Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Hola search virus loswerden!

Hola search virus loswerden!


Plagegeister aller Art und deren Bekämpfung: Hola search virus loswerden!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 3 1 23
Alt 26.04.2013, 11:53   #1
Clars
 
Hola search virus loswerden! - Unglücklich

Hola search virus loswerden!


Hallo,
ich bin ganz neu hier. Mein Problem ist, dass ich bei einem download aus versehen den Holasearch Virus auf meinen Rechner installiert habe. Ich versuche jetzt schon seit Tagen den wieder loszuwerden und durchstöbere ein Forum nach dem Anderen ohne eine Lösung zu finden. Die einzigen Sachen die ich gefunden habe waren Downloadlinks zu gefälschter Securitysoftware und eine Firma die um 70€ anbieten den Virus zu eliminieren.

Jetzt habe ich jedoch nicht die finanziellen Mittel dafür und hoffe dass ich hier Hilfe bekomme, diesen Virus aus meinem Rechner zu entfernen.

Ich habe nur ein durchschnittliches Verständnis für Computerfachsprache also überschüttetstüttet mich bitte nicht mit Fachvokabular (mit Erklärungen versteh ich es dann schon).

Ich hoffe hier kann mir jemand helfen.

LG Clars

Alt 26.04.2013, 11:58   #2
smeenk
/// Malwareteam / Visitor
 
Hola search virus loswerden! - Standard

Hola search virus loswerden!


Hallo ich bin smeenk und ich werde versuchen dir mit deinem Problem zu helfen


Systemscan mit ZOEK

Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen.
  • Starte die Zoek.exe mit einem Doppelklick (nur Windows XP-Benutzer).
  • Windows Vista/7 Benutzer starten das Tool bitte per Rechtsklick auf das Icon und wählen "Als Administrator starten".
  • Klicke auf "Options" und wähle die folgenden Optionen aus:
    • Recently Created
    • Startup Information
    • Firefox Look
    • Chrome Look
    • System Restore Point
    • Auto Clean
  • Nun klicke auf "Run script" und warte geduldig, bis der Scan durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit dem Logfile öffnen (ggfs. erst nach einem Neustart).
    Nachträglich kannst Du den Bericht unter c:\zoek-results.log einsehen.
  • Poste mir das Log File zoek-results.log


Systemscan mit OTL

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
  • Doppelklick auf die OTL.exe.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Setze den Haken bei Scan all Users.
  • Klicke nun auf Run Scan.
  • Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
  • Poste den Inhalt dieser Logfiles hier in den Thread.




Bitte poste in deiner nächsten Antwort:
  • Log von zoek
  • Logs von OTL
__________________
Alt 26.04.2013, 12:27   #3
Clars
 
Hola search virus loswerden! - Standard

Hola search virus loswerden!


Ah, hallo

Toll das das hier so schnell geht.
Soll ich beide scans machen?

LG Clars
__________________
Alt 26.04.2013, 12:30   #4
smeenk
/// Malwareteam / Visitor
 
Hola search virus loswerden! - Standard

Hola search virus loswerden!


Mach beide

Logs in Code-Tags posten.

Code-Tags: [code] Der log hier [/code]

Alt 26.04.2013, 12:54   #5
Clars
 
Hola search virus loswerden! - Standard

Hola search virus loswerden!


Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 23-04-2013
Tool run by Paul Monetti on 26.04.2013 at 13:31:16,12.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== System Restore Info ======================

26.04.2013 13:34:31 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3554426051-1540142938-3766481223-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully
HKEY_USERS\S-1-5-21-3554426051-1540142938-3766481223-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-3554426051-1540142938-3766481223-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CA5D06EE-412C-45FA-A960-6825B245F504} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Paul Monetti\AppData\Roaming\Mozilla\Firefox\Profiles\oh8g5m2f.default

---- Lines Softonic removed from prefs.js ----


---- Lines Softonic modified from prefs.js ----


---- Lines Softonic removed from user.js ----

user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings");
user_pref("extensions.Softonic.autoRvrt", "false");
user_pref("extensions.Softonic_i.newTab", false);
user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00006/tb_v1?SearchSource=1&cc=&q=");
user_pref("extensions.Softonic.id", "9437c3850000000000007a79056d7f7c");
user_pref("extensions.Softonic.instlDay", "15604");
user_pref("extensions.Softonic.vrsn", "1.6.7.4");
user_pref("extensions.Softonic.vrsni", "1.6.7.4");
user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.415:36:08");
user_pref("extensions.Softonic.prtnrId", "softonic");
user_pref("extensions.Softonic.prdct", "Softonic");
user_pref("extensions.Softonic.aflt", "SD");
user_pref("extensions.Softonic_i.smplGrp", "none");
user_pref("extensions.Softonic.tlbrId", "base");
user_pref("extensions.Softonic.instlRef", "MON00006");
user_pref("extensions.Softonic.dfltLng", "");
user_pref("extensions.Softonic.excTlbr", false);
user_pref("extensions.Softonic.admin", false);

---- Lines holasearch removed from prefs.js ----


---- Lines holasearch modified from prefs.js ----


---- Lines holasearch removed from user.js ----

user_pref("extensions.holasearch.tlbrSrchUrl", "");
user_pref("extensions.holasearch.id", "9437c38500000000000000fffe52afe9");
user_pref("extensions.holasearch.appId", "{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}");
user_pref("extensions.holasearch.instlDay", "15818");
user_pref("extensions.holasearch.vrsn", "1.8.16.16");
user_pref("extensions.holasearch.vrsni", "1.8.16.16");
user_pref("extensions.holasearch.vrsnTs", "1.8.16.1617:50:35");
user_pref("extensions.holasearch.prtnrId", "holasearch");
user_pref("extensions.holasearch.prdct", "holasearch");
user_pref("extensions.holasearch.aflt", "babsst");
user_pref("extensions.holasearch.smplGrp", "none");
user_pref("extensions.holasearch.tlbrId", "base");
user_pref("extensions.holasearch.instlRef", "sst");
user_pref("extensions.holasearch.dfltLng", "en");
user_pref("extensions.holasearch.excTlbr", false);
user_pref("extensions.holasearch.ffxUnstlRst", false);
user_pref("extensions.holasearch.admin", false);
user_pref("extensions.holasearch.autoRvrt", "false");
user_pref("extensions.holasearch.rvrt", "false");
user_pref("extensions.holasearch.newTab", false);

