| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Optimizer Pro v3.1 und SpyHunter4Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.07.2013, 19:36
| #1 |
 |  Optimizer Pro v3.1 und SpyHunter4 Hallo! Ich wäre sehr dankbar für Hilfe beim Entfernen der oben genannten Programme. Wie Optimizer den Weg zu mir gefunden hat, weiß ich nicht. Leider bin ich beim Versuch es wieder zu entfernen auch noch SpyHunter aufgesessen. Ich habe bereits die aufgeführten Schritte unternommen. Die Textdateien habe ich beigefügt. Leider bricht der Scan mit GMER mit der Fehlermeldung "Programm funktioniert nicht" ab. defogger: defogger_disable by jpshortstuff (23.02.10.1) Log created at 19:46 on 29/07/2013 (Katja) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- OTL.txt: OTL logfile created on: 7/29/2013 7:48:29 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Katja\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.85 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 54.86% Memory free 7.71 Gb Paging File | 5.85 Gb Available in Paging File | 75.95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 79.00 Gb Total Space | 32.06 Gb Free Space | 40.58% Space Free | Partition Type: NTFS Drive D: | 198.99 Gb Total Space | 104.74 Gb Free Space | 52.64% Space Free | Partition Type: NTFS Computer Name: R540 | User Name: Katja | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/07/29 19:48:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Katja\Desktop\OTL.exe PRC - [2013/07/29 19:46:30 | 000,118,568 | ---- | M] () -- C:\Users\Katja\Qtrax\Player\Notification.exe PRC - [2013/07/05 06:39:34 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\Katja\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013/05/29 12:34:28 | 000,449,248 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe PRC - [2013/05/23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe PRC - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/02/04 18:13:54 | 000,070,832 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe PRC - [2012/11/13 15:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012/11/13 15:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012/11/13 15:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012/11/13 15:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012/11/13 15:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012/07/03 10:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2010/11/20 14:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe PRC - [2010/05/06 08:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2010/04/07 15:40:06 | 000,843,264 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2010/02/10 16:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\SysWOW64\Rezip.exe ========== Modules (No Company Name) ========== MOD - [2013/07/29 19:46:30 | 000,118,568 | ---- | M] () -- C:\Users\Katja\Qtrax\Player\Notification.exe MOD - [2013/07/18 11:26:41 | 000,121,856 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\BabSolution\Shared\NTRedirect.dll MOD - [2013/05/23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe MOD - [2013/05/23 11:09:01 | 002,521,040 | ---- | M] () -- c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll MOD - [2013/05/17 10:51:16 | 000,207,872 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll MOD - [2013/04/12 19:23:30 | 000,612,664 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll MOD - [2013/02/04 18:13:54 | 000,070,832 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe MOD - [2013/01/09 13:11:40 | 000,599,040 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll MOD - [2012/11/13 15:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012/11/13 15:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012/11/13 15:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012/11/13 15:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012/11/13 15:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012/04/30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll MOD - [2011/07/07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll MOD - [2010/01/11 16:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/06/20 20:33:08 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2013/06/20 20:33:08 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2011/11/21 16:10:10 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2010/05/05 08:15:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013/06/27 23:46:34 | 001,025,408 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE -- (SpyHunter 4 Service) SRV - [2013/06/18 16:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/05/23 11:09:59 | 002,827,728 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert) SRV - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/02/04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011/11/27 21:18:34 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2011/11/21 16:12:56 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011/11/21 16:10:04 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/08/01 20:27:04 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2012/08/01 20:27:04 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2012/06/22 12:01:32 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/12/13 04:32:22 | 002,797,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/02 18:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/05/05 08:47:10 | 006,789,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010/05/05 08:47:10 | 006,789,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010/05/05 07:23:26 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/04/01 02:25:14 | 000,136,192 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010/03/31 02:35:26 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV:64bit: - [2010/02/27 02:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010/01/29 09:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009/09/28 11:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/08/05 23:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2010/09/28 13:41:51 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport) DRV - [2010/02/24 14:41:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=D84318F46A2DA618&affID=119357&tsp=4958 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=D84318F46A2DA618&affID=119357&tsp=4958 IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=D84318F46A2DA618&affID=119357&tsp=4958 IE - HKCU\..\SearchScopes\{14B6CE37-24FF-43A9-8DD6-5A0564FCDA37}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.order.1: "Delta Search" FF - prefs.js..browser.search.selectedEngine: "Delta Search" FF - prefs.js..browser.startup.homepage: "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=D84318F46A2DA618&affID=119357&tsp=4958" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lyrix@lyrixeeker.co: C:\Program Files (x86)\LyriXeeker\125.xpi [2013/07/29 19:42:18 | 000,009,338 | ---- | M] () [2013/07/25 21:46:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katja\AppData\Roaming\mozilla\Extensions [2013/07/25 21:41:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\extensions [2013/07/29 19:42:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\97jrqk9f.default\extensions [2013/07/26 06:43:34 | 000,000,000 | ---D | M] ("Plus-HD-2.2") -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\97jrqk9f.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com [2013/07/29 19:42:38 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\97jrqk9f.default\extensions\ffxtlbr@delta.com [2013/07/26 06:43:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\97jrqk9f.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\extensionCode [2013/07/25 21:46:54 | 000,223,750 | ---- | M] () (No name found) -- C:\Users\Katja\AppData\Roaming\mozilla\firefox\profiles\97jrqk9f.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2013/06/30 10:44:04 | 000,239,491 | ---- | M] () (No name found) -- C:\Users\Katja\AppData\Roaming\mozilla\firefox\profiles\extensions\trtv3@trtv.com.xpi [2013/07/29 19:42:25 | 000,006,507 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\mozilla\firefox\profiles\97jrqk9f.default\searchplugins\babylon.xml [2013/07/29 19:42:25 | 000,006,507 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\mozilla\firefox\profiles\97jrqk9f.default\searchplugins\BrowserDefender.xml [2013/07/29 19:42:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013/07/29 19:42:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com [2013/07/25 21:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013/07/25 21:43:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013/07/18 06:53:36 | 000,447,225 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15354 more lines... O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (Plus-HD-2.2) - {11111111-1111-1111-1111-110311301136} - C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho.dll (Plus HD) O2 - BHO: (LyricXeeker) - {17E58097-6CA5-448B-830F-2A19678248FB} - C:\Program Files (x86)\LyriXeeker\125.dll (LyriXeeker Tech) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll (Delta-search.com) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.22.0\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [NTRedirect] C:\Users\Katja\AppData\Roaming\BabSolution\Shared\NTRedirect.dll () O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro) O4 - HKCU..\Run: [QtraxNotification] C:\Users\Katja\Qtrax\Player\Notification.exe () O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKCU..\Run: [Spotify] C:\Users\Katja\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Katja\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKLM..\RunOnce: [Del5678841] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [Del5678841] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [Qtrax] C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe 3786119762.portal.qtrax.com File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.11.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B9DEB0F-3E87-4A00-83DC-C82E0AEE1DD6}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C60DE602-45B1-48F4-A158-C236BA4AC340}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O20 - AppInit_DLLs: (c:\progra~3\browse~2\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exeC:\Users\Katja\AppData\Roaming\appconf32.exe) - File not found O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013/07/29 18:51:45 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6bca24a9-dbec-11e1-9f80-002454cde5ec}\Shell - "" = AutoRun O33 - MountPoints2\{6bca24a9-dbec-11e1-9f80-002454cde5ec}\Shell\AutoRun\command - "" = F:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/07/29 19:47:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Katja\Desktop\OTL.exe [2013/07/29 19:46:25 | 000,000,000 | ---D | C] -- C:\Users\Katja\Qtrax [2013/07/29 19:42:46 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Roaming\Zip Opener Packages [2013/07/29 19:42:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyriXeeker [2013/07/29 19:42:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open It! [2013/07/29 19:42:14 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Roaming\DigitalSite [2013/07/29 19:42:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenIt [2013/07/29 18:51:19 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2013/07/29 18:51:15 | 000,000,000 | ---D | C] -- C:\sh4ldr [2013/07/29 18:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013/07/25 21:47:28 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Roaming\Optimizer Pro [2013/07/25 21:47:07 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Local\Macromedia [2013/07/25 21:46:16 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Local\Mozilla [2013/07/25 21:44:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013/07/25 21:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013/07/25 21:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro [2013/07/25 21:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta [2013/07/25 21:42:09 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender [2013/07/25 21:42:08 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Roaming\BabSolution [2013/07/25 21:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender [2013/07/25 21:41:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro [2013/07/25 21:41:42 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Roaming\Babylon [2013/07/25 21:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013/07/24 21:21:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2013/07/24 21:07:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plus-HD-2.2 [2013/07/24 21:05:25 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Roaming\Mozilla [2013/07/24 21:05:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TornTV.com [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Katja\AppData\Roaming\*.tmp files -> C:\Users\Katja\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/07/29 19:48:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Katja\Desktop\OTL.exe [2013/07/29 19:46:02 | 000,000,000 | ---- | M] () -- C:\Users\Katja\defogger_reenable [2013/07/29 19:42:14 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\DigitalSite.job [2013/07/29 18:51:45 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2013/07/29 18:15:14 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/29 18:15:14 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/07/29 18:08:35 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\LyricXeeker Update.job [2013/07/29 18:08:20 | 000,001,194 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.2-updater.job [2013/07/29 18:08:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.2-enabler.job [2013/07/29 18:08:11 | 000,001,830 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.2-firefoxinstaller.job [2013/07/29 18:08:11 | 000,001,198 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.2-codedownloader.job [2013/07/29 18:07:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/07/29 18:07:51 | 4137,861,120 | -HS- | M] () -- C:\hiberfil.sys [2013/07/25 23:10:46 | 329,629,916 | ---- | M] () -- C:\Users\Katja\Desktop\Zeitgeist Stammheim - Dokumentation Techno Club Stammheim.flv [2013/07/25 22:30:49 | 851,542,250 | ---- | M] () -- C:\Users\Katja\Desktop\Zeitgeist Stammheim - Dokumentation Techno Club Stammheim.mp4 [2013/07/24 21:28:19 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/07/24 21:20:04 | 001,520,734 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/07/24 21:20:04 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/07/24 21:20:04 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/07/24 21:20:04 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/07/24 21:20:04 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/07/24 11:59:42 | 000,223,750 | ---- | M] () -- C:\Program Files (x86)\easy_youtube_video_downloader-6.9-fx-windows.xpi [2013/07/19 06:43:05 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/07/19 06:43:05 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/07/18 06:53:36 | 000,447,225 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Katja\AppData\Roaming\*.tmp files -> C:\Users\Katja\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/07/29 19:46:02 | 000,000,000 | ---- | C] () -- C:\Users\Katja\defogger_reenable [2013/07/29 19:42:18 | 000,002,387 | ---- | C] () -- C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk [2013/07/29 19:42:14 | 000,000,292 | ---- | C] () -- C:\Windows\tasks\DigitalSite.job [2013/07/29 18:51:45 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2013/07/29 18:51:23 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys [2013/07/25 21:53:26 | 329,629,916 | ---- | C] () -- C:\Users\Katja\Desktop\Zeitgeist Stammheim - Dokumentation Techno Club Stammheim.flv [2013/07/25 21:51:40 | 851,542,250 | ---- | C] () -- C:\Users\Katja\Desktop\Zeitgeist Stammheim - Dokumentation Techno Club Stammheim.mp4 [2013/07/25 21:45:19 | 000,223,750 | ---- | C] () -- C:\Program Files (x86)\easy_youtube_video_downloader-6.9-fx-windows.xpi [2013/07/25 21:44:16 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013/07/25 21:41:43 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\LyricXeeker Update.job [2013/07/24 21:07:59 | 000,001,194 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.2-updater.job [2013/07/24 21:07:56 | 