Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Bin befallen! (Delta Search, Searchnu, Snap.Do)

Bin befallen! (Delta Search, Searchnu, Snap.Do)


Plagegeister aller Art und deren Bekämpfung: Bin befallen! (Delta Search, Searchnu, Snap.Do)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 15.04.2013, 21:28   #4
forgotten
 
Bin befallen! (Delta Search, Searchnu, Snap.Do) - Standard

Bin befallen! (Delta Search, Searchnu, Snap.Do)


Und hier die beiden nächsten Scripts:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.04.2013 22:13:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\mariam\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 62,42% Memory free
6,99 Gb Paging File | 5,41 Gb Available in Paging File | 77,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 39,64 Gb Free Space | 40,63% Space Free | Partition Type: NTFS
 
Computer Name: MARIAM-PC | User Name: mariam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-2213139522-2928902552-577759125-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0527FA41-5D0E-402C-8211-0711DA61A153}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{08716376-B786-40D5-BD71-AF29B48E6866}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{13D230A2-B1C4-4E46-8A84-3195B9915816}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{27F16BF5-1A2F-4B3C-9889-AE504883020C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{33BC8299-BC1A-4DE6-B67A-6759536F4A24}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3C183973-7E06-43E9-BC2E-B432F43EAEE4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{50F67CF3-AEE0-4808-89B0-7EB5D3EAD747}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{61A8E58B-B69D-4E96-833D-4E92D09A2318}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8B4E4DDB-FC2B-4C3E-B465-9F28ABC0063D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8CBD3DDB-224E-4294-A4B9-00AAC007D750}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{91F1B482-9E1D-4CAE-B66B-E36C2B597D31}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{AA33B890-07E6-4252-B3A7-FB67B724F050}" = rport=445 | protocol=6 | dir=out | app=system | 
"{ACE391F7-383E-4840-AC34-D09DFE9EE053}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B884EACC-9690-42B5-BDAF-B9385D2D3804}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C3CAD7AD-41C7-4F33-A4A4-9C4A7F1EA117}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CDB194DB-5296-4EBA-A697-2171DF14DA73}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D8050B13-6FD8-4FCE-A0F5-1BA1EF5B3B0D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DA56AEA9-BF17-4F94-8988-D5208F3CA692}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E986D9F3-9A9A-4233-A1DE-4C7B7C52BC70}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E9DA763C-FC45-41DB-AAB7-50C95A872A11}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FD54AA24-7F16-4588-9AFD-E8F51CF9E789}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{080BC80B-B39A-4D2B-AEEE-95F559694790}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{110A2254-C5BF-403D-AA5E-DA07AEDB8F72}" = protocol=17 | dir=in | app=c:\program files\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe | 
"{15F3E53B-A8D9-48E9-97D5-2F34E34FAB42}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{161D4C87-30CB-47FE-9647-26F2F578E54E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{1B20AD85-B10D-47A6-B5F6-4FB6355F49E8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1E2343CF-BD02-4246-92A4-50B0F18F2748}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{21DD99B7-CB76-4FA0-94ED-FC078D7A9A5B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{24A182FE-D7BE-47AB-B24E-C16CB4D9C936}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{24C2636F-5C33-41A6-A170-C1DF0A15CD07}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{260B5F7A-8020-4D17-BEFE-E5A4A740FB68}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{32903123-A2E5-4189-A916-959060020999}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{351481BA-278F-44E9-9584-EBE63019B473}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4C3A24B8-9AB3-48DA-BBF4-464CCBFA15F7}" = protocol=6 | dir=in | app=c:\program files\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe | 
"{4F051B43-CC75-41B4-ABD9-A87F06D89142}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{758C7656-50F2-43EF-8231-4639D9E23992}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{76CD5682-D674-41AA-96CE-262AFCD1EFE1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{787082CC-4973-4162-B755-D791AECA9BA9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7C61B097-DEC1-43AD-8378-CC90095CAFEE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{80069173-B95B-4138-B494-BCE221602633}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{8EE802A5-9221-461F-84D6-AEADB31CFBBC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8F3D542C-C4F7-476D-9AE2-4723A7D2D6DA}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{96BBC6FC-7407-4195-86DF-F7A4626C80D3}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{9D0B8162-E6CD-4C25-A7EE-CC700F89AA27}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A0989264-42CE-4A9A-A7F0-5972AB897976}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B322130C-0BED-4468-BDEC-D98A8C63F583}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B8F02E68-0348-4229-B749-14D7642CC655}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{BB10AAC1-2CCE-4CAF-A628-0289D45322A9}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{BEB5F6A7-79F0-4520-BA27-188DAB3904FF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C3062FAC-21A3-4652-BAAF-B69AEE748710}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{CB5C694F-7228-46EE-99D1-FE325028CA8A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D13223B9-95D0-4EE9-8C2B-790959BD895E}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{EB4EB966-A02B-4CDD-8583-595A71D5355C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EF202F91-30FB-4A2C-AED7-92B9AC07529A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{F5EDA85E-DBE6-4F8D-BA85-363B00C99FDA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{FC68E954-A8D7-487C-9BC3-E350BFE1DD95}" = protocol=6 | dir=out | app=system | 
