| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Problem mit FakealertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.05.2013, 22:33
| #1 |
 |  Problem mit Fakealert Hallo liebe Boarder, habe heute einen verzweifelten Anruf von meiner Schwägerin erhalten, mein Rechner will nicht mehr. Sie hatte sich den Fakealert eingefangen. Habe Win im abgesicherten Modus gestartet und einen Scan mit MBAM und Avira gemacht. Siehe Log´s. Dann ging auch alles wieder, habe jetzt noch nach eurer Anleitung alle anderen Scans gemacht. Bei GMER schmiert der PC leider immer wieder mit einem bluescreen ab. Hoffe die Infos reichen so für den Anfang und es kann mir jemand helfen. Vielen Dank und liebe Grüße OTL Extras logfile created on: 20.05.2013 22:02:25 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Snert\Desktop\20130520 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 56,83% Memory free 7,73 Gb Paging File | 5,64 Gb Available in Paging File | 73,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284,90 Gb Total Space | 158,93 Gb Free Space | 55,78% Space Free | Partition Type: NTFS Drive D: | 12,90 Gb Total Space | 6,90 Gb Free Space | 53,52% Space Free | Partition Type: NTFS Drive E: | 99,34 Mb Total Space | 95,21 Mb Free Space | 95,84% Space Free | Partition Type: FAT32 Drive G: | 3,74 Gb Total Space | 3,48 Gb Free Space | 93,00% Space Free | Partition Type: FAT32 Computer Name: SNERT-PC | User Name: Snert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2FF09416-5041-42D0-9910-EA94A5F21769}" = rport=138 | protocol=17 | dir=out | app=system | "{3667D761-DA15-49CE-B00E-01AF8D8BA042}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3AD04E7D-6DB6-43DC-B3FB-C8ECDD118671}" = lport=138 | protocol=17 | dir=in | app=system | "{4E37FDA2-0714-41D3-958C-113691EE7663}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{627D3370-B0AB-4A3E-8244-3E02F30AD424}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{64112CFD-40FF-43C9-AC2C-AF4EC7DF2096}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6D8F6DE2-E742-4ED9-8776-9AA2D0FC3DB5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{8B3D7E43-ABF5-419A-8ECF-97F677EA65A6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{972CD8FC-3B6D-49F3-807C-DC6D6B205D42}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{99BB2111-A98E-4FFC-9CCD-4320D4F60828}" = lport=139 | protocol=6 | dir=in | app=system | "{9C4C69B8-6023-4D0E-8BCF-39C06D168677}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A66D5C10-DD0C-45E5-B5B4-44C44918D7B3}" = lport=137 | protocol=17 | dir=in | app=system | "{ABCB1AB8-C72F-44CF-8EB8-CDEF9F616381}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{AD6E0791-B099-4015-9FFD-8DF29B11225F}" = rport=445 | protocol=6 | dir=out | app=system | "{BFB25844-A7F6-4760-AB0B-42FB371646C8}" = lport=445 | protocol=6 | dir=in | app=system | "{C2A4F617-3EB7-4BD8-BDF5-38EAD47544AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{C32D41C8-27C9-4BCC-86E1-EA1E288348A0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{C3E4BFB3-3D3B-4845-B89E-D9999BD48C33}" = lport=2869 | protocol=6 | dir=in | app=system | "{D085A0A0-08B9-4A3F-991C-F4BB0A8FEF27}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{D6811F4D-8784-4BBE-8D8A-C258046620DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D7705F2A-D41F-4A6E-8D3B-3AF8C0F432EE}" = rport=139 | protocol=6 | dir=out | app=system | "{D9270FD3-DC79-4E21-8EB0-676282D60427}" = rport=137 | protocol=17 | dir=out | app=system | "{F2442E11-6C25-4A5A-AD96-8CEAA27B516C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FD262D36-187D-4A9F-8D62-81A806387776}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{133AF998-D29C-46BA-AFE9-1C149704609B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{13BD3596-7967-4542-A04E-0FA171BE17CE}" = protocol=17 | dir=in | app=c:\users\snert\appdata\roaming\icqm\icq.exe | "{14117914-B05F-4106-ABD3-4DB526B0FB3B}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | "{17773A08-C66F-41DF-BE43-7107477EF472}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | "{18C861B5-AC05-42B5-8FE2-9DB8EC9B04D5}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdntime.exe | "{1A49F825-D95C-4138-A873-841ABA9EBE95}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{1D72FDCE-C03D-49C5-A5C0-B42A58FFCD9B}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\frun.exe | "{1DEAACF8-ECFD-4F54-980F-105C4CF82BBB}" = protocol=6 | dir=in | app=c:\program files (x86)\vogel verlag\fahren lernen\vogel.fahrenlernenmax.exe | "{2371598E-30AA-4B3F-BC92-C0C6EC474909}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnamon.exe | "{26C7EC76-5716-4D08-938D-425A1730B0FD}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{273097D3-4C76-4DC0-9E74-0FF666EFCE2E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe | "{2E68AAF7-03C6-4103-8E21-838A5DB9C2C3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{31525136-6673-4E8F-9FBF-3618775E2294}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{33720061-4FC7-4097-97B8-BC9BF64F8910}" = protocol=6 | dir=in | app=c:\users\snert\appdata\roaming\dropbox\bin\dropbox.exe | "{37B6A74B-0833-4A01-9C41-49BE1CFD0F34}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{395A16F9-F0A1-4E26-9576-102484D683F7}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{3B50E571-A858-4195-92BC-DF80C272F0D5}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnamon.exe | "{3C73A0A8-D374-456F-832F-4FACAEEF8F52}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{4697801E-A184-4EE2-955C-32FAD204D1ED}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{48546769-8D18-455A-A77D-D6E09CF4A069}" = protocol=6 | dir=in | app=c:\users\snert\appdata\roaming\icqm\icq.exe | "{4B823AE4-B8C0-4496-8FC1-C9F9AD5C7533}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdncoms.exe | "{5215AAA8-F8FA-462F-9ED4-B5F9D3F064DF}" = protocol=17 | dir=in | app=c:\program files (x86)\vogel verlag\fahren lernen\vogel.fahrenlernenmax.exe | "{55FF44CF-67CC-41FD-81F9-5AD2042FBB92}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe | "{563AD57A-9D9D-4844-9F34-8B5681F50C23}" = protocol=17 | dir=in | app=c:\program files (x86)\vogel verlag\fahren lernen\vogel.fahrenlernenmax.exe | "{575D420B-3E25-487B-BA00-43CBC25C6AB2}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnjswx.exe | "{59FDB2D7-6355-4AD7-B9DE-67647DC49386}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{5F621364-6D35-4F3C-BFAF-8E00171E16EE}" = dir=in | app=c:\users\snert\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{6283AF95-CCBD-4728-A78E-73114AEDAAAB}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe | "{6D6C5DD5-E025-45FA-9245-FBECFE82BFB5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{778803FF-2674-4C53-B1BF-08FBB676DAAB}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{7A960745-9612-440F-9EB2-C13806264EAF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7D073F29-FBCC-4C7A-A405-FE168D4D2DF7}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | "{82ADED2A-78F7-4D2D-911E-C995D6945366}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\frun.exe | "{854F08D5-4B90-48FF-8E77-AB9C11074496}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{87C4ADCD-7F76-4E74-8D3D-28E8ADE307CA}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{8C6AA0A3-2FD0-4F9E-97ED-5DB49D03022C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8DE57311-33BE-46BF-BC55-FC431F252D68}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8EE5C714-9A64-4D43-8EE1-014FFE72FA83}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\toolbar\dtuser.exe | "{95B5A363-75B4-4262-8FE2-EDB841439EC4}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{9803AF5F-98E6-4A2B-98B8-69D4091A8EE0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{9E353D46-020E-4748-8363-F23ECD5EF910}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{A411A07A-6A9C-4950-9624-41D9F5776011}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdntime.exe | "{A7F2E508-4FA0-45B2-8135-3058F77F9973}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{AAA17A65-7D99-4334-B706-23BC5BBB5366}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{AC7D1C4F-355C-4F6A-8807-3C729DC0027E}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | "{B38452B2-8732-43E5-8620-6DCE3D4C4402}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | "{BAC4F637-7F0A-4080-8599-A8FEFE6AB3A5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{BD20AAEF-36F4-4FC5-8E1F-2ACB7E19785A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{CDDAE649-B3D0-4B0F-9E12-F62B07499F11}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdncoms.exe | "{D03B1799-8CB9-49C6-BA3E-2358ECC56D46}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{D2550A00-E9A3-4C2F-B07D-169FB550B83C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{D2947FA8-2044-4B29-AC2E-5E165B9A2CEC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D3CCCC77-EFEF-45F5-903C-3435374CB5D1}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\toolbar\dtuser.exe | "{D657394F-EC5D-4281-B62C-6CE30AD43E30}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | "{D6F8AF41-315A-42C7-97A9-C31E87653EC1}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnjswx.exe | "{DCC9ADE0-7CC8-459C-917A-5208D11473FF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{DF36F07A-095F-46AD-B9E3-81BFFF2F1FAF}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe | "{E8ABDBBB-16D2-4235-8C9B-A6446551AFBD}" = protocol=6 | dir=in | app=c:\program files (x86)\vogel verlag\fahren lernen\vogel.fahrenlernenmax.exe | "{E9805E87-6EB0-4B2B-BD47-A9D489292F51}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe | "{E9AEB5A5-235B-48BA-8B0A-0D10391A2700}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{ED6F99EF-C81A-46CA-9F13-5A75320A9471}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | "{F1B82A6A-4A31-475F-ADDD-52BA0DE0D653}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{F2533B7E-AF73-4952-9296-BA59B85E14C6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F54EFA53-BD74-4096-9600-447EA6907265}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{FB20E2F8-3361-4DB5-8445-27B301A360D0}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe | "{FFEDF4C9-E27F-4B2F-B23C-9BF7A9B8543E}" = protocol=17 | dir=in | app=c:\users\snert\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{85DBE0BC-0BDA-4671-8AC9-38D080CE5132}C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe | "TCP Query User{94F80C96-0195-4151-BDD3-66ED1F32D240}C:\program files (x86)\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | "UDP Query User{6E237B22-9307-43A4-955F-EFDBAAD14ECB}C:\program files (x86)\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | "UDP Query User{EE717F35-2DBD-4F27-AF03-D465D01B94F0}C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FBBDC2C-0ED4-A201-7EA3-EE6A848F76D5}" = ccc-utility64 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{68201122-5B1D-70CF-6B4B-AB7732A782A5}" = ATI Catalyst Install Manager "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center "{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Lexmark 2600 Series" = Lexmark 2600 Series "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0893F6E8-D9F5-6225-6C08-F05E509BB84A}" = CCC Help French "{105CE6E0-03DC-4FCE-BE7D-591F68752AB5}" = PC Sync Manager "{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Die Sims Deluxe "{109F3C58-CC58-777F-B937-3347F0A6A5E5}" = CCC Help Danish "{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software "{114B6A6A-3B55-7796-3250-AA3FC23743A9}" = CCC Help Czech "{11D0053C-4160-6257-91F6-0EDBAD10B66B}" = CCC Help Spanish "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24D188C8-4071-5F61-42AF-F45115DEC4AA}" = CCC Help Thai "{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{32D95703-A0EC-C75C-1D49-542887F73B89}" = Catalyst Control Center Localization All "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons "{3718C4EC-BF5C-79FF-87FF-C08E8D21E052}" = CCC Help Chinese Standard "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3A057951-7CF8-BB44-C823-3E6E8AF6BFB7}" = CCC Help Chinese Traditional "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3BD8D466-E5ED-AE3D-A089-BBDDA1EA2AB5}" = CCC Help Greek "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{49404BCA-BC5F-519A-9822-07F4C0711C75}" = Catalyst Control Center Graphics Previews Vista "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C6C8AA5-24BD-6AEA-1091-7056CEC7E7C0}" = Catalyst Control Center Graphics Light "{4D3D893B-51CF-E89A-D536-0A658AE46140}" = CCC Help Swedish "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{51119170-3D3F-B137-E735-AE9D315B5CF4}" = Catalyst Control Center Graphics Full Existing "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{68A0F54D-DB64-0ED9-C563-CE85C26CEE15}" = Catalyst Control Center Graphics Full New "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1 "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{75053DEE-4BE5-3C4B-3FFC-3DA37ADE0347}" = CCC Help Hungarian "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{77973724-A5B7-4A2A-CAB5-D6EEE02C06FC}" = CCC Help Korean "{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A852BDE-016A-CDAC-1401-E99317CB956C}" = CCC Help Italian "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{8132E9B3-7B40-8577-9CFE-8CB2DD0F21B3}" = ccc-core-static "{84CE8562-9563-DEDA-FA31-F3BCF58B670B}" = CCC Help Polish "{85E15059-42E9-4EAF-3CE9-17374870BA85}" = CCC Help German "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{935BEAF7-6AAC-18BA-A8FF-8198602502DA}" = CCC Help Portuguese "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AA66F70-CCBB-8E9E-0D8D-59E23EF770A4}" = Catalyst Control Center Core Implementation "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A8F4F0BB-0A1C-3A5A-97B8-F7150725C173}" = CCC Help Turkish "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AE6FD3D5-6302-815B-B27D-61A2D296BD94}" = CCC Help Finnish "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{BC146E5F-A2B0-40DB-90E7-2833807E98DF}" = HP User Guides 0183 "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C93CFC00-267B-3564-273A-E2061DCF0DD1}" = CCC Help Norwegian "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update "{D668BFA1-12CA-0692-D3BA-15CED8E126D2}" = CCC Help English "{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player "{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E5D5AC01-2095-566B-D92F-759DA0CB382B}" = Catalyst Control Center Graphics Previews Common "{E8CF5CE7-02DC-042B-70B8-4A47F394663A}" = Catalyst Control Center InstallProxy "{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant "{EF15B806-FF50-B61F-490D-29373E8C0623}" = CCC Help Japanese "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FAEE8E0C-4D05-7079-2E05-23BB831BBA73}" = CCC Help Dutch "{FDAB5C9C-76E1-E1D9-9CD6-9DAEFF8B9ECB}" = CCC Help Russian "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "AND Route 2000 Deutschland" = AND Route 2000 Deutschland "Avira AntiVir Desktop" = Avira Antivirus Premium "Bertelsmann Discovery 2000 OEM1" = Bertelsmann Discovery 2000 OEM1 "entrusted Toolbar" = entrusted Toolbar "FileConverter_1.3 Toolbar" = FileConverter 1.3 Toolbar "Guard.Mail.ru" = Guard.ICQ "iMesh" = iMesh "iMesh 1 MediaBar" = MediaBar "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "Magic Encyclopedia" = Magic Encyclopedia "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Opera 12.02.1578" = Opera 12.02 "Picasa 3" = Picasa 3 "PirateVille" = PirateVille "SearchProtect" = Search Protect by conduit "VLC media player" = VLC media player 0.9.9 "Wajam" = Wajam "WEB.DE SmartSurfer" = WEB.DE SmartSurfer "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite_Wave3" = Windows Live Essentials "XSManager" = XSManager ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "ICQ" = ICQ 8.0 (build 5989, für aktuellen Benutzer) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 20.05.2013 13:27:30 | Computer Name = Snert-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 20.05.2013 13:27:30 | Computer Name = Snert-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 9751528 Error - 20.05.2013 13:27:30 | Computer Name = Snert-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 9751528 Error - 20.05.2013 13:27:31 | Computer Name = Snert-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 20.05.2013 13:27:31 | Computer Name = Snert-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 9752574 Error - 20.05.2013 13:27:31 | Computer Name = Snert-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 9752574 Error - 20.05.2013 13:27:47 | Computer Name = Snert-PC | Source = Google Update | ID = 20 Description = Error - 20.05.2013 15:05:36 | Computer Name = Snert-PC | Source = Application Hang | ID = 1002 Description = Programm IEXPLORE.EXE, Version 10.0.9200.16576 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1b74 Startzeit: 01ce558ce7c83d7d Endzeit: 9 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Berichts-ID: Error - 20.05.2013 15:18:13 | Computer Name = Snert-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: setuppending.exe, Version: 13.6.0.778, Zeitstempel: 0x511e4145 Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0xf68 Startzeit der fehlerhaften Anwendung: 0x01ce558eb0f84efb Pfad der fehlerhaften Anwendung: C:\Windows\Temp\AVSETUP_519a75a9\setuppending.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\MSVCR100.dll Berichtskennung: 03ccdf12-c182-11e2-957d-c80aa96d328e Error - 20.05.2013 15:20:59 | Computer Name = Snert-PC | Source = Application Hang | ID = 1002 Description = Programm avscan.exe, Version 13.6.0.1262 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1490 Startzeit: 01ce558f072078a0 Endzeit: 8231 Anwendungspfad: C:\program files (x86)\avira\antivir desktop\avscan.exe Berichts-ID: 5c55bdf1-c182-11e2-957d-c80aa96d328e [ Hewlett-Packard Events ] Error - 17.12.2012 09:32:10 | Computer Name = Snert-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2146233033HPSF.exe bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Die Zeichenfolge wurde nicht als gültiges DateTime erkannt. StackTrace: bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: mscorlib Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 3957 Ram Utilization: 40 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo, System.Globalization.DateTimeStyles) Error - 17.12.2012 09:32:10 | Computer Name = Snert-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2146233033HPSF.exe bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Die Zeichenfolge wurde nicht als gültiges DateTime erkannt. StackTrace: bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: mscorlib Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 3957 Ram Utilization: 40 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo, System.Globalization.DateTimeStyles) Error - 17.12.2012 09:32:10 | Computer Name = Snert-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2146233033HPSF.exe bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Die Zeichenfolge wurde nicht als gültiges DateTime erkannt. StackTrace: bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: mscorlib Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 3957 Ram Utilization: 40 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo, System.Globalization.DateTimeStyles) Error - 17.12.2012 09:32:10 | Computer Name = Snert-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2146233033HPSF.exe bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Die Zeichenfolge wurde nicht als gültiges DateTime erkannt. StackTrace: bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: mscorlib Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 3957 Ram Utilization: 40 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo, System.Globalization.DateTimeStyles) Error - 17.12.2012 09:32:10 | Computer Name = Snert-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2146233033HPSF.exe bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Die Zeichenfolge wurde nicht als gültiges DateTime erkannt. StackTrace: bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: mscorlib Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 3957 Ram Utilization: 40 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo, System.Globalization.DateTimeStyles) Error - 17.12.2012 09:32:10 | Computer Name = Snert-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2146233033HPSF.exe bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Die Zeichenfolge wurde nicht als gültiges DateTime erkannt. StackTrace: bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: mscorlib Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 3957 Ram Utilization: 40 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo, System.Globalization.DateTimeStyles) Error - 17.12.2012 09:32:12 | Computer Name = Snert-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2146233033HPSF.exe bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Die Zeichenfolge wurde nicht als gültiges DateTime erkannt. StackTrace: bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: mscorlib Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 3957 Ram Utilization: 40 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo, System.Globalization.DateTimeStyles) Error - 17.12.2012 09:32:14 | Computer Name = Snert-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2146233033HPSF.exe bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Die Zeichenfolge wurde nicht als gültiges DateTime erkannt. StackTrace: bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: mscorlib Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 3957 Ram Utilization: 40 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo, System.Globalization.DateTimeStyles) Error - 17.12.2012 09:32:21 | Computer Name = Snert-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2146233033HPSF.exe bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Die Zeichenfolge wurde nicht als gültiges DateTime erkannt. StackTrace: bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: mscorlib Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 3957 Ram Utilization: 40 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo, System.Globalization.DateTimeStyles) Error - 24.12.2012 11:42:53 | Computer Name = Snert-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2146233033 bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Die Zeichenfolge wurde nicht als gültiges DateTime erkannt. StackTrace: bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: mscorlib Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 3957 Ram Utilization: 50 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo, System.Globalization.DateTimeStyles) [ HP Software Framework Events ] Error - 12.05.2013 12:03:11 | Computer Name = Snert-PC | Source = hpqWmiEx | ID = 5 Description = 2013/05/12 18:03:11.939|00000FE0|Error |ChpqWmiExModule::Start|The hpqwmiex service failed to start (1063). A system restart may correct this problem. [ Media Center Events ] Error - 17.01.2011 14:22:12 | Computer Name = Snert-PC | Source = MCUpdate | ID = 0 Description = 19:22:12 - Fehler beim Herstellen der Internetverbindung. 19:22:12 - Serververbindung konnte nicht hergestellt werden.. Error - 17.01.2011 14:22:21 | Computer Name = Snert-PC | Source = MCUpdate | ID = 0 Description = 19:22:18 - Fehler beim Herstellen der Internetverbindung. 19:22:18 - Serververbindung konnte nicht hergestellt werden.. Error - 25.01.2011 12:12:47 | Computer Name = Snert-PC | Source = MCUpdate | ID = 0 Description = 17:12:47 - Fehler beim Herstellen der Internetverbindung. 17:12:47 - Serververbindung konnte nicht hergestellt werden.. Error - 25.01.2011 12:12:55 | Computer Name = Snert-PC | Source = MCUpdate | ID = 0 Description = 17:12:52 - Fehler beim Herstellen der Internetverbindung. 17:12:52 - Serververbindung konnte nicht hergestellt werden.. Error - 28.01.2011 08:24:05 | Computer Name = Snert-PC | Source = MCUpdate | ID = 0 Description = 13:24:05 - Fehler beim Herstellen der Internetverbindung. 13:24:05 - Serververbindung konnte nicht hergestellt werden.. Error - 28.01.2011 08:24:15 | Computer Name = Snert-PC | Source = MCUpdate | ID = 0 Description = 13:24:10 - Fehler beim Herstellen der Internetverbindung. 13:24:10 - Serververbindung konnte nicht hergestellt werden.. Error - 07.02.2011 13:43:50 | Computer Name = Snert-PC | Source = MCUpdate | ID = 0 Description = 18:43:50 - Fehler beim Herstellen der Internetverbindung. 18:43:50 - Serververbindung konnte nicht hergestellt werden.. Error - 07.02.2011 13:44:01 | Computer Name = Snert-PC | Source = MCUpdate | ID = 0 Description = 18:43:55 - Fehler beim Herstellen der Internetverbindung. 18:43:55 - Serververbindung konnte nicht hergestellt werden.. Error - 24.02.2011 12:03:16 | Computer Name = Snert-PC | Source = MCUpdate | ID = 0 Description = 17:03:16 - Fehler beim Herstellen der Internetverbindung. 17:03:16 - Serververbindung konnte nicht hergestellt werden.. Error - 24.02.2011 12:03:24 | Computer Name = Snert-PC | Source = MCUpdate | ID = 0 Description = 17:03:21 - Fehler beim Herstellen der Internetverbindung. 17:03:21 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 20.05.2013 08:02:18 | Computer Name = Snert-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 20.05.2013 10:08:26 | Computer Name = Snert-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdnCATSCustConnectService erreicht. Error - 20.05.2013 10:08:26 | Computer Name = Snert-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "lxdnCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 20.05.2013 14:53:45 | Computer Name = Snert-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht. Error - 20.05.2013 14:53:45 | Computer Name = Snert-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 20.05.2013 15:16:36 | Computer Name = Snert-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdnCATSCustConnectService erreicht. Error - 20.05.2013 15:16:36 | Computer Name = Snert-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "lxdnCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 20.05.2013 15:25:13 | Computer Name = Snert-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "Search Protect by Conduit Updater" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 20.05.2013 15:25:13 | Computer Name = Snert-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "LightScribeService Direct Disc Labeling Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 20.05.2013 15:25:13 | Computer Name = Snert-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "Skype C2C Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. < End of report > OTL logfile created on: 20.05.2013 22:02:25 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Snert\Desktop\20130520 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 56,83% Memory free 7,73 Gb Paging File | 5,64 Gb Available in Paging File | 73,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284,90 Gb Total Space | 158,93 Gb Free Space | 55,78% Space Free | Partition Type: NTFS Drive D: | 12,90 Gb Total Space | 6,90 Gb Free Space | 53,52% Space Free | Partition Type: NTFS Drive E: | 99,34 Mb Total Space | 95,21 Mb Free Space | 95,84% Space Free | Partition Type: FAT32 Drive G: | 3,74 Gb Total Space | 3,48 Gb Free Space | 93,00% Space Free | Partition Type: FAT32 Computer Name: SNERT-PC | User Name: Snert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.20 21:54:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Snert\Desktop\20130520\OTL.exe PRC - [2013.05.20 21:09:39 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.05.20 21:09:21 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013.05.20 21:09:17 | 000,371,768 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2013.05.20 21:09:15 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.05.20 21:09:12 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2012.07.26 23:08:58 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe PRC - [2012.02.25 16:39:49 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe PRC - [2011.06.01 19:17:15 | 001,546,672 | ---- | M] (iMesh, Inc) -- C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe PRC - [2010.11.27 01:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe PRC - [2010.11.27 01:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.06.22 16:13:48 | 000,304,592 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGService.exe PRC - [2009.05.14 17:31:02 | 000,157,456 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe PRC - [2009.05.14 17:30:18 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe PRC - [2009.01.29 17:43:55 | 000,660,136 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe PRC - [2009.01.29 17:43:53 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe ========== Modules (No Company Name) ========== MOD - [2012.12.12 07:32:26 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2012.11.28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.11.28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.10.05 12:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012.10.05 12:53:24 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2012.08.31 12:59:19 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll MOD - [2012.02.25 16:39:49 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2010.11.05 03:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2009.10.16 13:10:14 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2009.10.16 13:10:14 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2009.10.16 13:10:14 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2009.06.10 23:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll MOD - [2009.01.29 17:43:55 | 000,660,136 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe MOD - [2009.01.29 17:43:53 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe MOD - [2008.03.15 07:34:14 | 000,782,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnDRS.dll MOD - [2008.03.15 07:33:42 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnscw.dll MOD - [2008.01.04 21:09:23 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Core.dll MOD - [2008.01.04 21:09:23 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Common.dll MOD - [2008.01.04 21:08:04 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.dll MOD - [2007.11.22 18:55:48 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll MOD - [2007.11.21 01:44:48 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdncaps.dll MOD - [2007.10.03 00:51:09 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdncnv4.dll MOD - [2007.05.29 17:39:08 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdndatr.dll MOD - [2007.03.26 17:39:35 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdncats.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.11.25 08:17:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2008.02.28 01:07:47 | 001,044,648 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdncoms.exe -- (lxdn_device) SRV:64bit: - [2008.02.28 01:07:39 | 000,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdnserv.exe -- (lxdnCATSCustConnectService) SRV - [2013.05.20 21:09:39 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.05.20 21:09:21 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.05.20 21:09:17 | 000,371,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2013.05.20 21:09:15 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.05.16 18:18:37 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.14 21:37:37 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.11 16:28:08 | 000,093,984 | ---- | M] (Conduit) [Auto | Stopped] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.09.27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2012.07.26 23:08:58 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater) SRV - [2012.02.25 16:39:49 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru) SRV - [2010.11.27 01:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.06.22 16:13:48 | 000,304,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.06 02:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009.05.14 17:30:18 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service) SRV - [2009.02.22 13:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2008.02.28 01:07:39 | 000,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe -- (lxdnCATSCustConnectService) SRV - [2008.02.28 01:07:26 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdncoms.exe -- (lxdn_device) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.05.20 21:09:51 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.05.20 21:09:50 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.05.20 21:09:49 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.10.12 16:35:24 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2012.10.09 20:31:14 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.06.20 09:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.14 05:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.05.29 15:43:35 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser) DRV:64bit: - [2009.11.25 08:52:16 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.11.19 04:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.10.13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.09.23 03:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2008.05.02 11:58:48 | 000,023,552 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64) DRV:64bit: - [2008.05.02 10:58:50 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2008.05.02 10:58:48 | 000,018,432 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64) DRV - [2009.09.23 03:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.10.31 16:19:36 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\cmnsusbser.sys -- (cmnsusbser) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{7F1FB254-40E0-4A87-9FCC-429D00C045D6}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=315&systemid=1&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files (x86)\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\URLSearchHook: {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Program Files (x86)\entrusted\prxtbent0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {C65F3879-1DD9-4CA8-AEB2-80C52EDF28D8} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{7F1FB254-40E0-4A87-9FCC-429D00C045D6}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=315&systemid=1&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files (x86)\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKCU\..\URLSearchHook: {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Program Files (x86)\entrusted\prxtbent0.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {C65F3879-1DD9-4CA8-AEB2-80C52EDF28D8} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_deDE403 IE - HKCU\..\SearchScopes\{6A97BED5-0DAC-463F-ACD3-4AF2D853B8CC}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=0BF173DF-1E1D-45A9-815F-E186D60B873E&apn_sauid=D393948B-8941-48BE-A7F2-1575617C15AD IE - HKCU\..\SearchScopes\{C65F3879-1DD9-4CA8-AEB2-80C52EDF28D8}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN51739867214239307&UM=2 IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.5.0 FF - prefs.js..extensions.enabledAddons: %7B800b5000-a755-47e1-992b-48a1c1357f07%7D:1.5.3 FF - prefs.js..extensions.enabledAddons: %7B5a95a9e0-59dd-4314-bd84-4d18ca83a0e2%7D:1.26 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0038-ABCDEFFEDCBA%7D:6.0.38 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=" FF - prefs.js..network.proxy.autoconfig_url: "hxxp://172.20.0.1/autoconf.pac" FF - prefs.js..network.proxy.type: 2 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Snert\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.16 18:18:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013.02.14 17:41:10 | 000,037,909 | ---- | M] () FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.16 18:18:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.30 15:44:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Snert\AppData\Roaming\mozilla\Extensions [2013.05.06 21:25:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Snert\AppData\Roaming\mozilla\Firefox\Profiles\osnudy1d.default\extensions [2012.12.11 21:56:09 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Snert\AppData\Roaming\mozilla\Firefox\Profiles\osnudy1d.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.10.15 14:12:07 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Users\Snert\AppData\Roaming\mozilla\Firefox\Profiles\osnudy1d.default\extensions\ffxtlbr@babylon.com [2012.12.11 21:56:02 | 000,101,871 | ---- | M] () (No name found) -- C:\Users\Snert\AppData\Roaming\mozilla\firefox\profiles\osnudy1d.default\extensions\ciuvo-extension@icq.de.xpi [2013.03.23 15:27:07 | 000,002,408 | ---- | M] () -- C:\Users\Snert\AppData\Roaming\mozilla\firefox\profiles\osnudy1d.default\searchplugins\askcom.xml [2012.10.15 14:12:22 | 000,002,549 | ---- | M] () -- C:\Users\Snert\AppData\Roaming\mozilla\firefox\profiles\osnudy1d.default\searchplugins\browsemngr.xml [2013.01.24 20:12:48 | 000,002,376 | ---- | M] () -- C:\Users\Snert\AppData\Roaming\mozilla\firefox\profiles\osnudy1d.default\searchplugins\icq.xml [2013.05.14 07:56:52 | 000,000,950 | ---- | M] () -- C:\Users\Snert\AppData\Roaming\mozilla\firefox\profiles\osnudy1d.default\searchplugins\icqplugin-1.xml [2012.05.03 08:33:34 | 000,000,950 | ---- | M] () -- C:\Users\Snert\AppData\Roaming\mozilla\firefox\profiles\osnudy1d.default\searchplugins\icqplugin-2.xml [2013.03.23 15:26:42 | 000,000,950 | ---- | M] () -- C:\Users\Snert\AppData\Roaming\mozilla\firefox\profiles\osnudy1d.default\searchplugins\icqplugin-3.xml [2013.05.05 21:56:50 | 000,000,950 | ---- | M] () -- C:\Users\Snert\AppData\Roaming\mozilla\firefox\profiles\osnudy1d.default\searchplugins\icqplugin-4.xml [2013.05.16 18:19:33 | 000,000,950 | ---- | M] () -- C:\Users\Snert\AppData\Roaming\mozilla\firefox\profiles\osnudy1d.default\searchplugins\icqplugin-5.xml [2012.07.24 14:48:30 | 000,000,168 | ---- | M] () -- C:\Users\Snert\AppData\Roaming\mozilla\firefox\profiles\osnudy1d.default\searchplugins\icqplugin.gif [2012.07.24 14:48:30 | 000,000,618 | ---- | M] () -- C:\Users\Snert\AppData\Roaming\mozilla\firefox\profiles\osnudy1d.default\searchplugins\icqplugin.src [2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Snert\AppData\Roaming\mozilla\firefox\profiles\osnudy1d.default\searchplugins\icqplugin.xml [2013.04.29 20:05:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.18 23:27:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.06 18:37:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.27 14:24:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.11.01 15:29:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.01.02 20:33:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2013.02.14 17:41:10 | 000,037,909 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\WAJAM\FIREFOX\{5A95A9E0-59DD-4314-BD84-4D18CA83A0E2}.XPI [2013.05.16 18:18:38 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.05.16 18:18:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.15 14:11:50 | 000,002,362 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2013.05.16 18:18:34 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.05.16 18:18:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.05.16 18:18:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.05.16 18:18:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.05.16 18:18:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.02.12 14:32:52 | 000,441,346 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15167 more lines... O2:64bit: - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll (iMesh, Inc) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll () O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files (x86)\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.) O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (entrusted Toolbar) - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Program Files (x86)\entrusted\prxtbent0.dll (Conduit Ltd.) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll () O3 - HKLM\..\Toolbar: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files (x86)\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (entrusted Toolbar) - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Program Files (x86)\entrusted\prxtbent0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (FileConverter 1.3 Toolbar) - {78E516EF-11DE-47A1-8364-A99B917EC5EE} - C:\Program Files (x86)\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (entrusted Toolbar) - {E44A1809-4D10-4AB8-B343-3326B64C7CDD} - C:\Program Files (x86)\entrusted\prxtbent0.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [lxdnamon] C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe () O4:64bit: - HKLM..\Run: [lxdnmon.exe] C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe () O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE (iMesh, Inc) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe () O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKCU..\Run: [Facebook Update] C:\Users\Snert\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW File not found O4 - HKCU..\Run: [ICQ] C:\Users\Snert\AppData\Roaming\ICQM\icq.exe (ICQ) O4 - HKCU..\Run: [SearchProtect] C:\Users\Snert\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit) O4 - Startup: C:\Users\Snert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Snert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F91DD46-1B3C-4988-AE9D-B4FBA713DE16}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll (iMesh, Inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll (iMesh, Inc) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4c99e3c1-a612-11df-9295-c80aa96d328e}\Shell - "" = AutoRun O33 - MountPoints2\{4c99e3c1-a612-11df-9295-c80aa96d328e}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{aa4fa8cf-6b27-11df-962c-c80aa96d328e}\Shell - "" = AutoRun O33 - MountPoints2\{aa4fa8cf-6b27-11df-962c-c80aa96d328e}\Shell\AutoRun\command - "" = G:\autorun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.20 21:53:38 | 000,000,000 | ---D | C] -- C:\Users\Snert\Desktop\20130520 [2013.05.20 21:25:13 | 000,000,000 | ---D | C] -- C:\Stinger_Quarantine [2013.05.20 21:24:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger [2013.05.20 21:19:30 | 000,000,000 | ---D | C] -- C:\Users\Snert\AppData\Roaming\Avira [2013.05.20 21:18:46 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.05.20 21:18:46 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.05.20 21:18:46 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.05.20 21:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.05.20 21:18:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.05.20 13:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.20 13:23:43 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.05.20 13:23:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.05.20 13:23:29 | 000,000,000 | ---D | C] -- C:\Users\Snert\AppData\Local\Programs [2013.05.20 11:32:50 | 000,000,000 | ---D | C] -- C:\Users\Snert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus [2013.05.20 11:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\7A34EDDA0A5AC57C00007A3473AACAB0 [2013.05.19 10:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.05.19 10:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.05.19 10:28:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.05.19 10:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.05.19 10:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.05.15 20:03:57 | 000,000,000 | ---D | C] -- C:\Users\Snert\Desktop\Kochbuch [2013.05.13 17:26:13 | 000,000,000 | ---D | C] -- C:\SearchProtect [2013.05.10 20:13:01 | 000,000,000 | ---D | C] -- C:\Users\Snert\Desktop\Schulkram [2013.05.07 17:16:15 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.05 21:56:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.05.05 21:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.05.01 13:39:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect [2013.05.01 13:39:39 | 000,000,000 | ---D | C] -- C:\Users\Snert\AppData\Roaming\SearchProtect [2013.05.01 13:39:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\entrusted [2013.05.01 13:38:59 | 000,000,000 | ---D | C] -- C:\Users\Snert\AppData\Roaming\OpenCandy [2013.04.24 19:14:02 | 000,000,000 | ---D | C] -- C:\Users\Snert\Desktop\Praktikum ========== Files - Modified Within 30 Days ========== [2013.05.20 21:58:16 | 000,000,000 | ---- | M] () -- C:\Users\Snert\defogger_reenable [2013.05.20 21:48:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.20 21:39:06 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3740440184-2078061406-2066729486-1000UA.job [2013.05.20 21:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.20 21:23:58 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.20 21:23:58 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.20 21:19:07 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.20 21:17:36 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.20 21:16:35 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job [2013.05.20 21:16:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.20 21:16:21 | 3112,587,264 | -HS- | M] () -- C:\hiberfil.sys [2013.05.20 21:09:51 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.05.20 21:09:50 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.05.20 21:09:49 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.05.20 20:43:23 | 001,512,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.20 20:43:23 | 000,659,238 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.20 20:43:23 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.20 20:43:23 | 000,132,776 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.20 20:43:23 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.20 13:23:45 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.20 09:51:08 | 000,000,000 | ---- | M] () -- C:\END [2013.05.20 09:39:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3740440184-2078061406-2066729486-1000Core.job [2013.05.19 10:28:22 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.16 06:15:54 | 000,363,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.14 21:43:04 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSNERT-PC$.job [2013.05.07 17:16:02 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.04.30 21:05:33 | 501,554,451 | ---- | M] () -- C:\Windows\MEMORY.DMP ========== Files Created - No Company Name ========== [2013.05.20 21:58:16 | 000,000,000 | ---- | C] () -- C:\Users\Snert\defogger_reenable [2013.05.20 21:19:07 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.20 13:23:45 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.19 10:28:22 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.04.22 17:01:17 | 501,554,451 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.10.16 17:10:48 | 000,000,005 | ---- | C] () -- C:\Users\Snert\AppData\Roaming\mbam.context.scan [2012.05.09 19:04:49 | 000,000,579 | ---- | C] () -- C:\Windows\eReg.dat [2011.07.08 20:26:22 | 000,000,000 | ---- | C] () -- C:\Users\Snert\AppData\Local\{6E42029C-07A0-4D23-8469-B4F91B9BDA29} [2011.02.16 13:57:45 | 000,001,854 | ---- | C] () -- C:\Users\Snert\AppData\Roaming\GhostObjGAFix.xml ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.15 14:11:25 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\Babylon [2013.05.20 21:20:45 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\Dropbox [2013.01.24 20:06:42 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\ICQ [2013.03.11 16:08:52 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\ICQ Search [2013.01.24 20:15:36 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\ICQ-Profile [2013.01.24 20:12:34 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\ICQM [2010.06.04 22:44:14 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\iWin [2010.12.07 22:13:41 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\Lexmark Productivity Studio [2011.06.27 01:06:44 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\muvee Technologies [2013.05.01 13:53:06 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\OpenCandy [2012.05.30 07:47:02 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\Opera [2010.11.25 15:08:07 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\Pirateville [2010.11.24 20:29:24 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\rondomedia [2013.05.01 13:39:45 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\SearchProtect [2010.09.03 19:01:39 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\SmartSurfer [2012.02.12 13:13:18 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\TeamViewer [2010.11.22 16:21:04 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\Twintale Entertainment [2010.11.15 00:02:28 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\V-Games [2010.09.03 00:47:24 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\WEBDE [2010.05.30 11:23:17 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\WildTangent [2012.09.09 21:57:08 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\XSManager [2010.05.29 15:32:16 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\_MDLogs ========== Purity Check ========== < End of report > |
|
20.05.2013, 22:34
| #2 |
| | Teil 2 der LOG´S Avira AntiVir Personal
__________________Erstellungsdatum der Reportdatei: Montag, 20. Mai 2013 16:10 Es wird nach 3301270 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen seit s nicht mehr zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 x64 Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : SNERT-PC Versionsinformationen: BUILD.DAT : 10.2.0.703 35935 Bytes 29.08.2011 16:10:00 AVSCAN.EXE : 10.3.0.7 484008 Bytes 21.07.2011 10:08:11 AVSCAN.DLL : 10.0.5.0 57192 Bytes 21.07.2011 10:10:57 LUKE.DLL : 10.3.0.5 45416 Bytes 21.07.2011 10:09:32 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 12:22:40 AVSCPLR.DLL : 10.3.0.7 119656 Bytes 21.07.2011 10:08:11 AVREG.DLL : 10.3.0.9 90472 Bytes 21.07.2011 10:08:05 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 10:49:21 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 05:52:59 VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 05:53:00 VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 10:10:02 VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 10:10:06 VBASE005.VDF : 7.11.10.251 1788416 Bytes 07.07.2011 10:10:07 VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.08.2011 07:26:09 VBASE007.VDF : 7.11.13.61 2048 Bytes 16.08.2011 07:26:09 VBASE008.VDF : 7.11.13.62 2048 Bytes 16.08.2011 07:26:09 VBASE009.VDF : 7.11.13.63 2048 Bytes 16.08.2011 07:26:09 VBASE010.VDF : 7.11.13.64 2048 Bytes 16.08.2011 07:26:09 VBASE011.VDF : 7.11.13.65 2048 Bytes 16.08.2011 07:26:09 VBASE012.VDF : 7.11.13.66 2048 Bytes 16.08.2011 07:26:09 VBASE013.VDF : 7.11.13.95 166400 Bytes 17.08.2011 12:58:59 VBASE014.VDF : 7.11.13.125 209920 Bytes 18.08.2011 17:55:58 VBASE015.VDF : 7.11.13.157 184832 Bytes 22.08.2011 08:08:49 VBASE016.VDF : 7.11.13.201 128000 Bytes 24.08.2011 09:39:53 VBASE017.VDF : 7.11.13.234 160768 Bytes 25.08.2011 20:21:06 VBASE018.VDF : 7.11.13.235 2048 Bytes 25.08.2011 20:21:06 VBASE019.VDF : 7.11.13.236 2048 Bytes 25.08.2011 20:21:06 VBASE020.VDF : 7.11.13.237 2048 Bytes 25.08.2011 20:21:06 VBASE021.VDF : 7.11.13.238 2048 Bytes 25.08.2011 20:21:07 VBASE022.VDF : 7.11.13.239 2048 Bytes 25.08.2011 20:21:07 VBASE023.VDF : 7.11.13.240 2048 Bytes 25.08.2011 20:21:07 VBASE024.VDF : 7.11.13.241 2048 Bytes 25.08.2011 20:21:07 VBASE025.VDF : 7.11.13.242 2048 Bytes 25.08.2011 20:21:07 VBASE026.VDF : 7.11.13.243 2048 Bytes 25.08.2011 20:21:08 VBASE027.VDF : 7.11.13.244 2048 Bytes 25.08.2011 20:21:08 VBASE028.VDF : 7.11.13.245 2048 Bytes 25.08.2011 20:21:08 VBASE029.VDF : 7.11.13.246 2048 Bytes 25.08.2011 20:21:08 VBASE030.VDF : 7.11.13.247 2048 Bytes 25.08.2011 20:21:08 VBASE031.VDF : 7.11.13.249 6656 Bytes 26.08.2011 08:12:48 Engineversion : 8.2.6.48 AEVDF.DLL : 8.1.2.1 106868 Bytes 21.04.2011 05:52:30 AESCRIPT.DLL : 8.1.3.76 1626490 Bytes 25.08.2011 19:54:08 AESCN.DLL : 8.1.7.2 127349 Bytes 21.04.2011 05:52:28 AESBX.DLL : 8.2.1.34 323957 Bytes 21.07.2011 10:07:25 AERDL.DLL : 8.1.9.13 639349 Bytes 21.07.2011 10:07:25 AEPACK.DLL : 8.2.10.8 684407 Bytes 25.08.2011 19:54:07 AEOFFICE.DLL : 8.1.2.13 201083 Bytes 28.07.2011 12:57:45 AEHEUR.DLL : 8.1.2.161 3641720 Bytes 25.08.2011 19:54:07 AEHELP.DLL : 8.1.17.7 254327 Bytes 28.07.2011 12:57:45 AEGEN.DLL : 8.1.5.9 401780 Bytes 25.08.2011 19:54:06 AEEMU.DLL : 8.1.3.0 393589 Bytes 21.04.2011 05:52:17 AECORE.DLL : 8.1.23.0 196983 Bytes 25.08.2011 19:54:06 AEBB.DLL : 8.1.1.0 53618 Bytes 21.04.2011 05:52:16 AVWINLL.DLL : 10.0.0.0 19304 Bytes 21.04.2011 05:52:39 AVPREF.DLL : 10.0.3.2 44904 Bytes 21.07.2011 10:08:05 AVREP.DLL : 10.0.0.10 174120 Bytes 21.07.2011 10:08:06 AVARKT.DLL : 10.0.26.1 255336 Bytes 21.07.2011 10:07:41 AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 21.07.2011 10:07:59 SQLITE3.DLL : 3.6.19.0 355688 Bytes 21.07.2011 13:12:30 AVSMTP.DLL : 10.0.0.17 63848 Bytes 21.04.2011 05:52:38 NETNT.DLL : 10.0.0.0 11624 Bytes 21.04.2011 05:52:50 RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 21.07.2011 10:11:03 RCTEXT.DLL : 10.0.64.0 98664 Bytes 21.07.2011 10:11:03 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: ignorieren Sekundäre Aktion......................: löschen Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, E:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Montag, 20. Mai 2013 16:10 Der Suchlauf nach versteckten Objekten wird begonnen. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'UNS.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'hpqToaster.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'Com4QLBEx.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'hpqWmiEx.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '73' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'Dropbox.exe' - '77' Modul(e) wurden durchsucht Durchsuche Prozess 'starter4g.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'GuardICQ.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'PMBVolumeWatcher.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'datamngrUI.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'hpwuschd2.exe' - '20' Modul(e) wurden durchsucht Durchsuche Prozess 'QLBCTRL.exe' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'SSScheduler.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'cltmng.exe' - '72' Modul(e) wurden durchsucht Durchsuche Prozess 'Skype.exe' - '117' Modul(e) wurden durchsucht Durchsuche Prozess 'icq.exe' - '128' Modul(e) wurden durchsucht Durchsuche Prozess 'FacebookUpdate.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'LightScribeControlPanel.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'lxdnMsdMon.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'lxdnmon.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamgui.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamservice.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamscheduler.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'service4g.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'WTGService.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'WajamUpdater.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'c2c_service.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'RichVideo.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'PMBDeviceInfoProvider.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'LMS.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'LSSrvc.exe' - '25' Modul(e) wurden durchsucht Durchsuche Prozess 'GuardICQ.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'CltMngSvc.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '67' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '48' Modul(e) wurden durchsucht Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'E:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '1103' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' C:\Users\Snert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FUCI6IXS\checktbexist[1].exe [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 54fbb9da.qua erstellt ( QUARANTÄNE ) C:\Users\Snert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FUCI6IXS\statisticsstub[1].exe [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 4c689615.qua erstellt ( QUARANTÄNE ) C:\Users\Snert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6TSLAIS\stublogic[1].exe [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 1dc3cce7.qua erstellt ( QUARANTÄNE ) C:\Users\Snert\AppData\Local\Temp\ct3281675\ctbe.exe [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 7807dd14.qua erstellt ( QUARANTÄNE ) C:\Users\Snert\AppData\Local\Temp\ct3281675\statisticsStub.exe [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 3d84f02b.qua erstellt ( QUARANTÄNE ) C:\Users\Snert\AppData\Local\Temp\ct3281675\stub.exe [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 416bc24a.qua erstellt ( QUARANTÄNE ) C:\Users\Snert\AppData\Roaming\OpenCandy\154D8CBCAF224991BF8391767843836C\RAWinstaller.exe [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 0e2deff3.qua erstellt ( QUARANTÄNE ) C:\Users\Snert\AppData\Roaming\OpenCandy\CFE29705B6EE469F8B7D53EF7680E1E6\mconduitinstaller.exe [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 71cdafc0.qua erstellt ( QUARANTÄNE ) C:\Windows\SysWOW64\dxtmsft.dll [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3 [WARNUNG] 'Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3'. Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu. C:\Windows\SysWOW64\licmgr10.dll [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3 [WARNUNG] 'Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3'. Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu. C:\Windows\winsxs\wow64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_10.2.9200.16521_none_1ff492f626787225\dxtmsft.dll [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3 [WARNUNG] 'Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3'. Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu. C:\Windows\winsxs\wow64_microsoft-windows-ie-setup-support_31bf3856ad364e35_10.2.9200.16521_none_4dfef90b034da92c\iesetup.dll [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3 [WARNUNG] 'Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3'. Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu. C:\Windows\winsxs\x86_microsoft-windows-ie-controls_31bf3856ad364e35_10.2.9200.16521_none_eb9c55fb0808e55a\licmgr10.dll [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3 [WARNUNG] 'Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3'. Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu. Beginne mit der Suche in 'D:\' <RECOVERY> Beginne mit der Suche in 'E:\' <HP_TOOLS> Ende des Suchlaufs: Montag, 20. Mai 2013 20:58 Benötigte Zeit: 4:47:46 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 43734 Verzeichnisse wurden überprüft 545162 Dateien wurden geprüft 8 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 8 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 545154 Dateien ohne Befall 2863 Archive wurden durchsucht 5 Warnungen 8 Hinweise 868915 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden Ende Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.04.07 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus) Internet Explorer 10.0.9200.16576 Snert :: SNERT-PC [Administrator] Schutz: Deaktiviert 20.05.2013 14:02:34 mbam-log-2013-05-20 (14-02-34).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 484691 Laufzeit: 58 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|7A34EDDA0A5AC57C00007A3473AACAB0 (Trojan.FakeAlert.SSGen) -> Daten: C:\ProgramData\7A34EDDA0A5AC57C00007A3473AACAB0\7A34EDDA0A5AC57C00007A3473AACAB0.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\ProgramData\7A34EDDA0A5AC57C00007A3473AACAB0\7A34EDDA0A5AC57C00007A3473AACAB0.exe (Trojan.FakeAlert.SSGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
21.05.2013, 06:30