000,001,098 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.2-enabler.job [2013/07/24 21:07:51 | 000,001,198 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.2-codedownloader.job [2013/07/24 21:07:40 | 000,001,830 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.2-firefoxinstaller.job [2013/05/01 11:13:07 | 000,000,296 | ---- | C] () -- C:\Windows\wininit.ini [2012/12/16 16:07:15 | 000,007,626 | ---- | C] () -- C:\Users\Katja\AppData\Local\Resmon.ResmonCfg [2012/01/24 20:53:20 | 000,000,016 | ---- | C] () -- C:\Users\Katja\AppData\Roaming\blckdom.res [2012/01/02 18:34:27 | 000,002,019 | ---- | C] () -- C:\Program Files\Adobe Reader X.lnk [2011/12/05 21:13:09 | 000,001,953 | ---- | C] () -- C:\Program Files\CDBurnerXP.lnk [2011/12/05 19:27:20 | 000,001,074 | ---- | C] () -- C:\Program Files\Exact Audio Copy.lnk [2011/08/23 21:55:36 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2011/08/23 18:34:31 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:373E1720 < End of report > Extra.txt: OTL Extras logfile created on: 7/29/2013 7:48:29 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Katja\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.85 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 54.86% Memory free 7.71 Gb Paging File | 5.85 Gb Available in Paging File | 75.95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 79.00 Gb Total Space | 32.06 Gb Free Space | 40.58% Space Free | Partition Type: NTFS Drive D: | 198.99 Gb Total Space | 104.74 Gb Free Space | 52.64% Space Free | Partition Type: NTFS Computer Name: R540 | User Name: Katja | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01916D2F-5A53-4C42-84D6-8D1406D4BACE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{05653917-6364-4E03-AD6F-0334F55BD3C0}" = lport=137 | protocol=17 | dir=in | app=system | "{0B3091A7-EC37-4570-8A40-45EFFF152A29}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{24EF2207-ADE3-4635-B4BC-851AEFBFE1A3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2AF358EE-954A-46D0-9940-6D8A23EAE1E1}" = rport=445 | protocol=6 | dir=out | app=system | "{3D8A8903-7520-4EE8-B3D0-C1078BF948B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{65DE1AC9-37E6-483D-BA3D-B733528D31DD}" = rport=139 | protocol=6 | dir=out | app=system | "{6891CF6B-224D-451F-B616-5D77FEB8AB6A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{75C5670F-B6DB-44A6-8DFA-B2B71D7A6348}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8A612414-687B-4FD2-B2CF-6C6E75957F55}" = lport=139 | protocol=6 | dir=in | app=system | "{8BDBD145-3992-4FC2-AEBE-9220D1EA9BD1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A561E455-E7AD-47EF-8303-AAA219B2582E}" = lport=2869 | protocol=6 | dir=in | app=system | "{A773C91D-E23C-49A5-A070-DEEFC77E5CA7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AD281432-B033-44C1-A697-359D437BBDE7}" = lport=138 | protocol=17 | dir=in | app=system | "{B39F758F-3FB2-4949-91F2-8610E3B5DDFF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C4B0CCFD-96DB-4488-9888-D37EEEC43A22}" = lport=10243 | protocol=6 | dir=in | app=system | "{D00A39F1-10FE-4308-BD35-AEFF06007136}" = rport=10243 | protocol=6 | dir=out | app=system | "{D313AE16-7F22-488F-8CBD-8176B979E8F8}" = lport=445 | protocol=6 | dir=in | app=system | "{E0EDBD07-4E94-419A-92BD-E1E562FC7A9D}" = rport=138 | protocol=17 | dir=out | app=system | "{E411663B-BC3E-42E4-AD9B-FE3EDE68237E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F0FA784F-B08F-4F4C-B535-7B728982C46F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{F626750C-259B-4911-8398-92BB925B419E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F81C95E5-80AB-4A5F-AC6D-25E9036EA5C2}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03E60912-B5A5-4EB9-B327-87FB8F031AD3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{04003769-F948-4F1A-9835-9263B673CDEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{077261CB-CB1B-4369-AC02-35B0FA0C8106}" = protocol=17 | dir=in | app=c:\users\katja\appdata\roaming\spotify\spotify.exe | "{1F87321E-5B2A-472E-8A60-07922A8FA7C2}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{2675A25A-06CE-4F31-BB93-0784ED422F79}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3059F974-4A92-4F5B-92DE-77213E97B4CD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{3276D959-7E18-43D5-9724-8D0CC8AC1A75}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{34C739C1-3636-4D6D-82A2-DFD2A9EB697E}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{3D0650E9-E11E-42B5-A813-E1B56B78E0AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3E954C78-9DA9-4CE2-8F37-6FC27D929BCD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4350FA70-5803-4B4F-84F8-245C4365E00D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{46D8FE35-201E-4AD9-9FFA-5AD8608BA700}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{4B981E0D-8426-443F-A951-8A0223F7817D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5C4FF3BF-8095-4BB8-9F11-681073D0163F}" = protocol=17 | dir=in | app=c:\users\katja\appdata\roaming\spotify\spotify.exe | "{6BB68775-90A2-47A3-BE54-E77DF9A8DC02}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{75BC9A9F-DB27-44E6-938B-3A9567E01372}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{763E2F8D-EEEB-4C13-84AA-9335B7DA3276}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{7A79BFFC-DDE2-41A2-9D73-BD4EEA062F8D}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{7BA1B0F0-2BF6-4222-82AB-809533BBF640}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{8C298F23-1440-4517-A974-825695302B3B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{8E3A3D60-9ED2-4685-A560-59456C31D35B}" = protocol=6 | dir=in | app=c:\users\katja\appdata\roaming\spotify\spotify.exe | "{8F1C0348-F913-4A40-A49B-A82FBD8BFCF0}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | "{91814185-1339-4549-AACA-E1BA214CFC97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{927367FF-AE0F-4626-8B32-1E4F7CB516DE}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | "{BA5E400D-79F4-432F-91B9-41717AB19010}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BB2FDF3C-15FC-4DF5-A23C-F9533E397013}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | "{BE639805-2A93-4222-A973-B8A6D9108A4D}" = protocol=6 | dir=in | app=c:\users\katja\appdata\roaming\spotify\spotify.exe | "{C120324E-5F4D-48F3-8C7C-07499DC5E137}" = protocol=6 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe | "{C4AB460A-6C33-4E20-936E-6EF2732200B7}" = protocol=6 | dir=out | app=system | "{C4B20C22-B8B8-44A9-A787-7A89CC9C9415}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C67D682E-EA79-4A07-8F5B-F86A767E1E5E}" = protocol=17 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe | "{C837EDE1-77C0-4467-82D4-8044A1B80C99}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D8FF262B-8856-4B96-9E37-EDB58A444C70}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | "{E46661AA-6BC9-4F12-8ABD-602A869D0419}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E7FAD47B-3C7B-41FE-8192-AE93147C545E}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{E9FF8EF0-0A85-46FF-A6B3-A7201B123328}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F829CFB1-6AAE-4E77-8257-E0822E4EAEDB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{FF85EE39-EC28-4BFD-9431-53BD3EB2F65B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | "TCP Query User{A8625FAA-B90E-4495-9F65-12176DE0FFAB}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{F4AD31A6-200D-45F5-8251-2E1DA4D03D07}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "UDP Query User{3476DB82-5375-4D9D-AC5E-812B838F9E4F}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "UDP Query User{BC769360-B639-40CC-93AC-E805C37B0348}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{27726449-83B8-428D-92DE-101346C1E15C}" = Microsoft Security Client "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}" = SpyHunter "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F82D3110-2996-B896-9ADC-394C18071095}" = ccc-utility64 "{F8FEEFC0-D7D6-9A40-28E9-1E7A6716E803}" = ATI Catalyst Install Manager "Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter "Elantech" = ETDWare PS/2-x64 7.0.7.0_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "WinRAR archiver" = WinRAR 4.01 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{058E7BC0-15C3-D5F6-FD8D-34E4B44E4F82}" = CCC Help Thai "{065DBB54-6E55-A609-2E1E-F0617E827D53}" = Media Go Video Playback Engine 1.96.111.08260 "{085C9E07-E122-DECF-350D-5CB3594EC54D}" = Catalyst Control Center Graphics Previews Common "{08B67A13-8501-48CB-B747-9D413BDC4594}" = BatteryLifeExtender "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{0F796312-289C-40CA-856C-9FBCF5E83342}" = REALTEK Wireless LAN Software "{11A5DA06-82B8-B47C-B6A9-6BFA8008108C}" = CCC Help Dutch "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4 "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserDefender "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11 "{283EFC5E-041A-4AC7-8824-2F33695EBC11}" = CCC Help Korean "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2D4E3A20-01D9-713F-2CD5-15FBD9312F28}" = CCC Help Chinese Traditional "{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share "{31CABF76-F113-30F6-1BF1-19CA660C72B4}" = CCC Help Finnish "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{43609114-F9B7-48AA-BAAC-F320BB5E88DD}" = CCC Help Spanish "{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager "{4A87034C-621A-DAC1-D7C3-FB9102A453D4}" = CCC Help Japanese "{4FBB6BFD-774C-E86B-84E6-23C08FD76C0C}" = Catalyst Control Center Graphics Light "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6BCE77FA-82A3-E502-0956-AA9AE0E169D0}" = CCC Help English "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{78FDD286-2C51-17B5-22BC-DA769D237E1A}" = CCC Help Swedish "{79B0F7B2-31BD-D377-CCA2-F647601283C0}" = CCC Help Polish "{7A6C3344-5CF9-4B83-959C-6576C5B27D09}" = Media Go "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{80059A57-F141-5556-7FA2-CD97EB8A05F9}" = CCC Help Danish "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{983D01A7-FD14-5F70-9A46-3DBE1C0A3FFF}" = Catalyst Control Center InstallProxy "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C51C947-7E8D-3EEB-6087-276446E4914C}" = CCC Help Hungarian "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch "{B1FA9E3F-86F3-136A-84DA-809A40458243}" = CCC Help Russian "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader "{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding "{B7FB9C80-A61F-6BFE-7F93-C493AC3F9E91}" = CCC Help Turkish "{B91B9BD2-C3D1-2632-26C9-170EB39CADAC}" = CCC Help Greek "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{BD8D4FE1-8E1D-2D41-ED33-3E2B64ED3AF3}" = CCC Help Chinese Standard "{C28CE716-3F07-528A-6CC8-FDF2865BCAAF}" = ccc-core-static "{C4582EED-A3FB-4358-8F3F-8C994460DF28}" = EasyFileShare "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C9F9C082-A19F-9672-4F78-CC93F363A07D}" = CCC Help Norwegian "{CEF185AA-392D-82EF-339B-F36547C0D9F8}" = Catalyst Control Center Core Implementation "{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program "{D1886477-86CD-8365-CE96-42AD6F950ED0}" = CCC Help Italian "{D1FAD629-67C3-B9D5-FD06-73A4EF76528A}" = CCC Help Portuguese "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{D53D7F78-94AC-CE27-199E-5F509437C7E6}" = Catalyst Control Center Graphics Previews Vista "{D55BE2BD-14D6-E8AA-A1C0-519C50E28EB2}" = Catalyst Control Center Graphics Full Existing "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E91CD838-0ED0-0BCD-ECAF-1A089F1A27E5}" = CCC Help Czech "{EF1E3D76-6F52-3F63-6848-346ACD86096D}" = CCC Help German "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.165 "{F0B13553-B3CA-76A9-182A-9E352F4EB749}" = Catalyst Control Center Graphics Full New "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6340C10-589F-7D1E-1819-2F8CF6247505}" = CCC Help French "{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center "{F771F1D4-EDD4-4D68-82DC-811583C099CD}" = Easy Network Manager "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FFE45CD9-4070-78E3-5794-8575B389336E}" = Catalyst Control Center Localization All "Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "delta" = Delta toolbar "Delta Chrome Toolbar" = Delta Chrome Toolbar "Diablo III" = Diablo III "ElsterFormular" = ElsterFormular "Exact Audio Copy" = Exact Audio Copy 1.0beta3 "Kobo" = Kobo "lyrix@lyrixeeker.co" = LyricXeeker "Marvell Miniport Driver" = Marvell Miniport Driver "Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "OpenIt Open It!" = Open It! "Opera 12.16.1860" = Opera 12.16 "Optimizer Pro_is1" = Optimizer Pro v3.1 "Plus-HD-2.2" = Plus-HD-2.2 "TuneUp Utilities" = TuneUp Utilities "Update Engine" = Sony Ericsson Update Engine "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "3786119762.portal.qtrax.com" = Qtrax Player "DigitalSite" = Update for Zip Opener "Qtrax Connection Manager" = Qtrax Connection Manager "Spotify" = Spotify "Zip Opener Packages" = Zip Opener Packages ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 4/11/2013 6:52:35 AM | Computer Name = R540 | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 4/15/2013 3:00:33 PM | Computer Name = R540 | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\messenger\wlcsdk.exe". Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 4/15/2013 3:00:33 PM | Computer Name = R540 | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 4/29/2013 3:00:37 PM | Computer Name = R540 | Source = System Restore | ID = 8193 Description = Error - 5/15/2013 12:42:35 PM | Computer Name = R540 | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\messenger\wlcsdk.exe". Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 5/15/2013 12:42:35 PM | Computer Name = R540 | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 5/22/2013 12:36:00 PM | Computer Name = R540 | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\messenger\wlcsdk.exe". Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 5/22/2013 12:36:00 PM | Computer Name = R540 | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 6/20/2013 12:20:57 PM | Computer Name = R540 | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\messenger\wlcsdk.exe". Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 6/20/2013 12:20:57 PM | Computer Name = R540 | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. [ Media Center Events ] Error - 12/23/2011 1:06:31 PM | Computer Name = R540 | Source = MCUpdate | ID = 0 Description = 18:06:31 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.) Error - 1/1/2012 9:30:48 AM | Computer Name = R540 | Source = MCUpdate | ID = 0 Description = 14:30:48 - Fehler beim Herstellen der Internetverbindung. 14:30:48 - Serververbindung konnte nicht hergestellt werden.. Error - 1/1/2012 9:38:09 AM | Computer Name = R540 | Source = MCUpdate | ID = 0 Description = 14:36:57 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..) [ System Events ] Error - 7/25/2013 11:19:20 AM | Computer Name = R540 | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 7/25/2013 12:29:57 PM | Computer Name = R540 | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 7/25/2013 4:19:36 PM | Computer Name = R540 | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 7/25/2013 4:46:29 PM | Computer Name = R540 | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 7/25/2013 4:46:43 PM | Computer Name = R540 | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 7/25/2013 5:00:49 PM | Computer Name = R540 | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 7/25/2013 5:12:46 PM | Computer Name = R540 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 10 für Windows 7 für x64-basierte Systeme Error - 7/26/2013 12:46:47 AM | Computer Name = R540 | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 7/29/2013 12:11:16 PM | Computer Name = R540 | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 7/29/2013 12:13:50 PM | Computer Name = R540 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 10 für Windows 7 für x64-basierte Systeme < End of report > Da dies mein erster Beitrag hier ist, hoffe ich alles richtig gemacht zu haben. |
|
29.07.2013, 20:12
| #2 |
| /// the machine /// TB-Ausbilder    | Optimizer Pro v3.1 und SpyHunter4 hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
29.07.2013, 20:22
| #3 |
| | Optimizer Pro v3.1 und SpyHunter4 Hier die Dateien.