"TCP Query User{650FD9A1-34B6-441F-BA17-DD0777BCE061}C:\program files\paltalk messenger\paltalk.exe" = protocol=6 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe | 
"TCP Query User{9B79D00C-A5D2-4993-8504-CE0BD916F705}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{AA5FFD8C-B6A1-4FBA-A4BB-99E399155F2C}C:\program files\paltalk messenger\paltalk.exe" = protocol=6 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe | 
"UDP Query User{53943CC4-A391-44A5-8A58-51D6B0E77B53}C:\program files\paltalk messenger\paltalk.exe" = protocol=17 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe | 
"UDP Query User{D9743FA2-011A-4CFD-8BBB-D8186BB5BB3C}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{F2F69BAA-A710-408E-B34F-C002F6FDAD7A}C:\program files\paltalk messenger\paltalk.exe" = protocol=17 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03C1E6A6-14BD-A692-6274-BA34EE40936B}" = CCC Help Spanish
"{06606691-1113-21B4-50AE-1E043F4A5470}" = CCC Help Chinese Standard
"{0C672EF6-BF60-5F2C-95AF-5228BDE4B52F}" = CCC Help German
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{1A050FB1-820B-9CAA-52C5-602EC602A759}" = Catalyst Control Center InstallProxy
"{1FF5DD4A-3B1F-E795-6EED-A64CF0454D1B}" = CCC Help Norwegian
"{200A2254-4E56-19E1-F545-47CD713C8F70}" = CCC Help Greek
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{2D511D11-7903-7C76-6E35-CDC5D9F86346}" = Catalyst Control Center Localization All
"{31BF9CD1-A904-43B5-A236-53E5E908AD0E}" = Catalyst Control Center - Branding
"{37260340-B8BF-8461-0F12-A6BF42A99000}" = AMD Fuel
"{3B8EF70B-33D4-3973-5CD7-D3DA0FA69EA1}" = CCC Help Swedish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CD636AC-403D-79E9-B071-E018FC83ED9A}" = AMD Catalyst Install Manager
"{406E2FBB-A0EC-3644-130E-B730A3CDE209}" = AMD VISION Engine Control Center
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{48A5AB54-6327-43DC-A376-4AC74C5D40B0}" = AVG 2013
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4F198874-3C7D-5983-02EB-9E234C43F174}" = AMD Steady Video Plug-In 
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{5A679C2E-188C-040E-E900-F5FD7BAA7556}" = CCC Help Portuguese
"{5D4D4D5A-DD1C-64C2-20CC-3FFD7315302D}" = CCC Help Hungarian
"{65BD726E-58BF-A396-C4A2-A32276B8DE4A}" = AMD Media Foundation Decoders
"{67F7D625-2E32-481B-85E4-2D17F0E6778D}" = NaturalReader95
"{693334CC-D97A-E05E-8CB3-F1FAB22DB75D}" = CCC Help Korean
"{6E25C736-E97E-EE91-20C3-10888B5C2600}" = CCC Help Dutch
"{6F7504E6-1DF3-460C-A54C-3A586A521305}_is1" = Pairs 2.1.3
"{70419EA1-EEF9-BF9F-F07A-FF566A3BE1FC}" = ccc-utility
"{75D931D7-FA8E-40EE-D7EE-C6854B9CE23C}" = CCC Help Thai
"{7735BD50-87C5-4838-A276-4A3621BBD306}" = AVG 2013
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8306A58E-D509-2893-D9B5-F8EA03386E36}" = CCC Help French
"{85A914C0-65A0-0E98-C930-62FF273492E9}" = Catalyst Control Center Graphics Previews Common
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{94E46B5E-5730-E6E1-DC83-84DFD1A8F851}" = CCC Help Czech
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0502138-497E-47A5-B835-EE362296DAC4}" = CCC Help Turkish
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A50941D9-6B04-37A6-AAF7-65D24F89D7B3}" = CCC Help Danish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB76292E-5DD2-01DC-97D5-FB9E69DE2ECC}" = Ralink Bluetooth Stack
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AE76D4C2-A1F0-4381-BB13-BE7EE3B05819}" = Heather
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B4F37144-5351-FC17-8CA7-74394A2DF20F}" = CCC Help Japanese
"{B9CA2659-7AD5-6B8C-B3B0-586892FEBC46}" = CCC Help Chinese Traditional
"{BCA9980F-7D3D-AE17-43FB-725167F54801}" = CCC Help Italian
"{BCFAD844-4124-328E-36BE-6852196CE831}" = CCC Help Finnish
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{C95F5C04-31C3-4AE7-99D6-A5198D619EB6}" = Snap.Do
"{D519F57A-00EE-BE5C-6DE7-B43BFE81A426}" = CCC Help Russian
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E6D7FF92-6935-C2D4-843D-ABBC385D258E}" = CCC Help Polish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4446B5B-84B2-6335-82E3-4B2820EB7737}" = CCC Help English
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Athan" = Athan Basic 4.4
"AVG" = AVG 2013
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Deluxe Pacman_is1" = Deluxe Pacman version 1.98b
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"Google Chrome" = Google Chrome
"inSpeak_is1" = inSpeak build579
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Optimizer Pro_is1" = Optimizer Pro v3.0
"Orbit_is1" = Orbit Downloader
"Paltalk Messenger" = Paltalk Messenger  10.2
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"SpeakyChat" = SpeakyChat-VoiceChat
"SweetIM Bundle by SweetPacks" = SweetIM Bundle by SweetPacks
"The Noble Quran - Saheeh Int. Translation_is1" = The Noble Quran - Saheeh Int. Translation
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VideoPerformer" = VideoPerformer
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.04.2013 16:04:21 | Computer Name = mariam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5647
 
