| |
| |||||||
Log-Analyse und Auswertung: Seth.Avazutracking.net - Firefox öffnet selbstständig WerbetabsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.07.2013, 01:37
| #1 |
| |  Seth.Avazutracking.net - Firefox öffnet selbstständig Werbetabs Schönen guten Abend, seit einigen Tagen fällt mir auf, dass mein Firefox selbstständig in unregelmäßigen Abständen neue Tabs mit Werbung öffnet. Anhand der Firefox Chronik konnte ich entnehmen, dass die Ausgangsseite seth.avazutracking.net ist, die dann auf die eigentliche Seite offenbar weiterleitet. Mein eigenes Antivirenprogramm ESET Smart Security 4 meckert nicht, hat bislang auch nichts gefunden. Ich habe offen gestanden keine Ahnung wo und wie ich mir den Schädling eingefangen habe, aber jetzt isser da, und weg sollte er. Hoffentlich kann mir jemand dabei helfen. Hier mal vorab die OTL Logfiles: Otl.txt Code:
ATTFilter OTL logfile created on: 11.07.2013 02:14:47 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,73 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 33,28% Memory free 7,45 Gb Paging File | 4,61 Gb Available in Paging File | 61,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 182,27 Gb Total Space | 101,11 Gb Free Space | 55,47% Space Free | Partition Type: NTFS Drive E: | 55,88 Gb Total Space | 41,13 Gb Free Space | 73,60% Space Free | Partition Type: HFS Computer Name: ***MACBOOK | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.11 02:14:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2013.07.10 03:56:22 | 000,559,016 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2013.07.10 03:56:20 | 001,672,616 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2013.07.03 00:59:10 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.05.28 20:40:27 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.01.08 20:28:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2013.01.07 12:44:59 | 000,127,040 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7M\ICQ.exe PRC - [2012.12.14 11:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.09.26 16:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2011.01.12 17:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe PRC - [2010.11.20 14:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2006.10.23 00:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe ========== Modules (No Company Name) ========== MOD - [2013.07.10 20:27:49 | 000,194,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\c9786062fbb311c543497e28c1e1a0c5\CustomMarshalers.ni.dll MOD - [2013.07.10 10:47:19 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ea5ee4386d67f4b432a27c40fbff93c\System.Windows.Forms.ni.dll MOD - [2013.07.10 10:47:06 | 000,377,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\0971216b882fe0d7510f4b02a2857d31\System.Dynamic.ni.dll MOD - [2013.07.10 10:47:05 | 001,616,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\ddb32afe6ca8efe9f0ffbfe6f38944a8\Microsoft.CSharp.ni.dll MOD - [2013.07.10 10:47:03 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4787bb699ed4291859fb86f15d793add\System.Drawing.ni.dll MOD - [2013.07.10 10:46:58 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a1c174e579c9ad4e5b6eeed8a58a721b\System.Core.ni.dll MOD - [2013.07.10 10:46:50 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\8a6d1c8abeb8eb82f06c7d075130cc67\System.ni.dll MOD - [2013.07.10 10:41:40 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll MOD - [2013.07.10 03:56:22 | 001,121,704 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL MOD - [2013.07.09 23:45:48 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2013.07.03 00:59:08 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.07.01 18:20:48 | 000,652,800 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll MOD - [2013.06.15 01:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2013.06.15 01:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2013.06.15 01:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2013.05.28 20:40:26 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\***\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\***\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2006.10.27 16:35:18 | 000,436,512 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office12\ADDINS\UMOUTL~1.DLL MOD - [2006.10.26 22:30:42 | 000,065,312 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office12\ADDINS\COLLEA~1.DLL MOD - [2006.10.26 14:56:46 | 000,757,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ========== Services (SafeList) ========== SRV:64bit: - [2012.04.06 01:48:54 | 000,158,208 | ---- | M] (Samsung Electronics) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc2.exe -- (Samsung UPD Service2) SRV:64bit: - [2011.08.15 19:35:16 | 000,224,640 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\AppleOSSMgr.exe -- (AppleOSSMgr) SRV:64bit: - [2010.01.16 22:39:16 | 000,110,904 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Windows\SysNative\AppleTimeSrv.exe -- (AppleTimeSrv) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.07.10 03:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.07.03 00:59:09 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.01.08 20:28:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.14 11:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.09.26 16:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2011.01.12 17:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Programme\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv) SRV - [2011.01.12 17:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.10.11 05:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam) DRV:64bit: - [2012.10.11 05:08:08 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple) DRV:64bit: - [2012.09.26 16:47:21 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2012.09.26 16:45:44 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.08.15 19:35:16 | 000,072,024 | ---- | M] (Apple Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AppleHFS.sys -- (AppleHFS) DRV:64bit: - [2011.08.15 19:35:16 | 000,017,752 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KeyAgent.sys -- (KeyAgent) DRV:64bit: - [2011.08.15 19:35:16 | 000,016,216 | ---- | M] (Apple Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AppleMNT.sys -- (AppleMNT) DRV:64bit: - [2011.06.02 21:36:46 | 000,032,256 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyMagic.sys -- (KeyMagic) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.31 15:43:51 | 000,038,912 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtp.sys -- (applemtp) DRV:64bit: - [2011.01.31 15:43:51 | 000,012,288 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtm.sys -- (applemtm) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.21 16:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:64bit: - [2010.12.21 16:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:64bit: - [2010.12.21 14:47:38 | 000,170,640 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw) DRV:64bit: - [2010.12.21 14:47:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp) DRV:64bit: - [2010.12.21 14:47:38 | 000,034,144 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.11 20:01:32 | 000,021,048 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\MacHALDriver.sys -- (MacHALDriver) DRV:64bit: - [2010.10.14 23:58:17 | 000,018,432 | ---- | M] (Cirrus Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CS420x64.sys -- (CirrusFilter) DRV:64bit: - [2010.01.15 23:16:55 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.07.22 11:11:38 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IRFilter.sys -- (IRRemoteFlt) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com" FF - prefs.js..extensions.enabledAddons: status4evar%40caligonstudios.com:2013.02.16.23 FF - prefs.js..extensions.enabledAddons: exif_viewer%40mozilla.doslash.org:2.00 FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.16 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013.01.06 18:28:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.06 21:22:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.06.18 09:34:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\l72b7pk4.default\extensions [2013.04.18 12:09:57 | 000,230,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\l72b7pk4.default\extensions\exif_viewer@mozilla.doslash.org.xpi [2013.02.19 23:47:36 | 000,151,803 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\l72b7pk4.default\extensions\status4evar@caligonstudios.com.xpi [2013.06.18 09:34:20 | 000,868,738 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\l72b7pk4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2013.01.28 17:23:14 | 000,001,020 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\l72b7pk4.default\searchplugins\league-of-legends-wiki-en.xml [2013.01.07 22:05:14 | 000,002,057 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\l72b7pk4.default\searchplugins\youtube-videosuche.xml [2013.07.03 00:59:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.07.03 00:59:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Apple_KbdMgr] C:\Programme\Boot Camp\Bootcamp.exe (Apple Inc.) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_Plugin.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2013.04.30 14:01:17 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33D72B0B-1159-42CF-B985-79CA83012CE1}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6169DF56-716C-4A40-A9A2-9DF5DC017123}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.11 01:57:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.07.11 01:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.07.11 01:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.07.11 01:57:47 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.07.11 01:57:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.07.10 16:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.07.03 00:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.06.25 14:28:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.06.23 14:04:26 | 000,000,000 | ---D | C] -- C:\Windows\Minidump ========== Files - Modified Within 30 Days ========== [2013.07.11 01:57:48 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.10 23:05:32 | 001,145,346 | ---- | M] () -- C:\Users\***\Desktop\Udyr 8-2-14.png [2013.07.10 13:28:46 | 000,372,682 | ---- | M] () -- C:\Users\***\Desktop\Zac 9-1-17.jpg [2013.07.10 11:06:42 | 000,016,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.10 11:06:42 | 000,016,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.10 11:05:00 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.10 11:05:00 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.10 11:05:00 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.10 11:05:00 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.10 11:05:00 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.10 10:59:25 | 000,417,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.07.10 10:59:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.10 10:59:07 | 3000,004,608 | -HS- | M] () -- C:\hiberfil.sys [2013.07.08 20:26:49 | 011,153,540 | ---- | M] () -- C:\Users\***\Desktop\Snow Patrol - Take Back the City.mp3 [2013.07.01 21:44:45 | 000,012,879 | ---- | M] () -- C:\Users\***\Desktop\Tor.jpg [2013.06.23 14:04:25 | 395,513,882 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.19 00:16:55 | 000,017,167 | ---- | M] () -- C:\Users\***\Desktop\LP Gain and Loss.jpg [2013.06.12 10:31:31 | 000,001,063 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.06.12 01:55:37 | 006,693,661 | ---- | M] () -- C:\Users\***\Desktop\Jay-Z - Empire State Of Mind.mp3 [2013.06.12 01:54:55 | 004,500,458 | ---- | M] () -- C:\Users\***\Desktop\Jay-Z - Show me what you got.mp3 [2013.06.12 01:50:54 | 009,762,816 | ---- | M] () -- C:\Users\***\Desktop\Rihanna - Skin.mp3 ========== Files Created - No Company Name ========== [2013.07.11 01:57:48 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.10 23:05:32 | 001,145,346 | ---- | C] () -- C:\Users\***\Desktop\Udyr 8-2-14.png [2013.07.10 13:28:46 | 000,372,682 | ---- | C] () -- C:\Users\***\Desktop\Zac 9-1-17.jpg [2013.07.08 20:26:35 | 011,153,540 | ---- | C] () -- C:\Users\***\Desktop\Snow Patrol - Take Back the City.mp3 [2013.07.01 21:44:45 | 000,012,879 | ---- | C] () -- C:\Users\***\Desktop\Tor.jpg [2013.06.23 14:04:25 | 395,513,882 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.06.19 00:16:55 | 000,017,167 | ---- | C] () -- C:\Users\***\Desktop\LP Gain and Loss.jpg [2013.06.12 01:55:30 | 006,693,661 | ---- | C] () -- C:\Users\***\Desktop\Jay-Z - Empire State Of Mind.mp3 [2013.06.12 01:53:15 | 004,500,458 | ---- | C] () -- C:\Users\***\Desktop\Jay-Z - Show me what you got.mp3 [2013.06.12 01:50:42 | 009,762,816 | ---- | C] () -- C:\Users\***\Desktop\Rihanna - Skin.mp3 [2013.03.06 14:54:56 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat [2013.01.16 17:17:55 | 001,558,432 | ---- | C] () -- C:\Windows\TotalUninstaller.exe [2013.01.07 13:40:34 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.07.10 16:10:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon [2013.07.10 10:59:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2013.04.23 18:58:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DynaGeo [2013.01.06 18:28:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ESET [2013.07.10 10:59:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2013.01.08 14:00:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient [2013.01.09 04:03:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ManyCam [2013.07.11 02:23:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NetSpeedMonitor [2013.03.13 00:21:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Writer [2013.04.23 19:14:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RibbonSoft [2013.01.23 17:17:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2013.07.11 00:09:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.07.2013 02:14:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,73 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 33,28% Memory free