| #3 |
| /// Malwareteam / Visitor  | Problem mit Fakealert Hi Andre_2708
__________________Ich bin Smeenk und ich werde versuchen Dir zu helfen  Systemscan mit ZOEK Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
Bitte alles nach Möglichkeit hier in CODE-Tags posten: [code] Dein Log hier [/code] |
|
21.05.2013, 17:59
| #4 |
| | Problem mit Fakealert Hallo Smeenk, vielen dank für deine Hilfe und Unterstützung. Bin eben erst von Arbeit heim darum jetzt erst die Antwort. Hier das Logfile: Zoek.exe Version 4.0.0.2 Updated 20-May-2013 Tool run by Snert on 21.05.2013 at 17:09:28,64. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode No Internet Access Detected ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3740440184-2078061406-2066729486-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} deleted successfully HKEY_USERS\S-1-5-21-3740440184-2078061406-2066729486-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A97BED5-0DAC-463F-ACD3-4AF2D853B8CC} deleted successfully HKEY_USERS\S-1-5-21-3740440184-2078061406-2066729486-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C65F3879-1DD9-4CA8-AEB2-80C52EDF28D8} deleted successfully HKEY_USERS\S-1-5-21-3740440184-2078061406-2066729486-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully HKEY_USERS\S-1-5-21-3740440184-2078061406-2066729486-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully HKEY_USERS\S-1-5-21-3740440184-2078061406-2066729486-1000\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully HKEY_USERS\S-1-5-21-3740440184-2078061406-2066729486-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully HKEY_USERS\S-1-5-21-3740440184-2078061406-2066729486-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully HKEY_USERS\S-1-5-21-3740440184-2078061406-2066729486-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-3740440184-2078061406-2066729486-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\internet explorer\urlsearchhooks\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CltMngSvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CltMngSvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\wajamupdater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wajamupdater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\wajamupdater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wajamupdater deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Snert\AppData\Roaming\Mozilla\Firefox\Profiles\osnudy1d.default ---- Lines BabylonToolbar removed from prefs.js ---- user_pref("extensions.BabylonToolbar.hmpg", true); user_pref("extensions.BabylonToolbar.lastVrsnTs", ""); user_pref("extensions.BabylonToolbar.newTab", true); user_pref("extensions.BabylonToolbar.smplGrp", "azb"); ---- Lines BabylonToolbar modified from prefs.js ---- ---- Lines BabylonToolbar removed from user.js ---- ---- Lines ask.com removed from prefs.js ---- user_pref("browser.search.defaultengine", "Ask.com"); user_pref("browser.search.order.1", "Ask.com"); ---- Lines ask.com modified from prefs.js ---- ---- Lines ask.com removed from user.js ---- ---- Lines wajam removed from prefs.js ---- user_pref("extensions.wajam.affiliate_id", "6334"); user_pref("extensions.wajam.firstrun", "false"); user_pref("extensions.wajam.log_send_info", "false"); user_pref("extensions.wajam.no_trace", "false"); user_pref("extensions.wajam.server_current_mapping_version", "0.21086"); user_pref("extensions.wajam.trace_log", "1365191250974 - onItemAdded - Error Message: response.sendResponse is not a function\n1365191250975 - onItemAdded - Error Message: response.sendResponse is not a function\n1365191250976 - onItemAdded - Error Message: response.sendResponse is not a function\n1365191250977 - onItemAdded - Error Message: response.sendResponse is not a function\n1365191250978 - onItemAdded - Error Message: response.sendResponse is not a function\n1365191251066 - onFlagInfoReceived - JSON Received: {\"unique_id\":\"27163937E21693CB40CD5BC241B0760C\",\"urls_mapping_version\":\"0.21086\",\"send_debug_info\":false}\n1365191251066 - onFlagInfoReceived - Server mapping version: 0.21086\n1365191251067 - onFlagInfoReceived - No client-side server mapping version, don't update\n1365191251067 - onFlagInfoReceived - Saving server mapping version\n1365191251067 - onFlagInfoReceived - No user current mapping version specified, set to '0'\n1365191251068 - onFlagInfoReceived - Unique ID saved\n"); user_pref("extensions.wajam.unique_id", "27163937E21693CB40CD5BC241B0760C"); user_pref("extensions.wajam.user_current_mapping_version", "0"); user_pref("extensions.wajam.version", "1.26"); ---- Lines wajam modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\",\"mtime\":1353274073594},\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1368721119003},\"{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\",\"mtime\":1341592640794},\"{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\",\"mtime\":1348748675410},\"{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\",\"mtime\":1351776547563},\"{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}\",\"mtime\":1357151631242}}},{\"name\":\"winreg-app-user\",\"addons\":{\"{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Wajam\\\\Firefox\\\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi\",\"mtime\":1360856470000}}},{\"name\":\"app-profile\",\"addons\":{\"ciuvo-extension@icq.de\":{\"descriptor\":\"C:\\\\Users\\\\Snert\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\osnudy1d.default\\\\extensions\\\ \ciuvo-extension@icq.de.xpi\",\"mtime\":1355255762679},\"ffxtlbr@babylon.com\":{\"descriptor\":\"C:\\\\Users\\\\Snert\\\\AppData\\\\Roaming\\\\Mozilla\\\\Fir efox\\\\Profiles\\\\osnudy1d.default\\\\extensions\\\\ffxtlbr@babylon.com\",\"mtime\":1350755461732},\"{800b5000-a755-47e1-992b-48a1c1357f07}\":{\"descriptor\":\"C:\\\\Users\\\\Snert\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\osnudy1d.default\\\\extensions\\\\{8 00b5000-a755-47e1-992b-48a1c1357f07}\",\"mtime\":1355255769948}}}]"); ---- Lines wajam removed from user.js ---- ---- Lines ICQ Search removed from prefs.js ---- user_pref("browser.search.defaultenginename", "ICQ Search"); user_pref("browser.search.selectedEngine", "ICQ Search"); ---- Lines ICQ Search modified from prefs.js ---- ---- Lines ICQ Search removed from user.js ---- ---- Lines icq.com removed from prefs.js ---- user_pref("browser.startup.homepage", "hxxp://start.icq.com/"); user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q="); ---- Lines icq.com modified from prefs.js ---- ---- Lines icq.com removed from user.js ---- ---- Lines icqtoolbar removed from prefs.js ---- user_pref("icqtoolbar.allowSendURL", false); user_pref("icqtoolbar.engineVerified", false); user_pref("icqtoolbar.facebookSmilesAddonShowedPopup", true); user_pref("icqtoolbar.firstTbRun", false); user_pref("icqtoolbar.geolastmodified", 1368472872); user_pref("icqtoolbar.history", "face||kfacebook||facebook||google||gew%C3%B6lbekeller%20sch%C3%B6ngleina||felsenkeller%20sch%C3%B6ngleina||tragus%20piercing"); user_pref("icqtoolbar.icqgeo", 49); user_pref("icqtoolbar.installTime", "1355255836"); user_pref("icqtoolbar.itbsitescount", 0); user_pref("icqtoolbar.newtab_most_visited_state", "1"); user_pref("icqtoolbar.newtab_recently_closed_state", "1"); user_pref("icqtoolbar.newtab_state", "1"); user_pref("icqtoolbar.numberOfSearches", 0); user_pref("icqtoolbar.previousFFVersion", "20.0.1"); user_pref("icqtoolbar.removedsitescount", 12); user_pref("icqtoolbar.showPc", false); user_pref("icqtoolbar.skip_default_search", "no"); user_pref("icqtoolbar.suggestions", false); user_pref("icqtoolbar.uniqueID", "132448909713244893371324571077529"); user_pref("icqtoolbar.usageStatstTimestamp", 1368957205); user_pref("icqtoolbar.version", "1.5.3"); user_pref("icqtoolbar.voucherHideClicks", 0); user_pref("icqtoolbar.voucherMoreLinkClicks", 0); user_pref("icqtoolbar.voucherRedeemClicks", 0); user_pref("icqtoolbar.voucherWasShown", 0); user_pref("icqtoolbar.xmlEnableSuggestions", false); user_pref("icqtoolbar.xmlLanguage", "de"); ---- Lines icqtoolbar modified from prefs.js ---- ---- Lines icqtoolbar removed from user.js ---- ---- FireFox user.js and prefs.js backups ---- user__1713_.backup prefs__1713_.backup ==== Batch Command(s) Run By Tool====================== C:\Windows\system32\appdata deleted ==== Deleting Files \ Folders ====================== "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" deleted "C:\ProgramData\HPWALog.txt" deleted "C:\END" deleted "C:\Users\Snert\AppData\Roaming\Mozilla\Firefox\Profiles\osnudy1d.default\searchplugins\browsemngr.xml" deleted "C:\Users\Snert\AppData\Roaming\Mozilla\Firefox\Profiles\osnudy1d.default\searchplugins\icqplugin-1.xml" deleted "C:\Users\Snert\AppData\Roaming\Mozilla\Firefox\Profiles\osnudy1d.default\searchplugins\icqplugin-2.xml" deleted "C:\Users\Snert\AppData\Roaming\Mozilla\Firefox\Profiles\osnudy1d.default\searchplugins\icqplugin-3.xml" deleted "C:\Users\Snert\AppData\Roaming\Mozilla\Firefox\Profiles\osnudy1d.default\searchplugins\icqplugin-4.xml" deleted "C:\Users\Snert\AppData\Roaming\Mozilla\Firefox\Profiles\osnudy1d.default\searchplugins\icqplugin-5.xml" deleted "C:\Users\Snert\AppData\Roaming\Mozilla\Firefox\Profiles\osnudy1d.default\searchplugins\icqplugin.gif" deleted "C:\Users\Snert\AppData\Roaming\Mozilla\Firefox\Profiles\osnudy1d.default\searchplugins\icqplugin.src" deleted "C:\Users\Snert\AppData\Roaming\Mozilla\Firefox\Profiles\osnudy1d.default\searchplugins\icqplugin.xml" deleted "C:\Users\Snert\AppData\Roaming\Mozilla\Firefox\Profiles\osnudy1d.default\searchplugins\askcom.xml" deleted "C:\Users\Snert\AppData\Roaming\Mozilla\Firefox\Profiles\osnudy1d.default\bProtector_extensions.sqlite" deleted "C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi" deleted "C:\ProgramData\7A34EDDA0A5AC57C00007A3473AACAB0\7A34EDDA0A5AC57C00007A3473AACAB0" deleted "C:\ProgramData\7A34EDDA0A5AC57C00007A3473AACAB0\7A34EDDA0A5AC57C00007A3473AACAB0.ico" deleted "C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe" deleted "C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\datamngr.dll" deleted "C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\IEBHO.dll" deleted "C:\Users\Snert\AppData\Roaming\SearchProtect\bin\ChromeModule.dll" deleted "C:\Users\Snert\AppData\Roaming\SearchProtect\bin\cltmng.exe" deleted "C:\Users\Snert\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll" deleted "C:\Users\Snert\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll" deleted "C:\Users\Snert\AppData\Roaming\SearchProtect\bin\msvcp100.dll" deleted "C:\Users\Snert\AppData\Roaming\SearchProtect\bin\msvcr100.dll" deleted "C:\Users\Snert\AppData\Roaming\SearchProtect\bin\rep.dat" deleted "C:\Users\Snert\AppData\Roaming\SearchProtect\bin\SPHook32.dll" deleted "C:\ProgramData\7A34EDDA0A5AC57C00007A3473AACAB0" deleted "C:\SearchProtect" deleted "C:\Program Files (x86)\entrusted" deleted "C:\Windows\syswow64\appdata" deleted "C:\Program Files (x86)\FileConverter_1.3" deleted "C:\Program Files (x86)\ICQ6Toolbar" deleted "C:\Program Files (x86)\BabylonToolbar" deleted "C:\Program Files (x86)\iMesh Applications\MediaBar" not deleted "C:\Program Files (x86)\SearchProtect" deleted "C:\Program Files (x86)\Wajam" deleted "C:\Program Files (x86)\Conduit" deleted "C:\found.000" deleted "C:\Users\Snert\AppData\Roaming\Babylon" deleted "C:\Users\Snert\AppData\Roaming\SearchProtect" not deleted "C:\Users\Snert\AppData\Roaming\OpenCandy" deleted "C:\ProgramData\Browser Manager" deleted "C:\ProgramData\Ask" deleted "C:\ProgramData\ICQ\ICQToolbar" deleted "C:\ProgramData\Babylon" deleted "C:\Users\Snert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam" deleted "C:\Users\Snert\AppData\Local\Wajam" deleted "C:\Users\Snert\AppData\Local\PackageAware" deleted "C:\Users\Snert\AppData\Local\Conduit" deleted "C:\Users\Snert\AppData\LocalLow\mediabarim" deleted "C:\Users\Snert\AppData\LocalLow\imeshbandmltbpi" deleted "C:\Users\Snert\AppData\LocalLow\BabylonToolbar" deleted "C:\Users\Snert\AppData\LocalLow\FileConverter_1.3" deleted "C:\Users\Snert\AppData\LocalLow\DataMngr" deleted "C:\Users\Snert\AppData\LocalLow\PriceGong" deleted "C:\Users\Snert\AppData\LocalLow\Conduit" deleted "C:\Users\Snert\AppData\Roaming\Mozilla\Firefox\Profiles\osnudy1d.default\extensions\ffxtlbr@babylon.com" deleted "C:\Users\Snert\AppData\Roaming\Mozilla\Firefox\Profiles\osnudy1d.default\ICQToolbarData" deleted "C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr" not deleted "C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64" not deleted "C:\Users\Snert\AppData\Roaming\SearchProtect\bin" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2013-04-22 15:01:17 74C0F7122D2A440750A5E1F92E28CD36 1042164827 ----a-w- C:\Windows\MEMORY.DMP ====== C:\Users\Snert\AppData\Local\Temp ==== 2013-05-08 06:19:16 F4E3DE7B4898E37652F39A06BC9591E3 2824352 ----a-w- C:\Users\Snert\AppData\Local\Temp\SecondStepInstaller.exe ====== C:\Windows\SysWOW64 ===== 2013-05-20 19:06:36 D3F64318307CEC05CBDE533D99976532 16896 ----a-w- C:\Windows\SysWOW64\wksprtPS.dll 2013-05-20 19:06:36 A9D4140B8B843D5719F7C3EED8C0F9FD 37376 ----a-w- C:\Windows\SysWOW64\tsgqec.dll 2013-05-20 19:06:36 8999F18D38D55E34D356796507FFD639 192000 ----a-w- C:\Windows\SysWOW64\rdpendp_winip.dll 2013-05-20 19:06:35 E6446AB7A7E602CAFF51ACA3C68C1526 269312 ----a-w- C:\Windows\SysWOW64\aaclient.dll 2013-05-20 19:06:35 40FF6C636380A87DE3A99F4E348BFDCB 1048064 ----a-w- C:\Windows\SysWOW64\mstsc.exe 2013-05-20 19:06:35 3F853160DEE5B71B9AD2F1BAF2B1E55B 46592 ----a-w- C:\Windows\SysWOW64\MsRdpWebAccess.dll 2013-05-20 19:06:33 EF1689081813A60D4610FF429530BA36 4916224 ----a-w- C:\Windows\SysWOW64\mstscax.dll 2013-05-20 19:05:06 33B26FA5DBEB69FFAB703EDCB4E6DE4A 514560 ----a-w- C:\Windows\SysWOW64\qdvd.dll 2013-05-20 19:05:02 AF78F66116814FDD6677CEBD73035CDD 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll 2013-05-20 19:05:00 BFB26890612FB8AE8B0463EBEBE84B7E 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2013-05-20 19:05:00 A113AFEED3159A1ED52D78CB0226006D 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2013-05-16 04:05:09 49834B94A8E8383B700EDDEF46C2AE6A 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2013-05-16 04:05:08 28AEB03752D716BF149DBC93A9ACC17E 391168 ----a-w- C:\Windows\SysWOW64\ieui.dll 2013-05-16 04:05:07 DFDBC397D0DDBD1AFA3CB400D4C003A9 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2013-05-16 04:05:06 F59A16A9418044C1D505C53DA370B099 2046976 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2013-05-16 04:05:06 5915AA67DECA289F7B4AFB686CDB09E9 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-05-16 04:05:06 52AA8A8DA4175580F365D275EB53DBE3 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2013-05-16 04:05:06 3CC9825BFFE7B7429C8B79B0395ACDA8 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2013-05-16 04:05:06 366D8EA2ADCBA228C9487BC6D2427DDC 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll 2013-05-16 04:05:05 65C95886E1B17001ADDF163AC18C5525 1130496 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2013-05-16 04:05:04 0142341520F0A0F2B0E312335B96705B 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll 2013-05-16 04:05:02 C9A062F32FF600C96795B43CD9A53151 2877440 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2013-05-16 04:05:01 5ABB3F36AF17007F33FA275E96A2C95E 1767424 ----a-w- C:\Windows\SysWOW64\wininet.dll 2013-05-16 04:05:01 03180AFD271BFD88813F428421BC4A1A 39424 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2013-05-16 04:04:58 7A468BC721C1D34E60389D3F2F87BBEA 14323712 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2013-05-16 04:04:54 D5E5A86F49ACC11768D8339094C3AFD8 13760512 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2013-05-15 15:45:29 565D78187494FB5F08B5A52DEB2AEA7A 12872704 ----a-w- C:\Windows\SysWOW64\shell32.dll 2013-05-15 15:45:28 E904178851A6A44BFA97E064EF779E9D 1796096 ----a-w- C:\Windows\SysWOW64\authui.dll 2013-05-15 15:45:28 1F05F5A16881CD928C82D53CEFCF4477 180224 ----a-w- C:\Windows\SysWOW64\shdocvw.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2013-05-20 19:06:39 E9A0777DCA9148157E0EF9B71D7DE353 15360 ----a-w- C:\Windows\Sysnative\RdpGroupPolicyExtension.dll 2013-05-20 19:06:39 7B619C36F84720CB6AB77031B6F4FA60 13312 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyExtension.dll 2013-05-20 19:06:39 0E894692EB8579703FB1EC8AB6908571 13312 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyControl.exe 2013-05-20 19:06:36 E98E2152251EB2576714B2CCE01555DC 44032 ----a-w- C:\Windows\Sysnative\tsgqec.dll 2013-05-20 19:06:36 9EB297848DAACF111C36B6048EFF5AEA 43520 ----a-w- C:\Windows\Sysnative\TsUsbGDCoInstaller.dll 2013-05-20 19:06:36 09112DADA82F4700F833C2E40DFB59FC 18432 ----a-w- C:\Windows\Sysnative\wksprtPS.dll 2013-05-20 19:06:35 F059D17612BF074443C01FCCC8D5C905 54272 ----a-w- C:\Windows\Sysnative\MsRdpWebAccess.dll 2013-05-20 19:06:35 D346E07D62E3D4BEAB040939744EC31B 228864 ----a-w- C:\Windows\Sysnative\rdpendp_winip.dll 2013-05-20 19:06:35 AE8535663AA64318D174CD7CA44ED947 62976 ----a-w- C:\Windows\Sysnative\TSWbPrxy.exe 2013-05-20 19:06:35 AD4D0AEDB5993EDA31EB80A54EDBC344 243200 ----a-w- C:\Windows\Sysnative\rdpudd.dll 2013-05-20 19:06:35 87E8244DCB33A7A0836C66389B8874B6 322560 ----a-w- C:\Windows\Sysnative\aaclient.dll 2013-05-20 19:06:35 6846ECABF7034DD97EE1DE38F1DA16B4 384000 ----a-w- C:\Windows\Sysnative\wksprt.exe 2013-05-20 19:06:34 98C04A60A10777D99B569636C55FE91C 1123840 ----a-w- C:\Windows\Sysnative\mstsc.exe 2013-05-20 19:06:34 8F69EE5E0EB0779DC3E90DFD8D8E8683 3174912 ----a-w- C:\Windows\Sysnative\rdpcorets.dll 2013-05-20 19:06:32 FF16B21E5C0C46A70B2CD4F65B87D9F1 5773824 ----a-w- C:\Windows\Sysnative\mstscax.dll 2013-05-20 19:05:06 973131EB99BE1E19DAC502CB724E72A5 366592 ----a-w- C:\Windows\Sysnative\qdvd.dll 2013-05-20 19:05:02 B7D42CB36C08FA017E73FF2433CD7287 340992 ----a-w- C:\Windows\Sysnative\schannel.dll 2013-05-20 19:05:01 685527DA09EBFB681E98C515978BDEE2 1448448 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2013-05-16 04:05:09 9B2BB51ED6D28860A48CFF46FD6D3DC1 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2013-05-16 04:05:08 FE6CB2001A8C2A85B617CD3FC85D8242 526336 ----a-w- C:\Windows\Sysnative\ieui.dll 2013-05-16 04:05:07 97588F2871E1FE8E3EB57B17B98DF03B 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll 2013-05-16 04:05:07 42758AF68D3C4912C8D8A18088AD2555 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2013-05-16 04:05:06 EC6E8273B6CB79CA5B7B00CA82D1FCEE 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll 2013-05-16 04:05:06 A197763AA7487807279AB61CD6835CEF 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe 2013-05-16 04:05:06 9D6B9124B582F0FBF275B434CE5A672C 2647552 ----a-w- C:\Windows\Sysnative\iertutil.dll 2013-05-16 04:05:06 7DAA72F6C30D81EE31EC2BDC90054326 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2013-05-16 04:05:06 168602AB16D30D5D6E091CA609FC7E75 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll 2013-05-16 04:05:04 E34F0440799F9A0F9DC4265F4ADA75C1 1365504 ----a-w- C:\Windows\Sysnative\urlmon.dll 2013-05-16 04:05:04 772EC073332D1BA2DBEC32C6D063811A 855552 ----a-w- C:\Windows\Sysnative\jscript.dll 2013-05-16 04:05:02 2C96C695B6015042AC867EA419A45C20 3958784 ----a-w- C:\Windows\Sysnative\jscript9.dll 2013-05-16 04:05:01 254502230F2259D255D4149C235173B1 53248 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2013-05-16 04:05:00 27A9000C534AA9BADC9EE74940F50C6D 2242048 ----a-w- C:\Windows\Sysnative\wininet.dll 2013-05-16 04:04:56 C56EF4C50A1FEED0CC9B7AE068CBBBBB 19231232 ----a-w- C:\Windows\Sysnative\mshtml.dll 2013-05-16 04:04:55 7F4F74880E0B586EB7A9E225C34B1296 15404032 ----a-w- C:\Windows\Sysnative\ieframe.dll 2013-05-15 15:45:41 943F527DF79E6B400104341AA7023C75 144384 ----a-w- C:\Windows\Sysnative\cdd.dll 2013-05-15 15:45:29 3EF480BFED1B5947A32585E30A58D4ED 1930752 ----a-w- C:\Windows\Sysnative\authui.dll 2013-05-15 15:45:29 22A0AE97360C1B146FDD9AA55AC0E989 197120 ----a-w- C:\Windows\Sysnative\shdocvw.dll 2013-05-15 15:45:29 1BFC94665BCA35F9001ADC7BFB167C63 14172672 ----a-w- C:\Windows\Sysnative\shell32.dll 2013-05-15 15:45:28 E948D1D42DC68923ABD75EEB5BCCD1D3 111448 ----a-w- C:\Windows\Sysnative\consent.exe 2013-05-15 15:45:28 9D2A2369AB4B08A4905FE72DB104498F 70144 ----a-w- C:\Windows\Sysnative\appinfo.dll 2013-05-15 15:45:22 FE90B750AB808FB9DD8FBB428B5FF83B 230400 ----a-w- C:\Windows\Sysnative\wwansvc.dll 2013-05-15 15:45:22 30B1489F2DCD8DC1AB6BB60CA6093615 48640 ----a-w- C:\Windows\Sysnative\wwanprotdim.dll 2013-05-15 15:45:21 A11523523B31086DD760C0189C763359 3153920 ----a-w- C:\Windows\Sysnative\win32k.sys ====== C:\Windows\Sysnative\drivers ===== 2013-05-20 19:18:46 490FA25161BF3E51993EB724ECF0ACEB 28600 ----a-w- C:\Windows\Sysnative\drivers\avkmgr.sys 2013-05-20 19:18:46 488486DAD09A5B6C6DBB8B990A8B2307 130016 ----a-w- C:\Windows\Sysnative\drivers\avipbb.sys 2013-05-20 19:18:46 09E6069EF94B345061B4BD3CEBD974C8 100712 ----a-w- C:\Windows\Sysnative\drivers\avgntflt.sys 2013-05-20 19:06:37 313F68E1A3E6345A4F47A36B07062F34 19456 ----a-w- C:\Windows\Sysnative\drivers\rdpvideominiport.sys 2013-05-20 19:06:37 17C6B51CBCCDED95B3CC14E22791F85E 57856 ----a-w- C:\Windows\Sysnative\drivers\TsUsbFlt.sys 2013-05-20 19:05:02 AAFCB52FE0037207FB6FBEA070D25EFE 458712 ----a-w- C:\Windows\Sysnative\drivers\cng.sys 2013-05-20 19:05:01 7EFB9333E4ECCE6AE4AE9D777D9E553E 154480 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2013-05-20 11:23:43 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2013-05-15 15:45:41 AF2E16242AA723F68F461B6EAE2EAD3D 983400 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys 2013-05-15 15:45:41 1F04CFB79DD5FB7694468CE3FB3DCC31 265064 ----a-w- C:\Windows\Sysnative\drivers\dxgmms1.sys 2013-05-07 15:16:15 4BDDB42CB6BF46452FA7155EA5381576 83160 ----a-w- C:\Windows\Sysnative\drivers\avnetflt.sys 2013-04-23 18:41:35 B98F8C6E31CD07B2E6F71F7F648E38C0 1656680 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-05-19 08:28:01 -------- d-----w- C:\Program Files\iTunes 2013-05-19 08:28:01 -------- d-----w- C:\Program Files\iPod ======= C:\Program Files (x86) ===== 2013-05-20 19:24:07 -------- d-----w- C:\Program Files (x86)\stinger 2013-05-20 19:18:35 -------- d-----w- C:\Program Files (x86)\Avira 2013-05-19 08:28:01 -------- d-----w- C:\Program Files (x86)\iTunes 2013-05-05 19:56:26 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service ======= C: ===== ====== C:\Users\Snert\AppData\Roaming ====== 2013-05-20 19:19:30 -------- d-----w- C:\users\Snert\AppData\Roaming\Avira 2013-05-20 11:23:29 -------- d-----w- C:\users\Snert\AppData\Local\Programs 2013-05-20 09:32:50 -------- d-----w- C:\users\Snert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus 2013-05-01 11:39:39 -------- d-----w- C:\users\Snert\AppData\Roaming\SearchProtect 2013-05-01 11:39:27 -------- d-----w- C:\users\Snert\AppData\Locallow\entrusted ====== C:\Users\Snert ====== 2013-05-20 19:58:16 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Snert\defogger_reenable 2013-05-20 19:18:35 -------- d-----w- C:\ProgramData\Avira 2013-05-19 08:28:22 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2013-05-19 08:28:01 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-05-05 19:56:26 -------- d-----w- C:\ProgramData\Mozilla ====== C: exe-files == 2013-05-21 04:09:38 44C3BA4FC24D7B033C90556E38F5E6F2 11216928 ----a-w- C:\Users\Snert\Desktop\20130520\stinger32.exe 2013-05-20 19:54:47 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\Snert\Desktop\20130520\gmer_2.1.19163.exe 2013-05-20 19:54:09 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Snert\Desktop\20130520\OTL.exe 2013-05-20 19:53:50 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\Snert\Desktop\20130520\Defogger.exe 2013-05-20 19:24:40 44C3BA4FC24D7B033C90556E38F5E6F2 11216928 ----a-w- C:\Users\Snert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J2PD5353\stinger32.exe 2013-05-20 19:23:49 F7758503500A1184C97E48260DBE4E73 9501288 ----a-w- C:\Users\Snert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ON3FG5PY\stinger__1_.exe 2013-05-20 19:23:32 F7758503500A1184C97E48260DBE4E73 9501288 ----a-w- C:\Users\Snert\Downloads\stinger__1_.exe 2013-05-20 19:18:48 F9B7AEBBCC0DBC81A25E374942DF7256 88288 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe 2013-05-20 19:18:47 FB51855048640AD63C070BF14282EC4E 91872 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\setuppending.exe 2013-05-20 19:18:47 B4F9E944991B35E53B48559226B071F0 147512 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\guardgui.exe 2013-05-20 19:18:47 A06EC301845C6125E86E154021FED98A 170864 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\inssda64.exe 2013-05-20 19:18:47 90C69DF5FB36F8B74109583652575BD3 86752 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 2013-05-20 19:18:47 715A90A0E5FC7F59DCD4C233ED492F4A 98544 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\licmgr.exe 2013-05-20 19:18:47 621BA4E47B85CF1F80F365B55E66A800 597560 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe 2013-05-20 19:18:47 384F68F528FC0ED865099591CE14513B 117984 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\rscdwld.exe 2013-05-20 19:18:47 35BC164CD3629F63A4E854F87B5EF22A 46960 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe 2013-05-20 19:18:47 1AD3B88543411BA00F7456885EF5ACF0 764984 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe 2013-05-20 19:18:47 0DC8070D12DE0B862A16ED300A1DCD7B 83680 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe 2013-05-20 19:18:46 FF7E55D0327862E9C5BD302B0FC2C300 248032 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe 2013-05-20 19:18:46 F57186D78809B8175666181EAB5499C5 339168 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avmcdlg.exe 2013-05-20 19:18:46 E92FBA87C49B48FE117A351AC616642E 111328 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exe 2013-05-20 19:18:46 D99A090A7F3C9D1DA34AA72F60E6EC34 232672 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebloader.exe 2013-05-20 19:18:46 D8CC9DE8A945425B6CF41A35EF4DF2B7 345312 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 2013-05-20 19:18:46 C23800F7FAEAE89D710F30CE5FEF9C21 84704 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avadmin.exe 2013-05-20 19:18:46 B6F85597831F63C27FD278F4E05C3020 110816 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 2013-05-20 19:18:46 B1FEBD01D212932B1F54718FAD2CED45 456928 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\fact.exe 2013-05-20 19:18:46 AD90541BD474590B103325489F524DC6 424504 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avconfig.exe 2013-05-20 19:18:46 AD74CCA501DA08EF395E520D9C258F81 5655248 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe 2013-05-20 19:18:46 A53026C00674C19E7CCAE1CFC5C99E10 636984 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe 2013-05-20 19:18:46 93A912072351DFEF975F12EFAD18BD9F 145096 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\apnstub.exe 2013-05-20 19:18:46 8DAB771BC32592C2D42FE0220F59AB86 330976 