| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Appround.net VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.04.2013, 16:08
| #1 |
| |  Appround.net Virus Hallo, mein Name ist Hendrik und ich habe mich hier angemeldet weil ich nicht mehr weiter weiß und leider kein PC ass bin..  Würde mich dennoch freuen, wenn sich jemand mein Problem mal anschaut. Ab und an, öffnet sich auf beliebigen Seiten einfach ein Neues fenster mit Werbung, zb. für nen video converter. Ein name ist halt zb. Appround.net, keine ahnung was das sein soll... Außerdem ist mein Pc leider sehr lahm geworden, speziell das internet. auch Youtube läd komischer weise am pc und an meinem Smartphone, welches öfter mal mit dem PC verbunden ist nicht bzw. nur sperrlich. Habe auch schon gegoogelt und festgestellt, dass es noch andere mit dem Problem gibt, jedoch hab ich nix gefunden was mir irgendwie hilft... Hab mir sämtliche virenprogramme runtergeladen und durchlaufen lassen, leider bei keinem ein Ergebnis. Es wird immer von logs oder sowas geredet, ist dass die analyse von dem virenprogramm?? Jemand Erfahrung damit gemacht? oder kann mir tipps geben? Was auch komisch ist, dass ich zb. wenn ich in facebook nen Bild öffne jetzt rechts daneben werbung stehen habe, zb von irgendwelchen online spielotheken oO |
|
14.04.2013, 16:16
| #2 | ||
| /// TB-Ausbilder   | Appround.net Virus Hallo Hendrik,
__________________Zitat:
Zitat:
Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
(Die Logfiles bitte nicht anhängen (das erschwert mir das Auswerten massiv), sondern deren Inhalt direkt innerhalb von Codetags einfügen: [code]Inhalt Logfile[/code].)
__________________ |
|
14.04.2013, 16:25
| #3 |
| | Appround.net Virus Wow schnelle Antwort
__________________ alles klar werde ich machen danke  |
|
14.04.2013, 16:30
| #4 |
| /// TB-Ausbilder | Appround.net Virus Alles klar. 
__________________ cheers, Leo |
|
14.04.2013, 16:39
| #5 |
| | Appround.net Virus Ach du heilige.... ist ja nen ewig langer text  Einmal die datei names Extras.txtCode:
ATTFilter OTL Extras logfile created on: 14.04.2013 17:28:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zauberhut\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 39,94% Memory free
8,00 Gb Paging File | 4,91 Gb Available in Paging File | 61,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 331,61 Gb Free Space | 71,21% Space Free | Partition Type: NTFS
Computer Name: ZAUBERHUT-PC | User Name: Zauberhut | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3082126050-3975938828-783822626-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D9D082A-B5B5-4F50-BB2C-F48763DCC2D3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{10C2778A-63E1-4F75-9EF5-10BBB6EDDCED}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2.exe |
"{1A6AF6F6-DDDA-4F5F-9350-FC92D28167AB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1B8DA278-6645-4848-8CA4-04FF5C5485EB}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{1F8A349A-FE3A-47FE-846A-D72D6122D623}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{2771E7D9-4133-43F6-9F4A-0EBB528D892C}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2.exe |
"{2864F626-9FDF-4C7D-A661-725012FD8008}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{397CDA72-F2AE-4DDC-8431-003B852ED17D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3AFC4DFA-4558-4859-8B79-465F8733A5BC}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{3BE2DBEB-18D7-478E-BF6F-1E9729A4C5FF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{4B6B3289-FD63-4333-9D4F-C5B2FD1E23DD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{52DABE44-36E8-4922-86A7-B7F43A9C5425}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2oa.exe |
"{5893948F-7154-4C09-B557-DFE50AE16463}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{67F5314D-BD27-46A3-86EF-1B4B34DEDBD0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{6D2D5990-D440-4B6F-88F3-D7FB78EF6367}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2oa.exe |
"{769A3FDB-9DE5-42A0-850C-FBC8F6522A51}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{7A8D35B7-074B-4EAE-8419-82D19490D87E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{83CE15A9-BB21-4389-B78F-98476868DC0F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{88B5DD4A-4FFC-4C69-905B-0D378CF7EF22}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{8C9CE69F-4321-4F07-B43B-D2C0A71FB7D3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{912302BB-29A2-42D0-AE44-3F103733452E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{942AE56D-80A1-4D4D-8724-FCC407F44DFE}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9A32020C-57E9-4A20-8AAC-23B17346F9FE}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{9EA0EE9A-DA72-4763-AAD4-D7DE62017256}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{A1F686BA-16F0-4192-8E78-6FAAC8B1FE25}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{AA9AD8E6-60E7-4E88-AFC5-BB243E7AC089}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{AAECF91C-0BD1-461A-9E34-DFD9B28E27D7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B111DF0E-7B10-45A0-B159-4B5DA770FFAA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{B5B4693E-7D9B-4BAC-B8A4-7213F3C28594}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B71B33F2-7175-4EF2-AE44-5D7BA44504D6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{BD9A37D7-AE3B-4BD0-B54A-16579F92963C}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{BE51BBEC-DD40-4001-B4EB-99C07D8658A8}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{C6A4DAD7-BAEC-46E9-9A4A-E4D81F863B63}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C9FE38DD-7479-4CED-91BF-50C7EF6AC7BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D6F7F71E-60BA-41F9-8FF7-762965C21034}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{E4BE802E-BC33-4D52-82E3-B102F83F46C1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{EE0E0ED6-FE77-4CCA-9878-1EBAB4CDBEE0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{EFB9FDEB-4555-4DC5-A6DA-D87A10AB7995}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F2394718-ABCD-4DE6-8AEB-A235FDF70BBF}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{F26E6759-A83D-438B-B85C-DFDB852DBB58}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F8FC7CB8-0097-4373-B10C-4CE702C2BEFE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"TCP Query User{3E27B0A8-FF26-4E47-8EC3-9227E7E496E7}C:\program files (x86)\steam\steamapps\heni95\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\heni95\team fortress 2\hl2.exe |
"TCP Query User{84E73407-31AD-4584-A359-C369DF488D12}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe |
"TCP Query User{A30A0504-5F5E-4756-B2B8-FEA46AD153B9}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe |
"TCP Query User{FDA53B9A-FD0C-4D31-9692-DE758A1AB059}C:\program files\bohemia interactive\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2\expansion\beta\arma2oa.exe |
"UDP Query User{1F9FBCA0-8092-4C08-AB47-845C26BC96F4}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe |
"UDP Query User{2F7D66F6-3776-414B-969F-5C6F5DD351F5}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe |
"UDP Query User{C72D195C-39F1-4653-AB13-090288FD2A44}C:\program files (x86)\steam\steamapps\heni95\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\heni95\team fortress 2\hl2.exe |
"UDP Query User{DF9A1BB9-9180-4E00-BC34-7E541FD8C9F4}C:\program files\bohemia interactive\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2\expansion\beta\arma2oa.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C818871-6337-17AC-CA8C-A3942F15D92A}" = AMD Accelerated Video Transcoding
"{251481E4-723F-492F-F5C1-3424FB2EF44E}" = AMD Drag and Drop Transcoding
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54FFD5AC-7350-52B9-FB8F-1A8A6CF1FB5B}" = AMD Media Foundation Decoders
"{A253A57F-4319-49B5-B405-64587FFBCFE2}" = HP Photosmart B109a-m All-in-One Driver Software 14.0 Rel. 6
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BA6FCD-1701-4AB9-8A1B-59008261695E}" = PS_AIO_06_B109a-m_SW_Min
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German
"{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek
"{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian
"{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional
"{60101C13-2C13-48FB-855D-33D9F3013133}" = B109a-m
"{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard
"{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean
"{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff
"{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish
"{8E634921-4547-4CA9-AF79-08B735431C12}" = Play withSIX
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{918F769E-02E8-44EC-8373-4888B23B2492}" = ROCCAT Pyra Mouse Driver
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian
"{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.7
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian
"{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = Catalyst Control Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian
"{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All
"{DAF650C8-AFE5-3460-E1C4-B9716D2DA5D2}" = Catalyst Control Center InstallProxy
"{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}" = Internet Explorer Toolbar 4.8 by SweetPacks
"{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English
"{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch
"{E26BD696-7CB8-46F1-A2FE-86814CEF40AA}" = DayZ Commander
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common
"{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese
"{F075020E-43B2-4F2C-9723-C81CE162E7B6}" = Ad-Aware Antivirus
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"7-Zip" = 7-Zip 9.20
"adawaretb" = Ad-Aware Security Add-on
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArmA 2" = ArmA 2 Uninstall
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye" = BattlEye Uninstall
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"bi_uninstaller" = Bundled software uninstaller
"entrusted Toolbar" = entrusted Toolbar
"ESN Sonar-0.70.4" = ESN Sonar
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"Google Chrome" = Google Chrome
"lrcspal@xinghao.net" = LyricsPal
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"PhotoScape" = PhotoScape
"PunkBusterSvc" = PunkBuster Services
"SearchProtect" = Search Protect by conduit
"Steam App 550" = Left 4 Dead 2
"SweetIM Bundle by SweetPacks" = SweetIM Bundle by SweetPacks
"Trojan Remover_is1" = Trojan Remover 6.8.5
"WNLT" = SweetPacks Updater
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3082126050-3975938828-783822626-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 PSG" = gamelauncher-ps2-psg
"soe-PlanetSide 2 PSG" = PlanetSide 2
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.03.2013 12:40:11 | Computer Name = Zauberhut-PC | Source = Application Hang | ID = 1002
Description = Programm arma2oa.exe, Version 1.62.102.591 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 7ab0 Startzeit:
01ce2c9c0c23f089 Endzeit: 4 Anwendungspfad: C:\Program files\Bohemia Interactive\ArmA
2\Expansion\beta\arma2oa.exe Berichts-ID: 500009d3-988f-11e2-ac9a-bc05430e150b
Error - 31.03.2013 14:26:34 | Computer Name = Zauberhut-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Zauberhut\Downloads\SoftonicDownloader_fuer_photoscape.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 31.03.2013 14:26:36 | Computer Name = Zauberhut-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Zauberhut\Downloads\SoftonicDownloader_fuer_directx(1).exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 31.03.2013 14:26:37 | Computer Name = Zauberhut-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Zauberhut\Downloads\SoftonicDownloader_fuer_magix-pc-check-tuning.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 31.03.2013 14:26:37 | Computer Name = Zauberhut-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Zauberhut\Downloads\SoftonicDownloader_fuer_directx.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 01.04.2013 12:11:27 | Computer Name = Zauberhut-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 01.04.2013 12:22:12 | Computer Name = Zauberhut-PC | Source = MsiInstaller | ID = 11609
Description =
Error - 01.04.2013 12:26:35 | Computer Name = Zauberhut-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 14c8 Startzeit: 01ce2ef59f474028 Endzeit: 7 Anwendungspfad:
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe Berichts-ID: e08c512d-9ae8-11e2-af8f-bc05430e150b
Error - 09.04.2013 10:32:36 | Computer Name = Zauberhut-PC | Source = MsiInstaller | ID = 11609
Description =
Error - 12.04.2013 13:48:37 | Computer Name = Zauberhut-PC | Source = Application Hang | ID = 1002
Description = Programm left4dead2.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 13c30 Startzeit:
01ce37a5128b8fa0 Endzeit: 240 Anwendungspfad: c:\program files (x86)\steam\steamapps\common\left
4 dead 2\left4dead2.exe Berichts-ID:
[ System Events ]
Error - 23.03.2013 09:37:10 | Computer Name = Zauberhut-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 23.03.2013 17:42:32 | Computer Name = Zauberhut-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?23.?03.?2013 um 20:10:44 unerwartet heruntergefahren.
Error - 28.03.2013 12:35:45 | Computer Name = Zauberhut-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 28.03.2013 12:35:45 | Computer Name = Zauberhut-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 30.03.2013 13:09:48 | Computer Name = Zauberhut-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?30.?03.?2013 um 18:08:26 unerwartet heruntergefahren.
Error - 01.04.2013 12:11:27 | Computer Name = Zauberhut-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.
Error - 02.04.2013 14:30:37 | Computer Name = Zauberhut-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 02.04.2013 14:30:37 | Computer Name = Zauberhut-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 02.04.2013 14:47:54 | Computer Name = Zauberhut-PC | Source = DCOM | ID = 10010
Description =
Error - 10.04.2013 12:20:58 | Computer Name = Zauberhut-PC | Source = DCOM | ID = 10010
Description =
< End of report >
und einmal die Datei OTL.txt Code:
ATTFilter OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zauberhut\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 39,94% Memory free 8,00 Gb Paging File | 4,91 Gb Available in Paging File | 61,46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 331,61 Gb Free Space | 71,21% Space Free | Partition Type: NTFS Computer Name: ZAUBERHUT-PC | User Name: Zauberhut | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.14 17:25:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zauberhut\Desktop\OTL.exe PRC - [2013.04.11 16:28:08 | 002,730,784 | ---- | M] (Conduit) -- C:\Users\Zauberhut\AppData\Roaming\SearchProtect\bin\cltmng.exe PRC - [2013.04.10 08:56:41 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.03.29 21:53:56 | 001,631,144 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2013.03.19 18:17:09 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe PRC - [2013.03.18 15:25:02 | 000,020,784 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe PRC - [2013.03.18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe PRC - [2013.03.18 03:25:44 | 018,828,128 | ---- | M] (Lavasoft Limited) -- C:\PROGRA~2\AD-AWA~1\AdAware.exe PRC - [2013.03.06 14:36:52 | 000,093,984 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe PRC - [2013.02.11 12:47:42 | 000,673,192 | ---- | M] (Lavasoft.) -- C:\ProgramData\Search Protection\SearchProtection.exe PRC - [2013.02.11 12:47:28 | 000,101,288 | ---- | M] (Visicom Media Inc.) -- C:\Program Files (x86)\adawaretb\ffHelper.exe PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2013.01.31 17:11:58 | 000,542,632 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2012.11.14 21:47:48 | 000,468,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe PRC - [2012.10.04 16:34:36 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.09.20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe PRC - [2012.08.08 12:56:59 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.10 13:51:16 | 000,026,016 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe PRC - [2012.05.11 18:48:36 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.11 18:48:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.03.11 02:25:17 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.11.20 14:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2010.10.22 03:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe PRC - [2009.12.07 23:54:32 | 000,528,384 | ---- | M] (ROCCAT) -- C:\Users\Zauberhut\Documents\PyraMonitor.EXE ========== Modules (No Company Name) ========== MOD - [2013.04.10 08:56:55 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.03.29 21:53:56 | 001,114,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL MOD - [2013.03.27 02:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2013.03.26 00:23:34 | 000,651,776 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll MOD - [2013.03.19 18:17:08 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll MOD - [2013.03.18 15:25:02 | 000,020,784 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe MOD - [2013.03.18 15:24:18 | 000,290,304 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\lmrn.dll MOD - [2013.03.18 12:32:28 | 000,362,029 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\sqlite3.dll MOD - [2012.12.11 19:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2012.12.11 19:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2012.12.11 19:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2009.09.30 23:08:46 | 000,061,440 | ---- | M] () -- C:\Users\Zauberhut\Documents\hiddriver.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.02.27 13:24:38 | 001,273,648 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService) SRV:64bit: - [2012.02.15 05:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.04.10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.03.19 18:46:44 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service) SRV - [2013.03.06 14:36:52 | 000,093,984 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.09.20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc) SRV - [2012.05.11 18:48:36 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.11 18:48:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.03.11 02:25:17 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.11.28 23:38:00 | 004,229,912 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.14 12:29:14 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto) DRV:64bit: - [2012.05.11 18:48:37 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.11 18:48:37 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.02.15 04:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.12.05 21:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.25 03:00:00 | 000,714,368 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn) DRV:64bit: - [2010.10.25 03:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.10.22 03:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010006.10035&barid={DAD18474-A38A-11E2-A731-BC05430E150B} IE - HKLM\..\URLSearchHook: {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Program Files (x86)\entrusted\prxtbentr.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10035&barid={DAD18474-A38A-11E2-A731-BC05430E150B} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=3717FEBB6BF261B274D571516A853046 IE - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3D 02 9B 53 1C FE CC 01 [binary data] IE - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\..\URLSearchHook: {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Program Files (x86)\entrusted\prxtbentr.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=3717FEBB6BF261B274D571516A853046&q={searchTerms} IE - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\..\SearchScopes\{58F49216-0E5C-4F3B-98B0-4F7E6159E21E}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN16525016381836714 IE - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE474 IE - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={DAD18474-A38A-11E2-A731-BC05430E150B}&crg=3.1010006.10035&st=23 IE - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CT3281675.browser.search.defaultthis.engineName: "true" FF - prefs.js..browser.search.defaultthis.engineName: "entrusted Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&CUI=UN31703939872132920&UM=2&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "SecureSearch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=3717FEBB6BF261B274D571516A853046" FF - prefs.js..extensions.enabledAddons: lrcspal%40xinghao.net:1.110 FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:2.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..keyword.URL: "hxxp://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=url&toolbarid=adawaretb&u=3717FEBB6BF261B274D571516A853046&q=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.08.16 19:56:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.14 12:30:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.08.16 19:56:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lrcspal@xinghao.net: C:\Program Files (x86)\XingHaoLyrics\FF\ [2013.04.12 18:07:33 | 000,000,000 | ---D | M] [2012.03.09 20:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zauberhut\AppData\Roaming\mozilla\Extensions [2013.04.14 12:30:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zauberhut\AppData\Roaming\mozilla\Firefox\Profiles\u4prr00h.default\extensions [2013.04.14 12:30:20 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\Zauberhut\AppData\Roaming\mozilla\Firefox\Profiles\u4prr00h.