Error - 14.04.2013 16:04:21 | Computer Name = mariam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5647
 
Error - 14.04.2013 16:05:39 | Computer Name = mariam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.04.2013 16:05:39 | Computer Name = mariam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 83351
 
Error - 14.04.2013 16:05:39 | Computer Name = mariam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 83351
 
Error - 14.04.2013 16:11:41 | Computer Name = mariam-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
 Zeitstempel: 0x51650aee  Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
 Zeitstempel: 0x51650a09  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000b10e8  ID des fehlerhaften
 Prozesses: 0xca0  Startzeit der fehlerhaften Anwendung: 0x01ce394b7ab2d9d6  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Mozilla Firefox\xul.dll  Berichtskennung: 84aac841-a53f-11e2-bcc5-a0b3ccc4ed6f
 
Error - 15.04.2013 10:53:20 | Computer Name = mariam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.04.2013 11:07:18 | Computer Name = mariam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15975
 
Error - 15.04.2013 11:07:18 | Computer Name = mariam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15975
 
Error - 15.04.2013 13:58:46 | Computer Name = mariam-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TuneUpUtilitiesService32.exe, Version:
 13.0.3000.132, Zeitstempel: 0x50b779af  Name des fehlerhaften Moduls: unknown, Version:
 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000
ID
 des fehlerhaften Prozesses: 0x95c  Startzeit der fehlerhaften Anwendung: 0x01ce39f2c3cd6119
Pfad
 der fehlerhaften Anwendung: C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 1e1486c8-a5f6-11e2-afd7-a0b3ccc4ed6f
 
[ Media Center Events ]
Error - 14.01.2013 07:17:27 | Computer Name = mariam-PC | Source = MCUpdate | ID = 0
Description = 12:17:27 - Fehler beim Herstellen der Internetverbindung.  12:17:27 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.01.2013 07:17:45 | Computer Name = mariam-PC | Source = MCUpdate | ID = 0
Description = 12:17:34 - Fehler beim Herstellen der Internetverbindung.  12:17:34 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.01.2013 16:01:56 | Computer Name = mariam-PC | Source = MCUpdate | ID = 0
Description = 21:01:56 - Fehler beim Herstellen der Internetverbindung.  21:01:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.01.2013 16:02:06 | Computer Name = mariam-PC | Source = MCUpdate | ID = 0
Description = 21:02:01 - Fehler beim Herstellen der Internetverbindung.  21:02:01 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 14.04.2013 17:55:10 | Computer Name = mariam-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 15.04.2013 04:09:35 | Computer Name = mariam-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 15.04.2013 05:18:25 | Computer Name = mariam-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 15.04.2013 12:02:11 | Computer Name = mariam-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 15.04.2013 12:34:05 | Computer Name = mariam-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.52  registriert werden. Der Computer mit IP-Adresse 192.168.178.23
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 15.04.2013 13:34:15 | Computer Name = mariam-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 15.04.2013 13:34:15 | Computer Name = mariam-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Volumeschattenkopie erreicht.
 
Error - 15.04.2013 13:34:15 | Computer Name = mariam-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Volumeschattenkopie" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 15.04.2013 13:58:42 | Computer Name = mariam-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 15.04.2013 16:03:20 | Computer Name = mariam-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
 
< End of report >
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.04.2013 22:13:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\mariam\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 62,42% Memory free
6,99 Gb Paging File | 5,41 Gb Available in Paging File | 77,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 39,64 Gb Free Space | 40,63% Space Free | Partition Type: NTFS
 