7,45 Gb Paging File | 4,61 Gb Available in Paging File | 61,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 182,27 Gb Total Space | 101,11 Gb Free Space | 55,47% Space Free | Partition Type: NTFS
Drive E: | 55,88 Gb Total Space | 41,13 Gb Free Space | 73,60% Space Free | Partition Type: HFS
Computer Name: ***MACBOOK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000559F4-0013-4E3C-9C0F-A0F1FCBCA7B8}" = rport=138 | protocol=17 | dir=out | app=system |
"{09BA57F1-31C1-41F9-B7D0-D7DD24DAF8B5}" = lport=137 | protocol=17 | dir=in | app=system |
"{1AE5B4BF-7B4E-4666-909D-094190660715}" = lport=445 | protocol=6 | dir=in | app=system |
"{1CF59E1D-56B7-4BA5-A1FC-9D649C339576}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2A0EFB8A-5187-4961-B06F-BB0685ADFDF3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3479C991-FEBA-400F-9C95-E372FC03281C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3930B18F-CD48-436F-9065-81C978D78562}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{394DC6DE-B439-4787-B465-A43154DD25A1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{592235A1-B626-49C0-B898-A115F0ED0DAA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6103E5A5-1A55-40B6-948E-F95F9807BE10}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D6D3471-8385-4E4A-8E00-9A07C9F7535D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{87CE87E2-B787-4D89-A670-F2196D8BBEDC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{898C26B7-C262-413F-A060-2DBF75274ECC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8BF2290A-B903-4AE0-92FE-0E9CE38310F1}" = rport=445 | protocol=6 | dir=out | app=system |
"{8C72EA4B-7445-4268-8933-E82DDB9DC1A0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{91ADBB40-A939-41E2-8152-CEB830748C17}" = lport=57043 | protocol=17 | dir=in | name=pando media booster |
"{9B20268D-5958-4A07-BAA1-776E4743267F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{9C7A718C-E478-4CDD-9B51-38B4AA764B05}" = lport=57043 | protocol=6 | dir=in | name=pando media booster |
"{A468A3B4-91BD-4D9A-B639-7AFA3039C338}" = rport=139 | protocol=6 | dir=out | app=system |
"{A5DC107B-2954-434D-819B-5B75C176E92C}" = lport=57043 | protocol=6 | dir=in | name=pando media booster |
"{C5BA5930-0631-43FB-9821-9A57D2557B2F}" = rport=137 | protocol=17 | dir=out | app=system |
"{D7CFA220-2E1E-4D46-A1B0-6D26259379E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DBEB56E6-C496-4F45-BFFD-785F85575155}" = lport=57043 | protocol=17 | dir=in | name=pando media booster |
"{E63FBE0F-3EFD-4A16-A2CE-4BA38B9DD32E}" = lport=138 | protocol=17 | dir=in | app=system |
"{EF08DACE-CCD3-4C85-B16B-F8E0A8A376DA}" = lport=139 | protocol=6 | dir=in | app=system |
"{FF3A7FCA-7888-49CC-B2C5-8E9D8C67B236}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09FE6244-2125-4705-A111-7B51F8061CE8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{0AA3BBCB-18EC-42EA-8363-01AFB897CE40}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{18969696-BDC0-407C-9F4F-633E426251AE}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{1A934970-F2F5-49DD-9E09-D8F2049EF8FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{21F1DB52-018A-413B-ABB1-40D94C992FE3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2407A126-8AA3-4F1E-B4E7-928925805717}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2B547BF9-9769-4B15-B56B-1258AC18FDFB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C41F5BB-6863-4115-BC8E-944B15A2CFEC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{4E26C8C2-B70B-45A1-89D4-0D659C702B86}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{4FEBBC8C-03CD-4C6B-BE8F-CF8DE30E6659}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{57E7254D-D9AE-474F-983E-6537B26FC0B9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5846C0EB-DF94-44F4-A6E6-6921713A5AE2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6189B480-9986-41C3-B919-F6D56BB551B0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{712B4D61-B961-4D7A-8E3F-1717CB161C66}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc2.exe |
"{74C56732-AAEE-42B9-8D17-5AE360F770F0}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{77D94164-A57E-4662-8720-1FA805B78804}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\icqm\icq.exe |
"{7D14DE58-D773-444E-9D14-BF4E426464BC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{7DF57A0B-AA8E-4337-BB9A-8124D10555CD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7F49E09D-770D-442E-854E-35C4D37A50B9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{8447E96B-3FAA-4E81-9F2E-89D0856193C6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{89FA2209-EF52-43B7-B5CF-337830A13E70}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{911DB09A-2788-47C2-B38A-8D8702FA0F27}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9150F96B-60F4-4ABC-BD9C-5B7334CC32F8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{94D3E1F7-86DC-4D40-8771-A3B0A0CA8854}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A3565ABD-439B-498C-9A41-E86E7DCE3A1B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A79B82C8-99F0-4D2A-AB2D-45E4DFC5E107}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{AAF7C72E-8DA0-479D-9A5E-826770702EAF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AD83D35E-2090-414B-9F2C-0F284AE902F4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B0D1CEE2-B0DF-479F-8DF5-96882C2C97FD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B63F2605-2CBD-4ED4-BAC5-C91E03130664}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{B6DF4105-01DF-49BC-9A7C-C2D81F8164D5}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{BB4AE609-3759-4B29-9423-4BF380A9A383}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BDC6A530-4D68-47FE-9EDE-6E6F94232910}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc2.exe |
"{BE8C8054-9FB6-41AC-92F4-8CEA5BA840AB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{BE8CFF4A-1C26-42DE-A8AB-B47A1AF844B0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CF6EBC2D-BA2E-4236-8239-6947FD98A7D5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DC197107-A11F-49FB-9F73-1EC7C558D72E}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DD96A182-0874-471F-A486-C63B17DF546A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E09B712B-C235-4AD0-B93D-A68144EAA596}" = protocol=6 | dir=out | app=system |
"{E72ECE90-45C1-4160-BF87-CCDE600CF6AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E9B25D08-B0C4-40BC-B0A8-E26A7CAA4429}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{EFFDFD0D-C0FB-426E-BE0F-060864CD7FB3}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\icqm\icq.exe |
"{F5225F5E-5F0D-442D-BBF7-A387D9784E1C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{FAD2DFE8-F83A-4431-904E-3D722F7B8A7B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FDC50BC2-4D13-41DA-9509-50419ECD73A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88CD6A0C-1220-4CD3-9AF1-ADB1D888C39E}" = ESET Smart Security
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B2B7054B-EC2E-4E96-8666-FD6ED77678B2}" = Boot Camp-Dienste
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"01D845C666B4FC04566E16B923F638B2A404807C" = Windows-Treiberpaket - Intel Net (11/07/2007 8.10.1.0)
"0CB233C04CEB3FB45CEDFFEA9146B77B4B783FDA" = Windows-Treiberpaket - Intel Net (06/13/2008 9.52.9.0)
"1864DCF02A292C57953B91D537026F4F1CA60D91" = Windows-Treiberpaket - Intel (e1kexpress) Net (07/22/2008 10.3.45.0)
"269C8F82CDD61B0400CE8D6768EC084C59C63079" = Windows-Treiberpaket - Intel Net (02/06/2008 9.12.18.0)
"294FF9FB7AF744F64B12EC12F83D8661CD9AD532" = Windows-Treiberpaket - Intel (e1express) Net (02/06/2008 9.12.17.0)
"2CD6536AAFFF9B465A871060CF483EC9F3341D29" = Windows-Treiberpaket - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"2F702E803208BBC067CA18B3DCC9FC2CFDAE56E6" = Windows-Treiberpaket - Apple Inc. Apple Wireless Trackpad (08/24/2010 3.1.0.7)
"3A8900CC8E77F2BF2269FEFF364561BDF86B9F27" = Windows-Treiberpaket - Intel (E1G60) Net (01/08/2008 8.3.9.0)
"455287ECCB4BABCDE9C6713B82B1BDA990D55398" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1)
"5CC5D940D9F4B779FAAF12E7F75A212618ABEB7D" = Windows-Treiberpaket - Intel Net (08/05/2008 10.3.49.0)
"5F644CE2A56EE4D17B3AAE682066E516DCF7BEB3" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (03/25/2009 2.1.2.112)
"618BD83C189013D12612FDA77CC932F0A42D3EFD" = Windows-Treiberpaket - Apple Inc. Apple Keyboard (03/05/2009 3.0.0.0)
"67AC3877F6F0F5CAD2A6F4E10A825DE338B48404" = Windows-Treiberpaket - Apple Inc. Apple Trackpad (03/05/2009 3.0.0.0)
"680D5EED614F3F01A9AD4547E9D81CFE9B0E4902" = Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA (08/16/2010 6.6001.1.26)
"6F4B26C960BC665E637C424F12C4E8FF3ADF0C54" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (10/05/2010 3.2.0.1)
"703003CF14C8E79F68CA5A750AF4E02B9BD4B4D8" = Windows-Treiberpaket - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1)
"70C7CBB0824BF74552A2F28F5FFBF62A15053DA8" = Windows-Treiberpaket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"75B57AFB407D191B0DAEF05EE9665A5A86701A9A" = Windows-Treiberpaket - Broadcom (BCM43XX) Net (10/22/2008 5.10.38.26)
"76830D11874044260C923425E7F5A72F25EDA758" = Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)
"7C4C70065E755397913A9698B9D9DF16D7345D18" = Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA (01/02/2010 6.6001.1.21)
"7F0B4363C39DDEBAAB5F04EE7FB7B2DD0D8B60B1" = Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (02/19/2009 3.0.0.0)
"7-PDF Printer_is1" = 7-PDF Printer 9.1.0.1456
"831BF8DFEC5520D988361807D534A2041AE4AAB3" = Windows-Treiberpaket - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0)
"91F52A595A7B2112937CED490A8C682CD03F945E" = Windows-Treiberpaket - Apple Inc. Apple ODD (01/17/2008 2.0.2.2)
"A0A897639A1D288A8B472FE790EBF9DB71E52ACF" = Windows-Treiberpaket - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)
"A81BD2D80645E49BC704289A78504CD085287F10" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (03/25/2009 2.1.2.112)
"AB15AB4CCF6B85925973ED9DB360D8BAAB10690C" = Windows-Treiberpaket - Broadcom (b57nd60a) Net (05/28/2009 12.2.0.3)
"B3F27F12C500003EFE44A668CE685DE4B46A735C" = Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6)
"B5F4B8404EB7E69E8CEC89A0B5970B2316C68AB0" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0)
"BC8A2C86B6012DE19263F42B9F3D35763A712328" = Windows-Treiberpaket - Apple Inc. Apple Bluetooth (01/19/2009 2.1.2.1)
"C6E8C9058AE1580C038DC5F715B0D4969F617CEF" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (10/05/2010 3.2.0.1)
"C6EE9CD0ED6B98A9727DEE7DA213859B639F3FD6" = Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (11/23/2009 3.1.0.1)
"C840EA8E99FB237CC57769BB041F070E4F370C32" = Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.10.3.9)
"C9952C95B4A2ACCCBC684FC6E8182A3210DEDC13" = Windows-Treiberpaket - Intel (e1qexpress) Net (08/05/2008 10.3.49.0)
"CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A" = Windows-Treiberpaket - Marvell (yukonx64) Net (12/06/2007 10.51.1.3)
"D088EE4BD2819FBA2B349EF9D55176F223419BE6" = Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1)
"D53CBF2C12DF51DA5E9C1A9DA97FF0DCA0C524C5" = Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.10.3.10)
"D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3" = Windows-Treiberpaket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
"D6B4CB6AD2F81752C2EF8DCF6AD5EBC567ADD45C" = Windows-Treiberpaket - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)
"D6E8EA419C953B3514051D715F98B377B0D6FD70" = Windows-Treiberpaket - Apple Inc. Apple Bluetooth (11/23/2009 3.0.0.4)
"D701F1A58CF3028E88DA512D1423EC3DD6D7BE86" = Windows-Treiberpaket - Intel Net (07/22/2008 10.3.45.0)
"DCEFA559AE3275AB4F80389685E1BD3D978A5707" = Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA (04/29/2009 6.6001.1.8)
"E073A3AB46FE59FEF6E150EFD33F2B484BBBAD2C" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0)
"E0EAD0CEA9119B77350ED4DE28D9A82E57014D94" = Windows-Treiberpaket - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
