|
Plagegeister aller Art und deren Bekämpfung: Delta Search entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.04.2013, 19:06 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Delta Search entfernen Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
08.04.2013, 21:19 | #17 |
| Delta Search entfernen Sorry hat ein wenig länger gedauert, war ein paar Tage verreist.
__________________hier nun die logs. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.04.08.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Aik :: AIK-PC [Administrator] Schutz: Aktiviert 08.04.2013 20:16:59 mbam-log-2013-04-08 (20-16-59).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 232421 Laufzeit: 4 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=56d7272d0da0eb419561c792be7fed23 # engine=13577 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-04-08 08:07:40 # local_time=2013-04-08 10:07:40 (+0100, Mitteleuropäische Sommerzeit) # country="Austria" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 11330 117081510 0 0 # scanned=203972 # found=1 # cleaned=0 # scan_time=6168 sh=0CCB8C3848823AF2E8218296C8030DFCE5B4E771 ft=1 fh=4de01c89627ea9f5 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="D:\Download\hdplugin_firefox.exe" |
08.04.2013, 21:28 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Delta Search entfernen Nur ein Adware-Fund in einer Datei, die du mal runtergeladen hast. Bitte löschen.
__________________Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ |
08.04.2013, 21:42 | #19 |
| Delta Search entfernen Im Moment öffnet sich jedes mal, wenn ich einen neuen Tab in Firefox öffne die Seite snap.do Bedeutet wohl das gleiche Spiel von vorne oder? |
08.04.2013, 22:02 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Delta Search entfernen Lad dir bitte JRT und adwCleaner neu runter, beide wieder wie schon o.g. ausführen
__________________ Logfiles bitte immer in CODE-Tags posten |
08.04.2013, 22:55 | #21 |
| Delta Search entfernenCode:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.7.9 (04.01.2013:1) OS: Windows 7 Ultimate x64 Ran by Aik on 08.04.2013 at 23:23:05,38 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 08.04.2013 at 23:34:46,94 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter # AdwCleaner v2.200 - Datei am 08/04/2013 um 23:50:09 erstellt # Aktualisiert am 02/04/2013 von Xplode # Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits) # Benutzer : Aik - AIK-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Aik\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Users\Aik\AppData\Roaming\Mozilla\Firefox\Profiles\8p6se4wh.default\jetpack ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v19.0.2 (de) Datei : C:\Users\Aik\AppData\Roaming\Mozilla\Firefox\Profiles\8p6se4wh.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[S3].txt - [4172 octets] - [08/04/2013 22:48:16] AdwCleaner[S4].txt - [871 octets] - [08/04/2013 23:50:09] ########## EOF - C:\AdwCleaner[S4].txt - [930 octets] ########## |
09.04.2013, 11:34 | #22 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Delta Search entfernenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
09.04.2013, 15:28 | #23 |
| Delta Search entfernenCode:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.8.3 (04.05.2013:1) OS: Windows 7 Ultimate x64 Ran by Aik on 09.04.2013 at 16:03:56,64 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [Folder] C:\Users\Aik\AppData\Roaming\mozilla\firefox\profiles\8p6se4wh.default\jetpack Emptied folder: C:\Users\Aik\AppData\Roaming\mozilla\firefox\profiles\8p6se4wh.default\minidumps [1 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 09.04.2013 at 16:15:34,66 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter # AdwCleaner v2.200 - Datei am 09/04/2013 um 16:22:07 erstellt # Aktualisiert am 02/04/2013 von Xplode # Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits) # Benutzer : Aik - AIK-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Aik\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v19.0.2 (de) Datei : C:\Users\Aik\AppData\Roaming\Mozilla\Firefox\Profiles\8p6se4wh.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[S3].txt - [4172 octets] - [08/04/2013 22:48:16] AdwCleaner[S4].txt - [998 octets] - [08/04/2013 23:50:09] AdwCleaner[S5].txt - [832 octets] - [09/04/2013 16:22:07] ########## EOF - C:\AdwCleaner[S5].txt - [891 octets] ########## |
09.04.2013, 16:04 | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Delta Search entfernen Bitte ein neues OTl-Log machen
__________________ Logfiles bitte immer in CODE-Tags posten |
09.04.2013, 16:54 | #25 |
| Delta Search entfernen OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 09.04.2013 17:39:51 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aik\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 60,50% Memory free 7,99 Gb Paging File | 6,09 Gb Available in Paging File | 76,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 47,82 Gb Free Space | 49,02% Space Free | Partition Type: NTFS Drive D: | 368,10 Gb Total Space | 241,50 Gb Free Space | 65,61% Space Free | Partition Type: NTFS Computer Name: AIK-PC | User Name: Aik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Aik\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Services (SafeList) ========== SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\stacsv64.exe (IDT, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe (Andrea Electronics Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (NeroMediaHomeService.4) -- C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe (IDT, Inc.) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe (Andrea Electronics Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation) DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 22 04 3A 4E 25 CE 01 [binary data] IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=2240de72-1345-4408-ac35-51665962ff6f&searchtype=ds&q={searchTerms}&installDate=08/04/2013 IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=2240de72-1345-4408-ac35-51665962ff6f&searchtype=ds&q={searchTerms}&installDate=08/04/2013 IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=2240de72-1345-4408-ac35-51665962ff6f&searchtype=hp&installDate=08/04/2013 IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=2240de72-1345-4408-ac35-51665962ff6f&searchtype=ds&q={searchTerms}&installDate=08/04/2013 IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=2240de72-1345-4408-ac35-51665962ff6f&searchtype=ds&q={searchTerms}&installDate=08/04/2013 IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3026991530-3128089919-3181730765-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://dub113.mail.live.com/default.aspx?id=64855#n=804009221&fid=1|https://www.facebook.com/" FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.30 FF - prefs.js..extensions.enabledAddons: firefox%40mega.co.nz:1.0.3 FF - prefs.js..extensions.enabledAddons: %7B99B98C2C-7274-45a3-A640-D9DF1A1C8460%7D:1.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.14 17:33:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.11 13:12:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.11 13:11:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.14 17:33:35 | 000,000,000 | ---D | M] [2011.10.19 16:46:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aik\AppData\Roaming\mozilla\Extensions [2013.04.08 22:38:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aik\AppData\Roaming\mozilla\Firefox\Profiles\8p6se4wh.default\extensions [2013.03.24 23:13:59 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Aik\AppData\Roaming\mozilla\Firefox\Profiles\8p6se4wh.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2013.03.25 17:47:56 | 000,004,366 | ---- | M] () (No name found) -- C:\Users\Aik\AppData\Roaming\mozilla\firefox\profiles\8p6se4wh.default\extensions\firefox@mega.co.nz.xpi [2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Aik\AppData\Roaming\mozilla\firefox\profiles\8p6se4wh.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2013.04.08 22:38:55 | 000,030,926 | ---- | M] () (No name found) -- C:\Users\Aik\AppData\Roaming\mozilla\firefox\profiles\8p6se4wh.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2013.03.26 17:38:27 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Aik\AppData\Roaming\mozilla\firefox\profiles\8p6se4wh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.11 13:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.11 13:11:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.03.11 13:12:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.23 23:06:35 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.02 21:08:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.23 23:06:35 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.23 23:06:35 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.23 23:06:35 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.23 23:06:35 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Nero MediaHome 4] C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKU\S-1-5-21-3026991530-3128089919-3181730765-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3026991530-3128089919-3181730765-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-3026991530-3128089919-3181730765-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16C78E3C-E336-44E5-8550-AB9CC17128FA}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A9DAD93-FD94-440C-AB7F-D351E9B4ED71}: DhcpNameServer = 213.162.69.169 213.162.69.170 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5255E45-312D-4944-9305-10EC517E439C}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.09 15:59:32 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Aik\Desktop\JRT(1).exe [2013.04.08 22:42:17 | 000,000,000 | ---D | C] -- C:\Users\Aik\Desktop\hosts [2013.04.08 18:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.04.08 18:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.04.02 17:05:00 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.02 17:04:46 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.02 15:47:03 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Aik\Desktop\tdsskiller.exe [2013.04.02 15:47:01 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Aik\Desktop\aswMBR.exe [2013.04.02 08:08:41 | 000,000,000 | ---D | C] -- C:\Users\Aik\Desktop\mbar-1.01.0.1022 [2013.03.27 12:24:17 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.27 12:24:17 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.27 12:24:17 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.26 18:41:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Aik\Desktop\OTL.exe [2013.03.26 18:39:52 | 000,000,000 | ---D | C] -- C:\Users\Aik\AppData\Roaming\Malwarebytes [2013.03.26 18:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.26 18:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.26 18:39:10 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.26 18:39:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.26 18:38:53 | 000,000,000 | ---D | C] -- C:\Users\Aik\AppData\Local\Programs [2013.03.26 17:39:25 