Computer Name: MARIAM-PC | User Name: mariam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.15 22:11:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mariam\Downloads\OTL.exe
PRC - [2013.04.13 11:05:22 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2013.04.03 14:05:28 | 002,670,663 | ---- | M] (Orbitdownloader.com) -- C:\Programme\Orbitdownloader\orbitdm.exe
PRC - [2013.03.29 19:28:51 | 000,990,896 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
PRC - [2013.03.13 18:15:00 | 004,394,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgui.exe
PRC - [2013.02.28 00:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgidsagent.exe
PRC - [2013.02.27 00:41:54 | 000,763,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgrsx.exe
PRC - [2013.02.19 05:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgwdsvc.exe
PRC - [2013.02.19 05:01:34 | 001,116,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgnsx.exe
PRC - [2013.02.19 05:01:04 | 000,799,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgemcx.exe
PRC - [2013.02.19 05:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgcsrvx.exe
PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2013.02.03 08:24:14 | 001,208,320 | ---- | M] (www.IslamicFinder.org) -- C:\Programme\Athan\Athan.exe
PRC - [2013.01.10 11:58:58 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Programme\Orbitdownloader\orbitnet.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.29 17:06:12 | 001,926,496 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
PRC - [2012.11.29 17:06:10 | 001,723,744 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.10.01 23:19:12 | 008,356,008 | ---- | M] (AVM Software Inc.) -- C:\Programme\Paltalk Messenger\paltalk.exe
PRC - [2012.09.26 16:46:36 | 001,612,552 | ---- | M] (IVT Corporation) -- C:\Programme\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
PRC - [2012.09.19 19:36:42 | 000,371,976 | ---- | M] (IVT Corporation) -- C:\Programme\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
PRC - [2012.09.19 19:36:40 | 000,099,080 | ---- | M] (IVT Corporation) -- C:\Programme\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
PRC - [2012.08.13 12:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 12:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2012.06.04 15:21:50 | 005,708,432 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtkNGUI.exe
PRC - [2012.04.06 16:15:24 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\Realtek\Audio\HDA\AERTSrv.exe
PRC - [2012.02.15 12:13:22 | 000,405,504 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.02.15 12:12:50 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012.02.15 00:15:30 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.13 11:05:22 | 003,133,336 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2013.04.03 13:47:08 | 000,397,312 | ---- | M] () -- C:\Programme\Orbitdownloader\wtlctrl.dll
MOD - [2013.03.22 12:09:09 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll
MOD - [2013.03.22 11:01:22 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013.03.22 10:57:57 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013.03.22 10:57:18 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013.03.22 10:56:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.03.22 10:55:46 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013.03.22 10:54:56 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.03.22 10:54:37 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.03.22 10:54:27 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013.03.22 10:53:58 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.03.22 10:53:42 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.03.22 10:53:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.03.22 10:53:29 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.03.22 10:53:12 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.11.28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.10.01 23:19:16 | 001,842,832 | ---- | M] () -- C:\Programme\Paltalk Messenger\Images.dll
MOD - [2012.10.01 23:19:16 | 000,050,832 | ---- | M] () -- C:\Programme\Paltalk Messenger\ctrlkey.dll
MOD - [2012.09.19 19:36:54 | 000,018,696 | ---- | M] () -- C:\Windows\System32\SCChangeMonitor.dll
MOD - [2012.09.19 19:36:48 | 000,026,888 | ---- | M] () -- C:\Windows\System32\BsTrace.dll
MOD - [2012.09.19 19:36:46 | 000,352,008 | ---- | M] () -- C:\Windows\System32\BsExtendFunc.dll
MOD - [2012.09.19 19:36:46 | 000,070,408 | ---- | M] () -- C:\Windows\System32\BsProfileFunc.dll
MOD - [2012.08.10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.02.15 00:15:36 | 000,095,232 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2012.02.15 00:13:24 | 000,369,152 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.11.09 10:55:02 | 000,016,384 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2010.11.13 01:19:05 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.03.08 22:08:28 | 000,282,697 | ---- | M] () -- C:\Programme\Athan\vbp.dll