"E2708073906571A0B56F17FD825EF19281ECE29B" = Windows-Treiberpaket - Intel System (07/20/2007 1.2.76.0)
"E43E2A40D22886250D739AEE91E9C7E9ABDD52DA" = Windows-Treiberpaket - Intel (e1yexpress) Net (07/16/2008 9.52.10.0)
"E5AEAAF07505D71E430CCA10496FAE61597B81A2" = Windows-Treiberpaket - Atheros Communications Inc. (athr) Net (11/18/2009 8.0.0.258)
"E9575EA5D430B59D0CFF29323C74D0FBA1898F3B" = Windows-Treiberpaket - Broadcom (BCM43XX) Net (08/21/2009 5.60.18.8)
"F08FFCF5C857951E0CC5F736988F3D01BF425252" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1)
"F5E7472CCD6B3C1A568AEE4486C4BA0813A7D7AC" = Windows-Treiberpaket - Apple Inc. System (08/22/2008 2.1.1.1)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.8 Build #6800 Banner Remover 1.0
"{0EA09877-34E9-4160-B2DE-E7C7703E49ED}" = Cisco AnyConnect Secure Mobility Client
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"aTube Catcher" = aTube Catcher
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"DynaGeo_is1" = DynaGeo 3.8
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"ManyCam" = ManyCam 3.1.21
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"QCAD Professional Demo" = QCAD Professional Demo 2.2.2.0
"Samsung Universal Print Driver PCL 6" = Samsung Universal Print Driver PCL 6
"TeamViewer 8" = TeamViewer 8
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 08.07.2013 18:34:23 | Computer Name = ***MacBook | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
865 Invoked Function: CNetEnvironment::TestAccessToSG Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Error - 08.07.2013 18:34:53 | Computer Name = ***MacBook | Source = acvpnagent | ID = 67108866
Description = Function: CDNSRequest::OnSocketReadComplete File: .\IP\DNSRequest.cpp
Line:
1069 Invoked Function: CDNSRequest::processResponse Return Code: -29229042 (0xFE42000E)
Description:
DNSREQUEST_ERROR_REFUSED Failed to resolve 5.1.187.132.in-addr.arpa via DNS server
192.168.2.1
Error - 08.07.2013 18:35:01 | Computer Name = ***MacBook | Source = acvpnagent | ID = 67108866
Description = Function: CTlsTransport::OnTransportInitiateComplete File: .\IP\TlsTransport.cpp
Line:
357 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
-31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 08.07.2013 18:35:01 | Computer Name = ***MacBook | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 08.07.2013 18:35:01 | Computer Name = ***MacBook | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
1194 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 08.07.2013 18:35:01 | Computer Name = ***MacBook | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1020 Invoked Function: CCertHelper::VerifyServerCertificate Return Code: -31391742
(0xFE210002) Description: CERTSTORE_ERROR_BAD_PARAMETER server name: vpngw.uni-wuerzburg.de
Error - 08.07.2013 18:35:09 | Computer Name = ***MacBook | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 08.07.2013 18:35:09 | Computer Name = ***MacBook | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
1194 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 08.07.2013 18:35:09 | Computer Name = ***MacBook | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1092 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363
(0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target
Error - 08.07.2013 18:35:09 | Computer Name = ***MacBook | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
865 Invoked Function: CNetEnvironment::TestAccessToSG Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
[ OSession Events ]
Error - 12.02.2013 12:30:20 | Computer Name = ***MacBook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2001
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 03.07.2013 07:10:14 | Computer Name = ***MacBook | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
Error - 03.07.2013 13:21:35 | Computer Name = ***MacBook | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.59 registriert werden. Der Computer mit IP-Adresse 192.168.2.62
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 08.07.2013 12:04:58 | Computer Name = ***MacBook | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
Error - 09.07.2013 06:22:34 | Computer Name = ***MacBook | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 09.07.2013 06:24:54 | Computer Name = ***MacBook | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 09.07.2013 06:24:54 | Computer Name = ***MacBook | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 09.07.2013 07:16:31 | Computer Name = ***MacBook | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
Error - 10.07.2013 04:31:44 | Computer Name = ***MacBook | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 10.07.2013 04:31:44 | Computer Name = ***MacBook | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 10.07.2013 04:59:13 | Computer Name = ***MacBook | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
< End of report >
 Spätestens morgen Mittag würde es nachgereicht. Ein Quickscan hatte jedoch keine Bedrohungen gefunden. Logfile des großen Suchlaufs folgt wie gehabt noch.Besten Dank schonmal für eure Hilfe. Wenn noch weitere Logfiles oder Suchläufe mit irgendwelchen Programmen gewünscht sind gebt mir Bescheid und ich werd's entsprechend durchführen. /edit: Schneller als erwartet, hier der Malwarebytes Log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.10.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 *** :: ***MACBOOK [Administrator] Schutz: Aktiviert 11.07.2013 02:16:16 mbam-log-2013-07-11 (02-16-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 368068 Laufzeit: 26 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) black-avenge Geändert von black-avenge (11.07.2013 um 01:44 Uhr) |
|
11.07.2013, 03:37
| #2 |
| /// the machine /// TB-Ausbilder    | Seth.Avazutracking.net - Firefox öffnet selbstständig Werbetabs hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
11.07.2013, 12:00
| #3 |
| | Seth.Avazutracking.net - Firefox öffnet selbstständig Werbetabs Hi,
__________________danke schonmal für deine Hilfe! Hier die Logs: FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2013 04
Ran by *** (administrator) on 11-07-2013 12:53:00
Running from C:\Users\***\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Windows\system32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\system32\AppleTimeSrv.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(ICQ, LLC.) C:\Program Files (x86)\ICQ7M\ICQ.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
(Dropbox, Inc.) C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Apple_KbdMgr] - C:\Program Files\Boot Camp\Bootcamp.exe [741760 2011-08-15] (Apple Inc.)
HKLM\...\Run: [egui] - "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [2918656 2011-01-12] (ESET)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16395880 2010-01-05] (NVIDIA Corporation)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-07] ()
HKCU\...\Run: [ICQ] - "C:\Program Files (x86)\ICQ7M\ICQ.exe" silent loginmode=4 [127040 2013-01-07] (ICQ, LLC.)
HKCU\...\Run: [Steam] - "C:\Program Files (x86)\Steam\Steam.exe" -silent [1672616 2013-07-10] (Valve Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] - "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [620152 2006-10-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\l72b7pk4.default
FF SelectedSearchEngine: League of Legends Wiki (en)
FF Homepage: hxxp://de.yahoo.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\l72b7pk4.default\searchplugins\league-of-legends-wiki-en.xml
FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\l72b7pk4.default\searchplugins\youtube-videosuche.xml
FF Extension: exif_viewer - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\l72b7pk4.default\Extensions\exif_viewer@mozilla.doslash.org.xpi
FF Extension: status4evar - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\l72b7pk4.default\Extensions\status4evar@caligonstudios.com.xpi
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\l72b7pk4.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-05] (Adobe Systems)
R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [224640 2011-08-15] ()
S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [42360 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [810144 2011-01-12] (ESET)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [158208 2012-04-06] (Samsung Electronics)
==================== Drivers (Whitelisted) ====================
R3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2011-01-31] (Apple Inc.)
R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [38912 2011-01-31] (Apple Inc.)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170640 2010-12-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2010-12-21] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [170640 2010-12-21] (ESET)
R3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [34144 2010-12-21] (ESET)
R2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [50624 2010-12-21] (ESET)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-10-11] (ManyCam LLC)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-11 12:52 - 2013-07-11 12:52 - 00000000 ____D C:\FRST
2013-07-11 12:51 - 2013-07-11 12:52 - 01777775 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-11 02:25 - 2013-07-11 02:25 - 00069612 ____A C:\Users\***\Downloads\Extras.Txt
2013-07-11 02:23 - 2013-07-11 02:23 - 00076906 ____A C:\Users\***\Downloads\OTL.Txt
2013-07-11 02:14 - 2013-07-11 02:14 - 00602112 ____A (OldTimer Tools) C:\Users\***\Downloads\OTL.exe
2013-07-11 01:57 - 2013-07-11 01:57 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-11 01:57 - 2013-07-11 01:57 - 00001121 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-11 01:57 - 2013-07-11 01:57 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-11 01:57 - 2013-07-11 01:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-11 01:57 - 2013-07-11 01:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-11 01:57 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-10 16:18 - 2013-07-10 16:20 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-10 16:18 - 2013-07-10 16:18 - 09171472 ____A (SurfRight B.V.) C:\Users\***\Downloads\hitmanpro.exe
2013-07-10 16:16 - 2013-07-10 16:17 - 09833328 ____A (SurfRight B.V.) C:\Users\***\Downloads\HitmanPro_x64.exe
2013-07-10 16:04 - 2013-07-10 16:04 - 00388608 ____A (Trend Micro Inc.) C:\Users\***\Downloads\hijackthis.exe
2013-07-10 16:04 - 2013-07-10 16:04 - 00011129 ____A C:\Users\***\Downloads\hijackthis.log
2013-07-10 10:42 - 2013-06-12 01:43 - 14329856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 10:42 - 2013-06-12 01:43 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 10:42 - 2013-06-12 01:43 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 10:42 - 2013-06-12 01:43 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 10:42 - 2013-06-12 01:43 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 10:42 - 2013-06-12 01:43 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 10:42 - 2013-06-12 01:43 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 10:42 - 2013-06-12 01:42 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 10:42 - 2013-06-12 01:42 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 10:42 - 2013-06-12 01:42 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 10:42 - 2013-06-12 01:42 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 10:42 - 2013-06-12 01:42 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 10:42 - 2013-06-12 01:42 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 10:42 - 2013-06-12 01:26 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 10:42 - 2013-06-12 01:26 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 10:42 - 2013-06-12 01:26 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 10:42 - 2013-06-12 01:25 - 19238912 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 15404032 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 02648576 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 10:42 - 2013-06-12 00:51 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 10:42 - 2013-06-12 00:50 - 00089600 ____A (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 10:42 - 2013-06-07 05:22 - 02706432 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 10:42 - 2013-06-07 04:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 10:38 - 2013-06-05 05:34 - 03153920 ____A (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 10:38 - 2013-06-04 08:00 - 00624128 ____A (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 10:38 - 2013-06-04 06:53 - 00509440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 10:38 - 2013-05-06 08:03 - 01887744 ____A (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 10:38 - 2013-05-06 06:56 - 01620480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 10:38 - 2013-04-10 01:34 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 10:38 - 2013-04-03 00:51 - 01643520 ____A (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-03 00:59 - 2013-07-03 00:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-27 00:47 - 2013-06-27 00:47 - 00000000 ____A C:\Users\***\Desktop\***@***head.de.txt