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.20 20:35:37 | 000,000,000 | ---D | C] -- C:\Users\Aik\AppData\Roaming\Nero [2013.03.20 20:35:30 | 000,000,000 | ---D | C] -- C:\Users\Aik\AppData\Local\Nero [2013.03.20 20:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2013.03.20 20:33:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2013.03.20 20:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2013.03.20 20:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2013.03.20 20:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow [2013.03.20 20:28:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow [2013.03.20 20:25:44 | 000,000,000 | ---D | C] -- C:\Users\Aik\AppData\Local\Plex Media Server [2013.03.20 20:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plex [2013.03.14 13:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm [2013.03.14 12:07:00 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.14 12:06:58 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.14 12:06:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.14 12:06:58 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.14 12:06:58 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.14 12:06:58 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.14 12:06:58 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.11 13:18:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.03.11 13:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.03.11 13:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.03.11 13:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.03.11 13:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud [2013.03.11 13:11:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013.04.09 17:37:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.09 17:36:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.09 16:31:58 | 001,507,502 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.09 16:31:58 | 000,657,948 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.09 16:31:58 | 000,619,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.09 16:31:58 | 000,131,288 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.09 16:31:58 | 000,107,504 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.09 16:31:57 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.09 16:31:57 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.09 16:24:12 | 3218,358,272 | -HS- | M] () -- C:\hiberfil.sys [2013.04.09 15:59:27 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Aik\Desktop\JRT(1).exe [2013.04.08 22:47:35 | 000,613,083 | ---- | M] () -- C:\Users\Aik\Desktop\adwcleaner.exe [2013.04.02 15:41:41 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Aik\Desktop\aswMBR.exe [2013.04.02 15:40:49 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Aik\Desktop\tdsskiller.exe [2013.04.02 08:08:33 | 012,894,739 | ---- | M] () -- C:\Users\Aik\Desktop\mbar-1.01.0.1022.zip [2013.04.02 07:48:01 | 000,377,856 | ---- | M] () -- C:\Users\Aik\Desktop\gmer_2.1.19155.exe [2013.03.27 12:23:56 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.27 12:23:56 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.27 12:23:56 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.26 18:39:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.26 18:22:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aik\Desktop\OTL.exe [2013.03.20 20:33:41 | 000,002,403 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHome 4.lnk [2013.03.14 12:49:32 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.14 12:49:32 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.11 13:18:12 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk ========== Files Created - No Company Name ========== [2013.04.08 22:48:03 | 000,613,083 | ---- | C] () -- C:\Users\Aik\Desktop\adwcleaner.exe [2013.04.02 08:08:36 | 012,894,739 | ---- | C] () -- C:\Users\Aik\Desktop\mbar-1.01.0.1022.zip [2013.04.02 07:49:00 | 000,377,856 | ---- | C] () -- C:\Users\Aik\Desktop\gmer_2.1.19155.exe [2013.03.26 18:39:12 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.20 20:33:41 | 000,002,403 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHome 4.lnk [2013.03.20 20:28:45 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2013.03.11 13:18:12 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.07.12 13:42:34 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.05 13:15:06 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2012.03.05 13:15:06 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2011.12.27 01:36:30 | 000,003,584 | ---- | C] () -- C:\Users\Aik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.14 17:26:01 | 000,266,091 | ---- | C] () -- C:\Windows\hpwins23.dat [2011.11.14 17:07:52 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp [2011.10.19 21:44:24 | 000,142,504 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011.10.19 16:35:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > --- --- --- OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.04.2013 17:39:51 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aik\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 60,50% Memory free 7,99 Gb Paging File | 6,09 Gb Available in Paging File | 76,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 47,82 Gb Free Space | 49,02% Space Free | Partition Type: NTFS Drive D: | 368,10 Gb Total Space | 241,50 Gb Free Space | 65,61% Space Free | Partition Type: NTFS Computer Name: AIK-PC | User Name: Aik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3026991530-3128089919-3181730765-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Betrachten mit XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Betrachten mit XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2A53E98D-EB3E-476E-B9B4-BCE9C6DEF46C}" = lport=2869 | protocol=6 | dir=in | app=system | "{2BAA7748-B3E0-427D-A26B-88BC86005C0E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{327948ED-B0B9-451E-906E-F9DC4C50CDF4}" = lport=137 | protocol=17 | dir=in | app=system | "{37FFD3EE-C95C-4FF4-B470-E3924291BE07}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3AFF3FF1-B6AD-480D-837B-C07344C2ADFB}" = lport=10243 | protocol=6 | dir=in | app=system | "{46BCD3C7-72DA-40FF-9DEB-47E6A85F38D2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{52315860-A431-4DF3-BCC8-0AE872CB61FC}" = lport=2869 | protocol=6 | dir=in | app=system | "{5CA19FBF-C287-4C0E-86DE-D5497AF5AE8F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{60CE4D4C-1D83-4773-8481-C793A706D622}" = lport=445 | protocol=6 | dir=in | app=system | "{6334A1FB-13FC-4FA3-AA2F-6318E5333F3B}" = rport=10243 | protocol=6 | dir=out | app=system | "{64D995CF-9FA6-4856-82C1-7152A269B63E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{67560831-6C9A-45A6-B76F-15BF1743B6C1}" = rport=138 | protocol=17 | dir=out | app=system | "{6C678BFE-015B-438A-B70B-19D06B3DA02B}" = rport=137 | protocol=17 | dir=out | app=system | "{76A0A505-A807-451F-8766-ACD79FD87DAC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{87130262-C5E8-42CE-9A38-81C36316F664}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9C1212E9-2889-412C-858A-F5191266CD3C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{9F9B092F-7EC6-408B-B118-61D3DFB9E085}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A17FCED5-40FC-4C58-ADC3-85B932477707}" = rport=139 | protocol=6 | dir=out | app=system | "{A4F84749-4E75-44D2-863F-B0F2B2775DB4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B174CD6E-7638-41DC-8785-4B73544C999E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B36B05F6-BBAB-42A8-B637-3EF28A7B96ED}" = rport=445 | protocol=6 | dir=out | app=system | "{C09F49FD-564F-444F-8F9F-C6E03B1E1D62}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CD92B66E-1665-4C22-B339-05F97AB4DB1C}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{CE2D7455-8499-4236-9E9D-D412A21684E9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D6372555-7BB8-4341-8D47-C9729078E2CF}" = lport=139 | protocol=6 | dir=in | app=system | "{DDB7687E-E5DF-45C4-AADA-1A5834918543}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02515A9D-9E24-416D-9E5A-1A59EE22ECF6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{039DC8BE-0F37-490D-AB85-EEB9A73FB4C9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{046516AF-380C-4906-8093-8F288F1D4269}" = protocol=6 | dir=out | app=system | "{04AC5D6B-71FD-4175-A58C-49FAB32C9AD1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{05A0F4AD-03F8-4DF3-9313-99B9B87268E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0666E921-F228-4B57-A046-BFBA72A2BAFC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{0A657B33-9323-4535-81F7-4D77528FDBBA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{112F00D4-4F59-4A5C-B73A-9E07F2D18421}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{11AAE9EC-7BBD-431C-A1AC-75B837D97510}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{143E1ABB-8316-4468-962B-7E878CE1ABB2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{1BCB4F3A-C791-4D93-AB59-3EAE53B2B64E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{1CAF2F46-37B6-44A3-A890-2E3325B592D4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{1D53E3DD-C1F0-4CBF-A3BB-2177808A1F1D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1E37A0D3-C0D4-46A0-A83C-C18CD4C0DBAC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{20CC90CB-6AD0-4093-86E3-88BED90BF64E}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{27C2CA4E-4611-4FC0-BA01-4175DF584399}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{288773EE-0DC3-444E-815C-E9208D325AED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{34788860-3672-42A6-8451-608D9C88EED2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{356DC66D-A9AF-4D47-B06E-5EC61BE5408E}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero mediahome 4\nmmediaserverservice.exe | "{36A26C52-0AC5-4FA8-B96B-57F634320E02}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{38B7DD9B-BC3E-4E8D-8B15-9FA709687389}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{43FDA0CD-9CC0-4D62-B787-6B031A4A66EE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{45DA2AA2-823E-4E66-B450-C89A598A224D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{583B7B4A-6B85-46CE-92DC-6D80705A9AC4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{5841D848-5B6E-4A33-A459-F629E4907729}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{59527962-1573-4251-9E07-6E8CF3C35DB7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{63EFC62A-647D-42C2-B5F8-F3EDB3AC5745}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7ADE9411-0560-4E91-9265-813E3FFDED9C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{7E7FC168-ADFE-4B41-9411-DC9279320547}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{7FB800AD-5443-4F83-B85A-0B5B3958805A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{80E61BE1-FA67-4B89-80E9-7608B8010CAC}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero mediahome 4\nmmediaserverservice.exe | "{8B7427B9-6927-46ED-9AA1-2EA4254C3CB6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{8CB8310C-FD4B-4102-ABE9-8284B499BBB7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{93FEF2DB-874F-4D98-BBF7-E65CCC08A3E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A137C3E6-E68A-4EA4-BC5B-A11753A9DB6E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{B46E4973-84F5-4FE7-B551-726D88878717}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B69079EC-3341-4C2A-A84C-C5E707662925}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B6C76C67-4E16-415E-92E5-8CE49720CCC1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{C42451FD-2999-41AF-BD91-5AA7E2F76464}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{C651BC11-D38A-4030-BCD7-866EB9435352}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{C67CDC0B-930D-4275-B7DA-53EF87437625}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C83DE1D0-29A6-494E-9756-ABB11B209384}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{C9316605-FDB0-496B-9545-0313E7C789D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CA066705-1946-4560-89B1-10210203BFA3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D1A841CE-3F60-46E0-B16D-C05D68001409}" = dir=in | app=e:\setup\hpznui40.exe | "{D4CF376B-7B84-4551-9002-D2EB05EE9B42}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{E7A0FF0C-C58C-42D0-A3F4-22F73B524EB6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{EBE6442C-5C5E-4761-8425-17BECDE8BE89}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{F85270F0-F548-415C-B233-CAF9985D371F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{F9AA3143-A356-4525-8F70-09743043EFC9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F9BA4EF8-B000-4510-87D1-D314161F6874}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{FB3B4C93-C08B-4B01-8B75-06DCEFC92787}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FFC3555F-5870-451A-87BB-18A3CE98216D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64 "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit) "{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}" = HP Officejet 6500 E709 Series "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}" = AMD Catalyst Install Manager "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18 "{C91B24F6-1629-11E2-B696-21676188709B}" = PDF Split And Merge Basic "{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "HP Document Manager" = HP Document Manager 2.0 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Shop for HP Supplies" = Shop for HP Supplies [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{4f905097-477f-4f75-b410-4c47aa71fe49}" = Nero MediaHome 4 Essentials "{69FC3B9A-4149-43DB-A557-6ED0C8D8BA44}" = Nero MediaHome 4 Help "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{99EF387E-633E-4CFB-BFA3-AB961B685DDF}" = Nero MediaHome 4 "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter "ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09] "Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 2.1.6.320 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3026991530-3128089919-3181730765-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "f031ef6ac137efc5" = Dell Driver Download Manager ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 09.04.2013 10:25:17 | Computer Name = Aik-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 09.04.2013 10:24:18 | Computer Name = Aik-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 09.04.2013 10:24:18 | Computer Name = Aik-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 09.04.2013 11:36:45 | Computer Name = Aik-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 09.04.2013 11:36:46 | Computer Name = Aik-PC | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. < End of report > |
09.04.2013, 22:19 | #26 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Delta Search entfernen Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
09.04.2013, 22:19 | #27 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Delta Search entfernen Edit: Sieht gut aus. Noch Probleme offen?
__________________ Logfiles bitte immer in CODE-Tags posten |
13.04.2013, 16:47 | #28 |
| Delta Search entfernenCode:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.04.09.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Aik :: AIK-PC [Administrator] 13.04.2013 17:33:33 mbam-log-2013-04-13 (17-33-33).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 232461 Laufzeit: 3 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Danke! sollte noch etwas auftauchen, melde ich mich nochmal . |
13.04.2013, 16:57 | #29 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Delta Search entfernenZitat:
Programm- und Signaturversionen sind alt!
__________________ Logfiles bitte immer in CODE-Tags posten |
16.04.2013, 16:21 | #30 |
| Delta Search entfernenCode:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.16.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Aik :: AIK-PC [Administrator] 16.04.2013 17:14:57 mbam-log-2013-04-16 (17-14-57).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 233706 Laufzeit: 4 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
Themen zu Delta Search entfernen |
192.168.0.2, application/pdf:, avira, bho, bonjour, converter, delta search, delta search entfernen, desktop, entfernen, error, firefox, flash player, google, install.exe, internet, internet browser, internet explorer, logfile, malware, malware antivir entfernen, mozilla, mp3, officejet, plug-in, problem, programm, registrierungsdatenbank, registry, rundll, scan, security, software, svchost.exe, tab öffnen, tracker, unterstrichen, whatsapp, windows, wörter |