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2013.04.12 14:57:16 | 000,000,000 | ---D | M] (entrusted) -- C:\Users\Zauberhut\AppData\Roaming\mozilla\Firefox\Profiles\u4prr00h.default\extensions\{e44a1809-4d10-4ab8-b343-3326b64c7cdd} [2012.03.11 01:05:04 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Users\Zauberhut\AppData\Roaming\mozilla\Firefox\Profiles\u4prr00h.default\extensions\ffxtlbra@softonic.com [2013.04.14 12:30:28 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Zauberhut\AppData\Roaming\mozilla\Firefox\Profiles\u4prr00h.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012.12.11 19:22:11 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Zauberhut\AppData\Roaming\mozilla\firefox\profiles\u4prr00h.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.03.09 14:04:29 | 000,000,995 | ---- | M] () -- C:\Users\Zauberhut\AppData\Roaming\mozilla\firefox\profiles\u4prr00h.default\searchplugins\conduit.xml [2013.04.12 18:06:05 | 000,004,108 | ---- | M] () -- C:\Users\Zauberhut\AppData\Roaming\mozilla\firefox\profiles\u4prr00h.default\searchplugins\SweetIM Search.xml [2013.04.14 12:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.12 15:39:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.04.12 18:07:33 | 000,000,000 | ---D | M] ("LyricsPal") -- C:\PROGRAM FILES (X86)\XINGHAOLYRICS\FF [2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.04.14 12:30:24 | 000,000,628 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml [2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: SecureSearch (Enabled) CHR - default_search_provider: search_url = hxxp://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=3717FEBB6BF261B274D571516A853046&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=3717FEBB6BF261B274D571516A853046 CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - Extension: YouTube = C:\Users\Zauberhut\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Zauberhut\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: entrusted = C:\Users\Zauberhut\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk\10.15.2.523_0\ CHR - Extension: SecureSearch = C:\Users\Zauberhut\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfffjahnfbocnaooecgijfnbpcfekoik\1.0.0.1_0\ CHR - Extension: Skype Click to Call = C:\Users\Zauberhut\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\ CHR - Extension: LyricsPal = C:\Users\Zauberhut\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiopbgcekanlhpjkonogoljpfmhpkhf\1.110_0\ CHR - Extension: Google Mail = C:\Users\Zauberhut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (LyricsPal) - {A3DAEB01-4C15-4AC6-A689-6406FD954EE0} - C:\Program Files (x86)\XingHaoLyrics\lrcspal.dll (XingHao Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (entrusted Toolbar) - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Program Files (x86)\entrusted\prxtbentr.dll (Conduit Ltd.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O3 - HKLM\..\Toolbar: (entrusted Toolbar) - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Program Files (x86)\entrusted\prxtbentr.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\..\Toolbar\WebBrowser: (entrusted Toolbar) - {E44A1809-4D10-4AB8-B343-3326B64C7CDD} - C:\Program Files (x86)\entrusted\prxtbentr.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [ROCCAT Pyra Mouse] C:\Users\Zauberhut\Documents\PyraMonitor.EXE (ROCCAT) O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit) O4 - HKLM..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3082126050-3975938828-783822626-1000..\Run: [DriverScanner] C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited) O4 - HKU\S-1-5-21-3082126050-3975938828-783822626-1000..\Run: [SearchProtect] C:\Users\Zauberhut\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit) O4 - HKU\S-1-5-21-3082126050-3975938828-783822626-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3082126050-3975938828-783822626-1000..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f File not found O4 - HKU\S-1-5-21-3082126050-3975938828-783822626-1000..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Zauberhut\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Zauberhut\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80910FD1-DDB0-4D82-B025-7F0891705996}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8388DB9-3C8E-4E8E-9E31-D51947B807FA}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{15b948fe-22b7-11e2-a4e4-001a4f4b2326}\Shell - "" = AutoRun O33 - MountPoints2\{15b948fe-22b7-11e2-a4e4-001a4f4b2326}\Shell\AutoRun\command - "" = F:\pushinst.exe O33 - MountPoints2\{b1d16d19-6a0e-11e1-a9c3-00241ddfefca}\Shell - "" = AutoRun O33 - MountPoints2\{b1d16d19-6a0e-11e1-a9c3-00241ddfefca}\Shell\AutoRun\command - "" = F:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.14 17:25:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Zauberhut\Desktop\OTL.exe [2013.04.14 13:06:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013.04.14 13:05:15 | 000,000,000 | ---D | C] -- C:\Users\Zauberhut\Documents\Simply Super Software [2013.04.14 13:05:15 | 000,000,000 | ---D | C] -- C:\Users\Zauberhut\AppData\Roaming\Simply Super Software [2013.04.14 13:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2013.04.14 13:05:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2013.04.14 13:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2013.04.14 12:36:00 | 000,000,000 | ---D | C] -- C:\Users\Zauberhut\AppData\Roaming\LavasoftStatistics [2013.04.14 12:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus [2013.04.14 12:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus [2013.04.14 12:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2013.04.14 12:31:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus [2013.04.14 12:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations [2013.04.14 12:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Search Protection [2013.04.14 12:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars [2013.04.14 12:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\adawaretb [2013.04.14 12:30:35 | 000,000,000 | ---D | C] -- C:\Users\Zauberhut\AppData\Local\adawarebp [2013.04.14 12:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection [2013.04.14 12:30:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner [2013.04.14 12:30:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb [2013.04.14 12:29:16 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2013.04.14 12:29:16 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.04.14 12:29:13 | 000,000,000 | ---D | C] -- C:\Users\Zauberhut\AppData\Roaming\Ad-Aware Antivirus [2013.04.14 12:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.04.12 18:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IZArc [2013.04.12 18:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IZArc [2013.04.12 18:07:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XingHaoLyrics [2013.04.12 18:06:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM [2013.04.12 18:06:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM [2013.04.12 18:06:01 | 000,035,328 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2013.04.12 18:06:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT [2013.04.12 18:06:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\jmdp [2013.04.12 18:06:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ARFC [2013.04.12 18:06:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sweetpacks bundle uninstaller [2013.04.12 17:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.04.12 17:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2013.04.12 15:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.10 18:21:19 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.10 18:21:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.10 18:21:18 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.10 18:21:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.10 18:21:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.10 18:21:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.10 18:21:18 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.04.10 18:21:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.04.10 18:21:17 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.10 18:21:17 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.04.10 18:21:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.04.10 18:21:17 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.10 18:21:16 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.10 18:21:16 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.10 18:21:16 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.10 17:30:21 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.10 17:30:21 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.04.10 17:30:20 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.04.10 17:30:20 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.04.10 17:30:20 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.04.10 17:30:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.04.10 17:22:30 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.10 17:22:29 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.10 17:22:29 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.10 17:22:28 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.10 17:22:28 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.10 17:22:28 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.04.06 19:52:53 | 000,000,000 | ---D | C] -- C:\Users\Zauberhut\Desktop\Kopie von Klassenfahrt '10 [2013.04.06 19:51:07 | 000,000,000 | ---D | C] -- C:\Users\Zauberhut\Desktop\Tag 5 - Assis [2013.04.06 19:50:53 | 000,000,000 | ---D | C] -- C:\Users\Zauberhut\Desktop\Tag 3 - Piraten [2013.03.29 18:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive Studio [2013.03.26 08:09:23 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.24 18:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.03.21 14:49:05 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2013.03.21 14:49:05 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2013.03.21 14:49:05 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2013.03.21 14:49:01 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2013.03.21 14:48:54 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2013.03.21 14:48:54 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2013.03.21 14:48:54 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2013.03.21 14:48:54 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2013.03.21 14:48:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2013.03.21 14:48:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2013.03.21 14:48:48 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2013.03.21 14:47:29 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.03.20 15:16:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2013.03.20 15:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2013.03.19 18:46:27 | 015,859,416 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013.03.19 18:17:58 | 000,000,000 | ---D | C] -- C:\Users\Zauberhut\AppData\Local\Macromedia [2013.03.19 18:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2013.03.19 18:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2013.03.19 18:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan [2013.03.19 18:17:09 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.18 21:37:36 | 001,085,344 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.03.18 21:37:36 | 000,963,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.03.18 21:37:36 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.03.18 21:37:22 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.03.18 21:37:22 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.03.18 21:37:22 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.03.18 21:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.14 17:25:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zauberhut\Desktop\OTL.exe [2013.04.14 17:11:02 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.14 16:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.14 13:05:13 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2013.04.14 12:55:12 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.14 12:55:12 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.14 12:55:12 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.14 12:55:12 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.14 12:55:12 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.14 12:36:02 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2013.04.14 12:29:14 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2013.04.14 12:29:14 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.04.14 12:17:34 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.04.14 12:13:51 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\LyricsPal Update.job [2013.04.14 12:13:44 | 000,000,921 | ---- | M] () -- C:\Users\Zauberhut\Documents\Config.ini [2013.04.14 12:13:41 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.14 12:13:41 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job [2013.04.14 11:58:54 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.14 11:58:54 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.14 11:51:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.14 11:51:33 | 3220,033,536 | -HS- | M] () -- C:\hiberfil.sys [2013.04.12 18:24:46 | 000,005,120 | -H-- | M] () -- C:\Users\Zauberhut\Desktop\photothumb.db [2013.04.06 16:11:06 | 000,001,288 | ---- | M] () -- C:\Users\Zauberhut\Desktop\Dokument.rtf [2013.03.24 18:30:43 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.03.24 18:30:43 | 000,002,046 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.03.20 18:30:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_ZuneDriver_01_09_00.Wdf [2013.03.20 18:30:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_winusb_01009.Wdf [2013.03.20 15:26:03 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll [2013.03.20 15:26:03 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll [2013.03.19 18:46:43 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.19 18:46:43 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.19 18:46:27 | 015,859,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013.03.19 08:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.03.19 07:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.03.19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.03.19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.03.19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.03.19 05:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.03.18 21:37:09 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.03.18 21:37:07 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.03.18 21:37:07 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.03.18 21:37:07 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.03.18 21:37:07 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.03.18 21:37:07 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.14 13:05:13 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2013.04.14 12:31:24 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2013.04.14 12:17:34 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.04.14 12:17:34 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.04.12 18:07:33 | 000,000,414 | ---- | C] () -- C:\Windows\tasks\LyricsPal Update.job [2013.04.12 18:06:01 | 001,273,648 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe [2013.03.20 18:30:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_ZuneDriver_01_09_00.Wdf [2013.03.20 18:30:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_winusb_01009.Wdf [2013.03.19 18:17:14 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.03.19 18:17:14 | 000,002,046 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.03.19 18:17:10 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.04 19:12:32 | 000,220,338 | ---- | C] () -- C:\Users\Zauberhut\1074726_90_1348945375.jpg [2012.10.04 19:09:51 | 000,136,839 | ---- | C] () -- C:\Users\Zauberhut\1081213_web.jpg [2012.10.04 19:09:11 | 000,485,294 | ---- | C] () -- C:\Users\Zauberhut\.jpg [2012.08.16 19:53:57 | 000,148,131 | ---- | C] () -- C:\Windows\hpoins38.dat.temp [2012.08.16 19:53:57 | 000,000,548 | ---- | C] () -- C:\Windows\hpomdl38.dat.temp [2012.06.01 20:44:50 | 000,679,936 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.06.01 20:44:50 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.03.25 21:06:21 | 000,182,934 | ---- | C] () -- C:\Windows\hpoins38.dat [2012.03.25 21:06:21 | 000,000,548 | ---- | C] () -- C:\Windows\hpomdl38.dat [2012.03.11 02:24:03 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.03.11 02:24:02 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.03.11 02:24:02 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.03.09 20:05:28 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll [2012.03.09 20:03:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.02.14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Also ich seh da leider nur chinesisches Latein  |
|
14.04.2013, 16:49
| #6 |
| /// TB-Ausbilder | Appround.net Virus Hi, da ist ziemlich viel Mist drauf.. Räumen wir ein bisschen auf:  Hinweis: Mehrere AV-HintergrundwächterMir ist aufgefallen, dass du mehr als ein Antivirus-Programm mit Hintergrundwächter laufen hast:
Entscheide dich für eines dieser Programme und deinstalliere die anderen über Start -> Systemsteuerung -> Programme und Funktionen (Vista & Win 7) bzw. Start -> Systemsteuerung -> Software (Win XP). Schritt 1
Schritt 2 Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ --> Appround.net Virus |
|
14.04.2013, 17:26
| #7 |
| | Appround.net Virus einmal vom Adw cleaner Code:
ATTFilter # AdwCleaner v2.200 - Datei am 14/04/2013 um 18:08:35 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Zauberhut - ZAUBERHUT-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Zauberhut\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Zauberhut\AppData\Roaming\Mozilla\Firefox\Profiles\u4prr00h.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Zauberhut\AppData\Roaming\Mozilla\Firefox\Profiles\u4prr00h.default\searchplugins\SweetIM Search.xml
Gelöscht mit Neustart : C:\Users\Zauberhut\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\entrusted
Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\ProgramData\search protection
Ordner Gelöscht : C:\Users\Zauberhut\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Zauberhut\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk
Ordner Gelöscht : C:\Users\Zauberhut\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Zauberhut\AppData\LocalLow\entrusted
Ordner Gelöscht : C:\Users\Zauberhut\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Zauberhut\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Zauberhut\AppData\Roaming\Mozilla\Firefox\Profiles\u4prr00h.default\CT3281675
Ordner Gelöscht : C:\Users\Zauberhut\AppData\Roaming\Mozilla\Firefox\Profiles\u4prr00h.default\extensions\{e44a1809-4d10-4ab8-b343-3326b64c7cdd}
Ordner Gelöscht : C:\Users\Zauberhut\AppData\Roaming\Mozilla\Firefox\Profiles\u4prr00h.default\extensions\ffxtlbra@softonic.com
Ordner Gelöscht : C:\Users\Zauberhut\AppData\Roaming\Mozilla\Firefox\Profiles\u4prr00h.default\jetpack
Ordner Gelöscht : C:\Users\Zauberhut\AppData\Roaming\Mozilla\Firefox\Profiles\u4prr00h.default\Smartbar
Ordner Gelöscht : C:\Users\Zauberhut\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\entrusted
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E44A1809-4D10-4AB8-B343-3326B64C7CDD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E44A1809-4D10-4AB8-B343-3326B64C7CDD}
Schlüssel Gelöscht : HKCU\Software\SearchProtect
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3281675
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\entrusted
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{01335480-2AED-4070-AFF3-B4C8BC22FF35}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{01335480-2AED-4070-AFF3-B4C8BC22FF35}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E44A1809-4D10-4AB8-B343-3326B64C7CDD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAB1A6F6-3C19-44DE-A3A2-9A651DC56F90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B8451CD6-A15E-4D3C-9BCB-DD1300D0A64A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E44A1809-4D10-4AB8-B343-3326B64C7CDD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\entrusted Toolbar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E44A1809-4D10-4AB8-B343-3326B64C7CDD}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E44A1809-4D10-4AB8-B343-3326B64C7CDD}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{E44A1809-4D10-4AB8-B343-3326B64C7CDD}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{E44A1809-4D10-4AB8-B343-3326B64C7CDD}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010006.10035&barid={DAD18474-A38A-11E2-A731-BC05430E150B} --> hxxp://www.google.com
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\Zauberhut\AppData\Roaming\Mozilla\Firefox\Profiles\u4prr00h.default\prefs.js
C:\Users\Zauberhut\AppData\Roaming\Mozilla\Firefox\Profiles\u4prr00h.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT3281675.1000082.isPlayDisplay", "true");
Gelöscht : user_pref("CT3281675.1000082.shrinkState", "shrinked");
Gelöscht : user_pref("CT3281675.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Gelöscht : user_pref("CT3281675.1000234.TWC_TMP_city", "BERLIN");
Gelöscht : user_pref("CT3281675.1000234.TWC_TMP_country", "DE");
Gelöscht : user_pref("CT3281675.1000234.TWC_country", "GERMANY");
Gelöscht : user_pref("CT3281675.1000234.TWC_locId", "GMXX0007");
Gelöscht : user_pref("CT3281675.1000234.TWC_location", "Berlin, Germany");
Gelöscht : user_pref("CT3281675.1000234.TWC_region", "DE");
Gelöscht : user_pref("CT3281675.1000234.TWC_temp_dis", "c");
Gelöscht : user_pref("CT3281675.1000234.TWC_wind_dis", "kmh");
Gelöscht : user_pref("CT3281675.1000234.weatherData", "{\"icon\":\"30.png\",\"temperature\":\"-2°C\",\"temperat[...]