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe 2013-05-20 19:18:46 860F1E3DBB603D11DAE6826FA4F78B2A 775224 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe 2013-05-20 19:18:46 75BCB99CE4AB9127D30EBC826045F5F7 181984 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avrestart.exe 2013-05-20 19:18:46 3370240F20C2AA5E17CD73F065D02FC1 562744 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe 2013-05-20 19:18:46 1EB5C420750F2C7ABED7E652498EA589 72928 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\checkt.exe 2013-05-20 19:18:46 1C76D6D29893BB27EB5B373E0C07BB64 165512 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avwsc.exe 2013-05-20 19:18:46 18CB43CA67F992ED2A00AC439D22E50D 285408 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe 2013-05-20 19:18:46 16FA8E48B21B7D4FCE36C29E850049A7 58080 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avupgsvc.exe 2013-05-20 19:18:46 1500B9CBB4E038760566914810762A34 629304 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe 2013-05-20 19:18:46 05676A56207CA37F3E76FAB3CEB97BD7 371768 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe 2013-05-20 19:07:16 1AF4E05BC18F7608E93F5ACBA1D75EDD 2083256 ----a-w- C:\Users\Snert\Downloads\avira_antivirus_premium (1).exe 2013-05-20 19:06:39 0E894692EB8579703FB1EC8AB6908571 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe 2013-05-20 19:06:35 AE8535663AA64318D174CD7CA44ED947 62976 ----a-w- C:\Windows\System32\TSWbPrxy.exe 2013-05-20 19:06:35 6846ECABF7034DD97EE1DE38F1DA16B4 384000 ----a-w- C:\Windows\System32\wksprt.exe 2013-05-20 19:06:35 40FF6C636380A87DE3A99F4E348BFDCB 1048064 ----a-w- C:\Windows\SysWOW64\mstsc.exe 2013-05-20 19:06:34 98C04A60A10777D99B569636C55FE91C 1123840 ----a-w- C:\Windows\System32\mstsc.exe 2013-05-19 08:23:55 6AA47B68545068147D3FF9043129A7E0 77136 ----a-w- C:\Users\Snert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZWDBOR1Z\SetupAdmin[1].exe 2013-05-19 08:23:55 6AA47B68545068147D3FF9043129A7E0 77136 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 11.0.3.42\SetupAdmin.exe 2013-05-16 04:05:07 42758AF68D3C4912C8D8A18088AD2555 51712 ----a-w- C:\Windows\System32\ie4uinit.exe 2013-05-16 04:05:06 A197763AA7487807279AB61CD6835CEF 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-16 04:05:06 5915AA67DECA289F7B4AFB686CDB09E9 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-05-16 04:05:05 CEA304830B4770BDA3572B87D0841848 775232 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2013-05-16 04:05:05 AAD90795E84E710543C6C7C2F7048E30 770608 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2013-05-15 15:45:28 E948D1D42DC68923ABD75EEB5BCCD1D3 111448 ----a-w- C:\Windows\System32\consent.exe 2013-05-15 12:59:46 2872B90D57C8310194A78A9787406467 641352 ----a-w- C:\Program Files\iPod\bin\iPodService.exe 2013-05-15 12:59:44 4476C54D84C792E6B9ECFE4C68BE50D0 152392 ----a-w- C:\Program Files (x86)\iTunes\iTunesHelper.exe 2013-05-15 12:59:42 53B249C9AC2575FA531BD7C959C14CF9 9789256 ----a-w- C:\Program Files (x86)\iTunes\iTunes.exe === C: other files == 2013-05-20 19:18:47 E310FCBA8884EEBD9017C3D01B6D0BCF 100680 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\sweb.zip 2013-05-20 19:18:46 4BDDB42CB6BF46452FA7155EA5381576 83160 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avnetflt.sys 2013-05-20 19:18:46 490FA25161BF3E51993EB724ECF0ACEB 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys 2013-05-20 19:18:46 490FA25161BF3E51993EB724ECF0ACEB 28600 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avkmgr.sys 2013-05-20 19:18:46 488486DAD09A5B6C6DBB8B990A8B2307 130016 ----a-w- C:\Windows\System32\drivers\avipbb.sys 2013-05-20 19:18:46 488486DAD09A5B6C6DBB8B990A8B2307 130016 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avipbb.sys 2013-05-20 19:18:46 09E6069EF94B345061B4BD3CEBD974C8 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys 2013-05-20 19:18:46 09E6069EF94B345061B4BD3CEBD974C8 100712 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avgntflt.sys 2013-05-20 19:06:37 313F68E1A3E6345A4F47A36B07062F34 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys 2013-05-20 19:06:37 17C6B51CBCCDED95B3CC14E22791F85E 57856 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys 2013-05-20 19:05:02 AAFCB52FE0037207FB6FBEA070D25EFE 458712 ----a-w- C:\Windows\System32\drivers\cng.sys 2013-05-20 19:05:01 7EFB9333E4ECCE6AE4AE9D777D9E553E 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2013-05-20 11:23:43 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-05-15 15:45:41 AF2E16242AA723F68F461B6EAE2EAD3D 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-05-15 15:45:41 1F04CFB79DD5FB7694468CE3FB3DCC31 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-05-15 15:45:21 A11523523B31086DD760C0189C763359 3153920 ----a-w- C:\Windows\System32\win32k.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "SearchProtect"="\SearchProtect\bin\cltmng.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3740440184-2078061406-2066729486-1000\Software\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden" "HPADVISOR"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW" "ISUSPM Startup"="C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe -startup" "Facebook Update"="C:\Users\Snert\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "ICQ"="C:\Users\Snert\AppData\Roaming\ICQM\icq.exe -CU" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "SearchProtect"="C:\Users\Snert\AppData\Roaming\SearchProtect\bin\cltmng.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "SearchProtect"="\SearchProtect\bin\cltmng.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe" "QlbCtrl.exe"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start" "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" "WirelessAssistant"="C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" "DATAMNGR"="C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "PMBVolumeWatcher"="C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe" "Guard.Mail.ru.gui"="C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe /gui" "starter4g"="C:\Windows\starter4g.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "SearchProtectAll"="C:\Program Files (x86)\SearchProtect\bin\cltmng.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden" "HPADVISOR"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW" "ISUSPM Startup"="C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe -startup" "Facebook Update"="C:\Users\Snert\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "ICQ"="C:\Users\Snert\AppData\Roaming\ICQM\icq.exe -CU" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "SearchProtect"="C:\Users\Snert\AppData\Roaming\SearchProtect\bin\cltmng.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "RtkOSD"="C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" "lxdnmon.exe"="C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe" "lxdnamon"="C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe" "IntelliType Pro"="c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" "IntelliPoint"="c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Folders ====================== 2013-01-28 00:06:15 1049 ----a-w- C:\users\Snert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2013-02-19 10:07:46 2046 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14.05.2013 21:37] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3740440184-2078061406-2066729486-1000Core.job --a------ C:\Users\Snert\AppData\Local\Facebook\Update\FacebookUpdate.exe [12.07.2012 09:34] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3740440184-2078061406-2066729486-1000UA.job --a------ C:\Users\Snert\AppData\Local\Facebook\Update\FacebookUpdate.exe [12.07.2012 09:34] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:6C:\ProgramC:FilesC:x86\Google\Update\GoogleUpdate.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27.10.2010 15:59] C:\Windows\tasks\HPCeeScheduleForSNERT-PC$.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [07.10.2009 05:22] C:\Windows\tasks\iMeshNAG.job --a------ C:\Users\Snert\AppData\Local\Temp\iMesh_setup.exe [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Snert\AppData\Roaming\Mozilla\Firefox\Profiles\osnudy1d.default - Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - ICQ Toolbar - %ProfilePath%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} - ICQ Sparberater - %ProfilePath%\extensions\ciuvo-extension@icq.de.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} ==== Firefox Plugins ====================== Profilepath: C:\Users\Snert\AppData\Roaming\Mozilla\Firefox\Profiles\osnudy1d.default 7ABE33792F2787D599B6963E71B9E8CD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll - Shockwave Flash 1B197A0ED28DB310AB67591567C3787A - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 7.0.150.3 546A28FBC44B984FD92530227BF6F5C2 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll - Shockwave for Director / Shockwave for Director 0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\Snert\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Deleting Files \ Folders ====================== "C:\Users\Snert\AppData\Roaming\Mozilla\Firefox\Profiles\osnudy1d.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}" deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions jpmbfleldcgkldadpdinhjjopdfpjfjp - C:\Users\Snert\AppData\Local\Wajam\Chrome\wajam.crx[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[02.10.2012 13:14] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://www.google.de/" "Search Page"="hxxp://www.google.com" "ICQ Search"="hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd" "Search Bar"="hxxp://www.google.com/ie" "Default_Search_URL"="hxxp://www.google.com/ie" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="hxxp://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="hxxp://www.google.com/ie" "Default_Search_URL"="hxxp://www.google.com/ie" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{C65F3879-1DD9-4CA8-AEB2-80C52EDF28D8}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C65F3879-1DD9-4CA8-AEB2-80C52EDF28D8}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896" "ICQ Search"="hxxp://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="hxxp://www.google.de/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="hxxp://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {7F1FB254-40E0-4A87-9FCC-429D00C045D6} Unknown Url="Not_Found" {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully HKEY_USERS\S-1-5-21-3740440184-2078061406-2066729486-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully HKEY_USERS\S-1-5-21-3740440184-2078061406-2066729486-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully HKEY_USERS\S-1-5-21-3740440184-2078061406-2066729486-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78e516ef-11de-47a1-8364-a99b917ec5ee} deleted successfully HKEY_USERS\S-1-5-21-3740440184-2078061406-2066729486-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78e516ef-11de-47a1-8364-a99b917ec5ee} deleted successfully HKEY_USERS\S-1-5-21-3740440184-2078061406-2066729486-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e44a1809-4d10-4ab8-b343-3326b64c7cdd} deleted successfully HKEY_USERS\S-1-5-21-3740440184-2078061406-2066729486-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{e44a1809-4d10-4ab8-b343-3326b64c7cdd} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E} deleted successfully HKEY_USERS\S-1-5-21-3740440184-2078061406-2066729486-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E} deleted successfully HKEY_USERS\S-1-5-21-3740440184-2078061406-2066729486-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E} deleted successfully HKEY_USERS\S-1-5-21-3740440184-2078061406-2066729486-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} deleted successfully HKEY_USERS\S-1-5-21-3740440184-2078061406-2066729486-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} deleted successfully HKEY_USERS\S-1-5-21-3740440184-2078061406-2066729486-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7F1FB254-40E0-4A87-9FCC-429D00C045D6} deleted successfully HKEY_USERS\S-1-5-21-3740440184-2078061406-2066729486-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{78e516ef-11de-47a1-8364-a99b917ec5ee} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78e516ef-11de-47a1-8364-a99b917ec5ee} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{e44a1809-4d10-4ab8-b343-3326b64c7cdd} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e44a1809-4d10-4ab8-b343-3326b64c7cdd} deleted successfully HKEY_CLASSES_ROOT\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49D6-A4D5-2E8D7341384E} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49D6-A4D5-2E8D7341384E} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3740440184-2078061406-2066729486-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{78e516ef-11de-47a1-8364-a99b917ec5ee} deleted successfully HKEY_USERS\S-1-5-21-3740440184-2078061406-2066729486-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{78e516ef-11de-47a1-8364-a99b917ec5ee} deleted successfully HKEY_USERS\S-1-5-21-3740440184-2078061406-2066729486-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{e44a1809-4d10-4ab8-b343-3326b64c7cdd} deleted successfully HKEY_USERS\S-1-5-21-3740440184-2078061406-2066729486-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{e44a1809-4d10-4ab8-b343-3326b64c7cdd} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\internet explorer\urlsearchhooks\{78e516ef-11de-47a1-8364-a99b917ec5ee} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{78e516ef-11de-47a1-8364-a99b917ec5ee} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\internet explorer\urlsearchhooks\{e44a1809-4d10-4ab8-b343-3326b64c7cdd} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{e44a1809-4d10-4ab8-b343-3326b64c7cdd} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Snert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Snert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\users\Snert\AppData\Local\Mozilla\Firefox\Profiles\osnudy1d.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Snert\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\iMesh Applications\MediaBar" not found "C:\Users\Snert\AppData\Roaming\SearchProtect" not found ==== EOF on 21.05.2013 at 18:54:33,19 ====================== |
|
21.05.2013, 18:52
| #5 |
| /// Malwareteam / Visitor | Problem mit Fakealert Kein Problem, anscheinend hat Zoek schon einiges gelöscht
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade Dir bitte  AdwCleaner auf deinen Desktop.