---- Lines CT2776682 removed from prefs.js ----

user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB6&ctid=CT2776682&SearchSource=3&q={searchTerms}");
user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?SSPV=FFOB6&ctid=CT2776682&SearchSource=13");
user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?SSPV=FFOB6&ctid=CT2776682&SearchSource=13");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2776682", "\"1331799143\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2776682", "\"d76323372b05c3748a3d6b1c93a98292\"");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2776682/CT2776682", "\"d80d7f20ef7959b61f15f7035bf7342e1\"");
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2776682");
user_pref("CommunityToolbar.ToolbarsList", "CT2776682");
user_pref("CommunityToolbar.ToolbarsList2", "CT2776682");
user_pref("CommunityToolbar.ToolbarsList4", "CT2776682");
user_pref("CT2776682..clientLogIsEnabled", false);
user_pref("CT2776682..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2776682..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2776682.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2776682.alertChannelId", "1168776");
user_pref("CT2776682.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2776682.autoDisableScopes", -1);
user_pref("CT2776682.backendstorage.autocompletepro_enable", "31");
user_pref("CT2776682.backendstorage.autocompletepro_enable_auto", "31");
user_pref("CT2776682.backendstorage.cbcountry_000", "4154");
user_pref("CT2776682.backendstorage.cbfirsttime", "4672692041707220323720323031322031383A33393A343220474D542B30323030");
user_pref("CT2776682.backendstorage.ct2776682isadsdisabled", "66616C7365");
user_pref("CT2776682.backendstorage.shoppingapp.gk.exipres", "576564204D617920303220323031322031383A33393A333920474D542B30323030");
user_pref("CT2776682.backendstorage.shoppingapp.gk.geolocation", "61757374726961");
user_pref("CT2776682.backendstorage.url_history0001", "687474703A2F2F7777772E6D6F766965326B2E746F2F6D6F766965732E7068703F6C6973743D736561726368267365637572656B65793D736B393737363234303033267365617263683D486F772B492B4D65742B596F75722B4D6F746865723A3A3A636C69636B68616E646C65723A3A3A313333353534373433313831382C2C2C687474703A2F2F7777772E6D6F766965326B2E746F2F486F772D492D4D65742D596F75722D4D6F746865722D77617463682D747673686F772D34353634322E68746D6C3A3A3A636C69636B68616E646C65723A3A3A313333353534373433353333372C2C2C687474703A2F2F7777772E6D6F766965326B2E746F2F486F772D492D4D65742D596F75722D4D6F746865722D77617463682D747673686F772D34353634322E68746D6C3A3A3A636C69636B68616E646C65723A3A3A31333335353437343335333431");
user_pref("CT2776682.BrowserCompStateIsOpen_129678129407612905", true);
user_pref("CT2776682.BrowserCompStateIsOpen_129681725882385585", true);
user_pref("CT2776682.BrowserCompStateIsOpen_129736214107504978", true);
user_pref("CT2776682.BrowserCompStateIsOpen_129762727427121022", true);
user_pref("CT2776682.CTID", "CT2776682");
user_pref("CT2776682.CurrentServerDate", "27-4-2012");
user_pref("CT2776682.DialogsAlignMode", "LTR");
user_pref("CT2776682.DialogsGetterLastCheckTime", "Fri Apr 27 2012 18:39:38 GMT+0200");
user_pref("CT2776682.DownloadReferralCookieData", "");
user_pref("CT2776682.DSInstall", true);
user_pref("CT2776682.FirstServerDate", "27-4-2012");
user_pref("CT2776682.FirstTime", true);
user_pref("CT2776682.FirstTimeFF3", true);
user_pref("CT2776682.FixPageNotFoundErrors", true);
user_pref("CT2776682.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdownload.conduit.com/\",\"RevertSettingsEnabled\":\"FALSE\"}");
user_pref("CT2776682.globalFirstTimeInfoLastCheckTime", "Fri Apr 27 2012 18:39:35 GMT+0200");
user_pref("CT2776682.GroupingServerCheckInterval", 1440);
user_pref("CT2776682.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2776682.HasUserGlobalKeys", true);
user_pref("CT2776682.HomepageBeforeUnload", "hxxp://search.conduit.com/?SSPV=FFOB6&ctid=CT2776682&SearchSource=13");
user_pref("CT2776682.homepageProtectorEnableByLogin", true);
user_pref("CT2776682.HomePageProtectorEnabled", true);
user_pref("CT2776682.HPInstall", true);
user_pref("CT2776682.initDone", true);
user_pref("CT2776682.Initialize", true);
user_pref("CT2776682.InitializeCommonPrefs", true);
user_pref("CT2776682.InstallationAndCookieDataSentCount", 1);
user_pref("CT2776682.InstallationId", "ct2776682_brothersoft_extreme.exe");
user_pref("CT2776682.InstallationType", "ConduitNSISIntegration");
user_pref("CT2776682.InstalledDate", "Fri Apr 27 2012 18:39:35 GMT+0200");
user_pref("CT2776682.InvalidateCache", false);
user_pref("CT2776682.IsAlertDBUpdated", true);
user_pref("CT2776682.isAppTrackingManagerOn", true);
user_pref("CT2776682.isFirstRadioInstallation", false);
user_pref("CT2776682.IsGrouping", false);
user_pref("CT2776682.IsInitSetupIni", true);
user_pref("CT2776682.IsMulticommunity", false);
user_pref("CT2776682.IsOpenThankYouPage", false);
user_pref("CT2776682.IsOpenUninstallPage", true);
user_pref("CT2776682.IsProtectorsInit", true);
user_pref("CT2776682.LanguagePackLastCheckTime", "Fri Apr 27 2012 18:39:37 GMT+0200");
user_pref("CT2776682.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2776682.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2776682.LastLogin_3.10.0.461", "Fri Apr 27 2012 18:39:37 GMT+0200");
user_pref("CT2776682.LatestVersion", "3.12.2.3");
user_pref("CT2776682.Locale", "en");
user_pref("CT2776682.MCDetectTooltipHeight", "83");
user_pref("CT2776682.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2776682.MCDetectTooltipWidth", "295");
user_pref("CT2776682.myStuffEnabled", true);
user_pref("CT2776682.MyStuffEnabledAtInstallation", true);
user_pref("CT2776682.myStuffPublihserMinWidth", 400);
user_pref("CT2776682.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2776682.myStuffServiceIntervalMM", 1440);
user_pref("CT2776682.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2776682.navigateToUrlOnSearch", false);
user_pref("CT2776682.OriginalFirstVersion", "3.10.0.461");
user_pref("CT2776682.RadioIsPodcast", false);
user_pref("CT2776682.RadioLastCheckTime", "Fri Apr 27 2012 18:39:35 GMT+0200");
user_pref("CT2776682.RadioLastUpdateIPServer", "3");
user_pref("CT2776682.RadioLastUpdateServer", "3");
user_pref("CT2776682.RadioMediaID", "9962");
user_pref("CT2776682.RadioMediaType", "Media Player");
user_pref("CT2776682.RadioMenuSelectedID", "EBRadioMenu_CT27766829962");
user_pref("CT2776682.RadioShrinkedFromSetup", false);
user_pref("CT2776682.RadioStationName", "California%20Rock");
user_pref("CT2776682.RadioStationURL", "hxxp://feedlive.net/california.asx");
user_pref("CT2776682.revertSettingsEnabled", true);
user_pref("CT2776682.SavedHomepage", "hxxp://www.A1.net|hxxp://www.google.at/");
user_pref("CT2776682.SearchCaption", "BrotherSoft Extreme Customized Web Search");
user_pref("CT2776682.SearchEngineBeforeUnload", "BrotherSoft Extreme Customized Web Search");
user_pref("CT2776682.SearchFromAddressBarIsInit", true);
user_pref("CT2776682.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB6&ctid=CT2776682&SearchSource=2&q=");
user_pref("CT2776682.SearchInNewTabEnabled", true);
user_pref("CT2776682.SearchInNewTabIntervalMM", 1440);
user_pref("CT2776682.SearchInNewTabLastCheckTime", "Fri Apr 27 2012 18:39:37 GMT+0200");
user_pref("CT2776682.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2776682.searchProtectorDialogDelayInSec", 10);
user_pref("CT2776682.searchProtectorEnableByLogin", true);
user_pref("CT2776682.SearchProtectorEnabled", true);
user_pref("CT2776682.SearchProtectorToolbarDisabled", false);
user_pref("CT2776682.SendProtectorDataViaLogin", true);
user_pref("CT2776682.ServiceMapLastCheckTime", "Fri Apr 27 2012 18:39:33 GMT+0200");
user_pref("CT2776682.SettingsLastCheckTime", "Fri Apr 27 2012 18:39:33 GMT+0200");
user_pref("CT2776682.SettingsLastUpdate", "1334913815");
user_pref("CT2776682.SHRINK_TOOLBAR", 1);
user_pref("CT2776682.TBHomePageUrl", "hxxp://search.conduit.com/?SSPV=FFOB6&ctid=CT2776682&SearchSource=13");
user_pref("CT2776682.testingCtid", "");
user_pref("CT2776682.ThirdPartyComponentsInterval", 504);
user_pref("CT2776682.ThirdPartyComponentsLastCheck", "Fri Apr 27 2012 18:39:33 GMT+0200");
user_pref("CT2776682.ThirdPartyComponentsLastUpdate", "1312887586");
user_pref("CT2776682.toolbarAppMetaDataLastCheckTime", "Fri Apr 27 2012 18:39:35 GMT+0200");
user_pref("CT2776682.toolbarContextMenuLastCheckTime", "Fri Apr 27 2012 18:39:37 GMT+0200");
user_pref("CT2776682.ToolbarShrinkedFromSetup", false);
user_pref("CT2776682.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm");
user_pref("CT2776682.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2776682");
user_pref("CT2776682.usagesFlag", 2);
user_pref("CT2776682.UserID", "UN83809308579776669");
user_pref("CT2776682.ValidationData_Toolbar", 2);
user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB6&ctid=CT2776682&SearchSource=2&q=");
user_pref("tfp.CT2776682", true);