Gelöscht : user_pref("CT3281675.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3281675.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT3281675.FF19Solved", "true");
Gelöscht : user_pref("CT3281675.Facebook_Mode.enc", "Mg==");
Gelöscht : user_pref("CT3281675.Facebook_User_Locale.enc", "ZGU=");
Gelöscht : user_pref("CT3281675.FirstTime", "true");
Gelöscht : user_pref("CT3281675.FirstTimeFF3", "true");
Gelöscht : user_pref("CT3281675.PG_ENABLE", "dHJ1ZQ==");
Gelöscht : user_pref("CT3281675.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT328[...]
Gelöscht : user_pref("CT3281675.UserID", "UN31703939872132920");
Gelöscht : user_pref("CT3281675.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT3281675.amazonNew_All.enc", "MjM0MzkxLDM4Mjg4NzEsMjM0NTExLDIwMTMwNjdoQUJ4YjQ0MFNRU2NaTX[...]
Gelöscht : user_pref("CT3281675.appButtonDisablenull.enc", "MA==");
Gelöscht : user_pref("CT3281675.autoDisableScopes", -1);
Gelöscht : user_pref("CT3281675.browser.search.defaultthis.engineName", "true");
Gelöscht : user_pref("CT3281675.defaultSearch", "true");
Gelöscht : user_pref("CT3281675.ebayClientAlertCT3281675.enc", "W10=");
Gelöscht : user_pref("CT3281675.ebayFirstTimeTokenCT3281675.enc", "MQ==");
Gelöscht : user_pref("CT3281675.embeddedsData", "[{\"appId\":\"130036105453116013\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT3281675.enableAlerts", "always");
Gelöscht : user_pref("CT3281675.enableFix404ByUser", "FALSE");
Gelöscht : user_pref("CT3281675.enableSearchFromAddressBar", "true");
Gelöscht : user_pref("CT3281675.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT3281675.fixPageNotFoundError", "true");
Gelöscht : user_pref("CT3281675.fixPageNotFoundErrorByUser", "true");
Gelöscht : user_pref("CT3281675.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT3281675.fixUrls", true);
Gelöscht : user_pref("CT3281675.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9[...]
Gelöscht : user_pref("CT3281675.hxxp___pinterest_aot_im.isEnabled.enc", "WQ==");
Gelöscht : user_pref("CT3281675.hxxp___shop_conduitapps_com_v2_6_0.APP_WIN_FEATURES.enc", "b3BlbnBvc2l0aW9uPWFs[...]
Gelöscht : user_pref("CT3281675.installDate", "9/3/2013 13:04:29");
Gelöscht : user_pref("CT3281675.installId", "conduitinstaller.exe");
Gelöscht : user_pref("CT3281675.installType", "conduitnsisintegration");
Gelöscht : user_pref("CT3281675.isCheckedStartAsHidden", true);
Gelöscht : user_pref("CT3281675.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3281675.isFirstTimeToolbarLoading", "false");
Gelöscht : user_pref("CT3281675.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT3281675.keyword", "true");
Gelöscht : user_pref("CT3281675.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Gelöscht : user_pref("CT3281675.lastVersion", "10.14.65.43");
Gelöscht : user_pref("CT3281675.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Gelöscht : user_pref("CT3281675.migrateAppsAndComponents", true);
Gelöscht : user_pref("CT3281675.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FR[...]
Gelöscht : user_pref("CT3281675.openThankYouPage", "false");
Gelöscht : user_pref("CT3281675.openUninstallPage", "true");
Gelöscht : user_pref("CT3281675.revertSettingsEnabled", "false");
Gelöscht : user_pref("CT3281675.search.searchAppId", "130036105453116013");
Gelöscht : user_pref("CT3281675.search.searchCount", "0");
Gelöscht : user_pref("CT3281675.searchFromAddressBarEnabledByUser", "true");
Gelöscht : user_pref("CT3281675.searchInNewTabEnabledByUser", "true");
Gelöscht : user_pref("CT3281675.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT3281675.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3281675.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT3281675.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT3281675.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT3281675.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT3281675.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT3281675.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT3281675.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1362849753889");
Gelöscht : user_pref("CT3281675.serviceLayer_services_appsMetadata_lastUpdate", "1363016533715");
Gelöscht : user_pref("CT3281675.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1362849753505");
Gelöscht : user_pref("CT3281675.serviceLayer_services_location_lastUpdate", "1362936663297");
Gelöscht : user_pref("CT3281675.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363009845308");
Gelöscht : user_pref("CT3281675.serviceLayer_services_menu_bfd1c71334f926ecd0bf043e0f822c7e_lastUpdate", "13630[...]
Gelöscht : user_pref("CT3281675.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1362849753460");
Gelöscht : user_pref("CT3281675.serviceLayer_services_searchAPI_lastUpdate", "1362936663468");
Gelöscht : user_pref("CT3281675.serviceLayer_services_serviceMap_lastUpdate", "1362936663159");
Gelöscht : user_pref("CT3281675.serviceLayer_services_setupAPI_lastUpdate", "1362936663919");
Gelöscht : user_pref("CT3281675.serviceLayer_services_toolbarContextMenu_lastUpdate", "1362832128018");
Gelöscht : user_pref("CT3281675.serviceLayer_services_toolbarSettings_lastUpdate", "1363016533615");
Gelöscht : user_pref("CT3281675.serviceLayer_services_translation_lastUpdate", "1362936663540");
Gelöscht : user_pref("CT3281675.settingsINI", true);
Gelöscht : user_pref("CT3281675.shouldFirstTimeDialog", "false");
Gelöscht : user_pref("CT3281675.smartbar.CTID", "CT3281675");
Gelöscht : user_pref("CT3281675.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT3281675.smartbar.homepage", true);
Gelöscht : user_pref("CT3281675.smartbar.toolbarName", "entrusted ");
Gelöscht : user_pref("CT3281675.startPage", "true");
Gelöscht : user_pref("CT3281675.toolbarBornServerTime", "9-3-2013");
Gelöscht : user_pref("CT3281675.toolbarCurrentServerTime", "11-3-2013");
Gelöscht : user_pref("CT3281675.toolbarDisabled", "true");
Gelöscht : user_pref("CT3281675.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
Gelöscht : user_pref("CT3281675.url_history0001.enc", "aHR0cDovL3d3dy5mYWNlYm9vay5jb20vbG9yZW5hLnd1bGxlcj9ncm91[...]