2013-06-25 14:28 - 2013-06-25 14:28 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-25 14:28 - 2013-06-25 14:28 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-25 14:28 - 2013-06-25 14:28 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-25 14:28 - 2013-06-25 14:28 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-25 14:28 - 2013-06-25 14:28 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-23 14:04 - 2013-06-23 14:04 - 395513882 ____A C:\Windows\MEMORY.DMP
2013-06-23 14:04 - 2013-06-23 14:04 - 00292312 ____A C:\Windows\Minidump\062313-12901-01.dmp
2013-06-23 14:04 - 2013-06-23 14:04 - 00000000 ____D C:\Windows\Minidump
2013-06-12 10:32 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-12 10:32 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-12 10:32 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-12 10:32 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-06-12 10:32 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 10:32 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 10:32 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 10:32 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-12 10:32 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 10:32 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 10:32 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-06-12 10:32 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 10:32 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-12 10:32 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-12 10:32 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 10:32 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 10:32 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 10:32 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-12 10:32 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\system32\d3d11.dll
==================== One Month Modified Files and Folders =======
2013-07-11 12:53 - 2013-01-07 12:05 - 00000000 ____D C:\Users\***\AppData\Local\PMB Files
2013-07-11 12:52 - 2013-07-11 12:52 - 00000000 ____D C:\FRST
2013-07-11 12:52 - 2013-07-11 12:51 - 01777775 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-11 12:52 - 2013-05-01 11:37 - 00000000 ____D C:\Users\***\AppData\Roaming\NetSpeedMonitor
2013-07-11 12:50 - 2013-01-07 23:59 - 00000000 ____D C:\Users\***\AppData\Local\Adobe
2013-07-11 12:50 - 2013-01-07 12:55 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-11 12:50 - 2013-01-07 12:55 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-11 12:49 - 2013-01-06 16:46 - 01897223 ____A C:\Windows\WindowsUpdate.log
2013-07-11 12:48 - 2013-01-23 18:12 - 00000000 ___RD C:\Users\***\Dropbox
2013-07-11 12:48 - 2013-01-23 18:11 - 00000000 ____D C:\Users\***\AppData\Roaming\Dropbox
2013-07-11 12:48 - 2013-01-22 22:13 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-11 12:48 - 2013-01-07 12:31 - 00000000 ____D C:\Users\***\AppData\Roaming\ICQ
2013-07-11 12:48 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-11 12:48 - 2009-07-14 06:51 - 00042206 ____A C:\Windows\setupact.log
2013-07-11 02:25 - 2013-07-11 02:25 - 00069612 ____A C:\Users\***\Downloads\Extras.Txt
2013-07-11 02:23 - 2013-07-11 02:23 - 00076906 ____A C:\Users\***\Downloads\OTL.Txt
2013-07-11 02:14 - 2013-07-11 02:14 - 00602112 ____A (OldTimer Tools) C:\Users\***\Downloads\OTL.exe
2013-07-11 01:57 - 2013-07-11 01:57 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-11 01:57 - 2013-07-11 01:57 - 00001121 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-11 01:57 - 2013-07-11 01:57 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-11 01:57 - 2013-07-11 01:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-11 01:57 - 2013-07-11 01:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-11 01:07 - 2013-01-07 12:05 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-11 00:09 - 2013-01-09 00:34 - 00000000 ____D C:\Users\***\AppData\Roaming\TS3Client
2013-07-10 16:20 - 2013-07-10 16:18 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-10 16:18 - 2013-07-10 16:18 - 09171472 ____A (SurfRight B.V.) C:\Users\***\Downloads\hitmanpro.exe
2013-07-10 16:17 - 2013-07-10 16:16 - 09833328 ____A (SurfRight B.V.) C:\Users\***\Downloads\HitmanPro_x64.exe
2013-07-10 16:13 - 2013-01-06 16:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-10 16:10 - 2013-01-07 13:40 - 00000000 ____D C:\Users\***\AppData\Roaming\DesktopIconForAmazon
2013-07-10 16:04 - 2013-07-10 16:04 - 00388608 ____A (Trend Micro Inc.) C:\Users\***\Downloads\hijackthis.exe
2013-07-10 16:04 - 2013-07-10 16:04 - 00011129 ____A C:\Users\***\Downloads\hijackthis.log
2013-07-10 16:04 - 2013-01-06 16:46 - 00000000 ____D C:\Users\***\AppData\Local\VirtualStore
2013-07-10 11:06 - 2009-07-14 06:45 - 00016208 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-10 11:06 - 2009-07-14 06:45 - 00016208 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-10 11:05 - 2009-07-14 19:58 - 00654400 ____A C:\Windows\system32\perfh007.dat
2013-07-10 11:05 - 2009-07-14 19:58 - 00130240 ____A C:\Windows\system32\perfc007.dat
2013-07-10 11:05 - 2009-07-14 07:13 - 01498742 ____A C:\Windows\system32\PerfStringBackup.INI
2013-07-10 10:59 - 2009-07-14 06:45 - 00417840 ____A C:\Windows\system32\FNTCACHE.DAT
2013-07-10 10:58 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 10:58 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 10:58 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 10:43 - 2013-01-06 19:56 - 78185248 ____A (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-10 01:56 - 2013-02-12 21:04 - 00000000 ____D C:\Users\***\AppData\Roaming\vlc
2013-07-04 12:36 - 2013-01-06 21:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-03 17:53 - 2013-01-16 17:20 - 00000072 ____A C:\Users\Public\LMDebug.log
2013-07-03 00:59 - 2013-07-03 00:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-27 00:47 - 2013-06-27 00:47 - 00000000 ____A C:\Users\***\Desktop\***@***head.de.txt
2013-06-25 14:28 - 2013-06-25 14:28 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-25 14:28 - 2013-06-25 14:28 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-25 14:28 - 2013-06-25 14:28 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-25 14:28 - 2013-06-25 14:28 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-25 14:28 - 2013-06-25 14:28 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-25 14:28 - 2013-04-05 19:17 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-25 14:28 - 2013-04-05 19:17 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-23 14:04 - 2013-06-23 14:04 - 395513882 ____A C:\Windows\MEMORY.DMP
2013-06-23 14:04 - 2013-06-23 14:04 - 00292312 ____A C:\Windows\Minidump\062313-12901-01.dmp
2013-06-23 14:04 - 2013-06-23 14:04 - 00000000 ____D C:\Windows\Minidump
2013-06-12 10:31 - 2013-01-23 18:11 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-06-12 10:31 - 2013-01-06 16:46 - 00000000 ___RD C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-06-12 01:43 - 2013-07-10 10:42 - 14329856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 01:43 - 2013-07-10 10:42 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 01:43 - 2013-07-10 10:42 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 01:43 - 2013-07-10 10:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 01:43 - 2013-07-10 10:42 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 01:43 - 2013-07-10 10:42 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 01:43 - 2013-07-10 10:42 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 01:42 - 2013-07-10 10:42 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 01:42 - 2013-07-10 10:42 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 01:42 - 2013-07-10 10:42 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 01:42 - 2013-07-10 10:42 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 01:42 - 2013-07-10 10:42 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 01:42 - 2013-07-10 10:42 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 01:26 - 2013-07-10 10:42 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-06-12 01:26 - 2013-07-10 10:42 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-06-12 01:26 - 2013-07-10 10:42 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-06-12 01:25 - 2013-07-10 10:42 - 19238912 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 15404032 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 02648576 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-06-12 00:51 - 2013-07-10 10:42 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 00:50 - 2013-07-10 10:42 - 00089600 ____A (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-18 10:18
==================== End Of Log ============================
Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-07-2013 04 Ran by *** at 2013-07-11 12:53:29 Running from C:\Users\***\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-PDF Printer 9.1.0.1456 (Version: 9.1.0.1456) Adobe Acrobat 8 Professional - English, Français, Deutsch (x32 Version: 8.0.0) Adobe Bridge 1.0 (x32 Version: 001.000.001) Adobe Common File Installer (x32 Version: 1.00.001) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.169) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Help Center 1.0 (x32 Version: 1.0.1) Adobe Photoshop CS2 (x32 Version: 9.0) Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) Adobe Stock Photos 1.0 (x32 Version: 1.0.1) Apple Software Update (x32 Version: 2.1.3.127) aTube Catcher (x32 Version: 2.9.1448) Boot Camp-Dienste (Version: 3.3.2921) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.10057) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.10057) dows-Treiberpaket - Intel Net (11/07/2007 8.10.1.0) (Version: 11/07/2007 8.10.1.0) Dropbox (HKCU Version: 2.0.22) DynaGeo 3.8 (x32) ESET Smart Security (Version: 4.2.71.2) ICQ 7.8 Build #6800 Banner Remover 1.0 (x32) ICQ7M (x32 Version: 7.8) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) League of Legends (x32 Version: 1.3) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) ManyCam 3.1.21 (x32 Version: 3.1.21) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014) Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) NetSpeedMonitor 2.5.4.0 x64 (Version: 2.5.4.0) NVIDIA Drivers (Version: 1.8) Pando Media Booster (x32 Version: 2.6.0.8) QCAD Professional Demo 2.2.2.0 (x32 Version: 2.2.2.0) Realtek High Definition Audio Driver (x32 Version: 6.0.1.5936) Samsung Universal Print Driver PCL 6 (x32 Version: 2.03.09.00) SimCity 4 Deluxe (x32) Skype™ 6.1 (x32 Version: 6.1.129) Steam (x32 Version: 1.0.0.0) TeamSpeak 3 Client (Version: 3.0.10.1) TeamViewer 8 (x32 Version: 8.0.16642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) VirtualCloneDrive (x32) VLC media player 2.0.5 (x32 Version: 2.0.5) Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.10.3.9) (Version: 01/11/2008 3.10.3.9) Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.10.3.10) (Version: 02/01/2008 3.10.3.10) Windows-Treiberpaket - Apple Inc. Apple Bluetooth (01/19/2009 2.1.2.1) (Version: 01/19/2009 2.1.2.1) Windows-Treiberpaket - Apple Inc. Apple Bluetooth (11/23/2009 3.0.0.4) (Version: 11/23/2009 3.0.0.4) Windows-Treiberpaket - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1) (Version: 06/27/2007 2.0.0.1) Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (11/23/2009 3.1.0.1) (Version: 11/23/2009 3.1.0.1) Windows-Treiberpaket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0) (Version: 10/25/2007 2.0.1.0) Windows-Treiberpaket - Apple Inc. Apple Display (01/23/2009 3.0.0.0) (Version: 01/23/2009 3.0.0.0) Windows-Treiberpaket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) (Version: 02/21/2008 2.0.4.0) Windows-Treiberpaket - Apple Inc. Apple Keyboard (03/05/2009 3.0.0.0) (Version: 03/05/2009 3.0.0.0) Windows-Treiberpaket - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0) (Version: 04/06/2009 3.0.0.0) Windows-Treiberpaket - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1) (Version: 05/05/2011 4.0.0.1) Windows-Treiberpaket - Apple Inc. Apple Multitouch (03/25/2009 2.1.2.112) (Version: 03/25/2009 2.1.2.112) Windows-Treiberpaket - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1) (Version: 05/05/2011 4.0.0.1) Windows-Treiberpaket - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0) (Version: 09/10/2009 3.0.0.0) Windows-Treiberpaket - Apple Inc. Apple Multitouch (10/05/2010 3.2.0.1) (Version: 10/05/2010 3.2.0.1) Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (03/25/2009 2.1.2.112) (Version: 03/25/2009 2.1.2.112) Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1) (Version: 05/05/2011 4.0.0.1) Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0) (Version: 09/10/2009 3.0.0.0) Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (10/05/2010 3.2.0.1) (Version: 10/05/2010 3.2.0.1) Windows-Treiberpaket - Apple Inc. Apple ODD (01/17/2008 2.0.2.2) (Version: 01/17/2008 2.0.2.2) Windows-Treiberpaket - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) (Version: 05/17/2010 3.1.0.0) Windows-Treiberpaket - Apple Inc. Apple Trackpad (03/05/2009 3.0.0.0) (Version: 03/05/2009 3.0.0.0) Windows-Treiberpaket - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1) (Version: 07/13/2009 3.0.0.1) Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (02/19/2009 3.0.0.0) (Version: 02/19/2009 3.0.0.0) Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1) (Version: 07/13/2009 3.0.0.1) Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (Version: 06/01/2011 4.0.0.1) Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6) (Version: 11/30/2009 3.0.0.6) Windows-Treiberpaket - Apple Inc. Apple Wireless Trackpad (08/24/2010 3.1.0.7) (Version: 08/24/2010 3.1.0.7) Windows-Treiberpaket - Apple Inc. System (08/22/2008 2.1.1.1) (Version: 08/22/2008 2.1.1.1) Windows-Treiberpaket - Atheros Communications Inc. (athr) Net (11/18/2009 8.0.0.258) (Version: 11/18/2009 8.0.0.258) Windows-Treiberpaket - Broadcom (b57nd60a) Net (05/28/2009 12.2.0.3) (Version: 05/28/2009 12.2.0.3) Windows-Treiberpaket - Broadcom (BCM43XX) Net (08/21/2009 5.60.18.8) (Version: 08/21/2009 5.60.18.8) Windows-Treiberpaket - Broadcom (BCM43XX) Net (10/22/2008 5.10.38.26) (Version: 10/22/2008 5.10.38.26) Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA (01/02/2010 6.6001.1.21) (Version: 01/02/2010 6.6001.1.21) Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA (04/29/2009 6.6001.1.8) (Version: 04/29/2009 6.6001.1.8) Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA (08/16/2010 6.6001.1.26) (Version: 08/16/2010 6.6001.1.26) Windows-Treiberpaket - Intel (e1express) Net (02/06/2008 9.12.17.0) (Version: 02/06/2008 9.12.17.0) Windows-Treiberpaket - Intel (E1G60) Net (01/08/2008 8.3.9.0) (Version: 01/08/2008 8.3.9.0) Windows-Treiberpaket - Intel (e1kexpress) Net (07/22/2008 10.3.45.0) (Version: 07/22/2008 10.3.45.0) Windows-Treiberpaket - Intel (e1qexpress) Net (08/05/2008 10.3.49.0) (Version: 08/05/2008 10.3.49.0) Windows-Treiberpaket - Intel (e1yexpress) Net (07/16/2008 9.52.10.0) (Version: 07/16/2008 9.52.10.0) Windows-Treiberpaket - Intel Net (02/06/2008 9.12.18.0) (Version: 02/06/2008 9.12.18.0) Windows-Treiberpaket - Intel Net (06/13/2008 9.52.9.0) (Version: 06/13/2008 9.52.9.0) Windows-Treiberpaket - Intel Net (07/22/2008 10.3.45.0) (Version: 07/22/2008 10.3.45.0) Windows-Treiberpaket - Intel Net (08/05/2008 10.3.49.0) (Version: 08/05/2008 10.3.49.0) Windows-Treiberpaket - Intel System (07/20/2007 1.2.76.0) (Version: 07/20/2007 1.2.76.0) Windows-Treiberpaket - Marvell (yukonx64) Net (12/06/2007 10.51.1.3) (Version: 12/06/2007 10.51.1.3) WinRAR 4.20 (64-Bit) (Version: 4.20.0) ==================== Restore Points ========================= 11-06-2013 10:00:29 Windows Update 12-06-2013 08:32:46 Windows Update 13-06-2013 10:35:30 Windows Update 19-06-2013 15:15:12 Windows Update 25-06-2013 12:28:05 Installed Java 7 Update 25 25-06-2013 12:29:46 Windows Update 10-07-2013 08:37:00 Windows Update 10-07-2013 08:39:10 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {712C6036-A69E-4661-97AE-5918C0530C99} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {8D155C0B-F47E-4062-AE3E-5C2AA1F8E30B} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {A257B1D8-38E4-4037-841A-8F24A67C3406} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) ==================== Faulty Device Manager Devices ============= Name: Broadcom 802.11n-Netzwerkadapter Description: Broadcom 802.11n-Netzwerkadapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Broadcom Service: BCM43XX Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Bluetooth-Gerät (PAN) Description: Bluetooth-Gerät (PAN) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: BthPan Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/10/2013 07:06:09 PM) (Source: Application Hang) (User: ) Description: Programm League of Legends.exe, Version 3.9.0.491 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 10d0 Startzeit: 01ce7d8f95cf4050 Endzeit: 11 Anwendungspfad: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.236\deploy\League of Legends.exe Berichts-ID: Error: (07/10/2013 10:58:18 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917, Zeitstempel: 0x51c06a5b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00173668 ID des fehlerhaften Prozesses: 0x1178 Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0 Pfad der fehlerhaften Anwendung: firefox.exe1 Pfad des fehlerhaften Moduls: firefox.exe2 Berichtskennung: firefox.exe3 Error: (07/09/2013 00:35:17 AM) (Source: Application Hang) (User: ) Description: Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 145c Startzeit: 01ce7c2b5ebf5b00 Endzeit: 20 Anwendungspfad: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe Berichts-ID: a7eee391-e81e-11e2-a9a6-d49a200e8304 Error: (07/09/2013 00:28:53 AM) (Source: Application Hang) (User: ) Description: Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1834 Startzeit: 01ce7c2a76bb2550 Endzeit: 26 Anwendungspfad: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe Berichts-ID: c38d5011-e81d-11e2-a9a6-d49a200e8304 Error: (07/09/2013 00:25:43 AM) (Source: Application Hang) (User: ) Description: Programm LolClient.exe, Version 2.0.2.12610 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: fe8 Startzeit: 01ce7c052b0dd2d0 Endzeit: 13 Anwendungspfad: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.30\deploy\LolClient.exe Berichts-ID: 51eb0ab1-e81d-11e2-a9a6-d49a200e8304 Error: (07/02/2013 02:16:41 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879, Zeitstempel: 0x518ec3cc Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879, Zeitstempel: 0x518ec306 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001c9789 ID des fehlerhaften Prozesses: 0x57c Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0 Pfad der fehlerhaften Anwendung: firefox.exe1 Pfad des fehlerhaften Moduls: firefox.exe2 Berichtskennung: firefox.exe3 Error: (06/25/2013 04:22:09 PM) (Source: Application Hang) (User: ) Description: Programm LolClient.exe, Version 2.0.2.12610 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 740 Startzeit: 01ce719f29e204a0 Endzeit: 15 Anwendungspfad: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.30\deploy\LolClient.exe Berichts-ID: 9c0c52f1-dda2-11e2-bd97-d49a200e8304 Error: (06/19/2013 05:15:22 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac Name des fehlerhaften Moduls: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac Ausnahmecode: 0xc0000005 Fehleroffset: 0x00019362 ID des fehlerhaften Prozesses: 0x668 Startzeit der fehlerhaften Anwendung: 0xrads_user_kernel.exe0 Pfad der fehlerhaften Anwendung: rads_user_kernel.exe1 Pfad des fehlerhaften Moduls: rads_user_kernel.exe2 Berichtskennung: rads_user_kernel.exe3 Error: (06/18/2013 04:40:54 PM) (Source: BugSplat) (User: ) Description: lol_beta_riotgames_comLOL_Public-1 Error: (06/18/2013 01:17:15 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 21.0.0.4879, Zeitstempel: 0x518ec367 Name des fehlerhaften Moduls: mozalloc.dll, Version: 21.0.0.4879, Zeitstempel: 0x518eaa4a Ausnahmecode: 0x80000003 Fehleroffset: 0x00001988 ID des fehlerhaften Prozesses: 0x13cc Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 System errors: ============= Error: (07/10/2013 10:59:13 AM) (Source: ACPI) (User: ) Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error: (07/10/2013 10:31:44 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/10/2013 10:31:44 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error: (07/09/2013 01:16:31 PM) (Source: Microsoft-Windows-HAL) (User: ) Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist. Error: (07/09/2013 00:24:54 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/09/2013 00:24:54 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error: (07/09/2013 00:22:34 PM) (Source: ACPI) (User: ) Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error: (07/08/2013 06:04:58 PM) (Source: Microsoft-Windows-HAL) (User: ) Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist. Error: (07/03/2013 07:21:35 PM) (Source: NetBT) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.59 registriert werden. Der Computer mit IP-Adresse 192.168.2.62 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (07/03/2013 01:10:14 PM) (Source: Microsoft-Windows-HAL) (User: ) Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist. Microsoft Office Sessions: ========================= Error: (02/12/2013 06:30:20 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2001 seconds with 120 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 50% Total physical RAM: 3814.71 MB Available physical RAM: 1877.1 MB Total Pagefile: 7627.6 MB Available Pagefile: 5489.51 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (BOOTCAMP) (Fixed) (Total:182.27 GB) (Free:100.71 GB) NTFS (Disk=0 Partition=3) ==>[Drive with boot components (obtained from BCD)] Drive e: (Macintosh HD) (Fixed) (Total:55.88 GB) (Free:41.13 GB) HFS (Disk=0 Partition=2) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: 17B0A66F) Partition: GPT Partition TypePartition 2: (Not Active) - (Size=56 GB) - (Type=AF) Partition 3: (Active) - (Size=182 GB) - (Type=07 NTFS) ==================== End Of Log ============================ black-avenge |
|
11.07.2013, 12:53
| #4 |
| /// the machine /// TB-Ausbilder | Seth.Avazutracking.net - Firefox öffnet selbstständig Werbetabs Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST Log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.07.2013, 13:14
| #5 |
| | Seth.Avazutracking.net - Firefox öffnet selbstständig Werbetabs So, hier die 3 Logs: AdwCleaner Code:
ATTFilter # AdwCleaner v2.304 - Datei am 11/07/2013 um 13:58:17 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : *** - ***MACBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\APN
Ordner Gelöscht : C:\Users\***\AppData\Local\Temp\APN
Ordner Gelöscht : C:\Users\***\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\***\AppData\Roaming\DesktopIconForAmazon
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\PIP
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\l72b7pk4.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1082 octets] - [11/07/2013 13:58:17]
########## EOF - C:\AdwCleaner[S1].txt - [1142 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.7 (07.11.2013:1)
OS: Windows 7 Professional x64
Ran by *** on 11.07.2013 at 14:02:53,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\l72b7pk4.default\minidumps [52 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.07.2013 at 14:07:37,95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2013 04
Ran by *** (administrator) on 11-07-2013 14:10:07
Running from C:\Users\***\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
() C:\Windows\system32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\system32\AppleTimeSrv.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(ICQ, LLC.) C:\Program Files (x86)\ICQ7M\ICQ.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
(Dropbox, Inc.) C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Apple_KbdMgr] - C:\Program Files\Boot Camp\Bootcamp.exe [741760 2011-08-15] (Apple Inc.)
HKLM\...\Run: [egui] - "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [2918656 2011-01-12] (ESET)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16395880 2010-01-05] (NVIDIA Corporation)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-07] ()
HKCU\...\Run: [ICQ] - "C:\Program Files (x86)\ICQ7M\ICQ.exe" silent loginmode=4 [127040 2013-01-07] (ICQ, LLC.)
HKCU\...\Run: [Steam] - "C:\Program Files (x86)\Steam\Steam.exe" -silent [1672616 2013-07-10] (Valve Corporation)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [VirtualCloneDrive] - "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [620152 2006-10-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\l72b7pk4.default
FF SelectedSearchEngine: League of Legends Wiki (en)
FF Homepage: hxxp://de.yahoo.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\l72b7pk4.default\searchplugins\league-of-legends-wiki-en.xml
FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\l72b7pk4.default\searchplugins\youtube-videosuche.xml
FF Extension: exif_viewer - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\l72b7pk4.default\Extensions\exif_viewer@mozilla.doslash.org.xpi
FF Extension: status4evar - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\l72b7pk4.default\Extensions\status4evar@caligonstudios.com.xpi
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\l72b7pk4.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-05] (Adobe Systems)
R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [224640 2011-08-15] ()
S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [42360 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [810144 2011-01-12] (ESET)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [158208 2012-04-06] (Samsung Electronics)
==================== Drivers (Whitelisted) ====================
R3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2011-01-31] (Apple Inc.)