---- Lines CT2776682 modified from prefs.js ----


---- Lines conduit removed from prefs.js ----

user_pref("CommunityToolbar.ConduitSearchList", "BrotherSoft Extreme Customized Web Search");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1168776/1164461/AT", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "m4Df43NZ+9lr21ZNdyYrjA==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "B8Px/Te74hi98N2hb9yOAQ==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "bM8wQLfFAEKgVLVF/G5zig==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "cTVrc75U9YwdI74PAhUYFw==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.461", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"c463735a2d2570b66c8391e7673c21ff\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Paul Monetti\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\oh8g5m2f.default\\conduitCommon\\modules\\3.10.0.461");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

---- Lines conduit modified from prefs.js ----


---- Lines ask.com removed from prefs.js ----

user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.selectedEngine", "Ask.com");

---- Lines ask.com modified from prefs.js ----


---- Lines Web Search removed from prefs.js ----

user_pref("browser.search.defaultthis.engineName", "BrotherSoft Extreme Customized Web Search");

---- Lines Web Search modified from prefs.js ----


---- Lines asktb removed from prefs.js ----


---- Lines asktb modified from prefs.js ----


---- Lines Customized removed from prefs.js ----


---- Lines Customized modified from prefs.js ----


---- Lines yontoo removed from prefs.js ----


---- Lines yontoo modified from prefs.js ----

user_pref("extensions.enabledAddons", "plugin@yontoo.com:1.20.00,{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3,{51a86bb3-6602-4c85-92a5-130ee4864f13}:3.10.0.461,{972ce4c6-7e08-4474-a285-3208198ce6fd}:11.0");
user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\",\"mtime\":1334834666837},\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1332165948589},\"{B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11}\",\"mtime\":1329157593400}}},{\"name\":\"app-profile\",\"addons\":{\"plugin@yontoo.com\":{\"descriptor\":\"C:\\\\Users\\\\Paul Monetti\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\oh8g5m2f.default\\\\extensions\\\\plugin@yontoo.com\",\"mtime\":1318839689988},\"{51a86bb3-6602-4c85-92a5-130ee4864f13}\":{\"descriptor\":\"C:\\\\Users\\\\Paul Monetti\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\oh8g5m2f.default\\\\extensions\\\\{51a86bb3-6602-4c85-92a5-130ee4864f13}\",\"mtime\":1335544771369},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"descriptor\":\"C:\\\\Users\\\\Paul Monetti\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\oh8g5m2f.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"mtime\":1325855211793}}}]");

---- Lines CommunityToolbar removed from prefs.js ----

user_pref("CommunityToolbar.globalUserId", "eae01862-45e0-4750-a4fa-b04e51ffe7e5");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.461");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Apr 27 2012 18:39:38 GMT+0200");
user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Apr 27 2012 20:07:22 GMT+0200");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Apr 27 2012 18:39:35 GMT+0200");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "bbd7e2ac-6d05-4663-8248-c75e1d301759");
user_pref("CommunityToolbar.originalHomepage", "hxxp://www.A1.net|hxxp://www.google.at/");
user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");

---- Lines CommunityToolbar modified from prefs.js ----


---- FireFox user.js and prefs.js backups ---- 

user__1336_.backup
prefs__1336_.backup

==== Batch Command(s) Run By Tool======================

C:\Windows\System32\roboot64.exe deleted successfully

==== Deleting Files \ Folders ======================

"C:\Windows\SysNative\roboot64.exe" not found 
"C:\user.js" deleted
"C:\Users\Paul Monetti\AppData\Roaming\Mozilla\Firefox\Profiles\oh8g5m2f.default\searchplugins\holasearch.xml" deleted
"C:\Users\Paul Monetti\AppData\Roaming\Mozilla\Firefox\Profiles\oh8g5m2f.default\searchplugins\conduit.xml" deleted
"C:\user.js" deleted
"C:\Users\Paul Monetti\AppData\Roaming\Mozilla\Firefox\Profiles\oh8g5m2f.default\searchplugins\askcom.xml" deleted
"C:\Users\Paul Monetti\AppData\Roaming\Mozilla\Firefox\Profiles\oh8g5m2f.default\searchplugins\holasearch.xml" deleted
"C:\Users\Paul Monetti\Desktop\Search.lnk" deleted
"C:\Users\Paul Monetti\AppData\Roaming\Dikiy\yrik.tmp" deleted
"C:\Program Files (x86)\Ask.com\Updater\Updater.exe" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Interop.WMPLib.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\MACTrackBarLib.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Microsoft.Practices.EnterpriseLibrary.Logging.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.Base.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.DefaultBrowser.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ShareManagerLocalPlugin.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessEntities.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.Personalization.Settings.UserSettingsManager.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.Resources.SetBrowsersSettings.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.Resources.SetBrowsersSettingsAutoUpdater.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\SnapDo.exe" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll" deleted
"C:\Users\Paul Monetti\AppData\Roaming\Dikiy" deleted
"C:\Users\Paul Monetti\AppData\Roaming\Fepux" deleted
"C:\Program Files (x86)\Softonic" deleted
"C:\Program Files (x86)\Ask.com" deleted
"C:\Users\Paul Monetti\AppData\Roaming\DesktopIconForAmazon" deleted
"C:\Users\Paul Monetti\AppData\Roaming\BabSolution" deleted
"C:\Users\Paul Monetti\AppData\Roaming\Babylon" deleted
"C:\Users\Paul Monetti\AppData\Roaming\File Scout" deleted
"C:\Users\Paul Monetti\AppData\Roaming\PerformerSoft" deleted
"C:\Users\Paul Monetti\AppData\Roaming\OpenCandy" deleted
"C:\ProgramData\Ask" deleted
"C:\ProgramData\boost_interprocess" deleted
"C:\ProgramData\IBUpdaterService" deleted
"C:\ProgramData\Tarma Installer" deleted
"C:\ProgramData\Babylon" deleted
"C:\Users\Paul Monetti\AppData\Local\APN" deleted
"C:\Users\Paul Monetti\AppData\Local\PackageAware" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar" deleted
"C:\Users\Paul Monetti\AppData\LocalLow\AskToolbar" deleted
"C:\Users\Paul Monetti\AppData\LocalLow\Softonic" deleted
"C:\Users\Paul Monetti\AppData\LocalLow\Conduit" deleted
"C:\Users\Paul Monetti\AppData\Roaming\Mozilla\Firefox\Profiles\oh8g5m2f.default\CT2776682" deleted
"C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}" deleted
"C:\Users\Paul Monetti\AppData\Roaming\Mozilla\Firefox\Profiles\oh8g5m2f.default\extensions\ffxtlbra@softonic.com" deleted
"C:\Users\Paul Monetti\AppData\Roaming\Mozilla\Firefox\Profiles\oh8g5m2f.default\CT2776682" deleted
"C:\Users\Paul Monetti\AppData\Roaming\Mozilla\Firefox\Profiles\oh8g5m2f.default\conduitCommon" deleted
"C:\Users\Paul Monetti\AppData\Roaming\Mozilla\Firefox\Profiles\oh8g5m2f.default\extensions\toolbar@ask.com" deleted
"C:\Program Files (x86)\Ask.com\Updater" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application" deleted
"C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\de" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\PAULMO~1\AppData\Local\Temp ====
2013-04-26 09:58:01	3B32CAA07D672F8A2E0DF5CB3A873F45	22704	----a-w-	C:\Users\PAULMO~1\AppData\Local\Temp\ESGScanner.sys
2013-04-26 09:56:11	B825F93355A44F3E73D3BE619B4F7E9D	45938256	----a-w-	C:\Users\PAULMO~1\AppData\Local\Temp\SHSetup.exe
2013-04-25 11:34:52	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Users\PAULMO~1\AppData\Local\Temp\t7lnrtbx.dll
====== C:\Windows\SysWOW64 =====
2013-04-23 08:54:40	8255AD29A44B2E14B2DD99319F92A0AB	95648	----a-w-	C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2013-04-26 09:58:01	3B32CAA07D672F8A2E0DF5CB3A873F45	22704	----a-w-	C:\Windows\Sysnative\drivers\EsgScanner.sys
2013-04-24 13:00:26	B98F8C6E31CD07B2E6F71F7F648E38C0	1656680	----a-w-	C:\Windows\Sysnative\drivers\ntfs.sys
2013-04-10 17:04:47	8F6322049018354F45F05A2FD2D4E5E0	223752	----a-w-	C:\Windows\Sysnative\drivers\fvevol.sys
2013-04-03 08:14:55	B08740047145B9BCE15BF75CA0F9718A	31232	----a-w-	C:\Windows\Sysnative\drivers\tap0901t.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-04-26 09:57:56	--------	d-----w-	C:\Program Files\Enigma Software Group
======= C:\Program Files (x86) =====
2013-04-24 17:49:46	--------	d-----w-	C:\Program Files (x86)\Anvisoft
2013-04-11 23:20:53	--------	d-----w-	C:\Program Files (x86)\NCH Software
2013-04-08 13:20:06	--------	d-----w-	C:\Program Files (x86)\Common Files\Skype
2013-04-03 08:14:54	--------	d-----w-	C:\Program Files (x86)\Tunngle
======= C: =====
2013-04-26 09:58:18	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\autoexec.bat
====== C:\Users\Paul Monetti\AppData\Roaming ======
2013-04-24 17:51:08	--------	d-----w-	C:\users\Paul Monetti\AppData\Roaming\Anvisoft
2013-04-17 15:13:14	--------	d-----w-	C:\users\Paul Monetti\AppData\Roaming\Minecraft Version Changer
2013-04-11 23:20:49	--------	d-----w-	C:\users\Paul Monetti\AppData\Roaming\NCH Software
2013-04-11 23:06:48	--------	d-----w-	C:\users\Paul Monetti\AppData\Roaming\TuneUp Software
2013-04-03 10:05:36	--------	d-----w-	C:\users\Paul Monetti\AppData\Local\Warframe
2013-04-03 08:14:55	--------	d-----w-	C:\users\Paul Monetti\AppData\Roaming\Tunngle
2013-03-27 15:38:32	--------	d-----w-	C:\users\Paul Monetti\AppData\Local\http___www.minecraftversi
====== C:\Users\Paul Monetti ======
2013-04-24 17:49:50	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\anvisoft
2013-04-24 17:49:48	--------	d-----w-	C:\ProgramData\Anvisoft
2013-04-11 23:22:15	--------	d-----w-	C:\ProgramData\NCH Software
2013-04-11 23:20:55	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2013-04-11 23:20:54	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
2013-04-11 23:06:41	--------	d-----w-	C:\ProgramData\TuneUp Software
2013-04-11 23:06:33	--------	d-sh--w-	C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-04-11 23:06:33	--------	d--h--w-	C:\ProgramData\Common Files
2013-04-03 08:14:55	--------	d-----w-	C:\ProgramData\Tunngle
2013-04-03 08:14:55	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle

====== C: exe-files ==
2013-04-26 10:15:30	69C03B280F750D75A909A00533DEAC7A	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3554426051-1540142938-3766481223-1000\$I1OO021.exe
2013-04-26 10:15:30	4CBC5891E847AD19B00EFBE1B916E176	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3554426051-1540142938-3766481223-1000\$I4ZGKMD.exe
2013-04-26 10:15:30	1CBEE3945803D072186D1A04B6D7FD56	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3554426051-1540142938-3766481223-1000\$INOHRXC.exe
2013-04-26 10:08:47	883ECC763D0B8C3DA770E3CCD017CAE1	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3554426051-1540142938-3766481223-1000\$I1SRFQR.exe
2013-04-26 09:57:56	36B98B8197E1BE8E7382D29C1A3628AA	110080	----a-r-	C:\Users\Paul Monetti\AppData\Roaming\Microsoft\Installer\{22B3AE66-7A37-4118-BADB-3680C15CA366}\IconF7A21AF7.exe
2013-04-26 09:57:56	36B98B8197E1BE8E7382D29C1A3628AA	110080	----a-r-	C:\Users\Paul Monetti\AppData\Roaming\Microsoft\Installer\{22B3AE66-7A37-4118-BADB-3680C15CA366}\IconD7F16134.exe
2013-04-26 09:57:56	36B98B8197E1BE8E7382D29C1A3628AA	110080	----a-r-	C:\Users\Paul Monetti\AppData\Roaming\Microsoft\Installer\{22B3AE66-7A37-4118-BADB-3680C15CA366}\Icon1226A4C5.exe
2013-04-26 09:56:53	8BE4ED63F6E098F75F8996541791C231	190411	----a-w-	C:\Windows\22B3AE667A374118BADB3680C15CA366.TMP\WiseCustomCalla36.exe
2013-04-26 09:56:11	B825F93355A44F3E73D3BE619B4F7E9D	45938256	----a-w-	C:\Users\Paul Monetti\AppData\Local\Temp\SHSetup.exe
2013-04-26 09:56:02	705AB04AA52ED9C61DAA52CCC12E81E8	726464	----a-w-	C:\$Recycle.Bin\S-1-5-21-3554426051-1540142938-3766481223-1000\$R1SRFQR.exe
2013-04-26 09:55:07	725C9E9FBBF23B0BA026F49F5CAA6490	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3554426051-1540142938-3766481223-1000\$IZWUJWF.exe
2013-04-26 09:54:44	705AB04AA52ED9C61DAA52CCC12E81E8	726464	----a-w-	C:\$Recycle.Bin\S-1-5-21-3554426051-1540142938-3766481223-1000\$RZWUJWF.exe
2013-04-26 09:51:06	8EA5F3CF9BE70DCEF24C90FAC792D6DB	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3554426051-1540142938-3766481223-1000\$IAHOIRV.exe
2013-04-26 09:49:11	EEA0B34B60632083F2A75352BAE365FB	726464	----a-w-	C:\$Recycle.Bin\S-1-5-21-3554426051-1540142938-3766481223-1000\$RAHOIRV.exe
2013-04-26 09:23:03	88E3225D42EB43D99A519080E039FEE4	42880	----a-w-	C:\Users\Paul Monetti\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe
2013-04-26 09:23:03	2E57DACBE8A01C86B132347C8815E1BB	176640	----a-w-	C:\Users\Paul Monetti\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\instApp.exe
2013-04-26 09:23:03	26DF0B104A46B1B51EF93E534C645BCA	246408	----a-w-	C:\Users\Paul Monetti\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe
2013-04-24 22:35:44	1119008C782209A0ADE18F9C668E453F	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3554426051-1540142938-3766481223-1000\$ICXPCOA.exe
2013-04-24 21:32:29	3B5D679E1723CE19DBC1D43F7B2420F2	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3554426051-1540142938-3766481223-1000\$IOLM9ZW.exe
2013-04-24 21:32:11	8B48212CC2DF6AF89DB19456FB05BA0C	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3554426051-1540142938-3766481223-1000\$I1HR46Y.exe
2013-04-24 21:31:40	1EE4CB74F4A817474A65209CA93B06A2	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3554426051-1540142938-3766481223-1000\$I38LRYE.exe
2013-04-24 17:49:30	F782FC2022E2869974461F8AABBD00F4	29016792	----a-w-	C:\Users\Paul Monetti\Desktop\asdsetup.exe
2013-04-24 17:48:34	F782FC2022E2869974461F8AABBD00F4	29016792	----a-w-	C:\Users\Paul Monetti\Downloads\asdsetup.exe
2013-04-23 15:50:04	2155FC1467A7E1429E4DF8303692B79B	592120	----a-w-	C:\$Recycle.Bin\S-1-5-21-3554426051-1540142938-3766481223-1000\$RCXPCOA.exe
2013-04-23 14:31:07	A1A02E70A0EB8550AC91A29A84E9F498	104448	----a-w-	C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\vtex.exe
2013-04-23 10:14:17	94D8E6A99F3CCB5217EB9CEDBFA62CE4	8405504	----a-w-	C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\bin\studiomdl.exe
2013-04-23 08:41:38	AAD923999DF6889F91F10BE68FF044C8	237568	----a-w-	C:\Program Files (x86)\Steam\steamerrorreporter64.exe
2013-04-21 09:45:01	3E51B0811B96CDC09A0ED0CE64B473FD	256936	----a-w-	C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
2013-04-20 11:56:10	81E25287C860D7C491EF8E921AADFAFC	21889048	----a-w-	C:\Program Files (x86)\Steam\SteamApps\common\Warframe\Warframe.x64.exe
2013-04-20 11:56:10	7ED4F46EE98C1056CDA084FB7D13FA4E	218648	----a-w-	C:\Program Files (x86)\Steam\SteamApps\common\Warframe\Tools\RemoteCrashSender.exe
2013-04-20 11:56:10	6D5F2D1FC8AFB8FD61C4D12F67A7F725	536088	----a-w-	C:\Program Files (x86)\Steam\SteamApps\common\Warframe\Tools\JiraClient.exe
=== C: other files ==
2013-04-26 10:15:30	C078838BF6F91D4A94C6670CC281AEED	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3554426051-1540142938-3766481223-1000\$IPIOYC6.com
2013-04-26 10:15:30	918E7C442F689489A5A78C2CD5D18263	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3554426051-1540142938-3766481223-1000\$IV9ZENF.sys
2013-04-26 10:15:30	736B0654E0211F55C6AAE040C6258A71	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3554426051-1540142938-3766481223-1000\$IFZVCBA.sys
2013-04-26 09:58:18	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\autoexec.bat
2013-04-26 09:58:06	67F37164CFE532E69FC4330C0A6C200D	7396224	----a-w-	C:\$Recycle.Bin\S-1-5-21-3554426051-1540142938-3766481223-1000\$RPIOYC6.com
2013-04-26 09:58:01	3B32CAA07D672F8A2E0DF5CB3A873F45	22704	----a-w-	C:\Windows\System32\drivers\EsgScanner.sys
2013-04-26 09:58:01	3B32CAA07D672F8A2E0DF5CB3A873F45	22704	----a-w-	C:\Users\Paul Monetti\AppData\Local\Temp\ESGScanner.sys
2013-04-26 09:23:49	41FC466B8000A19217A9B8A6ED5071F3	77	----a-w-	C:\Users\Paul Monetti\AppData\Local\Temp\uttE021.tmp.bat
2013-04-24 13:00:26	B98F8C6E31CD07B2E6F71F7F648E38C0	1656680	----a-w-	C:\Windows\System32\drivers\ntfs.sys
2013-04-23 15:50:04	24A8D8EA8E70B7992CA70F1A928277DD	556220	----a-w-	C:\Users\Paul Monetti\Desktop\SkinEdit_alpha3_pre7_fix.zip
2013-04-22 18:59:28	FA7A076D8BDD3201E730E3423AD748B9	15946280	----a-w-	C:\Users\Paul Monetti\Desktop\M-Server\Maps\THE DROPPER by BIGRE.zip
2013-04-22 18:58:04	FA7A076D8BDD3201E730E3423AD748B9	15946280	----a-w-	C:\Users\Paul Monetti\Downloads\THE DROPPER by BIGRE.zip
2013-04-19 11:46:50	879FA0E07E170A102A92E60E13394AB5	1179364	----a-w-	C:\Users\Paul Monetti\Desktop\M-Server\Maps\JumpNis 1.0.zip
2013-04-19 11:45:36	879FA0E07E170A102A92E60E13394AB5	1179364	----a-w-	C:\Users\Paul Monetti\AppData\Roaming\.minecraft\saves\JumpNis 1.0.zip
2013-04-19 11:45:16	879FA0E07E170A102A92E60E13394AB5	1179364	----a-w-	C:\Users\Paul Monetti\Downloads\JumpNis 1.0.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3554426051-1540142938-3766481223-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
"E-MU USB Audio Control Panel"="C:\Program Files (x86)\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe"
"dG11901JbDiO11901"="C:\ProgramData\dG11901JbDiO11901\dG11901JbDiO11901.exe"
"MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe"
"Google Update"="C:\Users\Paul Monetti\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Spotify Web Helper"="C:\Users\Paul Monetti\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Sidebar"="C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun"
"Browser Infrastructure Helper"="C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\SnapDo.exe startup"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"amd_dc_opt"="C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"UpdReg"="C:\Windows\UpdReg.EXE"
"A1Webassistent"="C:\Program Files (x86)\A1\A1 Webassistent\A1Webassistent.exe /auto"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"CanonSolutionMenuEx"="C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon"
"LogMeIn Hamachi Ui"="C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"ApnUpdater"="C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
"E-MU USB Audio Control Panel"="C:\Program Files (x86)\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe"
"dG11901JbDiO11901"="C:\ProgramData\dG11901JbDiO11901\dG11901JbDiO11901.exe"
"MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe"
"Google Update"="C:\Users\Paul Monetti\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Spotify Web Helper"="C:\Users\Paul Monetti\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Sidebar"="C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun"
"Browser Infrastructure Helper"="C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\SnapDo.exe startup"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"