__________________FRST-Editor: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 01
Ran by Katja (administrator) on 29-07-2013 21:19:34
Running from C:\Users\Katja\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
() C:\Windows\SysWOW64\Rezip.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Spotify Ltd) C:\Users\Katja\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Enigma Software Group USA, LLC.) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-07] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [2703752 2010-03-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM-x32\...\Runonce: [Del5678841] - cmd.exe /Q /D /c del "C:\Users\Katja\AppData\Local\Temp\0.del" [x]
HKLM-x32\...\Winlogon: [Userinit] userinit.exeC:\Users\Katja\AppData\Roaming\appconf32.exe, [x]
HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKCU\...\Run: [Spotify] - C:\Users\Katja\AppData\Roaming\Spotify\Spotify.exe [4640768 2013-07-05] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Katja\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-05] (Spotify Ltd)
HKCU\...\Run: [NTRedirect] - C:\Windows\SysWOW64\rundll32.exe [44544 2009-07-14] (Microsoft Corporation) <===== ATTENTION
HKCU\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135672 2013-06-07] (PC Utilities Pro)
HKCU\...\Runonce: [Del5678841] - cmd.exe /Q /D /c del "C:\Users\Katja\AppData\Local\Temp\0.del" [x]
HKCU\...\RunOnce: [Qtrax] - C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe 3786119762.portal.qtrax.com [387224 2013-05-13] (Microsoft Corporation)
MountPoints2: {6bca24a9-dbec-11e1-9f80-002454cde5ec} - F:\Startme.exe
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
AppInit_DLLs: [0 ] ()
AppInit_DLLs-x32: c:\progra~3\browse~2\261339~1.144\{c16c1~1\browse~1.dll [2521040 2013-05-23] ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=D84318F46A2DA618&affID=119357&tsp=4958
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=D84318F46A2DA618&affID=119357&tsp=4958
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=D84318F46A2DA618&affID=119357&tsp=4958
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=D84318F46A2DA618&affID=119357&tsp=4958
SearchScopes: HKCU - {14B6CE37-24FF-43A9-8DD6-5A0564FCDA37} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO-x32: Plus-HD-2.2 - {11111111-1111-1111-1111-110311301136} - C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho.dll (Plus HD)
BHO-x32: LyricXeeker - {17E58097-6CA5-448B-830F-2A19678248FB} - C:\Program Files (x86)\LyriXeeker\125.dll (LyriXeeker Tech)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll (Delta-search.com)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKLM-x32 - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.22.0\deltaTlbr.dll (Delta-search.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{C60DE602-45B1-48F4-A158-C236BA4AC340}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FireFox:
========
FF ProfilePath: C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\97jrqk9f.default
FF user.js: detected! => C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\97jrqk9f.default\user.js
FF NewTab: hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=D84318F46A2DA618&affID=119357&tsp=4958
FF SelectedSearchEngine: Delta Search
FF Homepage: hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=D84318F46A2DA618&affID=119357&tsp=4958
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\97jrqk9f.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\97jrqk9f.default\searchplugins\BrowserDefender.xml
FF Extension: No Name - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\97jrqk9f.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
FF Extension: Delta Toolbar - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\97jrqk9f.default\Extensions\ffxtlbr@delta.com
FF Extension: No Name - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\97jrqk9f.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: trtv3 - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi
FF Extension: No Name - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\profiles\extensions\user.js
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] C:\Program Files (x86)\LyriXeeker\125.xpi
FF Extension: No Name - C:\Program Files (x86)\LyriXeeker\125.xpi
==================== Services (Whitelisted) =================
R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728 2013-05-23] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1025408 2013-06-27] (Enigma Software Group USA, LLC.)
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2011-11-27] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software)
==================== Drivers (Whitelisted) ====================
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-09-28] (Windows (R) 2003 DDK 3790 provider)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-09-28] (Windows (R) 2003 DDK 3790 provider)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-24] (TuneUp Software)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
U3 pxldrpog; \??\C:\Users\Katja\AppData\Local\Temp\pxldrpog.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-29 21:19 - 2013-07-29 21:19 - 01780715 _____ (Farbar) C:\Users\Katja\Desktop\FRST64.exe
2013-07-29 21:19 - 2013-07-29 21:19 - 00000000 ____D C:\FRST
2013-07-29 20:42 - 2013-07-29 20:42 - 00000056 _____ C:\Users\Katja\AppData\Roaming\WB.CFG
2013-07-29 20:42 - 2013-07-29 20:42 - 00000005 _____ C:\Users\Katja\AppData\Roaming\WBPU-TTL.DAT
2013-07-29 20:03 - 2013-07-29 20:03 - 00377856 _____ C:\Users\Katja\Desktop\gmer_2.1.19163.exe
2013-07-29 19:56 - 2013-07-29 19:56 - 00065172 _____ C:\Users\Katja\Desktop\Extras.Txt
2013-07-29 19:53 - 2013-07-29 19:53 - 00079972 _____ C:\Users\Katja\Desktop\OTL.Txt
2013-07-29 19:47 - 2013-07-29 19:48 - 00602112 _____ (OldTimer Tools) C:\Users\Katja\Desktop\OTL.exe
2013-07-29 19:46 - 2013-07-29 19:46 - 00000472 _____ C:\Users\Katja\Desktop\defogger_disable.log
2013-07-29 19:46 - 2013-07-29 19:46 - 00000000 ____D C:\Users\Katja\Qtrax
2013-07-29 19:46 - 2013-07-29 19:46 - 00000000 _____ C:\Users\Katja\defogger_reenable
2013-07-29 19:42 - 2013-07-29 20:42 - 00000292 _____ C:\Windows\Tasks\DigitalSite.job
2013-07-29 19:42 - 2013-07-29 19:42 - 00003792 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-07-29 19:42 - 2013-07-29 19:42 - 00003224 _____ C:\Windows\System32\Tasks\DigitalSite
2013-07-29 19:42 - 2013-07-29 19:42 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Zip Opener Packages
2013-07-29 19:42 - 2013-07-29 19:42 - 00000000 ____D C:\Users\Katja\AppData\Roaming\DigitalSite
2013-07-29 19:42 - 2013-07-29 19:42 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-07-29 19:42 - 2013-07-29 19:42 - 00000000 ____D C:\Program Files (x86)\LyriXeeker
2013-07-29 18:51 - 2013-07-29 18:51 - 00003318 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 ____D C:\sh4ldr
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 _____ C:\autoexec.bat
2013-07-29 18:51 - 2012-06-22 12:01 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2013-07-29 18:50 - 2013-07-29 18:51 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-25 21:53 - 2013-07-25 23:10 - 329629916 _____ C:\Users\Katja\Desktop\Zeitgeist Stammheim - Dokumentation Techno Club Stammheim.flv
2013-07-25 21:51 - 2013-07-25 22:30 - 851542250 _____ C:\Users\Katja\Desktop\Zeitgeist Stammheim - Dokumentation Techno Club Stammheim.mp4
2013-07-25 21:47 - 2013-07-25 21:47 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Optimizer Pro
2013-07-25 21:47 - 2013-07-25 21:47 - 00000000 ____D C:\Users\Katja\AppData\Local\Macromedia
2013-07-25 21:46 - 2013-07-25 21:46 - 00000000 ____D C:\Users\Katja\AppData\Local\Mozilla
2013-07-25 21:45 - 2013-07-24 11:59 - 00223750 _____ C:\Program Files (x86)\easy_youtube_video_downloader-6.9-fx-windows.xpi
2013-07-25 21:44 - 2013-07-25 21:44 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-25 21:44 - 2013-07-25 21:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-25 21:42 - 2013-07-25 21:42 - 00003380 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-25 21:42 - 2013-07-25 21:42 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-07-25 21:42 - 2013-07-25 21:42 - 00000000 ____D C:\Users\Katja\AppData\Roaming\BabSolution
2013-07-25 21:42 - 2013-07-25 21:42 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-25 21:42 - 2013-07-25 21:42 - 00000000 ____D C:\Program Files (x86)\Delta
2013-07-25 21:41 - 2013-07-29 18:08 - 00000388 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-07-25 21:41 - 2013-07-25 21:42 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-07-25 21:41 - 2013-07-25 21:41 - 21840856 _____ (Mozilla) C:\Users\Katja\Downloads\Firefox_Setup.exe
2013-07-25 21:41 - 2013-07-25 21:41 - 00003036 _____ C:\Windows\System32\Tasks\LyricXeeker Update
2013-07-25 21:41 - 2013-07-25 21:41 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Babylon
2013-07-25 21:41 - 2013-07-25 21:41 - 00000000 ____D C:\ProgramData\Babylon
2013-07-24 21:21 - 2013-07-24 21:23 - 00000000 ____D C:\Windows\system32\MRT
2013-07-24 21:08 - 2013-07-24 21:08 - 00004224 _____ C:\Windows\System32\Tasks\Plus-HD-2.2-updater
2013-07-24 21:07 - 2013-07-29 21:08 - 00001194 _____ C:\Windows\Tasks\Plus-HD-2.2-updater.job
2013-07-24 21:07 - 2013-07-29 21:07 - 00001830 _____ C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
2013-07-24 21:07 - 2013-07-29 21:07 - 00001198 _____ C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job
2013-07-24 21:07 - 2013-07-29 21:07 - 00001098 _____ C:\Windows\Tasks\Plus-HD-2.2-enabler.job
2013-07-24 21:07 - 2013-07-24 21:08 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.2
2013-07-24 21:07 - 2013-07-24 21:07 - 00004228 _____ C:\Windows\System32\Tasks\Plus-HD-2.2-codedownloader
2013-07-24 21:07 - 2013-07-24 21:07 - 00004128 _____ C:\Windows\System32\Tasks\Plus-HD-2.2-enabler
2013-07-24 21:05 - 2013-07-25 21:46 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Mozilla
2013-07-24 21:05 - 2013-07-24 21:13 - 00000000 ____D C:\Program Files (x86)\TornTV.com
2013-07-18 06:53 - 2013-03-12 19:23 - 00445034 ____R C:\Windows\system32\Drivers\etc\hosts.20130718-065336.backup
==================== One Month Modified Files and Folders =======
2013-07-29 21:19 - 2013-07-29 21:19 - 00000000 ____D C:\FRST
2013-07-29 21:08 - 2013-07-24 21:07 - 00001194 _____ C:\Windows\Tasks\Plus-HD-2.2-updater.job
2013-07-29 21:07 - 2013-07-24 21:07 - 00001830 _____ C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
2013-07-29 21:07 - 2013-07-24 21:07 - 00001198 _____ C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job
2013-07-29 21:07 - 2013-07-24 21:07 - 00001098 _____ C:\Windows\Tasks\Plus-HD-2.2-enabler.job
2013-07-29 20:42 - 2013-07-29 20:42 - 00000056 _____ C:\Users\Katja\AppData\Roaming\WB.CFG
2013-07-29 20:42 - 2013-07-29 20:42 - 00000005 _____ C:\Users\Katja\AppData\Roaming\WBPU-TTL.DAT
2013-07-29 20:42 - 2013-07-29 19:42 - 00000292 _____ C:\Windows\Tasks\DigitalSite.job
2013-07-29 20:03 - 2013-07-29 20:03 - 00377856 _____ C:\Users\Katja\Desktop\gmer_2.1.19163.exe
2013-07-29 19:56 - 2013-07-29 19:56 - 00065172 _____ C:\Users\Katja\Desktop\Extras.Txt
2013-07-29 19:53 - 2013-07-29 19:53 - 00079972 _____ C:\Users\Katja\Desktop\OTL.Txt
2013-07-29 19:48 - 2013-07-29 19:47 - 00602112 _____ (OldTimer Tools) C:\Users\Katja\Desktop\OTL.exe
2013-07-29 19:46 - 2013-07-29 19:46 - 00000472 _____ C:\Users\Katja\Desktop\defogger_disable.log
2013-07-29 19:46 - 2013-07-29 19:46 - 00000000 ____D C:\Users\Katja\Qtrax
2013-07-29 19:46 - 2013-07-29 19:46 - 00000000 _____ C:\Users\Katja\defogger_reenable
2013-07-29 19:46 - 2011-08-23 21:52 - 00000000 ____D C:\Users\Katja