MOD - [2009.07.14 10:47:20 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2004.12.25 13:37:22 | 000,258,121 | ---- | M] () -- C:\Programme\Athan\vbh.dll
MOD - [2004.03.20 14:49:40 | 000,229,444 | ---- | M] () -- C:\Programme\Athan\vbq.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.13 11:05:22 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.29 19:28:51 | 000,990,896 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe -- (vToolbarUpdater15.0.0)
SRV - [2013.03.13 15:26:38 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.01 12:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.28 00:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013.02.19 05:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013.01.14 22:30:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.29 17:06:10 | 001,723,744 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.11.29 17:06:08 | 000,029,536 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.09.26 16:46:36 | 001,612,552 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Programme\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2012.09.19 19:36:40 | 000,099,080 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Programme\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe -- (BsHelpCS)
SRV - [2012.04.06 16:15:24 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
SRV - [2012.02.15 12:12:50 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.02.15 00:15:30 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013.03.29 19:28:51 | 000,033,624 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013.03.01 11:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013.02.27 00:40:46 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013.02.14 04:52:46 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013.02.08 05:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013.02.08 05:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013.02.08 05:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013.02.08 05:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013.02.08 05:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012.09.19 11:50:50 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.07.24 11:00:00 | 002,987,520 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2012.06.15 12:22:50 | 000,020,320 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BtAudioBus.sys -- (BtAudioBusSrv)
DRV - [2012.02.15 12:47:14 | 009,182,208 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.02.15 11:12:50 | 000,264,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.02.01 16:18:10 | 000,046,720 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.1)
DRV - [2011.12.14 02:44:18 | 000,044,160 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2011.12.13 05:52:42 | 000,034,944 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_xata.sys -- (amd_xata)
DRV - [2011.12.13 05:52:40 | 000,070,784 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_sata.sys -- (amd_sata)
DRV - [2011.12.06 04:47:16 | 000,086,032 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011.10.28 03:27:52 | 000,195,176 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.02.18 10:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2213139522-2928902552-577759125-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2213139522-2928902552-577759125-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-2213139522-2928902552-577759125-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2213139522-2928902552-577759125-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2213139522-2928902552-577759125-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2213139522-2928902552-577759125-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2213139522-2928902552-577759125-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 CD AE 40 34 DA CD 01  [binary data]
IE - HKU\S-1-5-21-2213139522-2928902552-577759125-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-2213139522-2928902552-577759125-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-2213139522-2928902552-577759125-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2213139522-2928902552-577759125-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2213139522-2928902552-577759125-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2213139522-2928902552-577759125-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.13 11:05:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.21 12:40:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.03 12:06:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.13 11:05:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.21 12:40:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.03 12:06:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2013.04.01 19:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mariam\AppData\Roaming\mozilla\Extensions
[2013.04.15 22:01:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mariam\AppData\Roaming\mozilla\Firefox\Profiles\qwaolsw3.default\extensions