==== Startup Folders ======================

2012-01-30 11:11:36	1062	----a-w-	C:\users\Paul Monetti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2013-02-23 12:50:23	2046	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
2011-08-29 11:21:55	2003	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3554426051-1540142938-3766481223-1000Core.job --a------ C:\Users\Paul Monetti\AppData\Local\Google\Update\GoogleUpdate.exe [28.04.2012 15:07]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3554426051-1540142938-3766481223-1000UA.job --a------ [Undertermined Task]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Paul Monetti\AppData\Roaming\Mozilla\Firefox\Profiles\oh8g5m2f.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Controller - %AppDir%\extensions\{B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11}

==== Firefox Plugins ======================

Profilepath: C:\Users\Paul Monetti\AppData\Roaming\Mozilla\Firefox\Profiles\oh8g5m2f.default
87132527E2256CF6683A18C4EB34DD3B	- C:\Windows\system32\Wat\npWatWeb.dll -	Windows Activation Technologies


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaaojmikegpiepcfdkkjaplodkpfmlo - C:\Users\Paul Monetti\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
amfclgbdpgndipgoegfpkkgobahigbcl - C:\Users\Paul Monetti\AppData\Local\Smartbar/Application\1Extension.crx[]

YouTube - Paul Monetti - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Paul Monetti - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Paul Monetti - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Gmail - Paul Monetti - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=943700FFFE52AFE9"
"Search Page"="hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=a793d02c-b28f-4039-b3ad-32815303901c&searchtype=ds&q={searchTerms}&installDate=12/04/2013"
"Search Bar"="hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=a793d02c-b28f-4039-b3ad-32815303901c&searchtype=ds&q={searchTerms}&installDate=12/04/2013"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=a793d02c-b28f-4039-b3ad-32815303901c&searchtype=ds&q={searchTerms}&installDate=12/04/2013"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=a793d02c-b28f-4039-b3ad-32815303901c&searchtype=ds&q={searchTerms}&installDate=12/04/2013"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=a793d02c-b28f-4039-b3ad-32815303901c&searchtype=ds&q={searchTerms}&installDate=12/04/2013"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=a793d02c-b28f-4039-b3ad-32815303901c&searchtype=ds&q={searchTerms}&installDate=12/04/2013"
"SearchAssistant"="hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=a793d02c-b28f-4039-b3ad-32815303901c&searchtype=ds&q={searchTerms}&installDate=12/04/2013"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3554426051-1540142938-3766481223-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully
HKEY_USERS\S-1-5-21-3554426051-1540142938-3766481223-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully
HKEY_USERS\S-1-5-21-3554426051-1540142938-3766481223-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68} deleted successfully
HKEY_USERS\S-1-5-21-3554426051-1540142938-3766481223-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3554426051-1540142938-3766481223-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Paul Monetti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Paul Monetti\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Paul Monetti\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Paul Monetti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\users\Paul Monetti\AppData\Local\Mozilla\Firefox\Profiles\oh8g5m2f.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\users\Paul Monetti\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\users\Paul Monetti\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\PAULMO~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Paul Monetti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
Code:
ATTFilter
OTL logfile created on: 26.04.2013 13:59:16 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Paul Monetti\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 55,98% Memory free
8,00 Gb Paging File | 5,58 Gb Available in Paging File | 69,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 568,29 Gb Free Space | 61,01% Space Free | Partition Type: NTFS
 