R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [38912 2011-01-31] (Apple Inc.)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170640 2010-12-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2010-12-21] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [170640 2010-12-21] (ESET)
R3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [34144 2010-12-21] (ESET)
R2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [50624 2010-12-21] (ESET)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-10-11] (ManyCam LLC)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-11 14:07 - 2013-07-11 14:07 - 00000759 ____A C:\Users\***\Desktop\JRT.txt
2013-07-11 14:02 - 2013-07-11 14:02 - 00000000 ____D C:\Windows\ERUNT
2013-07-11 13:58 - 2013-07-11 13:58 - 00001211 ____A C:\AdwCleaner[S1].txt
2013-07-11 13:56 - 2013-07-11 13:56 - 00559306 ____A (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-11 13:55 - 2013-07-11 13:55 - 00650027 ____A C:\Users\***\Desktop\adwcleaner.exe
2013-07-11 12:53 - 2013-07-11 12:53 - 00020901 ____A C:\Users\***\Desktop\Addition.txt
2013-07-11 12:52 - 2013-07-11 12:52 - 00000000 ____D C:\FRST
2013-07-11 12:51 - 2013-07-11 12:52 - 01777775 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-11 02:25 - 2013-07-11 02:25 - 00069612 ____A C:\Users\***\Downloads\Extras.Txt
2013-07-11 02:23 - 2013-07-11 02:23 - 00076906 ____A C:\Users\***\Downloads\OTL.Txt
2013-07-11 02:14 - 2013-07-11 02:14 - 00602112 ____A (OldTimer Tools) C:\Users\***\Downloads\OTL.exe
2013-07-11 01:57 - 2013-07-11 01:57 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-11 01:57 - 2013-07-11 01:57 - 00001121 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-11 01:57 - 2013-07-11 01:57 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-11 01:57 - 2013-07-11 01:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-11 01:57 - 2013-07-11 01:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-11 01:57 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-10 16:18 - 2013-07-10 16:20 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-10 16:18 - 2013-07-10 16:18 - 09171472 ____A (SurfRight B.V.) C:\Users\***\Downloads\hitmanpro.exe
2013-07-10 16:16 - 2013-07-10 16:17 - 09833328 ____A (SurfRight B.V.) C:\Users\***\Downloads\HitmanPro_x64.exe
2013-07-10 16:04 - 2013-07-10 16:04 - 00388608 ____A (Trend Micro Inc.) C:\Users\***\Downloads\hijackthis.exe
2013-07-10 16:04 - 2013-07-10 16:04 - 00011129 ____A C:\Users\***\Downloads\hijackthis.log
2013-07-10 10:42 - 2013-06-12 01:43 - 14329856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 10:42 - 2013-06-12 01:43 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 10:42 - 2013-06-12 01:43 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 10:42 - 2013-06-12 01:43 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 10:42 - 2013-06-12 01:43 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 10:42 - 2013-06-12 01:43 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 10:42 - 2013-06-12 01:43 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 10:42 - 2013-06-12 01:42 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 10:42 - 2013-06-12 01:42 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 10:42 - 2013-06-12 01:42 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 10:42 - 2013-06-12 01:42 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 10:42 - 2013-06-12 01:42 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 10:42 - 2013-06-12 01:42 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 10:42 - 2013-06-12 01:26 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 10:42 - 2013-06-12 01:26 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 10:42 - 2013-06-12 01:26 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 10:42 - 2013-06-12 01:25 - 19238912 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 15404032 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 02648576 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 10:42 - 2013-06-12 00:51 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 10:42 - 2013-06-12 00:50 - 00089600 ____A (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 10:42 - 2013-06-07 05:22 - 02706432 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 10:42 - 2013-06-07 04:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 10:38 - 2013-06-05 05:34 - 03153920 ____A (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 10:38 - 2013-06-04 08:00 - 00624128 ____A (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 10:38 - 2013-06-04 06:53 - 00509440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 10:38 - 2013-05-06 08:03 - 01887744 ____A (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 10:38 - 2013-05-06 06:56 - 01620480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 10:38 - 2013-04-10 01:34 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 10:38 - 2013-04-03 00:51 - 01643520 ____A (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-03 00:59 - 2013-07-03 00:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-27 00:47 - 2013-06-27 00:47 - 00000000 ____A C:\Users\***\Desktop\***@***head.de.txt
2013-06-25 14:28 - 2013-06-25 14:28 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-25 14:28 - 2013-06-25 14:28 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-25 14:28 - 2013-06-25 14:28 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-25 14:28 - 2013-06-25 14:28 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-25 14:28 - 2013-06-25 14:28 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-23 14:04 - 2013-06-23 14:04 - 395513882 ____A C:\Windows\MEMORY.DMP
2013-06-23 14:04 - 2013-06-23 14:04 - 00292312 ____A C:\Windows\Minidump\062313-12901-01.dmp
2013-06-23 14:04 - 2013-06-23 14:04 - 00000000 ____D C:\Windows\Minidump
2013-06-12 10:32 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-12 10:32 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-12 10:32 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-12 10:32 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-06-12 10:32 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 10:32 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 10:32 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 10:32 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-12 10:32 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 10:32 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 10:32 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-06-12 10:32 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 10:32 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-12 10:32 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-12 10:32 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 10:32 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 10:32 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 10:32 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-12 10:32 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\system32\d3d11.dll
==================== One Month Modified Files and Folders =======
2013-07-11 14:10 - 2013-05-01 11:37 - 00000000 ____D C:\Users\***\AppData\Roaming\NetSpeedMonitor
2013-07-11 14:10 - 2013-01-07 12:05 - 00000000 ____D C:\Users\***\AppData\Local\PMB Files
2013-07-11 14:09 - 2013-01-23 18:12 - 00000000 ___RD C:\Users\***\Dropbox
2013-07-11 14:09 - 2013-01-23 18:11 - 00000000 ____D C:\Users\***\AppData\Roaming\Dropbox
2013-07-11 14:09 - 2013-01-22 22:13 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-11 14:09 - 2013-01-07 12:31 - 00000000 ____D C:\Users\***\AppData\Roaming\ICQ
2013-07-11 14:09 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-11 14:09 - 2009-07-14 06:51 - 00042318 ____A C:\Windows\setupact.log
2013-07-11 14:08 - 2013-01-06 16:46 - 01905174 ____A C:\Windows\WindowsUpdate.log
2013-07-11 14:07 - 2013-07-11 14:07 - 00000759 ____A C:\Users\***\Desktop\JRT.txt
2013-07-11 14:07 - 2009-07-14 19:58 - 00654400 ____A C:\Windows\system32\perfh007.dat
2013-07-11 14:07 - 2009-07-14 19:58 - 00130240 ____A C:\Windows\system32\perfc007.dat
2013-07-11 14:07 - 2009-07-14 07:13 - 01498742 ____A C:\Windows\system32\PerfStringBackup.INI
2013-07-11 14:07 - 2009-07-14 06:45 - 00016208 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-11 14:07 - 2009-07-14 06:45 - 00016208 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-11 14:02 - 2013-07-11 14:02 - 00000000 ____D C:\Windows\ERUNT
2013-07-11 13:58 - 2013-07-11 13:58 - 00001211 ____A C:\AdwCleaner[S1].txt
2013-07-11 13:56 - 2013-07-11 13:56 - 00559306 ____A (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-11 13:55 - 2013-07-11 13:55 - 00650027 ____A C:\Users\***\Desktop\adwcleaner.exe
2013-07-11 12:53 - 2013-07-11 12:53 - 00020901 ____A C:\Users\***\Desktop\Addition.txt
2013-07-11 12:52 - 2013-07-11 12:52 - 00000000 ____D C:\FRST
2013-07-11 12:52 - 2013-07-11 12:51 - 01777775 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-11 12:51 - 2013-01-07 23:59 - 00000000 ____D C:\Users\***\AppData\Local\Adobe
2013-07-11 12:50 - 2013-01-07 12:55 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-11 12:50 - 2013-01-07 12:55 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-11 02:25 - 2013-07-11 02:25 - 00069612 ____A C:\Users\***\Downloads\Extras.Txt
2013-07-11 02:23 - 2013-07-11 02:23 - 00076906 ____A C:\Users\***\Downloads\OTL.Txt
2013-07-11 02:14 - 2013-07-11 02:14 - 00602112 ____A (OldTimer Tools) C:\Users\***\Downloads\OTL.exe
2013-07-11 01:57 - 2013-07-11 01:57 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-11 01:57 - 2013-07-11 01:57 - 00001121 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-11 01:57 - 2013-07-11 01:57 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-11 01:57 - 2013-07-11 01:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-11 01:57 - 2013-07-11 01:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-11 01:07 - 2013-01-07 12:05 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-11 00:09 - 2013-01-09 00:34 - 00000000 ____D C:\Users\***\AppData\Roaming\TS3Client
2013-07-10 16:20 - 2013-07-10 16:18 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-10 16:18 - 2013-07-10 16:18 - 09171472 ____A (SurfRight B.V.) C:\Users\***\Downloads\hitmanpro.exe
2013-07-10 16:17 - 2013-07-10 16:16 - 09833328 ____A (SurfRight B.V.) C:\Users\***\Downloads\HitmanPro_x64.exe
2013-07-10 16:13 - 2013-01-06 16:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-10 16:04 - 2013-07-10 16:04 - 00388608 ____A (Trend Micro Inc.) C:\Users\***\Downloads\hijackthis.exe
2013-07-10 16:04 - 2013-07-10 16:04 - 00011129 ____A C:\Users\***\Downloads\hijackthis.log
2013-07-10 16:04 - 2013-01-06 16:46 - 00000000 ____D C:\Users\***\AppData\Local\VirtualStore
2013-07-10 10:59 - 2009-07-14 06:45 - 00417840 ____A C:\Windows\system32\FNTCACHE.DAT
2013-07-10 10:58 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 10:58 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 10:58 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 10:43 - 2013-01-06 19:56 - 78185248 ____A (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-10 01:56 - 2013-02-12 21:04 - 00000000 ____D C:\Users\***\AppData\Roaming\vlc
2013-07-04 12:36 - 2013-01-06 21:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-03 17:53 - 2013-01-16 17:20 - 00000072 ____A C:\Users\Public\LMDebug.log
2013-07-03 00:59 - 2013-07-03 00:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-27 00:47 - 2013-06-27 00:47 - 00000000 ____A C:\Users\***\Desktop\***@***head.de.txt
2013-06-25 14:28 - 2013-06-25 14:28 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-25 14:28 - 2013-06-25 14:28 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-25 14:28 - 2013-06-25 14:28 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-25 14:28 - 2013-06-25 14:28 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-25 14:28 - 2013-06-25 14:28 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-25 14:28 - 2013-04-05 19:17 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-25 14:28 - 2013-04-05 19:17 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-23 14:04 - 2013-06-23 14:04 - 395513882 ____A C:\Windows\MEMORY.DMP
2013-06-23 14:04 - 2013-06-23 14:04 - 00292312 ____A C:\Windows\Minidump\062313-12901-01.dmp
2013-06-23 14:04 - 2013-06-23 14:04 - 00000000 ____D C:\Windows\Minidump
2013-06-12 10:31 - 2013-01-23 18:11 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-06-12 10:31 - 2013-01-06 16:46 - 00000000 ___RD C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-06-12 01:43 - 2013-07-10 10:42 - 14329856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 01:43 - 2013-07-10 10:42 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 01:43 - 2013-07-10 10:42 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 01:43 - 2013-07-10 10:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 01:43 - 2013-07-10 10:42 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 01:43 - 2013-07-10 10:42 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 01:43 - 2013-07-10 10:42 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 01:42 - 2013-07-10 10:42 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 01:42 - 2013-07-10 10:42 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 01:42 - 2013-07-10 10:42 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 01:42 - 2013-07-10 10:42 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 01:42 - 2013-07-10 10:42 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 01:42 - 2013-07-10 10:42 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 01:26 - 2013-07-10 10:42 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-06-12 01:26 - 2013-07-10 10:42 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-06-12 01:26 - 2013-07-10 10:42 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-06-12 01:25 - 2013-07-10 10:42 - 19238912 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 15404032 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 02648576 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-06-12 00:51 - 2013-07-10 10:42 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 00:50 - 2013-07-10 10:42 - 00089600 ____A (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-18 10:18
==================== End Of Log ============================
Grüße black-avenge |
|
11.07.2013, 13:27
| #6 |
| /// the machine /// TB-Ausbilder | Seth.Avazutracking.net - Firefox öffnet selbstständig WerbetabsESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST Log bitte. Noch Probleme? 