Gelöscht : user_pref("CT3281675_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3281675&CUI=UN31703939[...]
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "entrusted Customized Web Search");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675[...]
Gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT3281675");
Gelöscht : user_pref("browser.search.defaultthis.engineName", "entrusted Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&CUI[...]
Gelöscht : user_pref("extensions.softonic_i.aflt", "SD");
Gelöscht : user_pref("extensions.softonic_i.dfltLng", "de");
Gelöscht : user_pref("extensions.softonic_i.excTlbr", false);
Gelöscht : user_pref("extensions.softonic_i.id", "2c577a93000000000000001a4f4b2326");
Gelöscht : user_pref("extensions.softonic_i.instlDay", "15409");
Gelöscht : user_pref("extensions.softonic_i.instlRef", "MON00015");
Gelöscht : user_pref("extensions.softonic_i.newTab", false);
Gelöscht : user_pref("extensions.softonic_i.prdct", "softonic");
Gelöscht : user_pref("extensions.softonic_i.prtnrId", "softonic");
Gelöscht : user_pref("extensions.softonic_i.smplGrp", "eng7");
Gelöscht : user_pref("extensions.softonic_i.tlbrId", "de12JANdefault");
Gelöscht : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSour[...]
Gelöscht : user_pref("extensions.softonic_i.vrsn", "1.5.11.5");
Gelöscht : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.50:05:04");
Gelöscht : user_pref("extensions.softonic_i.vrsni", "1.5.11.5");
Gelöscht : user_pref("smartBar.searchInNewTabOwner", "CT3281675");
Gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3281675&CUI=UN317039398[...]
Gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Gelöscht : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3281675&CUI=UN317039398721[...]
Gelöscht : user_pref("smartbar.originalSearchAddressUrl", "");
Gelöscht : user_pref("smartbar.originalSearchEngine", "");
-\\ Google Chrome v26.0.1410.64
Datei : C:\Users\Zauberhut\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.29] : search_url = "hxxp://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=3[...]
Gelöscht [l.2349] : urls_to_restore_on_startup = [ "hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepag[...]
*************************
AdwCleaner[R1].txt - [17913 octets] - [14/04/2013 18:07:07]
AdwCleaner[S1].txt - [17283 octets] - [14/04/2013 18:08:35]
########## EOF - C:\AdwCleaner[S1].txt - [17344 octets] ##########
Code:
ATTFilter OTL logfile created on: 14.04.2013 18:15:41 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zauberhut\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 53,87% Memory free 8,00 Gb Paging File | 6,12 Gb Available in Paging File | 76,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 332,20 Gb Free Space | 71,34% Space Free | Partition Type: NTFS Computer Name: ZAUBERHUT-PC | User Name: Zauberhut | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.14 17:25:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zauberhut\Desktop\OTL.exe PRC - [2013.04.10 08:56:41 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.03.29 21:53:56 | 001,631,144 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2013.03.19 18:17:09 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.08.08 12:56:59 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.10 13:51:16 | 000,026,016 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe PRC - [2012.05.11 18:48:36 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.11 18:48:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.03.11 02:25:17 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.02.14 23:49:08 | 000,636,032 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.10.22 03:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe PRC - [2009.12.07 23:54:32 | 000,528,384 | ---- | M] (ROCCAT) -- C:\Users\Zauberhut\Documents\PyraMonitor.EXE ========== Modules (No Company Name) ========== MOD - [2013.04.10 08:56:55 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.03.29 21:53:56 | 001,114,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL MOD - [2013.03.27 02:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2013.03.26 00:23:34 | 000,651,776 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll MOD - [2013.03.19 18:17:08 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll MOD - [2012.12.11 19:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2012.12.11 19:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2012.12.11 19:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2009.09.30 23:08:46 | 000,061,440 | ---- | M] () -- C:\Users\Zauberhut\Documents\hiddriver.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.02.15 05:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.04.10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.03.19 18:46:44 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.05.11 18:48:36 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.11 18:48:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.03.11 02:25:17 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.11.28 23:38:00 | 004,229,912 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.14 12:29:14 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto) DRV:64bit: - [2012.05.11 18:48:37 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.11 18:48:37 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.02.15 04:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.12.05 21:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.25 03:00:00 | 000,714,368 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn) DRV:64bit: - [2010.10.25 03:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.10.22 03:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=3717FEBB6BF261B274D571516A853046 IE - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3D 02 9B 53 1C FE CC 01 [binary data] IE - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\..\SearchScopes\{58F49216-0E5C-4F3B-98B0-4F7E6159E21E}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN16525016381836714 IE - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE474 IE - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "SecureSearch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=3717FEBB6BF261B274D571516A853046" FF - prefs.js..extensions.enabledAddons: lrcspal%40xinghao.net:1.110 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.08.16 19:56:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.14 18:00:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.08.16 19:56:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lrcspal@xinghao.net: C:\Program Files (x86)\XingHaoLyrics\FF\ [2013.04.12 18:07:33 | 000,000,000 | ---D | M] [2012.03.09 20:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zauberhut\AppData\Roaming\mozilla\Extensions [2013.04.14 18:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zauberhut\AppData\Roaming\mozilla\Firefox\Profiles\u4prr00h.default\extensions [2013.04.14 12:30:28 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Zauberhut\AppData\Roaming\mozilla\Firefox\Profiles\u4prr00h.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012.12.11 19:22:11 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Zauberhut\AppData\Roaming\mozilla\firefox\profiles\u4prr00h.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.04.14 12:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.12 15:39:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.04.12 18:07:33 | 000,000,000 | ---D | M] ("LyricsPal") -- C:\PROGRAM FILES (X86)\XINGHAOLYRICS\FF [2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: SecureSearch (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=3717FEBB6BF261B274D571516A853046 CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - Extension: YouTube = C:\Users\Zauberhut\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Zauberhut\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: SecureSearch = C:\Users\Zauberhut\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfffjahnfbocnaooecgijfnbpcfekoik\1.0.0.1_0\ CHR - Extension: Skype Click to Call = C:\Users\Zauberhut\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\ CHR - Extension: LyricsPal = C:\Users\Zauberhut\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiopbgcekanlhpjkonogoljpfmhpkhf\1.110_0\ CHR - Extension: Google Mail = C:\Users\Zauberhut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (LyricsPal) - {A3DAEB01-4C15-4AC6-A689-6406FD954EE0} - C:\Program Files (x86)\XingHaoLyrics\lrcspal.dll (XingHao Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [ROCCAT Pyra Mouse] C:\Users\Zauberhut\Documents\PyraMonitor.EXE (ROCCAT) O4 - HKLM..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3082126050-3975938828-783822626-1000..