Computer Name: PAULMONETTI-PC | User Name: Paul Monetti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.26 13:57:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Paul Monetti\Desktop\OTL.exe
PRC - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013.04.19 23:10:48 | 001,631,144 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013.04.16 17:08:53 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Paul Monetti\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Paul Monetti\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012.12.10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011.08.04 14:33:20 | 018,577,272 | ---- | M] (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) -- C:\Program Files (x86)\A1\A1 Webassistent\A1Webassistent.exe
PRC - [2011.07.09 17:35:15 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.21 05:25:10 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2010.09.03 16:18:00 | 000,319,488 | ---- | M] (E-MU Systems) -- C:\Program Files (x86)\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe
PRC - [2010.04.05 21:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
PRC - [2010.04.02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.19 23:10:50 | 001,114,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2013.04.09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Users\Paul Monetti\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
MOD - [2013.04.09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Users\Paul Monetti\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013.04.09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Users\Paul Monetti\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013.04.09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Users\Paul Monetti\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013.04.09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Users\Paul Monetti\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013.03.27 02:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013.03.26 00:23:34 | 000,651,776 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2012.12.11 19:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.12.11 19:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.12.11 19:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007.09.17 12:36:04 | 001,720,320 | ---- | M] () -- C:\Program Files (x86)\Creative Professional\E-MU USB Audio\QtCore4.dll
MOD - [2006.10.20 20:25:18 | 003,969,024 | ---- | M] () -- C:\Program Files (x86)\Creative Professional\E-MU USB Audio\QtGui4.dll
MOD - [2006.10.20 20:20:14 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Creative Professional\E-MU USB Audio\QtXml4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.11.07 23:29:07 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.10.12 17:19:48 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010.10.06 23:40:30 | 000,026,624 | ---- | M] (E-MU Systems) [Auto | Running] -- C:\Windows\SysNative\emaudsv.exe -- (emaudsv)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.04.23 14:48:24 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.20 18:45:14 | 000,746,392 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013.01.14 21:34:36 | 001,024,384 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.07.09 17:35:15 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.04.05 21:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.06.22 11:01:32 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.07 23:36:11 | 010,207,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.11.07 23:35:32 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.11.07 23:29:29 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.08.02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.07.09 17:35:15 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.09 17:35:15 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.06 23:42:06 | 000,215,000 | ---- | M] (E-MU Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emusba10.sys -- (emusba10)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011.06.24 07:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3554426051-1540142938-3766481223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3554426051-1540142938-3766481223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3554426051-1540142938-3766481223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\S-1-5-21-3554426051-1540142938-3766481223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A1 5F 10 03 CA 3D CC 01  [binary data]
IE - HKU\S-1-5-21-3554426051-1540142938-3766481223-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3554426051-1540142938-3766481223-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3554426051-1540142938-3766481223-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-3554426051-1540142938-3766481223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: plugin@disabled.com:1.20.00
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledAddons: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.10.0.461
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Paul Monetti\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Paul Monetti\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
 
