32.dll!MessageBoxExW            7616E9ED 5 Bytes  JMP 67628D17 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26064] kernel32.dll!CreateThread           764FDCC2 5 Bytes  JMP 674975E3 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!EnableWindow             76118D02 5 Bytes  JMP 674D9EBC C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!CallNextHookEx           7611ABE1 5 Bytes  JMP 674F7FF1 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!UnhookWindowsHookEx      7611ADF9 5 Bytes  JMP 6751ED14 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!DefWindowProcA           7611BB1C 7 Bytes  JMP 6749980D C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!CreateWindowExA          7611BF40 5 Bytes  JMP 674A3643 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!SetWindowsHookExW        7611E30C 5 Bytes  JMP 674D25B4 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!CreateWindowExW          7611EC7C 5 Bytes  JMP 675003DF C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!DefWindowProcW           7612507D 7 Bytes  JMP 674F8054 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!DialogBoxParamW          76133B9B 5 Bytes  JMP 67431893 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!DialogBoxIndirectParamW  76143B7F 5 Bytes  JMP 67628F36 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!DialogBoxParamA          7615CF42 5 Bytes  JMP 67628ED1 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!DialogBoxIndirectParamA  7615D274 5 Bytes  JMP 67628F9B C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!MessageBoxIndirectA      7616E869 5 Bytes  JMP 67628E58 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!MessageBoxIndirectW      7616E963 5 Bytes  JMP 67628DDF C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!MessageBoxExA            7616E9C9 5 Bytes  JMP 67628D7B C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26064] USER32.dll!MessageBoxExW            7616E9ED 5 Bytes  JMP 67628D17 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26064] ole32.dll!OleLoadFromStream         75FB6143 5 Bytes  JMP 67629704 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26696] kernel32.dll!CreateThread           764FDCC2 5 Bytes  JMP 674975E3 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!EnableWindow             76118D02 5 Bytes  JMP 674D9EBC C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!CallNextHookEx           7611ABE1 5 Bytes  JMP 674F7FF1 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!UnhookWindowsHookEx      7611ADF9 5 Bytes  JMP 6751ED14 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!DefWindowProcA           7611BB1C 7 Bytes  JMP 6749980D C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!CreateWindowExA          7611BF40 5 Bytes  JMP 674A3643 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!SetWindowsHookExW        7611E30C 5 Bytes  JMP 674D25B4 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!CreateWindowExW          7611EC7C 5 Bytes  JMP 675003DF C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!DefWindowProcW           7612507D 7 Bytes  JMP 674F8054 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!DialogBoxParamW          76133B9B 5 Bytes  JMP 67431893 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!DialogBoxIndirectParamW  76143B7F 5 Bytes  JMP 67628F36 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!DialogBoxParamA          7615CF42 5 Bytes  JMP 67628ED1 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!DialogBoxIndirectParamA  7615D274 5 Bytes  JMP 67628F9B C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!MessageBoxIndirectA      7616E869 5 Bytes  JMP 67628E58 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!MessageBoxIndirectW      7616E963 5 Bytes  JMP 67628DDF C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!MessageBoxExA            7616E9C9 5 Bytes  JMP 67628D7B C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26696] USER32.dll!MessageBoxExW            7616E9ED 5 Bytes  JMP 67628D17 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[26696] ole32.dll!OleLoadFromStream         75FB6143 5 Bytes  JMP 67629704 C:\Windows\system32\IEFRAME.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                    avgtdix.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                    avgtdix.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                  avgtdix.sys

---- Processes - GMER 2.1 ----

Process         regsvr32.exe (*** hidden *** )                                                             31420                                                                                                                                                

---- EOF - GMER 2.1 ----
--- --- ---

Einen "EXTRAS.txt " gab es nicht....

 

Themen zu Ich werde "imp.js von tracker.tradedoubler.com" nicht los
bytes, ccsetup, einiger, erschein, erscheint, hallo zusammen, nodrives, plug-in, speicher, speichern, tarma, versuch, versucht, zusammen, öffnen


« Rootkit.0Access was tun ? | GVU TROJANER (abgesichert Modus ohne Funktion) OTLPE »


Ähnliche Themen: Ich werde "imp.js von tracker.tradedoubler.com" nicht los


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. lollipop werde ich nicht los, trotz Einsatz aller angeblich so tollen Antiviernprogramme postiver Erkennung unter "Schrauber "
    Log-Analyse und Auswertung - 24.11.2014 (21)
  3. Ich werde "Awesomehp" als Browserstartseite nicht los
    Log-Analyse und Auswertung - 01.02.2014 (11)
  4. Werde "PUP.Optional.Conduit.A" nicht los.
    Log-Analyse und Auswertung - 01.12.2013 (19)
  5. Anforderung imp.js von tracker.tradedoubler.com nach neu aufgesetztem System win7
    Log-Analyse und Auswertung - 03.06.2013 (19)
  6. imp.js tracker.tradedoubler trotz virenprogramm und malwarebytes
    Log-Analyse und Auswertung - 19.03.2013 (28)
  7. Tracker.Tradedoubler.com soll ausgeführt werden
    Plagegeister aller Art und deren Bekämpfung - 05.03.2013 (30)
  8. Wiederholte Meldung "Download ... von tracker.tradedoubler.com" - was tun?
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (19)
  9. imp.js von tracker.tradedoubler.com
    Plagegeister aller Art und deren Bekämpfung - 20.02.2013 (21)
  10. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  11. Werde den fake-Virenscanner "Antivirus Soft" nicht los
    Plagegeister aller Art und deren Bekämpfung - 19.05.2010 (3)
  12. Werde "Malware Defense" nicht richtig los
    Plagegeister aller Art und deren Bekämpfung - 18.01.2010 (11)
  13. Werde "Trojan.Bat.Regger.b" nicht los!
    Log-Analyse und Auswertung - 17.04.2009 (11)
  14. "RECYCLER konnte nicht gefunden werde" - kann nicht auf C: zugreifen
    Plagegeister aller Art und deren Bekämpfung - 16.03.2009 (10)
  15. Hilfe ich werde das "Vieh" nicht los!
    Log-Analyse und Auswertung - 28.07.2004 (1)
  16. Werde "Trojan.Win32.StartPage.ix" nicht mehr los!!!
    Log-Analyse und Auswertung - 23.06.2004 (2)
  17. werde "schädling" nicht los :-((
    Plagegeister aller Art und deren Bekämpfung - 08.03.2004 (12)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Ich werde "imp.js von tracker.tradedoubler.com" nicht los - Hallo zusammen, seit einiger Zeit erscheint immer "Möchten sie imp.js (226 Bytes) von tracker.tradedoubler.com öffnen oder speichern?" Habe schon einiges versucht, werde "es" aber nicht los! Wer kann helfen? OTL - Ich werde "imp.js von tracker.tradedoubler.com" nicht los...
Archiv
Du betrachtest: Ich werde "imp.js von tracker.tradedoubler.com" nicht los auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55