2013-07-29 19:42 - 2013-07-29 19:42 - 00003792 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-07-29 19:42 - 2013-07-29 19:42 - 00003224 _____ C:\Windows\System32\Tasks\DigitalSite
2013-07-29 19:42 - 2013-07-29 19:42 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Zip Opener Packages
2013-07-29 19:42 - 2013-07-29 19:42 - 00000000 ____D C:\Users\Katja\AppData\Roaming\DigitalSite
2013-07-29 19:42 - 2013-07-29 19:42 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-07-29 19:42 - 2013-07-29 19:42 - 00000000 ____D C:\Program Files (x86)\LyriXeeker
2013-07-29 19:41 - 2013-04-24 20:23 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Spotify
2013-07-29 19:18 - 2010-06-01 03:03 - 01493697 _____ C:\Windows\WindowsUpdate.log
2013-07-29 18:51 - 2013-07-29 18:51 - 00003318 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 ____D C:\sh4ldr
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 _____ C:\autoexec.bat
2013-07-29 18:51 - 2013-07-29 18:50 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-29 18:15 - 2009-07-14 06:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-29 18:15 - 2009-07-14 06:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-29 18:13 - 2013-04-14 21:53 - 00123262 _____ C:\Windows\IE10_main.log
2013-07-29 18:08 - 2013-07-25 21:41 - 00000388 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-07-29 18:08 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-29 18:07 - 2013-05-01 18:36 - 00009710 _____ C:\Windows\setupact.log
2013-07-26 06:43 - 2011-12-05 21:13 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2013-07-26 06:43 - 2011-08-28 20:40 - 00154412 _____ C:\Windows\PFRO.log
2013-07-25 23:10 - 2013-07-25 21:53 - 329629916 _____ C:\Users\Katja\Desktop\Zeitgeist Stammheim - Dokumentation Techno Club Stammheim.flv
2013-07-25 22:30 - 2013-07-25 21:51 - 851542250 _____ C:\Users\Katja\Desktop\Zeitgeist Stammheim - Dokumentation Techno Club Stammheim.mp4
2013-07-25 21:47 - 2013-07-25 21:47 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Optimizer Pro
2013-07-25 21:47 - 2013-07-25 21:47 - 00000000 ____D C:\Users\Katja\AppData\Local\Macromedia
2013-07-25 21:46 - 2013-07-25 21:46 - 00000000 ____D C:\Users\Katja\AppData\Local\Mozilla
2013-07-25 21:46 - 2013-07-24 21:05 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Mozilla
2013-07-25 21:44 - 2013-07-25 21:44 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-25 21:44 - 2013-07-25 21:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-25 21:43 - 2012-11-13 21:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-25 21:42 - 2013-07-25 21:42 - 00003380 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-25 21:42 - 2013-07-25 21:42 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-07-25 21:42 - 2013-07-25 21:42 - 00000000 ____D C:\Users\Katja\AppData\Roaming\BabSolution
2013-07-25 21:42 - 2013-07-25 21:42 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-25 21:42 - 2013-07-25 21:42 - 00000000 ____D C:\Program Files (x86)\Delta
2013-07-25 21:42 - 2013-07-25 21:41 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-07-25 21:41 - 2013-07-25 21:41 - 21840856 _____ (Mozilla) C:\Users\Katja\Downloads\Firefox_Setup.exe
2013-07-25 21:41 - 2013-07-25 21:41 - 00003036 _____ C:\Windows\System32\Tasks\LyricXeeker Update
2013-07-25 21:41 - 2013-07-25 21:41 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Babylon
2013-07-25 21:41 - 2013-07-25 21:41 - 00000000 ____D C:\ProgramData\Babylon
2013-07-24 21:28 - 2011-08-23 18:34 - 00001912 _____ C:\Windows\epplauncher.mif
2013-07-24 21:28 - 2011-08-23 18:34 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-24 21:27 - 2011-08-23 18:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-24 21:23 - 2013-07-24 21:21 - 00000000 ____D C:\Windows\system32\MRT
2013-07-24 21:20 - 2010-06-01 19:30 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-07-24 21:20 - 2010-06-01 19:30 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-07-24 21:20 - 2009-07-14 07:13 - 01520734 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-24 21:13 - 2013-07-24 21:05 - 00000000 ____D C:\Program Files (x86)\TornTV.com
2013-07-24 21:08 - 2013-07-24 21:08 - 00004224 _____ C:\Windows\System32\Tasks\Plus-HD-2.2-updater
2013-07-24 21:08 - 2013-07-24 21:07 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.2
2013-07-24 21:07 - 2013-07-24 21:07 - 00004228 _____ C:\Windows\System32\Tasks\Plus-HD-2.2-codedownloader
2013-07-24 21:07 - 2013-07-24 21:07 - 00004128 _____ C:\Windows\System32\Tasks\Plus-HD-2.2-enabler
2013-07-24 11:59 - 2013-07-25 21:45 - 00223750 _____ C:\Program Files (x86)\easy_youtube_video_downloader-6.9-fx-windows.xpi
2013-07-19 06:43 - 2012-04-11 17:29 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-19 06:43 - 2011-08-28 19:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-19 06:43 - 2011-08-23 21:54 - 00000000 ____D C:\Users\Katja\AppData\Local\Adobe
2013-07-15 17:50 - 2012-08-01 20:24 - 00539168 _____ C:\Windows\DPINST.LOG
2013-07-11 06:37 - 2013-03-13 07:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 19:49 - 2013-03-13 07:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-08 17:39 - 2013-04-24 20:24 - 00000000 ____D C:\Users\Katja\AppData\Local\Spotify
2013-07-08 06:34 - 2011-08-28 19:02 - 00000000 ____D C:\Program Files (x86)\Opera
Files to move or delete:
====================
C:\Windows\SysWOW64\rundll32.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-25 22:38
==================== End Of Log ============================
[/CODE] Addition-Editor: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2013 01
Ran by Katja at 2013-07-29 21:19:55
Running from C:\Users\Katja\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
adcom 802.11 Network Adapter (Version: 5.60.48.44)
Adobe Digital Editions 2.0 (x32 Version: 2.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
AGEIA PhysX v7.09.13 (x32 Version: 7.09.13)
Atheros Client Installation Program (x32 Version: 1.0.2.1119)
ATI Catalyst Install Manager (Version: 3.0.774.0)
BatteryLifeExtender (x32 Version: 1.0.3)
BrowserDefender (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center Graphics Full New (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center Graphics Light (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center InstallProxy (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center Localization All (x32 Version: 2010.0504.2152.37420)
CCC Help Chinese Standard (x32 Version: 2010.0504.2151.37420)
CCC Help Chinese Traditional (x32 Version: 2010.0504.2151.37420)
CCC Help Czech (x32 Version: 2010.0504.2151.37420)
CCC Help Danish (x32 Version: 2010.0504.2151.37420)
CCC Help Dutch (x32 Version: 2010.0504.2151.37420)
CCC Help English (x32 Version: 2010.0504.2151.37420)
CCC Help Finnish (x32 Version: 2010.0504.2151.37420)
CCC Help French (x32 Version: 2010.0504.2151.37420)
CCC Help German (x32 Version: 2010.0504.2151.37420)
CCC Help Greek (x32 Version: 2010.0504.2151.37420)
CCC Help Hungarian (x32 Version: 2010.0504.2151.37420)
CCC Help Italian (x32 Version: 2010.0504.2151.37420)
CCC Help Japanese (x32 Version: 2010.0504.2151.37420)
CCC Help Korean (x32 Version: 2010.0504.2151.37420)
CCC Help Norwegian (x32 Version: 2010.0504.2151.37420)
CCC Help Polish (x32 Version: 2010.0504.2151.37420)
CCC Help Portuguese (x32 Version: 2010.0504.2151.37420)
CCC Help Russian (x32 Version: 2010.0504.2151.37420)
CCC Help Spanish (x32 Version: 2010.0504.2151.37420)
CCC Help Swedish (x32 Version: 2010.0504.2151.37420)
CCC Help Thai (x32 Version: 2010.0504.2151.37420)
CCC Help Turkish (x32 Version: 2010.0504.2151.37420)
ccc-core-static (x32 Version: 2010.0504.2152.37420)
ccc-utility64 (Version: 2010.0504.2152.37420)
CDBurnerXP (x32 Version: 4.5.2.4214)
Delta Chrome Toolbar (x32)
Delta toolbar (x32 Version: 1.8.22.0)
Diablo III (x32 Version: 1.0.8.16603)
Easy Content Share (x32 Version: 1.0.0.13)
Easy Display Manager (x32 Version: 3.1)
Easy Network Manager (x32 Version: 4.3.1)
Easy SpeedUp Manager (x32 Version: 2.1.0.11)
EasyBatteryManager (x32 Version: 4.0.0.4)
EasyFileShare (x32 Version: 1.0.3)
ElsterFormular (x32 Version: 14.1.20130301)
ETDWare PS/2-x64 7.0.7.0_WHQL (Version: 7.0.7.0)
Exact Audio Copy 1.0beta3 (x32 Version: 1.0beta3)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.3.1001)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.02.00.1002)
Java 7 Update 11 (x32 Version: 7.0.110)
Java Auto Updater (x32 Version: 2.1.9.0)
Java(TM) 6 Update 22 (x32 Version: 6.0.220)
Junk Mail filter update (x32 Version: 14.0.8089.726)
Kobo (x32 Version: 3.2.3)
LyricXeeker (x32)
Marvell Miniport Driver (x32 Version: 11.22.3.3)
Media Go (x32 Version: 2.3.255)
Media Go Video Playback Engine 1.96.111.08260 (x32 Version: 1.96.111.08260)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 14.0.1468.721)
Open It! (x32 Version: 1.1.1)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Opera 12.16 (x32 Version: 12.16.1860)
Optimizer Pro v3.1 (x32 Version: 3.1)
PlayStation(R)Network Downloader (x32 Version: 2.07.00849)
PlayStation(R)Store (x32 Version: 4.12.6.14870)
Plus-HD-2.2 (x32 Version: 1.27.153.8)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6083)
REALTEK Wireless LAN Software (x32 Version: 0133.09.1202)
Samsung Recovery Solution 4 (x32 Version: 4.0.0.6)
Samsung Support Center (x32 Version: 1.0.2)
Samsung Update Plus (x32 Version: 2.0)
Sony Ericsson Update Engine (x32 Version: 2.13.6.201305161305)
Sony PC Companion 2.10.165 (x32 Version: 2.10.165)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
Spybot - Search & Destroy (x32 Version: 2.0.12)
SpyHunter (Version: 4.14.5.4268)
TuneUp Utilities (x32 Version: 9.0.6030.1)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 9.0.6030.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Zip Opener (HKCU)
User Guide (x32 Version: 1.0)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Family Safety (Version: 14.0.8093.805)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
WinRAR 4.01 (64-Bit) (Version: 4.01.0)
Zip Opener Packages (HKCU)
==================== Restore Points =========================
23-07-2013 20:01:11 Windows Update
24-07-2013 19:10:20 Windows Update
24-07-2013 19:17:36 Windows Update
24-07-2013 20:04:03 Windows Update
25-07-2013 21:11:11 Windows Update
29-07-2013 16:11:37 Windows Update
29-07-2013 16:50:56 Installed SpyHunter
==================== Hosts content: ==========================
2009-07-14 04:34 - 2013-07-18 06:53 - 00447225 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {17B75C63-D505-420A-B7DC-D0D6DAC13BE0} - System32\Tasks\Plus-HD-2.2-codedownloader => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe [2013-07-24] (Plus HD)
Task: {1FFA7F71-AC8A-4E57-865C-20C88C0F5F78} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {24265A40-46BE-4AF7-B119-51AF02D1B99E} - System32\Tasks\Plus-HD-2.2-updater => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-updater.exe [2013-07-24] (Plus HD)
Task: {2D81E104-FC44-474B-B850-768F90C12777} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {3348C262-8AAD-4BEB-B72B-EEAB9CC510AF} - System32\Tasks\DigitalSite => C:\Users\Katja\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE [2013-04-12] ()
Task: {495B5FC3-8CD0-41D5-89A4-6DAAEDEE7B25} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe No File
Task: {4C4AA6BE-F222-4980-9099-FCF5D6D1B29B} - System32\Tasks\QtraxPlayer => C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe [2013-05-13] (Microsoft Corporation)
Task: {575EE044-617D-460A-B910-6458ADA279D1} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2013-06-27] (Enigma Software Group USA, LLC.)