 
[2011.07.09 02:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul Monetti\AppData\Roaming\mozilla\Extensions
[2013.04.26 13:37:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul Monetti\AppData\Roaming\mozilla\Firefox\Profiles\oh8g5m2f.default\extensions
[2012.01.06 15:06:51 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\Paul Monetti\AppData\Roaming\mozilla\firefox\profiles\oh8g5m2f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.04.27 20:23:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.19 13:24:26 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.13 20:26:33 | 000,000,000 | ---D | M] (Controller) -- C:\Program Files (x86)\mozilla firefox\extensions\{B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=943700FFFE52AFE9
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Paul Monetti\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Paul Monetti\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Paul Monetti\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Paul Monetti\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Paul Monetti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Paul Monetti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Paul Monetti\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Google Mail = C:\Users\Paul Monetti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012.11.06 16:07:50 | 000,001,052 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1       ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1       onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1       orbitservice.ubi.com
O1 - Hosts: 127.0.0.1       ubisoft-orbit-savegames.s3.amazonaws.com
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [A1Webassistent] C:\Program Files (x86)\A1\A1 Webassistent\A1Webassistent.exe (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3554426051-1540142938-3766481223-1000..\Run: [Browser Infrastructure Helper] C:\Users\Paul Monetti\AppData\Local\Smartbar\Application\SnapDo.exe startup File not found
O4 - HKU\S-1-5-21-3554426051-1540142938-3766481223-1000..\Run: [dG11901JbDiO11901] C:\ProgramData\dG11901JbDiO11901\dG11901JbDiO11901.exe File not found
O4 - HKU\S-1-5-21-3554426051-1540142938-3766481223-1000..\Run: [diskskey] rundll32 "C:\Users\PAULMO~1\AppData\Local\Temp\InfDhost64.dll",CreateProcessNotify File not found
O4 - HKU\S-1-5-21-3554426051-1540142938-3766481223-1000..\Run: [E-MU USB Audio Control Panel] C:\Program Files (x86)\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe (E-MU Systems)
O4 - HKU\S-1-5-21-3554426051-1540142938-3766481223-1000..\Run: [mfpmntui] rundll32 "C:\Users\PAULMO~1\AppData\Local\Temp\InfDhost.dll",CreateProcessNotify File not found
O4 - HKU\S-1-5-21-3554426051-1540142938-3766481223-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3554426051-1540142938-3766481223-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3554426051-1540142938-3766481223-1000..\Run: [Spotify Web Helper] C:\Users\Paul Monetti\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3554426051-1540142938-3766481223-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Paul Monetti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Paul Monetti\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3554426051-1540142938-3766481223-1000\..Trusted Domains: blank ([]about in Local intranet)
O15 - HKU\S-1-5-21-3554426051-1540142938-3766481223-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3554426051-1540142938-3766481223-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3554426051-1540142938-3766481223-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3554426051-1540142938-3766481223-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB0AEF37-4745-4A2D-BE24-84DEC6BAD1A7}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5786B85-F760-46DA-ABB1-E0DB45A82166}: DhcpNameServer = 213.162.69.169 213.162.69.170
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.04.26 11:58:18 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{767fe63c-0a10-11e2-be59-485b39f198a5}\Shell - "" = AutoRun
O33 - MountPoints2\{767fe63c-0a10-11e2-be59-485b39f198a5}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.26 13:57:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Paul Monetti\Desktop\OTL.exe
[2013.04.26 13:44:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.26 13:41:33 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2013.04.26 13:41:33 | 000,000,000 | ---D | C] -- C:\Users\Paul Monetti\AppData\Local\Temp
[2013.04.26 11:57:56 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.04.26 11:57:56 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.04.24 19:51:08 | 000,000,000 | ---D | C] -- C:\Users\Paul Monetti\AppData\Roaming\Anvisoft
[2013.04.24 19:49:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\anvisoft
[2013.04.24 19:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2013.04.24 19:49:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2013.04.23 10:54:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.23 10:54:40 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.04.23 10:54:40 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.04.23 10:54:40 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.19 13:46:27 | 000,000,000 | ---D | C] -- C:\Users\Paul Monetti\Desktop\M-Server
[2013.04.17 17:13:14 | 000,000,000 | ---D | C] -- C:\Users\Paul Monetti\AppData\Roaming\Minecraft Version Changer
[2013.04.15 22:18:40 | 000,000,000 | ---D | C] -- C:\Users\Paul Monetti\Desktop\mc-mods
[2013.04.12 01:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2013.04.12 01:20:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2013.04.12 01:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2013.04.12 01:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2013.04.12 01:20:49 | 000,000,000 | ---D | C] -- C:\Users\Paul Monetti\AppData\Roaming\NCH Software
[2013.04.12 01:06:48 | 000,000,000 | ---D | C] -- C:\Users\Paul Monetti\AppData\Roaming\TuneUp Software
[2013.04.12 01:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.04.12 01:06:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.04.12 01:06:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.04.11 13:39:02 | 000,000,000 | ---D | C] -- C:\Users\Paul Monetti\Desktop\Edits
[2013.04.11 12:39:20 | 000,000,000 | ---D | C] -- C:\Fraps
[2013.04.11 12:38:13 | 000,000,000 | ---D | C] -- C:\Users\Paul Monetti\Desktop\Images
[2013.04.11 12:37:51 | 000,000,000 | ---D | C] -- C:\Users\Paul Monetti\Desktop\Audio
[2013.04.11 02:01:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.11 02:01:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.11 02:01:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.11 02:01:20 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.11 02:01:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.11 02:01:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.11 02:01:20 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.11 02:01:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.11 02:01:19 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.11 02:01:19 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.11 02:01:19 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.11 02:01:19 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.11 02:01:18 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.11 02:01:18 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.11 02:01:18 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.10 19:04:55 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.10 19:04:54 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.10 19:04:54 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.04.10 19:04:54 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.04.10 19:04:54 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.04.10 19:04:54 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.04.10 19:04:41 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 19:04:40 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 19:04:39 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 19:04:38 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 19:04:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 19:04:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.08 15:20:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.05 14:20:13 | 003,021,312 | ---- | C] (hxxp://www.minecraftversionchanger.de) -- C:\Users\Paul Monetti\Desktop\minecraftversionchanger.exe
[2013.04.03 12:05:36 | 000,000,000 | ---D | C] -- C:\Users\Paul Monetti\AppData\Local\Warframe
[2013.04.03 10:22:33 | 000,000,000 | ---D | C] -- C:\Users\Paul Monetti\Desktop\Aufnahme
[2013.04.03 10:14:55 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\Windows\SysNative\drivers\tap0901t.sys
[2013.04.03 10:14:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tunngle
[2013.04.03 10:14:55 | 000,000,000 | ---D | C] -- C:\Users\Paul Monetti\Documents\Tunngle
[2013.04.03 10:14:55 | 000,000,000 | ---D | C] -- C:\Users\Paul Monetti\AppData\Roaming\Tunngle
[2013.04.03 10:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle
[2013.04.03 10:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
[2013.04.03 10:14:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tunngle
[2013.03.29 01:06:42 | 000,000,000 | ---D | C] -- C:\Users\Paul Monetti\Desktop\Pokemon
[2013.03.27 17:38:32 | 000,000,000 | ---D | C] -- C:\Users\Paul Monetti\AppData\Local\http___www.minecraftversi
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.26 13:57:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Paul Monetti\Desktop\OTL.exe
[2013.04.26 13:51:00 | 000,022,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 13:51:00 | 000,022,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 13:43:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.26 13:43:05 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.26 13:31:13 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2013.04.26 13:31:07 | 001,267,788 | ---- | M] () -- C:\Users\Paul Monetti\Desktop\zoek (1).exe
[2013.04.26 13:28:00 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3554426051-1540142938-3766481223-1000UA.job
[2013.04.26 11:58:18 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.04.26 11:57:57 | 000,002,272 | ---- | M] () -- C:\Users\Paul Monetti\Desktop\SpyHunter.lnk
[2013.04.24 23:28:04 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3554426051-1540142938-3766481223-1000Core.job
[2013.04.24 19:48:56 | 029,016,792 | ---- | M] () -- C:\Users\Paul Monetti\Desktop\asdsetup.exe
[2013.04.24 17:10:51 | 000,556,220 | ---- | M] () -- C:\Users\Paul Monetti\Desktop\SkinEdit_alpha3_pre7_fix.zip
[2013.04.14 19:31:30 | 000,221,556 | ---- | M] () -- C:\Users\Paul Monetti\Desktop\Potion_Flow.png
[2013.04.11 15:29:35 | 000,046,080 | ---- | M] () -- C:\Users\Paul Monetti\Desktop\keymaker.exe
[2013.04.11 12:28:49 | 000,002,409 | ---- | M] () -- C:\Users\Paul Monetti\Desktop\Google Chrome.lnk
[2013.04.11 12:11:11 | 000,288,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.09 13:09:38 | 001,642,220 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.09 13:09:38 | 000,707,316 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.09 13:09:38 | 000,660,934 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.09 13:09:38 | 000,152,908 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.09 13:09:38 | 000,125,124 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.06 02:29:52 | 038,357,365 | ---- | M] () -- C:\Users\Paul Monetti\Desktop\r3d_craft_texture_packs.rar.rar
[2013.04.05 14:20:08 | 003,021,312 | ---- | M] (hxxp://www.minecraftversionchanger.de) -- C:\Users\Paul Monetti\Desktop\minecraftversionchanger.exe
[2013.04.04 05:35:05 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.04 05:30:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.04.04 05:29:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.04.03 11:51:40 | 000,000,222 | ---- | M] () -- C:\Users\Paul Monetti\Desktop\Warframe.url
[2013.04.03 10:39:21 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2013.04.03 10:14:55 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2013.04.02 11:10:26 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.02 11:10:26 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.29 13:50:10 | 000,001,062 | ---- | M] () -- C:\Users\Paul Monetti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.03.29 13:49:49 | 000,001,044 | ---- | M] () -- C:\Users\Paul Monetti\Desktop\Dropbox.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.26 13:41:33 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2013.04.26 13:31:08 | 001,267,788 | ---- | C] () -- C:\Users\Paul Monetti\Desktop\zoek (1).exe
[2013.04.26 11:58:18 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.04.26 11:58:01 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys
[2013.04.26 11:57:57 | 000,002,272 | ---- | C] () -- C:\Users\Paul Monetti\Desktop\SpyHunter.lnk
[2013.04.24 19:49:30 | 029,016,792 | ---- | C] () -- C:\Users\Paul Monetti\Desktop\asdsetup.exe
[2013.04.23 17:50:04 | 000,556,220 | ---- | C] () -- C:\Users\Paul Monetti\Desktop\SkinEdit_alpha3_pre7_fix.zip
[2013.04.14 19:31:18 | 000,221,556 | ---- | C] () -- C:\Users\Paul Monetti\Desktop\Potion_Flow.png
[2013.04.12 14:20:07 | 000,002,702 | ---- | C] () -- C:\Users\Paul Monetti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013.04.12 01:22:18 | 000,001,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Audiobearbeitungs-Software.lnk
[2013.04.12 01:20:53 | 000,001,186 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Videobearbeitungs-Software.lnk
[2013.04.11 15:29:51 | 000,046,080 | ---- | C] () -- C:\Users\Paul Monetti\Desktop\keymaker.exe
[2013.04.06 02:29:56 | 038,357,365 | ---- | C] () -- C:\Users\Paul Monetti\Desktop\r3d_craft_texture_packs.rar.rar
[2013.04.03 11:51:40 | 000,000,222 | ---- | C] () -- C:\Users\Paul Monetti\Desktop\Warframe.url
[2013.04.03 10:39:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2013.04.03 10:14:55 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2012.11.19 09:33:32 | 000,065,656 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2012.11.19 09:33:30 | 000,022,640 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2012.11.17 20:38:35 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2012.11.17 20:35:41 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2012.11.17 20:35:39 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2012.09.29 18:22:21 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Remove.exe
[2012.04.28 16:16:18 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll
[2012.02.17 16:28:47 | 000,006,148 | -H-- | C] () -- C:\Users\Paul Monetti\.DS_Store
[2011.11.07 23:34:55 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.11.02 23:41:21 | 000,002,319 | R--- | C] () -- C:\Windows\SysWow64\emaud.ini
[2011.11.02 23:41:21 | 000,000,035 | R--- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2011.10.24 17:38:53 | 000,000,100 | ---- | C] () -- C:\Users\Paul Monetti\AppData\Local\fusioncache.dat
[2011.10.24 17:37:39 | 001,619,178 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.19 23:14:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.09.09 20:08:42 | 000,088,886 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.08.29 13:22:13 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.09 01:31:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 60 bytes -> C:\Users\Paul Monetti\.DS_Store:AFP_AfpInfo

< End of report >


Alt 26.04.2013, 13:21   #6
smeenk
/// Malwareteam / Visitor
 
Hola search virus loswerden! - Standard

Hola search virus loswerden!


Öffne nochmal ZOEK und kopiere untenstehende Code in das Textfeld:

Code:
ATTFilter
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
"ApnUpdater"=-;r
chrdefaults;
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
"Browser Infrastructure Helper"=-;r
Drucke "Run Script".

Poste mir das neue Log von Zoek.

Alt 26.04.2013, 13:33   #7
Clars
 
Hola search virus loswerden! - Standard

Hola search virus loswerden!


Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 23-04-2013
Tool run by Paul Monetti on 26.04.2013 at 14:30:13,65.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results26.04.2013-1343.log	50850 bytes

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"ApnUpdater"=- 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] 
"Browser Infrastructure Helper"=- 

==== Reset Google Chrome ======================

C:\users\Paul Monetti\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\users\Paul Monetti\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

Alt 26.04.2013, 13:48   #8
smeenk
/// Malwareteam / Visitor
 
Hola search virus loswerden! - Standard

Hola search virus loswerden!


Merkst du noch einige Probleme?

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Alt 26.04.2013, 14:00   #9
Clars
 
Hola search virus loswerden! - Standard

Hola search virus loswerden!