[2013.02.27 13:31:45 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\mariam\AppData\Roaming\mozilla\firefox\profiles\qwaolsw3.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013.04.15 11:35:06 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\mariam\AppData\Roaming\mozilla\firefox\profiles\qwaolsw3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.01 13:48:25 | 000,001,090 | ---- | M] () -- C:\Users\mariam\AppData\Roaming\mozilla\firefox\profiles\qwaolsw3.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml
[2013.04.01 19:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.13 11:05:22 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.23 13:57:40 | 000,156,768 | ---- | M] (SpeakyChat) -- C:\Program Files\mozilla firefox\plugins\npspeakychat.dll
[2012.11.29 11:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Athan] C:\Programme\Athan\Athan.exe (www.IslamicFinder.org)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BtTray] C:\Program Files\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-21-2213139522-2928902552-577759125-1000..\Run: [GoogleChromeAutoLaunch_E8BBA68DED9EC153BA582F28DF1B94C5] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-2213139522-2928902552-577759125-1000..\Run: [Yontoo Desktop] "C:\Users\mariam\AppData\Roaming\Yontoo\YontooDesktop.exe" File not found
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\mariam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\mariam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk = C:\Programme\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B37EA17-1514-40FD-BF1A-D04F3F4C9241}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.15 20:56:41 | 000,000,000 | ---D | C] -- C:\Users\mariam\AppData\Roaming\ProgSense
[2013.04.15 20:56:36 | 000,000,000 | ---D | C] -- C:\Users\mariam\AppData\Roaming\GrabPro
[2013.04.15 20:56:36 | 000,000,000 | ---D | C] -- C:\downloads
[2013.04.15 20:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
[2013.04.15 20:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Orbitdownloader
[2013.04.15 20:55:42 | 000,000,000 | ---D | C] -- C:\Users\mariam\AppData\Roaming\Orbit
[2013.04.15 20:55:21 | 004,595,792 | ---- | C] (www.orbitdownloader.com                                     ) -- C:\Users\mariam\Desktop\OrbitDownloader_4-1-1-17.exe
[2013.04.15 20:03:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2013.04.15 20:03:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.04.15 19:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.04.15 19:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.04.15 07:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2013.04.15 06:50:43 | 074,455,064 | ---- | C] (Trend Micro Inc.) -- C:\Users\Public\Desktop\TTi_HE_Download_32bit.exe
[2013.04.13 17:08:14 | 000,000,000 | ---D | C] -- C:\Users\mariam\AppData\Local\Programs
[2013.04.11 12:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Noble Quran - Saheeh Int. Translation
[2013.04.11 12:41:42 | 000,000,000 | ---D | C] -- C:\quransahih
[2013.04.10 21:58:20 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.10 21:58:12 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 21:58:11 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 21:58:10 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.10 21:57:53 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.04.10 21:57:53 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.04.10 21:57:23 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.10 21:57:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.10 21:57:17 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.10 21:57:16 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.10 21:57:15 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.05 10:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.04.04 06:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.04.03 12:06:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.04.01 20:52:20 | 000,000,000 | ---D | C] -- C:\Users\mariam\AppData\Roaming\vlc
[2013.04.01 19:52:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Datamngr
[2013.03.29 19:29:02 | 000,033,624 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013.03.29 19:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013.03.29 16:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2013.03.29 16:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013.03.26 08:30:43 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.21 11:50:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2013.03.21 11:48:34 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2013.03.21 11:48:34 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2013.03.21 11:48:33 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2013.03.21 11:48:15 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2013.03.21 11:47:11 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013.03.21 11:46:59 