Task: {5A66AA6F-3403-4DA3-B6FC-5EA6938A81D1} - System32\Tasks\Plus-HD-2.2-enabler => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-enabler.exe [2013-07-24] (Plus HD)
Task: {5D187CBA-E1C1-4AE3-AEA0-EEB177249FB2} - System32\Tasks\LyricXeeker Update => C:\Program Files (x86)\LyriXeeker\LyriXupdate.exe [2013-07-27] (LyriXeeker Tech)
Task: {67AFA129-CB4A-4B91-8F5D-E2701926DF7B} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03] (Sun Microsystems, Inc.)
Task: {741017CC-17A9-4F9F-A106-1BE14EEBB654} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {755EA032-CB0D-4E77-B6C6-0409685636BA} - System32\Tasks\EPUpdater => C:\Users\Katja\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-06-06] ()
Task: {8813E5D3-87AE-4768-B14F-387BD05ACF8D} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-05-06] (SAMSUNG Electronics)
Task: {A7120146-7A80-477E-B205-EEC688025701} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe No File
Task: {ADCD5F37-5F4F-4BB1-983F-BA6F003CBCE4} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: {B13EB523-2648-4B76-800A-62FF70A91555} - System32\Tasks\Plus-HD-2.2-firefoxinstaller => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe [2013-07-24] (Plus HD)
Task: {B3038D87-CE94-422A-9FDC-9D893BB5CEE3} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {C85DB04F-00E8-4FEC-9A41-1BB698C65544} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe No File
Task: {CD819A81-4C92-4F0E-9242-D3431D89ACF4} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2010-02-10] (Samsung Electronics Co., Ltd.)
Task: {D7124D21-9D3D-430E-9095-5CA5C98AB530} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-04-17] (Samsung Electronics. Co. Ltd.)
Task: {D774F9DD-6A0C-478D-A6E1-DF1734E28C67} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe No File
Task: {E20B1438-BCDA-4667-B349-CDC00E187BE5} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe [2011-11-21] (TuneUp Software)
Task: {F56B76B9-95E0-47F8-8A07-72DDB540B015} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-04-07] (Samsung Electronics Co., Ltd.)
Task: {F9CE13F9-8BA6-4A7A-9512-FC0F318C1BB5} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-03-29] (SAMSUNG Electronics co., LTD.)
Task: {FC5E5CBB-6FC8-4011-818D-05A2D7BC4A1A} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\DigitalSite.job => ?
Task: C:\Windows\Tasks\LyricXeeker Update.job => C:\Program Files (x86)\LyriXeeker\LyriXupdate.exe
Task: C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe
Task: C:\Windows\Tasks\Plus-HD-2.2-enabler.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-enabler.exe
Task: C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-2.2-updater.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-updater.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/29/2013 08:17:31 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0
Name des fehlerhaften Moduls: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000218a
ID des fehlerhaften Prozesses: 0x7bc
Startzeit der fehlerhaften Anwendung: 0xgmer_2.1.19163.exe0
Pfad der fehlerhaften Anwendung: gmer_2.1.19163.exe1
Pfad des fehlerhaften Moduls: gmer_2.1.19163.exe2
Berichtskennung: gmer_2.1.19163.exe3
Error: (07/29/2013 08:12:57 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0
Name des fehlerhaften Moduls: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000218a
ID des fehlerhaften Prozesses: 0x1254
Startzeit der fehlerhaften Anwendung: 0xgmer_2.1.19163.exe0
Pfad der fehlerhaften Anwendung: gmer_2.1.19163.exe1
Pfad des fehlerhaften Moduls: gmer_2.1.19163.exe2
Berichtskennung: gmer_2.1.19163.exe3
Error: (07/25/2013 10:40:28 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (07/25/2013 10:40:27 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"1".
Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/25/2013 06:10:28 PM) (Source: Application Hang) (User: )
Description: Programm cdbxpp.exe, Version 4.5.1.4003 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 5b0
Startzeit: 01ce894e025551dc
Endzeit: 15
Anwendungspfad: C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe
Berichts-ID: ac3df779-f544-11e2-acc2-002454cde5ec
Error: (07/14/2013 09:40:07 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (07/14/2013 09:40:06 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"1".
Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/20/2013 06:20:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (06/20/2013 06:20:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"1".
Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (05/22/2013 06:36:00 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
System errors:
=============
Error: (07/29/2013 06:13:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 10 für Windows 7 für x64-basierte Systeme
Error: (07/29/2013 06:11:16 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0x8000002a41\??\C:\Windows\System32\config\COMPONENTS
Error: (07/26/2013 06:46:47 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0x8000002a41\??\C:\Windows\System32\config\COMPONENTS
Error: (07/25/2013 11:12:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 10 für Windows 7 für x64-basierte Systeme
Error: (07/25/2013 11:00:49 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0x8000002a171\??\Volume{13c11ef0-6d9e-11df-ac62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{2A4F789D-A78B-4CF6-97EF-C72CEE0796A0}
Error: (07/25/2013 10:46:43 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0x8000002a41\??\C:\Windows\System32\config\COMPONENTS
Error: (07/25/2013 10:46:29 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0x8000002a171\??\Volume{13c11ef0-6d9e-11df-ac62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{EC725359-6B8D-4840-A106-8AA2A3979842}
Error: (07/25/2013 10:19:36 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0x8000002a41\??\C:\Windows\System32\config\COMPONENTS
Error: (07/25/2013 06:29:57 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0x8000002a41\??\C:\Windows\System32\config\COMPONENTS
Error: (07/25/2013 05:19:20 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0x8000002a41\??\C:\Windows\System32\config\COMPONENTS
Microsoft Office Sessions:
=========================
Error: (07/29/2013 08:17:31 PM) (Source: Application Error)(User: )
Description: gmer_2.1.19163.exe2.1.19163.0515d31f0gmer_2.1.19163.exe2.1.19163.0515d31f0c00000050000218a7bc01ce8c87622d02bbC:\Users\Katja\Desktop\gmer_2.1.19163.exeC:\Users\Katja\Desktop\gmer_2.1.19163.exe2201311c-f87b-11e2-a777-002454cde5ec
Error: (07/29/2013 08:12:57 PM) (Source: Application Error)(User: )
Description: gmer_2.1.19163.exe2.1.19163.0515d31f0gmer_2.1.19163.exe2.1.19163.0515d31f0c00000050000218a125401ce8c86b981db8bC:\Users\Katja\Desktop\gmer_2.1.19163.exeC:\Users\Katja\Desktop\gmer_2.1.19163.exe7e9e1788-f87a-11e2-a777-002454cde5ec
Error: (07/25/2013 10:40:28 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
Error: (07/25/2013 10:40:27 PM) (Source: SideBySide)(User: )
Description: UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"c:\program files (x86)\windows live\messenger\wlcsdk.exe
Error: (07/25/2013 06:10:28 PM) (Source: Application Hang)(User: )
Description: cdbxpp.exe4.5.1.40035b001ce894e025551dc15C:\Program Files (x86)\CDBurnerXP\cdbxpp.exeac3df779-f544-11e2-acc2-002454cde5ec
Error: (07/14/2013 09:40:07 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
Error: (07/14/2013 09:40:06 PM) (Source: SideBySide)(User: )
Description: UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"c:\program files (x86)\windows live\messenger\wlcsdk.exe
Error: (06/20/2013 06:20:57 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
Error: (06/20/2013 06:20:57 PM) (Source: SideBySide)(User: )
Description: UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"c:\program files (x86)\windows live\messenger\wlcsdk.exe
Error: (05/22/2013 06:36:00 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
==================== Memory info ===========================
Percentage of memory in use: 62%
Total physical RAM: 3946.17 MB
Available physical RAM: 1477.27 MB
Total Pagefile: 7890.54 MB
Available Pagefile: 5364.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:79 GB) (Free:31.67 GB) NTFS (Disk=0 Partition=3)
Drive d: () (Fixed) (Total:198.99 GB) (Free:104.74 GB) NTFS (Disk=0 Partition=4)
==================== MBR & Partition Table ==================
==================== End Of Log ============================
|
|
30.07.2013, 07:06
| #4 | |
| /// the machine /// TB-Ausbilder | Optimizer Pro v3.1 und SpyHunter4Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.07.2013, 18:54
| #5 |
| | Optimizer Pro v3.1 und SpyHunter4 Sorry, hat etwas länger gedauert. Code:
ATTFilter Combofix Logfile: |
|
31.07.2013, 08:18
| #6 |
| /// the machine /// TB-Ausbilder | Optimizer Pro v3.1 und SpyHunter4 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Downloade Dir bitte  Malwarebytes Anti-Malware
und ein frisches FRST log bitte.
__________________ --> Optimizer Pro v3.1 und SpyHunter4 |
|
01.08.2013, 08:10
| #7 |
| | Optimizer Pro v3.1 und SpyHunter4 AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.306 - Datei am 31/07/2013 um 23:39:57 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Katja - R540
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Katja\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\97jrqk9f.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\97jrqk9f.default\searchplugins\BrowserDefender.xml
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.2-enabler.job
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.2-updater.job
Gelöscht mit Neustart : C:\ProgramData\BrowserDefender
Ordner Gelöscht : C:\Program Files (x86)\delta
Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Program Files (x86)\optimizer pro
Ordner Gelöscht : C:\Program Files (x86)\Plus-HD-2.2
Ordner Gelöscht : C:\Program Files (x86)\TornTV.com
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Katja\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Katja\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Katja\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Katja\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Katja\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Ordner Gelöscht : C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\97jrqk9f.default\extensions\ffxtlbr@delta.com
Ordner Gelöscht : C:\Users\Katja\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Katja\AppData\Roaming\optimizer pro
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Plus-HD-2.2
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311301136}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\fedadab26fe815
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033036.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033036.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033036.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311301136}
Schlüssel Gelöscht : HKLM\Software\Plus-HD-2.2
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110311301136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322302236}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550355305536}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660366306636}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\fedadab26fe815
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311301136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.2
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355305536}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366306636}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16455
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (en-US)
Datei : C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\97jrqk9f.default\prefs.js
C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\97jrqk9f.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.newtab.url", "hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=D84318F46A2DA618&[...]
Gelöscht : user_pref("browser.search.order.1", "Delta Search");
Gelöscht : user_pref("browser.search.selectedEngine", "Delta Search");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=D84318F46A2[...]
-\\ Opera v12.16.1860.0
Datei : C:\Users\Katja\AppData\Roaming\Opera\Opera\operaprefs.ini
Gelöscht : Home URL=hxxp://www.searchnu.com/406
*************************
AdwCleaner[S1].txt - [14198 octets] - [31/07/2013 23:39:58]
########## EOF - C:\AdwCleaner[S1].txt - [14259 octets] ##########
JRT JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.9 (07.30.2013:1)
OS: Windows 7 Home Premium x64
Ran by Katja on 01.08.2013 at 6:41:57,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?