Code:
ATTFilter
# AdwCleaner v2.202 - Datei am 26/04/2013 um 14:56:07 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Paul Monetti - PAULMONETTI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Paul Monetti\Desktop\adwcleaner (1).exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Paul Monetti\AppData\Local\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\SmartbarBackup
Schlüssel Gelöscht : HKCU\Software\SmartbarLog
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2776682
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\522dddee73fe444
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Datei : C:\Users\Paul Monetti\AppData\Roaming\Mozilla\Firefox\Profiles\oh8g5m2f.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\Paul Monetti\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [10750 octets] - [26/04/2013 14:56:07]

########## EOF - C:\AdwCleaner[S1].txt - [10811 octets] ##########

Alt 26.04.2013, 14:14   #10
smeenk
/// Malwareteam / Visitor
 
Hola search virus loswerden! - Standard

Hola search virus loswerden!


Wir machen weiter

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers




Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
Alt 26.04.2013, 14:49   #11
Clars
 
Hola search virus loswerden! - Standard

Hola search virus loswerden!


der log vom ersten scan:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.26.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Paul Monetti :: PAULMONETTI-PC [administrator]

26.04.2013 15:29:13
mbar-log-2013-04-26 (15-29-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30465
Time elapsed: 10 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mfpmntui (Trojan.RedirRdll4.Gen) -> Data: rundll32 "C:\Users\PAULMO~1\AppData\Local\Temp\InfDhost.dll",CreateProcessNotify -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|diskskey (Trojan.RedirRdll4.Gen) -> Data: rundll32 "C:\Users\PAULMO~1\AppData\Local\Temp\InfDhost64.dll",CreateProcessNotify -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
der log vom 2.:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.26.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Paul Monetti :: PAULMONETTI-PC [administrator]

26.04.2013 15:47:20
mbar-log-2013-04-26 (15-47-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30434
Time elapsed: 11 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
der Scan non Security Check läuft gerade

So, hier der Security Check log:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.62  
 Windows 7 Service Pack 1 x64   
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
AntiVir Desktop   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.1    
 Java 7 Update 21  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 11.6.602.180  
 Adobe Reader 8 Adobe Reader out of Date! 
 Google Chrome 26.0.1410.43  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
Es sieht so aus als hätte es funktioniert
Ist das nachdem was du aus den Logs ablesen kannst so, oder
mach ich mir grad falsche Hoffnungen?

Ich kann zumindest Programme wieder laufen, die ich aufgrund der
Überlastung des Rechners durch den Virus, vorher nicht laufen konnte.

Ich habe da noch ein kleines problem.
Ich habe den SpyHunter downgeloadet bevor ich in diesem Forum nach Hilfe gefragt habe.
Habe dann gelesen dass das auch ein Virus ist. Kann das Programm jetzt aber nicht löschen.

Wenn ich den gesamten Ordner löschen möchte stet:
"Die Aktion kann nicht abgeschlossen werden, da der Ordner (oder eine Datei darin) in einem anderen Programm geöffnet ist."
Ich habe aber keine Ahnung wo.
Wie bekomme ich den SpyHunter weg?

Alt 26.04.2013, 17:29   #12
smeenk
/// Malwareteam / Visitor
 
Hola search virus loswerden! - Standard

Hola search virus loswerden!


SpyHunter kannst du nicht deïnstallieren?
Windows 7 ? Programme ordnungsgemäß deinstallieren


Mach zuerst mal diese check: https://www.mozilla.org/de/plugincheck/
Wenn es Veraltete Versionen gibt kannst du die aktualisieren lassen.

Danach erneut SecurityCheck.exe drehen und mir der neue checkup.txt senden

Alt 26.04.2013, 19:54   #13
Clars
 
Hola search virus loswerden! - Standard

Hola search virus loswerden!


Über die Systemsteuerung hab ichs eh auch schon versucht,
da muss ich zulassen das von "C:\Windows\Installer\21e6ab.msi" (Herausgeber: Unbekannt, Dateiursprung: Festplatte dieses Computers) Veränderungen an meinem Rechner vorgenommen werden.

Ist diese Datei ungefährlich?
(sry das ich so übervorsichtig bin)

So, habs jetzt einfach gemacht und schein deinstalliert zu sein.
Hier noch der log vom Security Check:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.62  
 Windows 7 Service Pack 1 x64   
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
AntiVir Desktop   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.1    
 Java 7 Update 21  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 11.6.602.180  
 Adobe Reader 8 Adobe Reader out of Date! 
 Google Chrome 26.0.1410.43  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 windows defender MpCmdRun.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
Habe noch ein Update mit meinem Avira AntiVir gemacht, danach noch nen scan mit Security Check

Code:
ATTFilter
mo Results of screen317's Security Check version 0.99.62  
 Windows 7 Service Pack 1 x64   
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
AntiVir Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.1    
 Java 7 Update 21  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 11.6.602.180  
 Adobe Reader 8 Adobe Reader out of Date! 
 Google Chrome 26.0.1410.43  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Alt 26.04.2013, 21:43   #14
smeenk
/// Malwareteam / Visitor
 
Hola search virus loswerden! - Standard

Hola search virus loswerden!


Adobe Reader braucht eine Update: Adobe - Adobe Reader herunterladen - Alle Versionen (McAfee Security Scan abwahlen )

Alt 27.04.2013, 12:20   #15
Clars
 
Hola search virus loswerden! - Standard

Hola search virus loswerden!


McAfee hat 3 Probleme erkannt.

Welches Programm soll ich drüberlaufen lassen?

Antwort
Seite 1 von 3 1 23

Themen zu Hola search virus loswerden!
anbieten, anderen, biete, deinstallations, download, durchs, einzige, einzigen, entferne, forum, hola search, holasearch, installiert, loswerden, lösung, rechner, sache, search, tagen, trojan.redirrdll4.gen, versuche, virus, win32/packed.vmprotect.aaa, win32/packed.vmprotect.aaatrojan


« Polizei AKM/BKA Trojaner | Windows 7: Nach Start weißer Bildschirm mit "Die Navigation zu der Webseite wurde abgebrochen" »


Ähnliche Themen: Hola search virus loswerden!


  1. Hola Search lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 23.01.2014 (5)
  2. Hola Search - lässt sich nicht entfernen, nichts zum deinstallieren?
    Plagegeister aller Art und deren Bekämpfung - 30.11.2013 (9)
  3. Malware gefunden (Hola Search)
    Plagegeister aller Art und deren Bekämpfung - 11.09.2013 (13)
  4. probleme bei der entfernung von hola search
    Log-Analyse und Auswertung - 29.08.2013 (3)
  5. Hola Search löschen bei windows 8
    Log-Analyse und Auswertung - 21.08.2013 (9)
  6. hola search, Viren und Trojaner ?
    Plagegeister aller Art und deren Bekämpfung - 09.08.2013 (11)
  7. Wie bekomme ich Hola Search wieder von meinem Laptop?
    Plagegeister aller Art und deren Bekämpfung - 26.07.2013 (5)
  8. Grafiktreiberproblem und Hola Search lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.07.2013 (7)
  9. Hola Search komplett entfernen
    Log-Analyse und Auswertung - 13.07.2013 (13)
  10. Hola Search lässt sich nicht entfernen
    Log-Analyse und Auswertung - 26.06.2013 (5)
  11. Hola Search lässt sich nicht entfernen
    Log-Analyse und Auswertung - 30.05.2013 (12)
  12. Hola Search und Bing Bar sicher entfernen
    Log-Analyse und Auswertung - 27.05.2013 (14)
  13. Delta Search loswerden?
    Plagegeister aller Art und deren Bekämpfung - 24.05.2013 (9)
  14. Hola Search Problem
    Log-Analyse und Auswertung - 15.05.2013 (2)
  15. Hola Search entfernen!
    Plagegeister aller Art und deren Bekämpfung - 07.05.2013 (11)
  16. Easylifeapp.Search loswerden.
    Plagegeister aller Art und deren Bekämpfung - 08.04.2013 (6)
  17. Claro Search loswerden
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (41)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Hola search virus loswerden! - Hallo, ich bin ganz neu hier. Mein Problem ist, dass ich bei einem download aus versehen den Holasearch Virus auf meinen Rechner installiert habe. Ich versuche jetzt schon seit Tagen - Hola search virus loswerden!...
Archiv
Du betrachtest: Hola search virus loswerden! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19