\Run: [DriverScanner] C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited) O4 - HKU\S-1-5-21-3082126050-3975938828-783822626-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Zauberhut\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Zauberhut\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80910FD1-DDB0-4D82-B025-7F0891705996}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8388DB9-3C8E-4E8E-9E31-D51947B807FA}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{15b948fe-22b7-11e2-a4e4-001a4f4b2326}\Shell - "" = AutoRun O33 - MountPoints2\{15b948fe-22b7-11e2-a4e4-001a4f4b2326}\Shell\AutoRun\command - "" = F:\pushinst.exe O33 - MountPoints2\{b1d16d19-6a0e-11e1-a9c3-00241ddfefca}\Shell - "" = AutoRun O33 - MountPoints2\{b1d16d19-6a0e-11e1-a9c3-00241ddfefca}\Shell\AutoRun\command - "" = F:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.14 17:25:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Zauberhut\Desktop\OTL.exe [2013.04.14 13:06:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013.04.14 13:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2013.04.14 12:36:00 | 000,000,000 | ---D | C] -- C:\Users\Zauberhut\AppData\Roaming\LavasoftStatistics [2013.04.14 12:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations [2013.04.14 12:29:16 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.04.14 12:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.04.12 18:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IZArc [2013.04.12 18:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IZArc [2013.04.12 18:07:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XingHaoLyrics [2013.04.12 17:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.04.12 17:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2013.04.12 15:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.06 19:52:53 | 000,000,000 | ---D | C] -- C:\Users\Zauberhut\Desktop\Kopie von Klassenfahrt '10 [2013.04.06 19:51:07 | 000,000,000 | ---D | C] -- C:\Users\Zauberhut\Desktop\Tag 5 - Assis [2013.04.06 19:50:53 | 000,000,000 | ---D | C] -- C:\Users\Zauberhut\Desktop\Tag 3 - Piraten [2013.03.29 18:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive Studio [2013.03.24 18:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.03.20 15:16:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2013.03.20 15:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2013.03.19 18:17:58 | 000,000,000 | ---D | C] -- C:\Users\Zauberhut\AppData\Local\Macromedia [2013.03.19 18:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2013.03.19 18:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2013.03.19 18:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan [2013.03.18 21:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.14 18:18:50 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.14 18:18:50 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.14 18:17:46 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.14 18:17:46 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.14 18:17:46 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.14 18:17:46 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.14 18:17:46 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.14 18:12:08 | 000,000,921 | ---- | M] () -- C:\Users\Zauberhut\Documents\Config.ini [2013.04.14 18:12:06 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\LyricsPal Update.job [2013.04.14 18:12:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.14 18:11:57 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job [2013.04.14 18:11:31 | 000,276,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.14 18:11:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.14 18:11:18 | 3220,033,536 | -HS- | M] () -- C:\hiberfil.sys [2013.04.14 18:10:04 | 000,000,176 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.04.14 18:06:01 | 000,613,083 | ---- | M] () -- C:\Users\Zauberhut\Desktop\adwcleaner.exe [2013.04.14 17:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.14 17:25:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zauberhut\Desktop\OTL.exe [2013.04.14 17:11:02 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.14 12:29:14 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.04.14 12:17:34 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.04.12 18:24:46 | 000,005,120 | -H-- | M] () -- C:\Users\Zauberhut\Desktop\photothumb.db [2013.04.06 16:11:06 | 000,001,288 | ---- | M] () -- C:\Users\Zauberhut\Desktop\Dokument.rtf [2013.03.24 18:30:43 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.03.24 18:30:43 | 000,002,046 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.03.20 18:30:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_ZuneDriver_01_09_00.Wdf [2013.03.20 18:30:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_winusb_01009.Wdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.14 18:11:22 | 000,276,576 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.14 18:09:41 | 000,000,176 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.04.14 18:06:00 | 000,613,083 | ---- | C] () -- C:\Users\Zauberhut\Desktop\adwcleaner.exe [2013.04.14 12:17:34 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.04.14 12:17:34 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.04.12 18:07:33 | 000,000,414 | ---- | C] () -- C:\Windows\tasks\LyricsPal Update.job [2013.03.20 18:30:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_ZuneDriver_01_09_00.Wdf [2013.03.20 18:30:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_winusb_01009.Wdf [2013.03.19 18:17:14 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.03.19 18:17:14 | 000,002,046 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.03.19 18:17:10 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.04 19:12:32 | 000,220,338 | ---- | C] () -- C:\Users\Zauberhut\1074726_90_1348945375.jpg [2012.10.04 19:09:51 | 000,136,839 | ---- | C] () -- C:\Users\Zauberhut\1081213_web.jpg [2012.10.04 19:09:11 | 000,485,294 | ---- | C] () -- C:\Users\Zauberhut\.jpg [2012.08.16 19:53:57 | 000,148,131 | ---- | C] () -- C:\Windows\hpoins38.dat.temp [2012.08.16 19:53:57 | 000,000,548 | ---- | C] () -- C:\Windows\hpomdl38.dat.temp [2012.06.01 20:44:50 | 000,679,936 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.06.01 20:44:50 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.03.25 21:06:21 | 000,182,934 | ---- | C] () -- C:\Windows\hpoins38.dat [2012.03.25 21:06:21 | 000,000,548 | ---- | C] () -- C:\Windows\hpomdl38.dat [2012.03.11 02:24:03 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.03.11 02:24:02 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.03.11 02:24:02 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.03.09 20:05:28 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll [2012.03.09 20:03:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.02.14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.08 20:16:11 | 000,000,000 | ---D | M] -- C:\Users\Zauberhut\AppData\Roaming\DVDVideoSoft [2012.08.14 22:04:21 | 000,000,000 | ---D | M] -- C:\Users\Zauberhut\AppData\Roaming\LolClient [2012.03.11 01:32:37 | 000,000,000 | ---D | M] -- C:\Users\Zauberhut\AppData\Roaming\MAGIX [2013.02.01 23:22:51 | 000,000,000 | ---D | M] -- C:\Users\Zauberhut\AppData\Roaming\Origin [2013.04.01 18:09:55 | 000,000,000 | ---D | M] -- C:\Users\Zauberhut\AppData\Roaming\PhotoScape [2012.10.04 21:20:51 | 000,000,000 | ---D | M] -- C:\Users\Zauberhut\AppData\Roaming\Play withSIX [2012.10.04 21:16:08 | 000,000,000 | ---D | M] -- C:\Users\Zauberhut\AppData\Roaming\six-zsync [2012.10.14 17:20:20 | 000,000,000 | ---D | M] -- C:\Users\Zauberhut\AppData\Roaming\TS3Client [2013.03.08 20:16:40 | 000,000,000 | ---D | M] -- C:\Users\Zauberhut\AppData\Roaming\Uniblue ========== Purity Check ========== < End of report > das war der andere Scan, übrigens danke dass du dir zeit nimmst |
|
14.04.2013, 17:54
| #8 |
| /// TB-Ausbilder | Appround.net Virus Hey, sieht schon besser aus. Besteht dein ursprüngliches Problem immer noch? Schritt 1
Schritt 2
Code:
ATTFilter :OTL
O4 - HKLM..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat File not found
IE - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\..\SearchScopes\{58F49216-0E5C-4F3B-98B0-4F7E6159E21E}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN16525016381836714
FF - prefs.js..browser.search.selectedEngine: "SecureSearch"
FF - prefs.js..browser.startup.homepage: "hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=3717FEBB6BF261B274D571516A853046"
IE - HKU\S-1-5-21-3082126050-3975938828-783822626-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=3717FEBB6BF261B274D571516A853046
[2013.04.14 12:30:28 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Zauberhut\AppData\Roaming\mozilla\Firefox\Profiles\u4prr00h.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
:commands
[emptytemp]
Schritt 3 Downloade dir bitte Malwarebytes Anti-Malware .
Schritt 4 Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
Schritt 5 Downloade dir bitte SecurityCheck (Link 2).
Schritt 6 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
14.04.2013, 18:32
| #9 |
| | Appround.net Virus Alles klar werde ich machen, kommt mir so vor als wäre es weniger geworden, aber bestehen tut es leider auf jeden fall noch :/ werde eben die schritte ausführen, dann melde ich mich wieder zu Wort |
|
14.04.2013, 18:34
| #10 | |
| /// TB-Ausbilder | Appround.net VirusZitat:
__________________ cheers, Leo |
|
15.04.2013, 17:12
| #11 |
| | Appround.net Virus Schritt 2: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection not found.
Registry key HKEY_USERS\S-1-5-21-3082126050-3975938828-783822626-1000\Software\Microsoft\Internet Explorer\SearchScopes\{58F49216-0E5C-4F3B-98B0-4F7E6159E21E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58F49216-0E5C-4F3B-98B0-4F7E6159E21E}\ not found.
Prefs.js: "SecureSearch" removed from browser.search.selectedEngine
Prefs.js: "hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=3717FEBB6BF261B274D571516A853046" removed from browser.startup.homepage
HKU\S-1-5-21-3082126050-3975938828-783822626-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Folder C:\Users\Zauberhut\AppData\Roaming\mozilla\Firefox\Profiles\u4prr00h.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Zauberhut
->Temp folder emptied: 2226939 bytes
->Temporary Internet Files folder emptied: 15412969 bytes
->Java cache emptied: 1349651 bytes
->FireFox cache emptied: 114920686 bytes
->Google Chrome cache emptied: 11090910 bytes
->Flash cache emptied: 2757 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28322 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 64474103 bytes
RecycleBin emptied: 728947 bytes
Total Files Cleaned = 200,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04152013_173501
Files\Folders moved on Reboot...