Value Name Type Value Data
========================================================================================
NTRedirect REG_SZ C:\Windows\SysWOW64\rundll32.exe "C:\Users\Katja\AppData\Roaming\BabSolution\Shared\NTRedirect.dll",Run
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17E58097-6CA5-448B-830F-2A19678248FB}
~~~ Files
Successfully deleted: [File] "C:\Windows\syswow64\authuitu.dll"
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files (x86)\lyrixeeker"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.08.2013 at 6:46:32,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malewarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.01.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Katja :: R540 [Administrator] 01.08.2013 07:24:13 mbam-log-2013-08-01 (07-24-13).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 336687 Laufzeit: 44 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 3 HKCR\CLSID\{17E58097-6CA5-448B-830F-2A19678248FB} (PUP.Optional.LyricXeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{17E58097-6CA5-448B-830F-2A19678248FB} (PUP.Optional.LyricXeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{17E58097-6CA5-448B-830F-2A19678248FB} (PUP.Optional.LyricXeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\Microsoft\Windows\CurrentVersion\Run|NTRedirect (PUP.Optional.A.BabSolution) -> Daten: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Katja\AppData\Roaming\BabSolution\Shared\NTRedirect.dll",Run -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Windows\Tasks\LyricXeeker Update.job (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 01
Ran by Katja (administrator) on 01-08-2013 08:31:01
Running from C:\Users\Katja\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Enigma Software Group USA, LLC.) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
() C:\Windows\SysWOW64\Rezip.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-07] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [2703752 2010-03-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {14B6CE37-24FF-43A9-8DD6-5A0564FCDA37} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKLM-x32 - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{C60DE602-45B1-48F4-A158-C236BA4AC340}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FireFox:
========
FF ProfilePath: C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\97jrqk9f.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\97jrqk9f.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
FF Extension: No Name - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\97jrqk9f.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: trtv3 - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi
FF Extension: No Name - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\profiles\extensions\user.js
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] C:\Program Files (x86)\LyriXeeker\125.xpi
==================== Services (Whitelisted) =================
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1025408 2013-06-27] (Enigma Software Group USA, LLC.)
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2011-11-27] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software)
==================== Drivers (Whitelisted) ====================
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-09-28] (Windows (R) 2003 DDK 3790 provider)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-09-28] (Windows (R) 2003 DDK 3790 provider)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-24] (TuneUp Software)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-01 06:52 - 2013-08-01 08:30 - 00000000 ____D C:\Users\Katja\Desktop\Programme
2013-08-01 06:52 - 2013-08-01 06:52 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Malwarebytes
2013-08-01 06:51 - 2013-08-01 06:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-01 06:51 - 2013-08-01 06:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-01 06:51 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-01 06:41 - 2013-08-01 06:41 - 00000000 ____D C:\Windows\ERUNT
2013-07-31 23:39 - 2013-07-31 23:40 - 00014293 _____ C:\AdwCleaner[S1].txt
2013-07-30 20:11 - 2013-07-30 19:19 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20130730-201116.backup
2013-07-30 19:49 - 2013-07-30 19:49 - 00019454 _____ C:\ComboFix.txt
2013-07-30 19:11 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-30 19:11 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-30 19:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-30 19:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-30 19:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-30 19:11 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-30 19:11 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-30 19:11 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-30 19:06 - 2013-07-30 19:49 - 00000000 ____D C:\Qoobox
2013-07-30 19:05 - 2013-07-30 19:22 - 00000000 ____D C:\Windows\erdnt
2013-07-30 19:04 - 2013-07-30 19:05 - 05095806 ____R (Swearware) C:\Users\Katja\Desktop\ComboFix.exe
2013-07-30 06:45 - 2013-08-01 08:26 - 00000000 ____D C:\Users\Katja\Desktop\txt
2013-07-29 21:19 - 2013-07-29 21:19 - 01780715 _____ (Farbar) C:\Users\Katja\Desktop\FRST64.exe
2013-07-29 21:19 - 2013-07-29 21:19 - 00000000 ____D C:\FRST
2013-07-29 20:42 - 2013-07-29 20:42 - 00000056 _____ C:\Users\Katja\AppData\Roaming\WB.CFG
2013-07-29 20:42 - 2013-07-29 20:42 - 00000005 _____ C:\Users\Katja\AppData\Roaming\WBPU-TTL.DAT
2013-07-29 19:46 - 2013-07-29 19:46 - 00000000 ____D C:\Users\Katja\Qtrax
2013-07-29 19:46 - 2013-07-29 19:46 - 00000000 _____ C:\Users\Katja\defogger_reenable
2013-07-29 19:42 - 2013-07-29 19:42 - 00003792 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-07-29 19:42 - 2013-07-29 19:42 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Zip Opener Packages
2013-07-29 19:42 - 2013-07-29 19:42 - 00000000 ____D C:\Users\Katja\AppData\Roaming\DigitalSite
2013-07-29 19:42 - 2013-07-29 19:42 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-07-29 18:51 - 2013-07-30 15:30 - 00003320 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 ____D C:\sh4ldr
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 _____ C:\autoexec.bat
2013-07-29 18:51 - 2012-06-22 12:01 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2013-07-29 18:50 - 2013-07-29 18:51 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-25 21:47 - 2013-07-25 21:47 - 00000000 ____D C:\Users\Katja\AppData\Local\Macromedia
2013-07-25 21:46 - 2013-07-25 21:46 - 00000000 ____D C:\Users\Katja\AppData\Local\Mozilla
2013-07-25 21:45 - 2013-07-24 11:59 - 00223750 _____ C:\Program Files (x86)\easy_youtube_video_downloader-6.9-fx-windows.xpi
2013-07-25 21:44 - 2013-07-25 21:44 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-25 21:44 - 2013-07-25 21:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-25 21:42 - 2013-07-25 21:42 - 00003380 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-25 21:41 - 2013-07-25 21:41 - 21840856 _____ (Mozilla) C:\Users\Katja\Downloads\Firefox_Setup.exe
2013-07-24 21:21 - 2013-07-24 21:23 - 00000000 ____D C:\Windows\system32\MRT
2013-07-24 21:05 - 2013-07-25 21:46 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Mozilla
2013-07-18 06:53 - 2013-03-12 19:23 - 00445034 ____R C:\Windows\system32\Drivers\etc\hosts.20130718-065336.backup
==================== One Month Modified Files and Folders =======
2013-08-01 08:30 - 2013-08-01 06:52 - 00000000 ____D C:\Users\Katja\Desktop\Programme
2013-08-01 08:30 - 2010-06-01 03:03 - 01900570 _____ C:\Windows\WindowsUpdate.log
2013-08-01 08:27 - 2013-05-01 18:36 - 00010494 _____ C:\Windows\setupact.log
2013-08-01 08:27 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-01 08:26 - 2013-07-30 06:45 - 00000000 ____D C:\Users\Katja\Desktop\txt
2013-08-01 08:26 - 2011-08-28 20:40 - 00156176 _____ C:\Windows\PFRO.log
2013-08-01 07:30 - 2009-07-14 06:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-01 07:30 - 2009-07-14 06:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-01 07:07 - 2013-04-14 21:53 - 00163815 _____ C:\Windows\IE10_main.log
2013-08-01 06:52 - 2013-08-01 06:52 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Malwarebytes
2013-08-01 06:51 - 2013-08-01 06:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-01 06:51 - 2013-08-01 06:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-01 06:41 - 2013-08-01 06:41 - 00000000 ____D C:\Windows\ERUNT
2013-07-31 23:40 - 2013-07-31 23:39 - 00014293 _____ C:\AdwCleaner[S1].txt
2013-07-30 19:49 - 2013-07-30 19:49 - 00019454 _____ C:\ComboFix.txt
2013-07-30 19:49 - 2013-07-30 19:06 - 00000000 ____D C:\Qoobox
2013-07-30 19:47 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-30 19:22 - 2013-07-30 19:05 - 00000000 ____D C:\Windows\erdnt
2013-07-30 19:19 - 2013-07-30 20:11 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20130730-201116.backup
2013-07-30 19:18 - 2009-07-14 04:34 - 64749568 _____ C:\Windows\system32\config\software.bak
2013-07-30 19:18 - 2009-07-14 04:34 - 18087936 _____ C:\Windows\system32\config\system.bak
2013-07-30 19:18 - 2009-07-14 04:34 - 04980736 _____ C:\Windows\system32\config\default.bak
2013-07-30 19:18 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-07-30 19:18 - 2009-07-14 04:34 - 00024576 _____ C:\Windows\system32\config\sam.bak
2013-07-30 19:08 - 2012-12-30 23:29 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-30 19:05 - 2013-07-30 19:04 - 05095806 ____R (Swearware) C:\Users\Katja\Desktop\ComboFix.exe
2013-07-30 15:30 - 2013-07-29 18:51 - 00003320 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2013-07-30 15:26 - 2013-04-24 20:23 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Spotify
2013-07-30 07:39 - 2010-06-01 19:30 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-07-30 07:39 - 2010-06-01 19:30 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-07-30 07:39 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-29 21:19 - 2013-07-29 21:19 - 01780715 _____ (Farbar) C:\Users\Katja\Desktop\FRST64.exe
2013-07-29 21:19 - 2013-07-29 21:19 - 00000000 ____D C:\FRST
2013-07-29 20:42 - 2013-07-29 20:42 - 00000056 _____ C:\Users\Katja\AppData\Roaming\WB.CFG
2013-07-29 20:42 - 2013-07-29 20:42 - 00000005 _____ C:\Users\Katja\AppData\Roaming\WBPU-TTL.DAT
2013-07-29 19:46 - 2013-07-29 19:46 - 00000000 ____D C:\Users\Katja\Qtrax
2013-07-29 19:46 - 2013-07-29 19:46 - 00000000 _____ C:\Users\Katja\defogger_reenable
2013-07-29 19:46 - 2011-08-23 21:52 - 00000000 ____D C:\Users\Katja
2013-07-29 19:42 - 2013-07-29 19:42 - 00003792 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-07-29 19:42 - 2013-07-29 19:42 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Zip Opener Packages
2013-07-29 19:42 - 2013-07-29 19:42 - 00000000 ____D C:\Users\Katja\AppData\Roaming\DigitalSite
2013-07-29 19:42 - 2013-07-29 19:42 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 ____D C:\sh4ldr
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 _____ C:\autoexec.bat
2013-07-29 18:51 - 2013-07-29 18:50 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-26 06:43 - 2011-12-05 21:13 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2013-07-25 21:47 - 2013-07-25 21:47 - 00000000 ____D C:\Users\Katja\AppData\Local\Macromedia
2013-07-25 21:46 - 2013-07-25 21:46 - 00000000 ____D C:\Users\Katja\AppData\Local\Mozilla
2013-07-25 21:46 - 2013-07-24 21:05 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Mozilla
2013-07-25 21:44 - 2013-07-25 21:44 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-25 21:44 - 2013-07-25 21:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-25 21:43 - 2012-11-13 21:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-25 21:42 - 2013-07-25 21:42 - 00003380 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-25 21:41 - 2013-07-25 21:41 - 21840856 _____ (Mozilla) C:\Users\Katja\Downloads\Firefox_Setup.exe
2013-07-24 21:28 - 2011-08-23 18:34 - 00001912 _____ C:\Windows\epplauncher.mif
2013-07-24 21:28 - 2011-08-23 18:34 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-24 21:27 - 2011-08-23 18:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-24 21:23 - 2013-07-24 21:21 - 00000000 ____D C:\Windows\system32\MRT
2013-07-24 11:59 - 2013-07-25 21:45 - 00223750 _____ C:\Program Files (x86)\easy_youtube_video_downloader-6.9-fx-windows.xpi
2013-07-19 06:43 - 2012-04-11 17:29 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-19 06:43 - 2011-08-28 19:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-19 06:43 - 2011-08-23 21:54 - 00000000 ____D C:\Users\Katja\AppData\Local\Adobe
2013-07-15 17:50 - 2012-08-01 20:24 - 00539168 _____ C:\Windows\DPINST.LOG
2013-07-11 06:37 - 2013-03-13 07:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 19:49 - 2013-03-13 07:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-08 17:39 - 2013-04-24 20:24 - 00000000 ____D C:\Users\Katja\AppData\Local\Spotify
2013-07-08 06:34 - 2011-08-28 19:02 - 00000000 ____D C:\Program Files (x86)\Opera
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-25 22:38
==================== End Of Log ============================
|
|
01.08.2013, 11:18
| #8 |
| /// the machine /// TB-Ausbilder | Optimizer Pro v3.1 und SpyHunter4ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.08.2013, 18:57
| #9 |
| | Optimizer Pro v3.1 und SpyHunter4 ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=dca4e3003696144086672860308d6ebd
# engine=14611
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-01 02:07:51
# local_time=2013-08-01 04:07:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5892 16777213 88 94 671978 26675450 0 0
# scanned=78069
# found=0
# cleaned=0
# scan_time=2785
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=dca4e3003696144086672860308d6ebd
# engine=14614
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-01 05:44:18
# local_time=2013-08-01 07:44:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5892 16777213 88 94 684965 26688437 0 0
# scanned=129865
# found=0
# cleaned=0
# scan_time=11464
Code:
ATTFilter Results of screen317's Security Check version 0.99.71 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Spybot - Search & Destroy Malwarebytes Anti-Malware Version 1.75.0.1300 TuneUp Utilities TuneUp Utilities Language Pack (de-DE) TuneUp Utilities Java(TM) 6 Update 22 Java 7 Update 11 Java version out of Date! Adobe Flash Player 11.8.800.94 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox (22.0) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Spybot Teatimer.exe is disabled! `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by Katja (administrator) on 01-08-2013 19:56:36
Running from C:\Users\Katja\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Enigma Software Group USA, LLC.) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Windows\SysWOW64\Rezip.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-07] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [2703752 2010-03-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\InprocServer32: [Default-cscui] <==== ATTENTION!
HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {14B6CE37-24FF-43A9-8DD6-5A0564FCDA37} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKLM-x32 - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{C60DE602-45B1-48F4-A158-C236BA4AC340}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FireFox:
========
FF ProfilePath: C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\97jrqk9f.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\97jrqk9f.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
FF Extension: No Name - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\97jrqk9f.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: trtv3 - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi
FF Extension: No Name - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\profiles\extensions\user.js
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] C:\Program Files (x86)\LyriXeeker\125.xpi
==================== Services (Whitelisted) =================
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1025408 2013-06-27] (Enigma Software Group USA, LLC.)
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2011-11-27] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software)
==================== Drivers (Whitelisted) ====================
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-09-28] (Windows (R) 2003 DDK 3790 provider)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-09-28] (Windows (R) 2003 DDK 3790 provider)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-24] (TuneUp Software)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-01 15:17 - 2013-08-01 15:17 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-01 06:52 - 2013-08-01 19:56 - 00000000 ____D C:\Users\Katja\Desktop\Programme
2013-08-01 06:52 - 2013-08-01 06:52 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Malwarebytes
2013-08-01 06:51 - 2013-08-01 06:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-01 06:51 - 2013-08-01 06:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-01 06:51 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-01 06:41 - 2013-08-01 06:41 - 00000000 ____D C:\Windows\ERUNT
2013-07-31 23:39 - 2013-07-31 23:40 - 00014293 _____ C:\AdwCleaner[S1].txt
2013-07-30 20:11 - 2013-07-30 19:19 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20130730-201116.backup
2013-07-30 19:49 - 2013-07-30 19:49 - 00019454 _____ C:\ComboFix.txt
2013-07-30 19:11 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-30 19:11 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-30 19:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-30 19:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-30 19:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-30 19:11 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-30 19:11 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-30 19:11 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-30 19:06 - 2013-07-30 19:49 - 00000000 ____D C:\Qoobox
2013-07-30 19:05 - 2013-07-30 19:22 - 00000000 ____D C:\Windows\erdnt
2013-07-30 19:04 - 2013-07-30 19:05 - 05095806 ____R (Swearware) C:\Users\Katja\Desktop\ComboFix.exe
2013-07-30 06:45 - 2013-08-01 19:56 - 00000000 ____D C:\Users\Katja\Desktop\txt
2013-07-29 21:19 - 2013-08-01 19:56 - 01781589 _____ (Farbar) C:\Users\Katja\Desktop\FRST64.exe
2013-07-29 21:19 - 2013-07-29 21:19 - 00000000 ____D C:\FRST
2013-07-29 20:42 - 2013-07-29 20:42 - 00000056 _____ C:\Users\Katja\AppData\Roaming\WB.CFG
2013-07-29 20:42 - 2013-07-29 20:42 - 00000005 _____ C:\Users\Katja\AppData\Roaming\WBPU-TTL.DAT
2013-07-29 19:46 - 2013-07-29 19:46 - 00000000 ____D C:\Users\Katja\Qtrax
2013-07-29 19:46 - 2013-07-29 19:46 - 00000000 _____ C:\Users\Katja\defogger_reenable
2013-07-29 19:42 - 2013-07-29 19:42 - 00003792 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-07-29 19:42 - 2013-07-29 19:42 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Zip Opener Packages
2013-07-29 19:42 - 2013-07-29 19:42 - 00000000 ____D C:\Users\Katja\AppData\Roaming\DigitalSite
2013-07-29 19:42 - 2013-07-29 19:42 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-07-29 18:51 - 2013-07-30 15:30 - 00003320 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 ____D C:\sh4ldr
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 _____ C:\autoexec.bat
2013-07-29 18:51 - 2012-06-22 12:01 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2013-07-29 18:50 - 2013-07-29 18:51 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-25 21:47 - 2013-07-25 21:47 - 00000000 ____D C:\Users\Katja\AppData\Local\Macromedia
2013-07-25 21:46 - 2013-07-25 21:46 - 00000000 ____D C:\Users\Katja\AppData\Local\Mozilla
2013-07-25 21:45 - 2013-07-24 11:59 - 00223750 _____ C:\Program Files (x86)\easy_youtube_video_downloader-6.9-fx-windows.xpi
2013-07-25 21:44 - 2013-07-25 21:44 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-25 21:44 - 2013-07-25 21:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-25 21:42 - 2013-07-25 21:42 - 00003380 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-25 21:41 - 2013-07-25 21:41 - 21840856 _____ (Mozilla) C:\Users\Katja\Downloads\Firefox_Setup.exe
2013-07-24 21:21 - 2013-07-24 21:23 - 00000000 ____D C:\Windows\system32\MRT
2013-07-24 21:05 - 2013-07-25 21:46 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Mozilla
2013-07-18 06:53 - 2013-03-12 19:23 - 00445034 ____R C:\Windows\system32\Drivers\etc\hosts.20130718-065336.backup
==================== One Month Modified Files and Folders =======
2013-08-01 19:56 - 2013-07-30 06:45 - 00000000 ____D C:\Users\Katja\Desktop\txt
2013-08-01 19:56 - 2013-07-29 21:19 - 01781589 _____ (Farbar) C:\Users\Katja\Desktop\FRST64.exe
2013-08-01 19:25 - 2010-06-01 03:03 - 01937635 _____ C:\Windows\WindowsUpdate.log
2013-08-01 16:37 - 2009-07-14 06:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-01 16:37 - 2009-07-14 06:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-01 16:29 - 2013-05-01 18:36 - 00010550 _____ C:\Windows\setupact.log
2013-08-01 16:29 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-01 15:17 - 2013-08-01 15:17 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-01 14:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-01 08:26 - 2011-08-28 20:40 - 00156176 _____ C:\Windows\PFRO.log
2013-08-01 07:07 - 2013-04-14 21:53 - 00163815 _____ C:\Windows\IE10_main.log
2013-08-01 06:52 - 2013-08-01 06:52 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Malwarebytes
2013-08-01 06:51 - 2013-08-01 06:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-01 06:51 - 2013-08-01 06:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-01 06:41 - 2013-08-01 06:41 - 00000000 ____D C:\Windows\ERUNT
2013-07-31 23:40 - 2013-07-31 23:39 - 00014293 _____ C:\AdwCleaner[S1].txt
2013-07-30 19:49 - 2013-07-30 19:49 - 00019454 _____ C:\ComboFix.txt
2013-07-30 19:49 - 2013-07-30 19:06 - 00000000 ____D C:\Qoobox
2013-07-30 19:47 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-30 19:22 - 2013-07-30 19:05 - 00000000 ____D C:\Windows\erdnt
2013-07-30 19:19 - 2013-07-30 20:11 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20130730-201116.backup
2013-07-30 19:18 - 2009-07-14 04:34 - 64749568 _____ C:\Windows\system32\config\software.bak
2013-07-30 19:18 - 2009-07-14 04:34 - 18087936 _____ C:\Windows\system32\config\system.bak
2013-07-30 19:18 - 2009-07-14 04:34 - 04980736 _____ C:\Windows\system32\config\default.bak
2013-07-30 19:18 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-07-30 19:18 - 2009-07-14 04:34 - 00024576 _____ C:\Windows\system32\config\sam.bak
2013-07-30 19:08 - 2012-12-30 23:29 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-30 19:05 - 2013-07-30 19:04 - 05095806 ____R (Swearware) C:\Users\Katja\Desktop\ComboFix.exe
2013-07-30 15:30 - 2013-07-29 18:51 - 00003320 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2013-07-30 15:26 - 2013-04-24 20:23 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Spotify
2013-07-30 07:39 - 2010-06-01 19:30 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-07-30 07:39 - 2010-06-01 19:30 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-07-30 07:39 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-29 21:19 - 2013-07-29 21:19 - 00000000 ____D C:\FRST
2013-07-29 20:42 - 2013-07-29 20:42 - 00000056 _____ C:\Users\Katja\AppData\Roaming\WB.CFG
2013-07-29 20:42 - 2013-07-29 20:42 - 00000005 _____ C:\Users\Katja\AppData\Roaming\WBPU-TTL.DAT
2013-07-29 19:46 - 2013-07-29 19:46 - 00000000 ____D C:\Users\Katja\Qtrax
2013-07-29 19:46 - 2013-07-29 19:46 - 00000000 _____ C:\Users\Katja\defogger_reenable
2013-07-29 19:46 - 2011-08-23 21:52 - 00000000 ____D C:\Users\Katja
2013-07-29 19:42 - 2013-07-29 19:42 - 00003792 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-07-29 19:42 - 2013-07-29 19:42 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Zip Opener Packages
2013-07-29 19:42 - 2013-07-29 19:42 - 00000000 ____D C:\Users\Katja\AppData\Roaming\DigitalSite
2013-07-29 19:42 - 2013-07-29 19:42 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 ____D C:\sh4ldr
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 _____ C:\autoexec.bat
2013-07-29 18:51 - 2013-07-29 18:50 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-26 06:43 - 2011-12-05 21:13 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2013-07-25 21:47 - 2013-07-25 21:47 - 00000000 ____D C:\Users\Katja\AppData\Local\Macromedia
2013-07-25 21:46 - 2013-07-25 21:46 - 00000000 ____D C:\Users\Katja\AppData\Local\Mozilla
2013-07-25 21:46 - 2013-07-24 21:05 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Mozilla
2013-07-25 21:44 - 2013-07-25 21:44 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-25 21:44 - 2013-07-25 21:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-25 21:43 - 2012-11-13 21:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-25 21:42 - 2013-07-25 21:42 - 00003380 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-25 21:41 - 2013-07-25 21:41 - 21840856 _____ (Mozilla) C:\Users\Katja\Downloads\Firefox_Setup.exe
2013-07-24 21:28 - 2011-08-23 18:34 - 00001912 _____ C:\Windows\epplauncher.mif
2013-07-24 21:28 - 2011-08-23 18:34 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-24 21:27 - 2011-08-23 18:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-24 21:23 - 2013-07-24 21:21 - 00000000 ____D C:\Windows\system32\MRT
2013-07-24 11:59 - 2013-07-25 21:45 - 00223750 _____ C:\Program Files (x86)\easy_youtube_video_downloader-6.9-fx-windows.xpi
2013-07-19 06:43 - 2012-04-11 17:29 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-19 06:43 - 2011-08-28 19:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-19 06:43 - 2011-08-23 21:54 - 00000000 ____D C:\Users\Katja\AppData\Local\Adobe
2013-07-15 17:50 - 2012-08-01 20:24 - 00539168 _____ C:\Windows\DPINST.LOG
2013-07-11 06:37 - 2013-03-13 07:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 19:49 - 2013-03-13 07:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-08 17:39 - 2013-04-24 20:24 - 00000000 ____D C:\Users\Katja\AppData\Local\Spotify
2013-07-08 06:34 - 2011-08-28 19:02 - 00000000 ____D C:\Program Files (x86)\Opera
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-25 22:38
==================== End Of Log ============================
--- --- --- |
|
02.08.2013, 10:52
| #10 |
| /// the machine /// TB-Ausbilder | Optimizer Pro v3.1 und SpyHunter4 Java und Adobe updaten. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.08.2013, 16:07
| #11 |
| | Optimizer Pro v3.1 und SpyHunter4 Zuerst mal tausend Dank für die gute Hilfe. Leider habe ich noch ein Problem. Combofix will sich auf keine der beiden beschrieben Arten löschen. Es startet nur ein Scan. Ich habe daher nicht wie beschrieben weiter gemacht. Hier die Text-Datei vom neuen Scan. Code:
ATTFilter Combofix Logfile: |
|
04.08.2013, 09:54
| #12 |
| /// the machine /// TB-Ausbilder | Optimizer Pro v3.1 und SpyHunter4 Lass einfach Delfix laufen, das wird COmbofix auch entfernen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.08.2013, 11:28
| #13 |
| | Optimizer Pro v3.1 und SpyHunter4 Und noch eine Frage. SpyHunter wird mir noch immer unter Systemsteuerung -> Programme aufgeführt. Kann ich dort problemlos auf Deinstallieren klicken? Bin bei diesem Programm inzwischen einfach übervorsichtig. |
|
05.08.2013, 07:04
| #14 |
| /// the machine /// TB-Ausbilder | Optimizer Pro v3.1 und SpyHunter4 Ja deinstallier mal. Wenn das nix bringt poste mal ein frisches FRST log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.08.2013, 14:48
| #15 |
| | Optimizer Pro v3.1 und SpyHunter4 Habe es deinstalliert, es wird jetzt auch nicht mehr angezeigt. Hier der neueste FRST. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-08-2013
Ran by Katja (administrator) on 05-08-2013 15:46:56
Running from C:\Users\Katja\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