__________________ --> Seth.Avazutracking.net - Firefox öffnet selbstständig Werbetabs |
|
11.07.2013, 21:02
| #7 |
| | Seth.Avazutracking.net - Firefox öffnet selbstständig Werbetabs Hier die Logs, ESET Online Scanner Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b9c556b553b89b4c96d11743aa88bd07
# engine=14352
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-11 07:07:50
# local_time=2013-07-11 09:07:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 118196 125199520 0 0
# compatibility_mode=8202 16776701 100 75 26292 78726510 0 0
# scanned=572842
# found=0
# cleaned=0
# scan_time=23584
# nod_component=V3 Build:0x30000000
Code:
ATTFilter Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` ESET Smart Security 4.2 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.8.800.94 Adobe Reader XI Mozilla Firefox (22.0) ````````Process Check: objlist.exe by Laurent```````` ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2013
Ran by *** (administrator) on 11-07-2013 21:59:17
Running from C:\Users\***\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
() C:\Windows\system32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\system32\AppleTimeSrv.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Dropbox, Inc.) C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Apple_KbdMgr] - C:\Program Files\Boot Camp\Bootcamp.exe [741760 2011-08-15] (Apple Inc.)
HKLM\...\Run: [egui] - "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [2918656 2011-01-12] (ESET)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16395880 2010-01-05] (NVIDIA Corporation)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-07] ()
HKCU\...\Run: [ICQ] - "C:\Program Files (x86)\ICQ7M\ICQ.exe" silent loginmode=4 [127040 2013-01-07] (ICQ, LLC.)
HKCU\...\Run: [Steam] - "C:\Program Files (x86)\Steam\Steam.exe" -silent [1672616 2013-07-10] (Valve Corporation)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [VirtualCloneDrive] - "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [620152 2006-10-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\l72b7pk4.default
FF SelectedSearchEngine: League of Legends Wiki (en)
FF Homepage: hxxp://de.yahoo.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\l72b7pk4.default\searchplugins\league-of-legends-wiki-en.xml
FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\l72b7pk4.default\searchplugins\youtube-videosuche.xml
FF Extension: exif_viewer - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\l72b7pk4.default\Extensions\exif_viewer@mozilla.doslash.org.xpi
FF Extension: status4evar - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\l72b7pk4.default\Extensions\status4evar@caligonstudios.com.xpi
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\l72b7pk4.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-05] (Adobe Systems)
R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [224640 2011-08-15] ()
S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [42360 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [810144 2011-01-12] (ESET)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [158208 2012-04-06] (Samsung Electronics)
==================== Drivers (Whitelisted) ====================
R3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2011-01-31] (Apple Inc.)
R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [38912 2011-01-31] (Apple Inc.)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170640 2010-12-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2010-12-21] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [170640 2010-12-21] (ESET)
R3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [34144 2010-12-21] (ESET)
R2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [50624 2010-12-21] (ESET)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-10-11] (ManyCam LLC)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-11 21:58 - 2013-07-11 21:58 - 01778065 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-11 21:54 - 2013-07-11 21:54 - 00890988 ____A C:\Users\***\Desktop\SecurityCheck.exe
2013-07-11 15:12 - 2013-07-11 15:12 - 00007606 ____A C:\Users\***\AppData\Local\Resmon.ResmonCfg
2013-07-11 14:32 - 2013-07-11 14:32 - 02347384 ____A (ESET) C:\Users\***\Downloads\esetsmartinstaller_enu.exe
2013-07-11 14:32 - 2013-07-11 14:32 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-11 14:07 - 2013-07-11 14:07 - 00000759 ____A C:\Users\***\Desktop\JRT.txt
2013-07-11 14:02 - 2013-07-11 14:02 - 00000000 ____D C:\Windows\ERUNT
2013-07-11 13:58 - 2013-07-11 13:58 - 00001211 ____A C:\AdwCleaner[S1].txt
2013-07-11 13:56 - 2013-07-11 13:56 - 00559306 ____A (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-11 13:55 - 2013-07-11 13:55 - 00650027 ____A C:\Users\***\Desktop\adwcleaner.exe
2013-07-11 12:53 - 2013-07-11 12:53 - 00020901 ____A C:\Users\***\Desktop\Addition.txt
2013-07-11 12:52 - 2013-07-11 12:52 - 00000000 ____D C:\FRST
2013-07-11 02:25 - 2013-07-11 02:25 - 00069612 ____A C:\Users\***\Downloads\Extras.Txt
2013-07-11 02:23 - 2013-07-11 02:23 - 00076906 ____A C:\Users\***\Downloads\OTL.Txt
2013-07-11 02:14 - 2013-07-11 02:14 - 00602112 ____A (OldTimer Tools) C:\Users\***\Downloads\OTL.exe
2013-07-11 01:57 - 2013-07-11 01:57 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-11 01:57 - 2013-07-11 01:57 - 00001121 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-11 01:57 - 2013-07-11 01:57 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-11 01:57 - 2013-07-11 01:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-11 01:57 - 2013-07-11 01:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-11 01:57 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-10 16:18 - 2013-07-10 16:20 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-10 16:18 - 2013-07-10 16:18 - 09171472 ____A (SurfRight B.V.) C:\Users\***\Downloads\hitmanpro.exe
2013-07-10 16:16 - 2013-07-10 16:17 - 09833328 ____A (SurfRight B.V.) C:\Users\***\Downloads\HitmanPro_x64.exe
2013-07-10 16:04 - 2013-07-10 16:04 - 00388608 ____A (Trend Micro Inc.) C:\Users\***\Downloads\hijackthis.exe
2013-07-10 16:04 - 2013-07-10 16:04 - 00011129 ____A C:\Users\***\Downloads\hijackthis.log
2013-07-10 10:42 - 2013-06-12 01:43 - 14329856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 10:42 - 2013-06-12 01:43 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 10:42 - 2013-06-12 01:43 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 10:42 - 2013-06-12 01:43 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 10:42 - 2013-06-12 01:43 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 10:42 - 2013-06-12 01:43 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 10:42 - 2013-06-12 01:43 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 10:42 - 2013-06-12 01:42 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 10:42 - 2013-06-12 01:42 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 10:42 - 2013-06-12 01:42 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 10:42 - 2013-06-12 01:42 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 10:42 - 2013-06-12 01:42 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 10:42 - 2013-06-12 01:42 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 10:42 - 2013-06-12 01:26 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 10:42 - 2013-06-12 01:26 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 10:42 - 2013-06-12 01:26 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 10:42 - 2013-06-12 01:25 - 19238912 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 15404032 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 02648576 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 10:42 - 2013-06-12 01:25 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 10:42 - 2013-06-12 00:51 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 10:42 - 2013-06-12 00:50 - 00089600 ____A (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 10:42 - 2013-06-07 05:22 - 02706432 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 10:42 - 2013-06-07 04:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 10:38 - 2013-06-05 05:34 - 03153920 ____A (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 10:38 - 2013-06-04 08:00 - 00624128 ____A (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 10:38 - 2013-06-04 06:53 - 00509440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 10:38 - 2013-05-06 08:03 - 01887744 ____A (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 10:38 - 2013-05-06 06:56 - 01620480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 10:38 - 2013-04-10 01:34 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 10:38 - 2013-04-03 00:51 - 01643520 ____A (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-03 00:59 - 2013-07-03 00:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-27 00:47 - 2013-06-27 00:47 - 00000000 ____A C:\Users\***\Desktop\***@***head.de.txt
2013-06-25 14:28 - 2013-06-25 14:28 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-25 14:28 - 2013-06-25 14:28 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-25 14:28 - 2013-06-25 14:28 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-25 14:28 - 2013-06-25 14:28 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-25 14:28 - 2013-06-25 14:28 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-23 14:04 - 2013-06-23 14:04 - 395513882 ____A C:\Windows\MEMORY.DMP
2013-06-23 14:04 - 2013-06-23 14:04 - 00292312 ____A C:\Windows\Minidump\062313-12901-01.dmp
2013-06-23 14:04 - 2013-06-23 14:04 - 00000000 ____D C:\Windows\Minidump
2013-06-12 10:32 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-12 10:32 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-12 10:32 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-12 10:32 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-06-12 10:32 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 10:32 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 10:32 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 10:32 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-12 10:32 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 10:32 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 10:32 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-06-12 10:32 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 10:32 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-12 10:32 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-12 10:32 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 10:32 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 10:32 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 10:32 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-12 10:32 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\system32\d3d11.dll
==================== One Month Modified Files and Folders =======
2013-07-11 21:59 - 2013-01-07 12:05 - 00000000 ____D C:\Users\***\AppData\Local\PMB Files
2013-07-11 21:58 - 2013-07-11 21:58 - 01778065 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-11 21:58 - 2013-05-01 11:37 - 00000000 ____D C:\Users\***\AppData\Roaming\NetSpeedMonitor
2013-07-11 21:55 - 2013-01-06 16:46 - 01917307 ____A C:\Windows\WindowsUpdate.log
2013-07-11 21:54 - 2013-07-11 21:54 - 00890988 ____A C:\Users\***\Desktop\SecurityCheck.exe
2013-07-11 21:54 - 2009-07-14 19:58 - 00654400 ____A C:\Windows\system32\perfh007.dat
2013-07-11 21:54 - 2009-07-14 19:58 - 00130240 ____A C:\Windows\system32\perfc007.dat
2013-07-11 21:54 - 2009-07-14 07:13 - 01498742 ____A C:\Windows\system32\PerfStringBackup.INI
2013-07-11 21:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-11 17:58 - 2013-01-07 12:31 - 00000000 ____D C:\Users\***\AppData\Roaming\ICQ
2013-07-11 17:39 - 2013-01-22 22:13 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-11 15:12 - 2013-07-11 15:12 - 00007606 ____A C:\Users\***\AppData\Local\Resmon.ResmonCfg
2013-07-11 14:32 - 2013-07-11 14:32 - 02347384 ____A (ESET) C:\Users\***\Downloads\esetsmartinstaller_enu.exe
2013-07-11 14:32 - 2013-07-11 14:32 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-11 14:16 - 2009-07-14 06:45 - 00016208 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-11 14:16 - 2009-07-14 06:45 - 00016208 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-11 14:09 - 2013-01-23 18:12 - 00000000 ___RD C:\Users\***\Dropbox
2013-07-11 14:09 - 2013-01-23 18:11 - 00000000 ____D C:\Users\***\AppData\Roaming\Dropbox
2013-07-11 14:09 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-11 14:09 - 2009-07-14 06:51 - 00042318 ____A C:\Windows\setupact.log
2013-07-11 14:07 - 2013-07-11 14:07 - 00000759 ____A C:\Users\***\Desktop\JRT.txt
2013-07-11 14:02 - 2013-07-11 14:02 - 00000000 ____D C:\Windows\ERUNT