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2013.03.21 11:46:59 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2013.03.20 23:06:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2013.03.20 23:04:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.15 22:11:56 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.15 22:11:56 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.15 22:08:48 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.15 22:08:48 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.15 22:08:48 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.15 22:08:48 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.15 22:04:38 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.15 22:04:31 | 000,000,920 | ---- | M] () -- C:\Windows\System32\bscs.ini
[2013.04.15 22:04:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.15 22:04:15 | 2813,353,984 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.15 22:01:49 | 000,000,115 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.15 21:55:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.15 21:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.15 20:56:34 | 000,001,009 | ---- | M] () -- C:\Users\mariam\Desktop\Orbit.lnk
[2013.04.15 20:55:37 | 004,595,792 | ---- | M] (www.orbitdownloader.com                                     ) -- C:\Users\mariam\Desktop\OrbitDownloader_4-1-1-17.exe
[2013.04.15 16:20:39 | 000,181,808 | ---- | M] () -- C:\Windows\RegBootClean.exe
[2013.04.15 06:58:20 | 000,000,036 | ---- | M] () -- C:\Users\mariam\AppData\Local\housecall.guid.cache
[2013.04.15 06:57:15 | 074,455,064 | ---- | M] (Trend Micro Inc.) -- C:\Users\Public\Desktop\TTi_HE_Download_32bit.exe
[2013.04.11 12:41:53 | 000,001,476 | ---- | M] () -- C:\Users\mariam\Desktop\The Noble Quran - Saheeh Int. Translation.lnk
[2013.04.11 12:11:24 | 000,295,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.10 11:10:18 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.04.05 10:55:42 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.04.01 20:43:47 | 000,001,235 | ---- | M] () -- C:\Users\mariam\Desktop\Play Free Games.lnk
[2013.03.29 19:28:51 | 000,033,624 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013.03.29 16:14:19 | 000,001,197 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2013.03.29 16:14:16 | 000,001,356 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
[2013.03.20 23:19:30 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2013.03.19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.03.19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.03.19 06:48:45 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.15 22:00:52 | 000,000,115 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.15 20:56:34 | 000,001,009 | ---- | C] () -- C:\Users\mariam\Desktop\Orbit.lnk
[2013.04.15 16:20:39 | 000,181,808 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2013.04.15 06:58:20 | 000,000,036 | ---- | C] () -- C:\Users\mariam\AppData\Local\housecall.guid.cache
[2013.04.11 12:41:53 | 000,001,476 | ---- | C] () -- C:\Users\mariam\Desktop\The Noble Quran - Saheeh Int. Translation.lnk
[2013.04.01 20:43:47 | 000,001,235 | ---- | C] () -- C:\Users\mariam\Desktop\Play Free Games.lnk
[2013.01.17 21:03:26 | 000,001,697 | ---- | C] () -- C:\Users\mariam\AppData\Roaming\com.blocksoft.pairs
[2012.12.15 20:42:33 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.12.14 21:24:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.12.14 21:16:42 | 000,283,125 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.12.14 21:05:04 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2012.12.14 21:05:04 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2012.09.26 10:53:56 | 000,000,920 | ---- | C] () -- C:\Windows\System32\bscs.ini
[2012.09.19 19:36:54 | 000,057,096 | ---- | C] () -- C:\Windows\System32\BSWMPPlugin.dll
[2012.09.19 19:36:54 | 000,018,696 | ---- | C] () -- C:\Windows\System32\SCChangeMonitor.dll
[2012.09.19 19:36:52 | 000,093,544 | ---- | C] () -- C:\Windows\System32\BSVoIPComm.dll
[2012.09.19 19:36:52 | 000,089,352 | ---- | C] () -- C:\Windows\System32\BsVistaCommon.dll
[2012.09.19 19:36:48 | 000,097,640 | ---- | C] () -- C:\Windows\System32\BSSkypeAgent.dll
[2012.09.19 19:36:48 | 000,026,888 | ---- | C] () -- C:\Windows\System32\BsTrace.dll
[2012.09.19 19:36:46 | 000,352,008 | ---- | C] () -- C:\Windows\System32\BsExtendFunc.dll
[2012.09.19 19:36:46 | 000,070,408 | ---- | C] () -- C:\Windows\System32\BsProfileFunc.dll
[2012.06.13 09:45:02 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SROF.dll
[2012.06.04 22:30:58 | 000,000,417 | ---- | C] () -- C:\Windows\System32\RaoBLE.ini
[2012.02.15 11:28:34 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.02.15 11:28:34 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.02.15 00:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2012.01.11 06:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.09.13 07:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
--- --- ---