() C:\Windows\SysWOW64\Rezip.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-07] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [2703752 2010-03-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [436800 2013-07-15] (BillP Studios)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {14B6CE37-24FF-43A9-8DD6-5A0564FCDA37} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKLM-x32 - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\97jrqk9f.default
FF user.js: detected! => C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\97jrqk9f.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\97jrqk9f.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
FF Extension: No Name - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\97jrqk9f.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: trtv3 - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi
FF Extension: No Name - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\profiles\extensions\user.js
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] C:\Program Files (x86)\LyriXeeker\125.xpi
==================== Services (Whitelisted) =================
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2011-11-27] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software)
==================== Drivers (Whitelisted) ====================
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-09-28] (Windows (R) 2003 DDK 3790 provider)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-09-28] (Windows (R) 2003 DDK 3790 provider)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-24] (TuneUp Software)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-05 15:46 - 2013-08-05 15:46 - 01788733 _____ (Farbar) C:\Users\Katja\Desktop\FRST64.exe
2013-08-05 15:46 - 2013-08-05 15:46 - 00000000 ____D C:\FRST
2013-08-05 15:44 - 2013-08-05 15:44 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-05 15:34 - 2013-08-05 15:34 - 00448512 _____ (OldTimer Tools) C:\Users\Katja\Desktop\TFC.exe
2013-08-05 15:29 - 2013-08-05 15:29 - 00000000 ____D C:\Users\Katja\AppData\Roaming\WinPatrol
2013-08-05 15:29 - 2013-08-05 15:29 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-05 15:29 - 2013-08-05 15:29 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2013-08-04 15:51 - 2013-08-04 15:50 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-04 15:50 - 2013-08-04 15:50 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-04 15:50 - 2013-08-04 15:50 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-04 15:50 - 2013-08-04 15:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-04 15:50 - 2013-08-04 15:50 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-04 15:46 - 2013-08-04 15:46 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-08-04 15:33 - 2013-08-05 14:48 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-04 15:33 - 2013-08-04 15:33 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-04 15:29 - 2013-08-04 15:29 - 00000000 ____D C:\Users\Katja\AppData\Local\Secunia PSI
2013-08-04 15:28 - 2013-08-04 15:28 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-08-04 12:24 - 2013-08-04 12:24 - 00919592 _____ (BillP Studios) C:\Users\Katja\Desktop\wpsetup.exe
2013-08-04 12:22 - 2013-08-04 12:22 - 03272136 _____ (Secunia) C:\Users\Katja\Desktop\PSISetup711.exe
2013-08-04 12:03 - 2013-08-04 12:03 - 00001907 _____ C:\DelFix.txt
2013-08-01 06:52 - 2013-08-01 06:52 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Malwarebytes
2013-08-01 06:51 - 2013-08-01 06:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-01 06:51 - 2013-08-01 06:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-01 06:51 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-01 06:41 - 2013-08-04 12:03 - 00000000 ____D C:\Windows\ERUNT
2013-07-30 20:11 - 2013-07-30 19:19 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20130730-201116.backup
2013-07-30 19:05 - 2013-07-30 19:22 - 00000000 ____D C:\Windows\erdnt
2013-07-29 20:42 - 2013-07-29 20:42 - 00000056 _____ C:\Users\Katja\AppData\Roaming\WB.CFG
2013-07-29 20:42 - 2013-07-29 20:42 - 00000005 _____ C:\Users\Katja\AppData\Roaming\WBPU-TTL.DAT
2013-07-29 19:46 - 2013-07-29 19:46 - 00000000 ____D C:\Users\Katja\Qtrax
2013-07-29 19:42 - 2013-07-29 19:42 - 00003792 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-07-29 19:42 - 2013-07-29 19:42 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Zip Opener Packages
2013-07-29 19:42 - 2013-07-29 19:42 - 00000000 ____D C:\Users\Katja\AppData\Roaming\DigitalSite
2013-07-29 19:42 - 2013-07-29 19:42 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 _____ C:\autoexec.bat
2013-07-25 21:47 - 2013-07-25 21:47 - 00000000 ____D C:\Users\Katja\AppData\Local\Macromedia
2013-07-25 21:46 - 2013-07-25 21:46 - 00000000 ____D C:\Users\Katja\AppData\Local\Mozilla
2013-07-25 21:45 - 2013-07-24 11:59 - 00223750 _____ C:\Program Files (x86)\easy_youtube_video_downloader-6.9-fx-windows.xpi
2013-07-25 21:44 - 2013-07-25 21:44 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-25 21:44 - 2013-07-25 21:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-25 21:42 - 2013-07-25 21:42 - 00003380 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-25 21:41 - 2013-07-25 21:41 - 21840856 _____ (Mozilla) C:\Users\Katja\Downloads\Firefox_Setup.exe
2013-07-24 21:21 - 2013-07-24 21:23 - 00000000 ____D C:\Windows\system32\MRT
2013-07-24 21:05 - 2013-07-25 21:46 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Mozilla
2013-07-18 06:53 - 2013-03-12 19:23 - 00445034 ____R C:\Windows\system32\Drivers\etc\hosts.20130718-065336.backup
==================== One Month Modified Files and Folders =======
2013-08-05 15:46 - 2013-08-05 15:46 - 01788733 _____ (Farbar) C:\Users\Katja\Desktop\FRST64.exe
2013-08-05 15:46 - 2013-08-05 15:46 - 00000000 ____D C:\FRST
2013-08-05 15:46 - 2009-07-14 06:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-05 15:46 - 2009-07-14 06:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-05 15:44 - 2013-08-05 15:44 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-05 15:39 - 2010-06-01 03:03 - 01407760 _____ C:\Windows\WindowsUpdate.log
2013-08-05 15:36 - 2013-05-01 18:36 - 00011278 _____ C:\Windows\setupact.log
2013-08-05 15:36 - 2011-08-28 20:40 - 00158046 _____ C:\Windows\PFRO.log
2013-08-05 15:36 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-05 15:34 - 2013-08-05 15:34 - 00448512 _____ (OldTimer Tools) C:\Users\Katja\Desktop\TFC.exe
2013-08-05 15:29 - 2013-08-05 15:29 - 00000000 ____D C:\Users\Katja\AppData\Roaming\WinPatrol
2013-08-05 15:29 - 2013-08-05 15:29 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-05 15:29 - 2013-08-05 15:29 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2013-08-05 14:48 - 2013-08-04 15:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-05 11:58 - 2013-04-14 21:53 - 00215796 _____ C:\Windows\IE10_main.log
2013-08-04 21:05 - 2011-08-23 22:00 - 00064312 _____ C:\Users\Katja\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-04 21:05 - 2009-07-14 06:45 - 00296288 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-04 15:50 - 2013-08-04 15:51 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-04 15:50 - 2013-08-04 15:50 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-04 15:50 - 2013-08-04 15:50 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-04 15:50 - 2013-08-04 15:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-04 15:50 - 2013-08-04 15:50 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-04 15:50 - 2012-08-01 20:26 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-04 15:50 - 2011-09-28 19:46 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-04 15:46 - 2013-08-04 15:46 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-08-04 15:45 - 2011-09-28 19:47 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-08-04 15:33 - 2013-08-04 15:33 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-04 15:33 - 2012-04-11 17:29 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-04 15:33 - 2011-08-28 19:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-04 15:29 - 2013-08-04 15:29 - 00000000 ____D C:\Users\Katja\AppData\Local\Secunia PSI
2013-08-04 15:28 - 2013-08-04 15:28 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-08-04 12:24 - 2013-08-04 12:24 - 00919592 _____ (BillP Studios) C:\Users\Katja\Desktop\wpsetup.exe
2013-08-04 12:22 - 2013-08-04 12:22 - 03272136 _____ (Secunia) C:\Users\Katja\Desktop\PSISetup711.exe
2013-08-04 12:03 - 2013-08-04 12:03 - 00001907 _____ C:\DelFix.txt
2013-08-04 12:03 - 2013-08-01 06:41 - 00000000 ____D C:\Windows\ERUNT
2013-08-03 17:05 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-03 12:16 - 2011-08-23 21:52 - 00000000 ____D C:\Users\Katja
2013-08-02 16:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-01 06:52 - 2013-08-01 06:52 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Malwarebytes
2013-08-01 06:51 - 2013-08-01 06:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-01 06:51 - 2013-08-01 06:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-30 19:22 - 2013-07-30 19:05 - 00000000 ____D C:\Windows\erdnt
2013-07-30 19:19 - 2013-07-30 20:11 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20130730-201116.backup
2013-07-30 19:18 - 2009-07-14 04:34 - 64749568 _____ C:\Windows\system32\config\software.bak
2013-07-30 19:18 - 2009-07-14 04:34 - 18087936 _____ C:\Windows\system32\config\system.bak
2013-07-30 19:18 - 2009-07-14 04:34 - 04980736 _____ C:\Windows\system32\config\default.bak
2013-07-30 19:18 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-07-30 19:18 - 2009-07-14 04:34 - 00024576 _____ C:\Windows\system32\config\sam.bak
2013-07-30 19:08 - 2012-12-30 23:29 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-30 15:26 - 2013-04-24 20:23 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Spotify
2013-07-30 07:39 - 2010-06-01 19:30 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-07-30 07:39 - 2010-06-01 19:30 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-07-30 07:39 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-29 20:42 - 2013-07-29 20:42 - 00000056 _____ C:\Users\Katja\AppData\Roaming\WB.CFG
2013-07-29 20:42 - 2013-07-29 20:42 - 00000005 _____ C:\Users\Katja\AppData\Roaming\WBPU-TTL.DAT
2013-07-29 19:46 - 2013-07-29 19:46 - 00000000 ____D C:\Users\Katja\Qtrax
2013-07-29 19:42 - 2013-07-29 19:42 - 00003792 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-07-29 19:42 - 2013-07-29 19:42 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Zip Opener Packages
2013-07-29 19:42 - 2013-07-29 19:42 - 00000000 ____D C:\Users\Katja\AppData\Roaming\DigitalSite
2013-07-29 19:42 - 2013-07-29 19:42 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-29 18:51 - 2013-07-29 18:51 - 00000000 _____ C:\autoexec.bat
2013-07-26 06:43 - 2011-12-05 21:13 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2013-07-25 21:47 - 2013-07-25 21:47 - 00000000 ____D C:\Users\Katja\AppData\Local\Macromedia
2013-07-25 21:46 - 2013-07-25 21:46 - 00000000 ____D C:\Users\Katja\AppData\Local\Mozilla
2013-07-25 21:46 - 2013-07-24 21:05 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Mozilla
2013-07-25 21:44 - 2013-07-25 21:44 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-25 21:44 - 2013-07-25 21:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-25 21:43 - 2012-11-13 21:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-25 21:42 - 2013-07-25 21:42 - 00003380 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-25 21:41 - 2013-07-25 21:41 - 21840856 _____ (Mozilla) C:\Users\Katja\Downloads\Firefox_Setup.exe
2013-07-24 21:28 - 2011-08-23 18:34 - 00001912 _____ C:\Windows\epplauncher.mif
2013-07-24 21:28 - 2011-08-23 18:34 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-24 21:27 - 2011-08-23 18:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-24 21:23 - 2013-07-24 21:21 - 00000000 ____D C:\Windows\system32\MRT
2013-07-24 11:59 - 2013-07-25 21:45 - 00223750 _____ C:\Program Files (x86)\easy_youtube_video_downloader-6.9-fx-windows.xpi
2013-07-19 06:43 - 2011-08-23 21:54 - 00000000 ____D C:\Users\Katja\AppData\Local\Adobe
2013-07-15 17:50 - 2012-08-01 20:24 - 00539168 _____ C:\Windows\DPINST.LOG
2013-07-11 06:37 - 2013-03-13 07:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 19:49 - 2013-03-13 07:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-08 17:39 - 2013-04-24 20:24 - 00000000 ____D C:\Users\Katja\AppData\Local\Spotify
2013-07-08 06:34 - 2011-08-28 19:02 - 00000000 ____D C:\Program Files (x86)\Opera
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-03 17:31
==================== End Of Log ============================
|
|
| Themen zu Optimizer Pro v3.1 und SpyHunter4 |
| adobe, battle.net, browserdefendert, delta chrome toolbar, downloader, entfernen, esgscanner.sys, explorer, fehlermeldung, flash player, format, install.exe, installation, internet explorer 10, lyricxeeker, plug-in, pup.optional.a.babsolution, pup.optional.lyricxeeker.a, pup.optional.lyrixeeker, richtlinie, software, spotify web helper, svchost.exe, updates, windows |
Linear-Darstellung