|
|
21.05.2013, 19:44
| #6 |
| | Problem mit Fakealert Hallo Smeenk, hier das Log von Zoek: Zoek.exe Version 4.0.0.2 Updated 20-May-2013 Tool run by Snert on 21.05.2013 at 20:14:25,77. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode No Internet Access Detected ==== Older Logs ====================== C:\zoek-results21.05.2013-1936.log 108 bytes ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "SearchProtect"=- [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "SearchProtect"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DATAMNGR"=- "SearchProtectAll"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SearchProtect"=- ==== Deleting Files \ Folders ====================== "C:\Windows\tasks\iMeshNAG.job" deleted "C:\users\Snert\AppData\Locallow\entrusted\hk64tbent0.dll" deleted "C:\users\Snert\AppData\Locallow\entrusted\hk64tbentr.dll" deleted "C:\users\Snert\AppData\Locallow\entrusted\hktbent0.dll" deleted "C:\users\Snert\AppData\Locallow\entrusted\hktbentr.dll" deleted "C:\users\Snert\AppData\Locallow\entrusted\ldrtbent0.dll" deleted "C:\users\Snert\AppData\Locallow\entrusted\ldrtbentr.dll" deleted "C:\users\Snert\AppData\Locallow\entrusted\tbent0.dll" deleted "C:\users\Snert\AppData\Locallow\entrusted\tbent1.dll" deleted "C:\users\Snert\AppData\Locallow\entrusted\tbentr.dll" deleted "C:\users\Snert\AppData\Locallow\entrusted\ThirdPartyComponents.xml" deleted "C:\users\Snert\AppData\Locallow\entrusted\toolbar.cfg" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___cdn_pokki_com_pokki_149b46d4a102c0304583931ceaa3f0bf19785ee3_3_icon-19x19_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___cdn_pokki_com_pokki_17dd240efdb0c50e8a5015de26b6d100f1b1072c_11_icon-19x19_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___cdn_pokki_com_pokki_1b3f490ba5c01b59f32365a3a0fb9aa4838e8de0_2_icon-19x19_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___cdn_pokki_com_pokki_2e9d53cc2b402b6e65aa9551308ca17a19c4721a_31_icon-19x19_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___cdn_pokki_com_pokki_39b5ea0a213ecb47efb4c1e80c9951a7da130292_3_icon-19x19_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___cdn_pokki_com_pokki_544f30c7fadc5b27a6dbeda7ae7467f4c2546bd9_7_icon-19x19_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___cdn_pokki_com_pokki_5d6d6183d96b93ef740a6d54b3e7b268b4cd5cd7_2_icon-19x19_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___cdn_pokki_com_pokki_6074ff052ef5e68f70ba3f33491de6ce1ab99fb1_1_icon-19x19_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___cdn_pokki_com_pokki_bf22c456ee9b9e65e788a5fd499bf25d3ae93e31_2_icon-19x19_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___cdn_pokki_com_pokki_cfada041afdc4a11092a096cac66ab6a0945d92b_38_icon-19x19_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___cdn_pokki_com_pokki_d4c7de68075d70f44cb0d7abdf24da116380c81c_2_icon-19x19_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___cdn_pokki_com_pokki_dab1d86fe5bae112497038559f7924e643b82038_4_icon-19x19_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___cdn_pokki_com_pokki_e0244b95889995bd3d78584fa0171546f0d03548_1_icon-19x19_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___cdn_pokki_com_pokki_f62174610cd42e2df2d36b556b1f7ae24518bae2_4_icon-19x19_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___cdn_pokki_com_pokki_fb143c84656e8d30faf9d30d8dc069921acf5bdc_3_icon-19x19_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_conduit_com_75_328_CT3281675_Images_634995802781348743_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_conduit_com_75_328_CT3281675_Skins_634980320087402783_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_conduit_com_bankimages_iconsGallery_24_5369227798842747855_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_conduit_com_images_eula_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_conduit_com_images_Menu_uninstall-icon_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___storage_conduit_com_MarketPlace_81_28e_816147d9-d2b0-4dc7-b220-fb7ea1b1228e_Appearance_634726106907093173_png.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_gif.gif" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\DialogsAPI.js" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\excanvas.js" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\generalDialogStyle.css" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\PIE.htc" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\RoundedCorners.css" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\RoundedCornersIE9.css" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\settings.js" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\version.txt" deleted "C:\users\Snert\AppData\Locallow\entrusted\ExternalComponent\http___api_theapptab_com_pokki_ConduitMenuXML.xml" deleted "C:\users\Snert\AppData\Locallow\entrusted\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml" deleted "C:\users\Snert\AppData\Locallow\entrusted\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml" deleted "C:\users\Snert\AppData\Locallow\entrusted\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml" deleted "C:\users\Snert\AppData\Locallow\entrusted\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml" deleted "C:\users\Snert\AppData\Locallow\entrusted\RadioPlayer\Predefined_Media_List.xml" deleted "C:\users\Snert\AppData\Locallow\entrusted\SearchInNewTab\SearchInNewTabContent.xml" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\AddedAppDialog\app-added.js" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\AddedAppDialog\main.html" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\DefualtImages\icon.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\DetectedAppDialog\app-2go.js" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\DetectedAppDialog\main.html" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\EngineFirstTimeDialog\EngineFirstTimeDialog.js" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\EngineFirstTimeDialog\main.html" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\EngineFirstTimeDialog\right-click.gif" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\NewSearchProtectorDialog\main.html" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\NewSearchProtectorDialog\SearchProtector.css" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\NewSearchProtectorDialog\SearchProtector.js" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorBubbleDialog\bubble.css" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorBubbleDialog\bubble.js" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorBubbleDialog\main.html" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorDialog\main.html" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorDialog\SearchProtector.css" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorDialog\SearchProtector.js" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorRetakeoverDialog\main.html" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.css" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.js" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\ToolbarFirstTimeDialog\main.html" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.css" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.js" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\ToolbarUntrustedAppsApprovalDialog\main.html" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\ToolbarUntrustedAppsApprovalDialog\ToolbarUntrustedAppsApprovalDialog.js" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\UntrustedAddedAppDialog\main.html" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\UntrustedAddedAppDialog\UT-app-dialog-added.js" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\UntrustedAppApprovalDialog\main.html" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\UntrustedAppApprovalDialog\UT-app-dialog-needs-your-approval.js" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\UntrustedAppPendingDialog\main.html" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\UntrustedAppPendingDialog\UT-app-dialog-is-waiting.js" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\NewSearchProtectorDialog\images\ok-button.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\NewSearchProtectorDialog\images\separation-line.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\NewSearchProtectorDialog\images\warning.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorBubbleDialog\images\information.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorBubbleDialog\images\x-default-LTR.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorBubbleDialog\images\x-default-RTL.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-LTR.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-RTL.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorDialog\Images\info.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorDialog\Images\ok-on.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorDialog\Images\ok.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.jpg" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorRetakeoverDialog\Images\info.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorRetakeoverDialog\Images\ok-on.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorRetakeoverDialog\Images\ok.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\ToolbarFirstTimeDialog\images\app-store-icon.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\ToolbarFirstTimeDialog\images\arrow.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\ToolbarFirstTimeDialog\images\divider.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\ToolbarFirstTimeDialog\images\emailNotifier.gif" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\ToolbarFirstTimeDialog\images\facebook.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\ToolbarFirstTimeDialog\images\radio.GIF" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\ToolbarFirstTimeDialog\images\Thumbs.db" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\ToolbarFirstTimeDialog\images\truste_welcome.GIF" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\ToolbarFirstTimeDialog\images\weather.GIF" deleted "C:\users\Snert\AppData\Locallow\entrusted\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\manifest.xml" deleted "C:\users\Snert\AppData\Locallow\entrusted\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.8\bin\PriceGongIE.dll" deleted "C:\users\Snert\AppData\Locallow\entrusted\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.8\bin\PriceGong_16.png" deleted "C:\users\Snert\AppData\Locallow\entrusted\Repository\conduit_CT3281675_CT3281675\AppsMetaData\data.bck.txt" deleted "C:\users\Snert\AppData\Locallow\entrusted\Repository\conduit_CT3281675_CT3281675\AppsMetaData\data.txt" deleted "C:\users\Snert\AppData\Locallow\entrusted\Repository\conduit_CT3281675_CT3281675\DynamicDialogs\data.txt" deleted "C:\users\Snert\AppData\Locallow\entrusted\Repository\conduit_CT3281675_CT3281675\ToolbarHiddenLogin\data.bck.txt" deleted "C:\users\Snert\AppData\Locallow\entrusted\Repository\conduit_CT3281675_CT3281675\ToolbarHiddenLogin\data.txt" deleted "C:\users\Snert\AppData\Locallow\entrusted\Repository\conduit_CT3281675_CT3281675\ToolbarHiddenSettings\data.bck.txt" deleted "C:\users\Snert\AppData\Locallow\entrusted\Repository\conduit_CT3281675_CT3281675\ToolbarHiddenSettings\data.txt" deleted "C:\users\Snert\AppData\Locallow\entrusted\Repository\conduit_CT3281675_CT3281675\ToolbarLogin\data.txt" deleted "C:\users\Snert\AppData\Locallow\entrusted\Repository\conduit_CT3281675_CT3281675\ToolbarSettings\data.txt" deleted "C:\users\Snert\AppData\Locallow\entrusted\Repository\conduit_CT3281675_en\ToolbarTranslation\data.bck.txt" deleted "C:\users\Snert\AppData\Locallow\entrusted\Repository\conduit_CT3281675_en\ToolbarTranslation\data.txt" deleted "C:\users\Snert\AppData\Locallow\entrusted" deleted "C:\users\Snert\AppData\Locallow\entrusted\CacheIcons" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs" deleted "C:\users\Snert\AppData\Locallow\entrusted\EmailNotifier" deleted "C:\users\Snert\AppData\Locallow\entrusted\ExternalComponent" deleted "C:\users\Snert\AppData\Locallow\entrusted\Logs" deleted "C:\users\Snert\AppData\Locallow\entrusted\MyStuffApps" deleted "C:\users\Snert\AppData\Locallow\entrusted\plugins" deleted "C:\users\Snert\AppData\Locallow\entrusted\RadioPlayer" deleted "C:\users\Snert\AppData\Locallow\entrusted\Repository" deleted "C:\users\Snert\AppData\Locallow\entrusted\SearchInNewTab" deleted "C:\users\Snert\AppData\Locallow\entrusted\UserDefinedItems" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\AddedAppDialog" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\DefualtImages" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\DetectedAppDialog" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\EngineFirstTimeDialog" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\NewSearchProtectorDialog" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorBubbleDialog" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorDialog" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorRetakeoverDialog" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\ToolbarFirstTimeDialog" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\ToolbarUntrustedAppsApprovalDialog" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\UninstallDialog" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\UntrustedAddedAppDialog" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\UntrustedAppApprovalDialog" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\UntrustedAppPendingDialog" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\NewSearchProtectorDialog\images" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorBubbleDialog\images" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorDialog\Images" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\SearchProtectorRetakeoverDialog\Images" deleted "C:\users\Snert\AppData\Locallow\entrusted\Dialogs\ToolbarFirstTimeDialog\images" deleted "C:\users\Snert\AppData\Locallow\entrusted\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}" deleted "C:\users\Snert\AppData\Locallow\entrusted\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.8" deleted "C:\users\Snert\AppData\Locallow\entrusted\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.8\bin" deleted "C:\users\Snert\AppData\Locallow\entrusted\Repository\conduit_CT3281675_CT3281675" deleted "C:\users\Snert\AppData\Locallow\entrusted\Repository\conduit_CT3281675_en" deleted "C:\users\Snert\AppData\Locallow\entrusted\Repository\conduit_CT3281675_CT3281675\AppsMetaData" deleted "C:\users\Snert\AppData\Locallow\entrusted\Repository\conduit_CT3281675_CT3281675\DynamicDialogs" deleted "C:\users\Snert\AppData\Locallow\entrusted\Repository\conduit_CT3281675_CT3281675\ToolbarHiddenLogin" deleted "C:\users\Snert\AppData\Locallow\entrusted\Repository\conduit_CT3281675_CT3281675\ToolbarHiddenSettings" deleted "C:\users\Snert\AppData\Locallow\entrusted\Repository\conduit_CT3281675_CT3281675\ToolbarLogin" deleted "C:\users\Snert\AppData\Locallow\entrusted\Repository\conduit_CT3281675_CT3281675\ToolbarSettings" deleted "C:\users\Snert\AppData\Locallow\entrusted\Repository\conduit_CT3281675_en\ToolbarTranslation" deleted ==== EOF on 21.05.2013 at 20:15:31,92 ====================== MBAR hat nix gefunden hier aber trotzdem das log: Malwarebytes Anti-Rootkit BETA 1.05.0.1001 www.malwarebytes.org Database version: v2013.05.21.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Snert :: SNERT-PC [administrator] 21.05.2013 20:33:53 mbar-log-2013-05-21 (20-33-53).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 31063 Time elapsed: 12 minute(s), 8 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) hier jetzt noch der ADW Cleaner AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.301 - Datei am 21/05/2013 um 20:35:33 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Snert - SNERT-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Snert\Desktop\20130520\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Ordner Gelöscht : C:\Users\Snert\AppData\Roaming\iWin
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\entrusted
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\FileConverter_1.3
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\SearchProtect
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Wajam
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3241949
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3281675
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\entrusted
Schlüssel Gelöscht : HKLM\Software\FileConverter_1.3
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{01335480-2AED-4070-AFF3-B4C8BC22FF35}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{153D7D79-706C-443D-BA98-41CA86982C9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : HKLM\Software\Wajam
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{01335480-2AED-4070-AFF3-B4C8BC22FF35}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{153D7D79-706C-443D-BA98-41CA86982C9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{950F80EF-32C2-47DD-9C35-9576E21EE66E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47F8B694-E177-4B1D-996F-C6F161A16451}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{50518F47-6998-4DD3-B5F3-83B15D181C92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72CADDC8-53F9-407F-BD7F-305F49CCD5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CDE19EFE-68F7-4967-8CB0-7652920D62FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\entrusted Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FileConverter_1.3 Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iMesh 1 MediaBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{950F80EF-32C2-47DD-9C35-9576E21EE66E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\Snert\AppData\Roaming\Mozilla\Firefox\Profiles\osnudy1d.default\prefs.js
C:\Users\Snert\AppData\Roaming\Mozilla\Firefox\Profiles\osnudy1d.default\user.js ... Gelöscht !
Gelöscht : user_pref("extensions.enabledAddons", "ffxtlbr%40babylon.com:1.5.0,%7B800b5000-a755-47e1-992b-48a1c1[...]
-\\ Opera v12.2.1578.0
Datei : C:\Users\Snert\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [11931 octets] - [21/05/2013 20:35:33]
########## EOF - C:\AdwCleaner[S1].txt - [11992 octets] ##########
Danke und Grüße André |
|
21.05.2013, 20:03
| #7 |
| /// Malwareteam / Visitor | Problem mit Fakealert Alles sieht ziemlich sauber aus Downloade Dir bitte  SecurityCheck und:
|
|
21.05.2013, 20:18
| #8 |
| | Problem mit Fakealert Da bin ich aber beruhigt das es gut aussieht. Hier das LOG Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 21 Adobe Flash Player 11.7.700.202 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (20.0.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Danke und Grüße André |
|
21.05.2013, 20:27
| #9 |
| /// Malwareteam / Visitor | Problem mit Fakealert Adobe Reader ist veraltet, besser ist es um den neuesten Version zu verwenden: Adobe - Adobe Reader herunterladen - Alle Versionen Veraltete Versionen von Software sind ein SicherheitsRisiko. Sonst sieht alles Prima aus und denke ich das wir fertig sind |
|
21.05.2013, 20:30
| #10 |
| | Problem mit Fakealert Hi Smeenk, danke für deine schnelle Hilfe. Echt Super!!!! Adobe habe ich schon auf den neusten Stand gebracht. Also dann schönen Abend noch und nochmals Danke Liebe Grüße André Noch eine Frage war der PC sehr verseucht? Oder hielt es sich in Grenzen? Grüße |
|
21.05.2013, 20:42
| #11 | ||
| /// Malwareteam / Visitor | Problem mit FakealertZitat:
Zitat:
Der Fake-AV und Werbung, mehr war es nicht  Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Tools deinstallieren Die Reihenfolge ist hier entscheidend.
Abschließend noch Tipps zu folgenden Themen:
 Lesestoff:Systemupdates Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
Lesestoff:Softwareupdates Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:
Lesestoff:Sicherheitssoftware Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
Lesestoff:Sicheres Surfen Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet  ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Grüße Smeenk |
|
21.05.2013, 20:56
| #12 |
| |  Problem mit Fakealert Alles Erledigt, also Danke dir nochmal für deine Hilfe. Ach ja ich werde das Board unterstützen habe das 2. mal ein Problem gehabt und mir wurde immer schnell und sehr professionell geholfen. Denke das ist mir schon ein paar Euronen wert. :-)) Also dann Danke und liebe Grüße André |
|
21.05.2013, 21:25
| #13 | |
| /// Malwareteam / Visitor | Problem mit FakealertZitat:
Ich möchte dir im Namen der kompletten Crew für die Spende bedanken. Grüße Smeenk |
|
| Themen zu Problem mit Fakealert |
| adware/adware.gen, avira, bluescreen, bonjour, error, excel, fakealert, firefox, flash player, google, iexplore.exe, install.exe, launch, picasa, plug-in, programm, realtek, search protect, security, software, svchost.exe, system care, tr/crypt.xpack.gen3, trojan.fakealert.ssgen, trojaner, wajam, wrapper |
Linear-Darstellung