C:\Users\Zauberhut\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Schritt 3 Es wurden keine infizierten Objekte gefunden... Den rest Poste ich nacher, machs nur jetzt schonmal damits nicht verloren geht. Ist grad zeitlich sehr knapp. was evtl auch noch informativ sein könnte ist, dass öfters im browser irgendwas von nem deffektem Skrpit steht. |
|
15.04.2013, 17:41
| #12 | |
| /// TB-Ausbilder | Appround.net VirusZitat:
__________________ cheers, Leo |
|
15.04.2013, 19:36
| #13 | |
| | Appround.net Virus schritt 3 Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.15.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Zauberhut :: ZAUBERHUT-PC [Administrator] Schutz: Aktiviert 15.04.2013 17:44:51 mbam-log-2013-04-15 (17-44-51).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 209594 Laufzeit: 4 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) schritt 4: Nichts: Schritt 5: Zitat:
Code:
ATTFilter ========== Files/Folders - Created Within 30 Days ========== [2013.04.15 18:10:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.04.15 17:42:50 | 000,000,000 | ---D | C] -- C:\Users\Zauberhut\AppData\Roaming\Malwarebytes [2013.04.15 17:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.15 17:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.15 17:42:35 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.15 17:42:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.15 17:42:24 | 000,000,000 | ---D | C] -- C:\Users\Zauberhut\AppData\Local\Programs [2013.04.15 17:33:07 | 000,000,000 | ---D | C] -- C:\_OTL [2013.04.14 17:25:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Zauberhut\Desktop\OTL.exe [2013.04.14 13:06:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013.04.14 13:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2013.04.14 12:36:00 | 000,000,000 | ---D | C] -- C:\Users\Zauberhut\AppData\Roaming\LavasoftStatistics [2013.04.14 12:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations [2013.04.14 12:29:16 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.04.14 12:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.04.12 18:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IZArc [2013.04.12 18:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IZArc [2013.04.12 17:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.04.12 17:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2013.04.12 15:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.06 19:52:53 | 000,000,000 | ---D | C] -- C:\Users\Zauberhut\Desktop\Kopie von Klassenfahrt '10 [2013.04.06 19:51:07 | 000,000,000 | ---D | C] -- C:\Users\Zauberhut\Desktop\Tag 5 - Assis [2013.04.06 19:50:53 | 000,000,000 | ---D | C] -- C:\Users\Zauberhut\Desktop\Tag 3 - Piraten [2013.03.29 18:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive Studio [2013.03.24 18:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.03.20 15:16:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2013.03.20 15:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2013.03.19 18:17:58 | 000,000,000 | ---D | C] -- C:\Users\Zauberhut\AppData\Local\Macromedia [2013.03.19 18:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2013.03.19 18:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2013.03.19 18:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan [2013.03.18 21:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java ========== Files - Modified Within 30 Days ========== [2013.04.15 20:11:06 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.15 19:46:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.15 17:43:44 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.15 17:43:44 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.15 17:42:36 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.15 17:40:59 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.15 17:40:59 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.15 17:40:59 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.15 17:40:59 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.15 17:40:59 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.15 17:37:13 | 000,000,921 | ---- | M] () -- C:\Users\Zauberhut\Documents\Config.ini [2013.04.15 17:36:31 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.15 17:36:29 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job [2013.04.15 17:36:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.15 17:36:16 | 3220,033,536 | -HS- | M] () -- C:\hiberfil.sys [2013.04.14 18:11:31 | 000,276,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.14 18:10:04 | 000,000,176 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.04.14 18:06:01 | 000,613,083 | ---- | M] () -- C:\Users\Zauberhut\Desktop\adwcleaner.exe [2013.04.14 17:25:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zauberhut\Desktop\OTL.exe [2013.04.14 12:29:14 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.04.14 12:17:34 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.04.12 18:24:46 | 000,005,120 | -H-- | M] () -- C:\Users\Zauberhut\Desktop\photothumb.db [2013.04.06 16:11:06 | 000,001,288 | ---- | M] () -- C:\Users\Zauberhut\Desktop\Dokument.rtf [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.24 18:30:43 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.03.24 18:30:43 | 000,002,046 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.03.20 18:30:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_ZuneDriver_01_09_00.Wdf [2013.03.20 18:30:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_winusb_01009.Wdf ========== Files Created - No Company Name ========== [2013.04.15 17:42:36 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.14 18:11:22 | 000,276,576 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.14 18:09:41 | 000,000,176 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.04.14 18:06:00 | 000,613,083 | ---- | C] () -- C:\Users\Zauberhut\Desktop\adwcleaner.exe [2013.04.14 12:17:34 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.04.14 12:17:34 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.20 18:30:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_ZuneDriver_01_09_00.Wdf [2013.03.20 18:30:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_winusb_01009.Wdf [2013.03.19 18:17:14 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.03.19 18:17:14 | 000,002,046 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.03.19 18:17:10 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.04 19:12:32 | 000,220,338 | ---- | C] () -- C:\Users\Zauberhut\1074726_90_1348945375.jpg [2012.10.04 19:09:51 | 000,136,839 | ---- | C] () -- C:\Users\Zauberhut\1081213_web.jpg [2012.10.04 19:09:11 | 000,485,294 | ---- | C] () -- C:\Users\Zauberhut\.jpg [2012.08.16 19:53:57 | 000,148,131 | ---- | C] () -- C:\Windows\hpoins38.dat.temp [2012.08.16 19:53:57 | 000,000,548 | ---- | C] () -- C:\Windows\hpomdl38.dat.temp [2012.06.01 20:44:50 | 000,679,936 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.06.01 20:44:50 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.03.25 21:06:21 | 000,182,934 | ---- | C] () -- C:\Windows\hpoins38.dat [2012.03.25 21:06:21 | 000,000,548 | ---- | C] () -- C:\Windows\hpomdl38.dat [2012.03.11 02:24:03 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.03.11 02:24:02 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.03.11 02:24:02 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.03.09 20:05:28 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll [2012.03.09 20:03:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.02.14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.08 20:16:11 | 000,000,000 | ---D | M] -- C:\Users\Zauberhut\AppData\Roaming\DVDVideoSoft [2012.08.14 22:04:21 | 000,000,000 | ---D | M] -- C:\Users\Zauberhut\AppData\Roaming\LolClient [2012.03.11 01:32:37 | 000,000,000 | ---D | M] -- C:\Users\Zauberhut\AppData\Roaming\MAGIX [2013.02.01 23:22:51 | 000,000,000 | ---D | M] -- C:\Users\Zauberhut\AppData\Roaming\Origin [2013.04.01 18:09:55 | 000,000,000 | ---D | M] -- C:\Users\Zauberhut\AppData\Roaming\PhotoScape [2012.10.04 21:20:51 | 000,000,000 | ---D | M] -- C:\Users\Zauberhut\AppData\Roaming\Play withSIX [2012.10.04 21:16:08 | 000,000,000 | ---D | M] -- C:\Users\Zauberhut\AppData\Roaming\six-zsync [2012.10.14 17:20:20 | 000,000,000 | ---D | M] -- C:\Users\Zauberhut\AppData\Roaming\TS3Client [2013.03.08 20:16:40 | 000,000,000 | ---D | M] -- C:\Users\Zauberhut\AppData\Roaming\Uniblue ========== Purity Check ========== < End of report > |
|
15.04.2013, 19:48
| #14 |
| /// TB-Ausbilder | Appround.net Virus Hi, und tritt dein ursprüngliches Problem immer noch auf oder ist es weg?
__________________ cheers, Leo |
|
15.04.2013, 20:00
| #15 |
| | Appround.net Virus Hi, ist eigentlich weg bzw. merke nichts mehr das einzige was noch komsich ist, dass youtube sperrlich läd. Danke sehr für die Hilfe und die idiotensicher anleitung! |
|
| Themen zu Appround.net Virus |
| ahnung, analyse, angemeldet, appround.net, beliebige, bild, einfach, erfahrung, fenster, festgestellt, interne, lahm, neues, nicht mehr, online, problem, programme, rechts, seite, seiten, smartphone, tipps, video, virus, werbung, youtube, öffnet |
Textbox.
Linear-Darstellung