sieht nicht gut aus, hm?

 

Themen zu Bin befallen! (Delta Search, Searchnu, Snap.Do)
befallen, blick, board, chrome, delta, delta search, deltasearch, eingefangen, firefox, fragt, freue, gefangen, glaube, heute, ilivid, installier, installiert, kurzem, search, searchnu, segen, snap.do, würde


« http://seth.avazutracking.net/tracking/redirect/ | tochiba laptop trojaner 'trolltroll..' »


Ähnliche Themen: Bin befallen! (Delta Search, Searchnu, Snap.Do)


  1. Windows 7: ms search und snap.do Problem
    Plagegeister aller Art und deren Bekämpfung - 26.06.2014 (19)
  2. babylon search und delta search als startseite im browser
    Plagegeister aller Art und deren Bekämpfung - 06.06.2014 (9)
  3. Please Help snap.do hat mich befallen
    Log-Analyse und Auswertung - 05.04.2014 (16)
  4. Search d.p Engine. Ist das Delta-Search? Wenn nein, egal ich werde es nicht mehr los
    Log-Analyse und Auswertung - 27.01.2014 (11)
  5. internet ausgesetzt, delta search, snap.do
    Log-Analyse und Auswertung - 30.07.2013 (7)
  6. Delta Search
    Plagegeister aller Art und deren Bekämpfung - 20.07.2013 (3)
  7. Delta Search und Babylon search - Malware durch Freeware, Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 16.07.2013 (37)
  8. Delta Search
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (9)
  9. delta-search.com
    Plagegeister aller Art und deren Bekämpfung - 05.06.2013 (37)
  10. Snap.do und einen Browser namens Search
    Log-Analyse und Auswertung - 19.04.2013 (8)
  11. Delta Search mit Spybot entfernt; Delta Search taucht jedoch in neuen Tab trotzdem auf
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (10)
  12. Delta Search
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (10)
  13. "search.snap.do" als Startseite und "Snap.Do" auf Symbolleiste
    Plagegeister aller Art und deren Bekämpfung - 18.03.2013 (37)
  14. Delta Search und Babylon Search entfernt - Ist nun alles weg?
    Log-Analyse und Auswertung - 16.03.2013 (18)
  15. Delta Search
    Plagegeister aller Art und deren Bekämpfung - 03.03.2013 (15)
  16. Delta Search
    Log-Analyse und Auswertung - 21.02.2013 (1)
  17. entfernen von searchnu.com/413 und de.search-results.com
    Log-Analyse und Auswertung - 19.08.2012 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Bin befallen! (Delta Search, Searchnu, Snap.Do) - Und hier die beiden nächsten Scripts:OTL Logfile: Code: Alles auswählen Aufklappen ATTFilter OTL Extras logfile created on: 15.04.2013 22:13:31 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = - Bin befallen! (Delta Search, Searchnu, Snap.Do)...
Archiv
Du betrachtest: Bin befallen! (Delta Search, Searchnu, Snap.Do) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131