2013-07-11 13:58 - 2013-07-11 13:58 - 00001211 ____A C:\AdwCleaner[S1].txt
2013-07-11 13:56 - 2013-07-11 13:56 - 00559306 ____A (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-11 13:55 - 2013-07-11 13:55 - 00650027 ____A C:\Users\***\Desktop\adwcleaner.exe
2013-07-11 12:53 - 2013-07-11 12:53 - 00020901 ____A C:\Users\***\Desktop\Addition.txt
2013-07-11 12:52 - 2013-07-11 12:52 - 00000000 ____D C:\FRST
2013-07-11 12:51 - 2013-01-07 23:59 - 00000000 ____D C:\Users\***\AppData\Local\Adobe
2013-07-11 12:50 - 2013-01-07 12:55 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-11 12:50 - 2013-01-07 12:55 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-11 02:25 - 2013-07-11 02:25 - 00069612 ____A C:\Users\***\Downloads\Extras.Txt
2013-07-11 02:23 - 2013-07-11 02:23 - 00076906 ____A C:\Users\***\Downloads\OTL.Txt
2013-07-11 02:14 - 2013-07-11 02:14 - 00602112 ____A (OldTimer Tools) C:\Users\***\Downloads\OTL.exe
2013-07-11 01:57 - 2013-07-11 01:57 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-11 01:57 - 2013-07-11 01:57 - 00001121 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-11 01:57 - 2013-07-11 01:57 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-11 01:57 - 2013-07-11 01:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-11 01:57 - 2013-07-11 01:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-11 01:07 - 2013-01-07 12:05 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-11 00:09 - 2013-01-09 00:34 - 00000000 ____D C:\Users\***\AppData\Roaming\TS3Client
2013-07-10 16:20 - 2013-07-10 16:18 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-10 16:18 - 2013-07-10 16:18 - 09171472 ____A (SurfRight B.V.) C:\Users\***\Downloads\hitmanpro.exe
2013-07-10 16:17 - 2013-07-10 16:16 - 09833328 ____A (SurfRight B.V.) C:\Users\***\Downloads\HitmanPro_x64.exe
2013-07-10 16:13 - 2013-01-06 16:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-10 16:04 - 2013-07-10 16:04 - 00388608 ____A (Trend Micro Inc.) C:\Users\***\Downloads\hijackthis.exe
2013-07-10 16:04 - 2013-07-10 16:04 - 00011129 ____A C:\Users\***\Downloads\hijackthis.log
2013-07-10 16:04 - 2013-01-06 16:46 - 00000000 ____D C:\Users\***\AppData\Local\VirtualStore
2013-07-10 10:59 - 2009-07-14 06:45 - 00417840 ____A C:\Windows\system32\FNTCACHE.DAT
2013-07-10 10:58 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 10:58 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 10:58 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 10:43 - 2013-01-06 19:56 - 78185248 ____A (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-10 01:56 - 2013-02-12 21:04 - 00000000 ____D C:\Users\***\AppData\Roaming\vlc
2013-07-04 12:36 - 2013-01-06 21:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-03 17:53 - 2013-01-16 17:20 - 00000072 ____A C:\Users\Public\LMDebug.log
2013-07-03 00:59 - 2013-07-03 00:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-27 00:47 - 2013-06-27 00:47 - 00000000 ____A C:\Users\***\Desktop\***@***head.de.txt
2013-06-25 14:28 - 2013-06-25 14:28 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-25 14:28 - 2013-06-25 14:28 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-25 14:28 - 2013-06-25 14:28 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-25 14:28 - 2013-06-25 14:28 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-25 14:28 - 2013-06-25 14:28 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-25 14:28 - 2013-04-05 19:17 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-25 14:28 - 2013-04-05 19:17 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-23 14:04 - 2013-06-23 14:04 - 395513882 ____A C:\Windows\MEMORY.DMP
2013-06-23 14:04 - 2013-06-23 14:04 - 00292312 ____A C:\Windows\Minidump\062313-12901-01.dmp
2013-06-23 14:04 - 2013-06-23 14:04 - 00000000 ____D C:\Windows\Minidump
2013-06-12 10:31 - 2013-01-23 18:11 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-06-12 10:31 - 2013-01-06 16:46 - 00000000 ___RD C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-06-12 01:43 - 2013-07-10 10:42 - 14329856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 01:43 - 2013-07-10 10:42 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 01:43 - 2013-07-10 10:42 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 01:43 - 2013-07-10 10:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 01:43 - 2013-07-10 10:42 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 01:43 - 2013-07-10 10:42 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 01:43 - 2013-07-10 10:42 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 01:42 - 2013-07-10 10:42 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 01:42 - 2013-07-10 10:42 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 01:42 - 2013-07-10 10:42 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 01:42 - 2013-07-10 10:42 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 01:42 - 2013-07-10 10:42 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 01:42 - 2013-07-10 10:42 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 01:26 - 2013-07-10 10:42 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-06-12 01:26 - 2013-07-10 10:42 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-06-12 01:26 - 2013-07-10 10:42 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-06-12 01:25 - 2013-07-10 10:42 - 19238912 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 15404032 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 02648576 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-06-12 01:25 - 2013-07-10 10:42 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-06-12 00:51 - 2013-07-10 10:42 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 00:50 - 2013-07-10 10:42 - 00089600 ____A (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-11 21:30
==================== End Of Log ============================
Grüße black-avenge |
|
12.07.2013, 09:45
| #8 |
| /// the machine /// TB-Ausbilder | Seth.Avazutracking.net - Firefox öffnet selbstständig Werbetabs Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.07.2013, 13:31
| #9 |
| | Seth.Avazutracking.net - Firefox öffnet selbstständig Werbetabs Hi, bislang hat sich kein neues Popup aufgetan. Allerdings bin ich übers Wochenende leider kaum am Laptop. Sprich abschließende Mitteilung ob wirklich nichts mehr kommt werde ich wohl erst im Lauf der kommenden Woche geben können. Kannst du in aller Kürze erklären was der Schädling jetzt letztlich war und wo er sich eingenistet hatte? /edit: Als hätte man's gerufen... Eben hat sich ein neuer Tab aufgetan als ich hier im Forum bisl rumgesurft bin. Code:
ATTFilter hxxp://www.umzugsauktion.de/?utm_source=zanox&utm_medium=affiliate&utm_campaign=affiliate&zanpid=1791110713109283841
Grüße black-avenge Geändert von black-avenge (13.07.2013 um 13:37 Uhr) |
|
13.07.2013, 15:17
| #10 |
| /// the machine /// TB-Ausbilder | Seth.Avazutracking.net - Firefox öffnet selbstständig Werbetabs Welcher Browser?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.07.2013, 11:41
| #11 |
| | Seth.Avazutracking.net - Firefox öffnet selbstständig Werbetabs Entschuldige die späte Antwort, bin derzeit brutal im Klausurenstress. Verwendet wird der Firefox 22.0 Ich hab jetzt allerdings seither auch keine neue Fensteröffnung mehr gehabt. In vielleicht 10 Betriebsstunden seit meinem letzten Posting. Grüße black-avenge |
|
17.07.2013, 11:57
| #12 |
| /// the machine /// TB-Ausbilder | Seth.Avazutracking.net - Firefox öffnet selbstständig Werbetabs Teste noch nen Tag und gib bitte wieder Rückmeldng
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.08.2013, 10:42
| #13 |
| | Seth.Avazutracking.net - Firefox öffnet selbstständig Werbetabs Ganz vergessen mich wieder zu melden. Bislang sind keine neuen Popups mehr aufgegangen. Kannst du evtl. in aller Kürze erklären was es jetzt war was ich mir gefangen hatte und wo es sich versteckt hatte? Ich werd ja aus den Logs leider nich schlau^^ Grüße black-avenge |
|
13.08.2013, 17:17
| #14 |
| /// the machine /// TB-Ausbilder | Seth.Avazutracking.net - Firefox öffnet selbstständig Werbetabs Ne Menge Adware. Beim Laden und Installieren von Software immer nur Herstellerseiten verwenden und Benutzerdefiniert installieren, um die Adware abzuwählen. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.08.2013, 19:31
| #15 |
| | Seth.Avazutracking.net - Firefox öffnet selbstständig Werbetabs Hi, delfix wurde ausgeführt: Code:
ATTFilter # DelFix v10.4 - Datei am 13/08/2013 um 20:05:55 erstellt # Aktualisiert am 19/07/2013 von Xplode # Benutzer : *** - ***MACBOOK # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) ~ Aktiviere die Benutzerkontensteuerung ... OK ~ Entferne die Bereinigungsprogramme ... Gelöscht : C:\FRST Gelöscht : C:\AdwCleaner[S1].txt Gelöscht : C:\Users\***\Desktop\Addition.txt Gelöscht : C:\Users\***\Downloads\esetsmartinstaller_enu.exe Gelöscht : C:\Users\***\Downloads\Extras.Txt Gelöscht : C:\Users\***\Downloads\hijackthis.exe Gelöscht : C:\Users\***\Downloads\hijackthis.log Gelöscht : C:\Users\***\Downloads\OTL.Txt Gelöscht : C:\Users\***\Downloads\OTL.exe Gelöscht : HKLM\SOFTWARE\OldTimer Tools Gelöscht : HKLM\SOFTWARE\AdwCleaner Gelöscht : HKLM\SOFTWARE\TrendMicro\Hijackthis ~ Erstelle ein Backup der Registrierungsdatenbank ... OK ~ Lösche die Wiederherstellungspunkte ... Gelöscht : RP #52 [Windows Update | 06/11/2013 10:00:29] Gelöscht : RP #53 [Windows Update | 06/12/2013 08:32:46] Gelöscht : RP #54 [Windows Update | 06/13/2013 10:35:30] Gelöscht : RP #55 [Windows Update | 06/19/2013 15:15:12] Gelöscht : RP #56 [Installed Java 7 Update 25 | 06/25/2013 12:28:05] Gelöscht : RP #57 [Windows Update | 06/25/2013 12:29:46] Gelöscht : RP #58 [Windows Update | 07/10/2013 08:37:00] Gelöscht : RP #59 [Windows Update | 07/10/2013 08:39:10] Ein neuer Wiederherstellungspunkt wurde erstellt ! ~ Stelle die Systemeinstellungen wieder her ... OK ########## - EOF - ########## Generell Software wird nur über die Herstellerseiten bezogen und auch seit Jahren nur noch benutzerdefiniert installiert, nachdem sich andernfalls ja selbst beim simplen Java Update bspw. eine Ask-Toolbar mitinstalliert. Antivieren-Software Verwendet wird Eset Smart Security, ist definitiv immer auf dem aktuellen Stand. Zusätzlicher Schutz Verträgt sich Malwarebytes mit Eset? So wie ich es verstehe ist Malwarebytes ja letztlich auch nichts groß anderes als ein Virenscanner. WinPatrol klingt interessant, werde ich mir die Tage mal ansehen. Browser Seit Jahren verwende ich schon den Firefox. Adblock allerdings aus Prinzip nicht. Viele Websites finanzieren sich über Werbung (mit Sicherheit auch diese) und hier persönlich dann zu filtern, welche Website verdient es, die Werbung anzuzeigen zu dürfen und welche nicht, finde ich schwierig. NoScript ist mir vom Namen her bekannt, allerdings bin ich viel auf Websites mit v.A. Flash unterwegs, womit ich mir nicht sicher bin ob's nicht zuviel "Aufwand" bedeutet. Oder kann man generelle Ausnahmelisten bei NoScript erstellen, sodass auf bestimmten vorgegebenen Websites direkt alles aktiviert ist? Performance Damit hab ich prinzipiell aufgrund der verwendeten Hardware keine Probleme. Es sei denn mit Performance wäre auch Betriebsstabilität gemeint. Der Firefox hängt sich doch dann und wann gerne und oft auf, v.A. das Flash-Plugin. Dont's Mit dem richtigen Handling von eMail Anhängen und Werbebannern usw bin ich vertraut  Die Zeit der illegalen Downloads von Filmen, Software und was weiß ich nicht alles liegt seit ein paar Jahren hinter mir. Damit hab ich mir damals (wirklich offensichtlich) die ein oder andere Windows Installation völlig zerschossen. Aber wie gesagt, seit Jahren wird in der Richtung schon nichts mehr gemacht. Irgendwie war's mit der Zeit dann doch befriedigender die originalen Softwarekartons und DVD-Hüllen, CDs usw im Regal stehen sehen zu können. In dem Zusammenhang gehört auch p2p seit Jahren der Vergangenheit an. Umso verwunderter war ich jetzt eben letztlich, dass ich mir wieder was eingefangen zu haben scheine, weil ich Infektion über dubiose Softwaredownloads oder ähnlichem ausschließen kann. Besten Dank jedenfalls für deine kompetente Hilfe und für deine aufgewendete Zeit! Beste Grüße black-avenge |
|
| Themen zu Seth.Avazutracking.net - Firefox öffnet selbstständig Werbetabs |
| adobe reader xi, bho, error, eset smart security, failed, fehler, firefox, flash player, frage, helper, hängt, iexplore.exe, install.exe, mozilla, neue tabs, neue tabs mit werbung, object, plug-in, programm, realtek, registry, rundll, scan, schädling, security, senden, seth.avazutracking.net, software, svchost.exe, tabs mit werbung, teamspeak, werbetab, werbung, windows |
Linear-Darstellung
