| |
| |||||||
Log-Analyse und Auswertung: a2ZLyrics - ich verzweifeleWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.11.2013, 23:34
| #1 |
 |  a2ZLyrics - ich verzweifele Tja, ich bin ja wohl die die Einzige, die es erwischt hat: A2Zlyrics macht mir das Leben schwer. Ich brauche dringend Hilfe. Ganz herzlichen Dank schon mal! FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Maria Gabriela (administrator) on MOONLIGHTSONATA on 02-11-2013 23:14:38
Running from C:\Documents and Settings\Maria Gabriela\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 6
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
() C:\WINDOWS\system32\AppleOSSMgr.exe
(Apple Inc.) C:\WINDOWS\system32\AppleTimeSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(SigmaTel, Inc.) C:\WINDOWS\system32\STacSV.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Apple Inc.) C:\WINDOWS\system32\IRW.exe
(Apple Inc.) C:\Program Files\Boot Camp\KbdMgr.exe
(Lavasoft) C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(Repkasoft) C:\Program Files\YoWindow\yowindow.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IRW] - C:\WINDOWS\system32\IRW.exe [147456 2007-10-08] (Apple Inc.)
HKLM\...\Run: [Apple_KbdMgr] - C:\Program Files\Boot Camp\KbdMgr.exe [419120 2007-10-08] (Apple Inc.)
HKLM\...\Run: [Ad-Aware Browsing Protection] - C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe [542104 2012-11-16] (Lavasoft)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\InprocServer32: [Default-wbemess] wbemess.dll ATTENTION! ====> ZeroAccess?
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
MountPoints2: {071b8471-de90-11df-b5bb-001b6313f77e} - E:\LaunchU3.exe -a
MountPoints2: {f21a3798-4e9a-11e1-b63e-001b6313f77e} - E:\LaunchU3.exe -a
AppInit_DLLs: c:\docume~1\alluse~1\applic~1\browse~1\261095~1.52\{c16c1~1\browse~1.dll [ 2006-02-28] ()
IMEO\capture.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IMEO\coreldrw.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IMEO\corelpp.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IMEO\excel.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IMEO\hddlifepro.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IMEO\mstore.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IMEO\offdiag.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IMEO\ois.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IMEO\onenote.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IMEO\onenotem.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IMEO\pdapp.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IMEO\powerpnt.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IMEO\skype.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IMEO\winword.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\Maria Gabriela\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
Startup: C:\Documents and Settings\Maria Gabriela\Start Menu\Programs\Startup\YoWindow.lnk
ShortcutTarget: YoWindow.lnk -> C:\Program Files\YoWindow\yowindow.exe (Repkasoft)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart
==================== Internet (Whitelisted) ====================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Sign In
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = Sign In
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Sign In
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {36683662-D727-4AD9-8794-1F5B902999CB} URL = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
SearchScopes: HKLM - {581A8400-3854-4532-901A-91BC91655A73} URL = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
SearchScopes: HKLM - {9EACB0BE-EDB1-4D60-9266-354A0CC6E2AD} URL = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
SearchScopes: HKCU - {30A741AB-839D-4E72-A2A1-4A1D76493F67} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=05311972-0023-4301-9558-e44692d67ada&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {36683662-D727-4AD9-8794-1F5B902999CB} URL = hxxp://downloads.phpnuke.org.anonymize-me.de/?anonymto=687474703A2F2F646F776E6C6F6164732E7068706E756B652E6F72672F64652F696E6465782E7068703F7276733D676F6F676C65&st={searchTerms}&clid=05311972-0023-4301-9558-e44692d67ada&pid=freewarede&k=0
SearchScopes: HKCU - {581A8400-3854-4532-901A-91BC91655A73} URL = hxxp://downloads.phpnuke.org.anonymize-me.de/?anonymto=687474703A2F2F646F776E6C6F6164732E7068706E756B652E6F72672F64652F696E6465782E7068703F7276733D676F6F676C65&st={searchTerms}&clid=05311972-0023-4301-9558-e44692d67ada&pid=freewarede&k=0
SearchScopes: HKCU - {6469811C-FFC9-493A-8AFC-82E43F2B9999} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=05311972-0023-4301-9558-e44692d67ada&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {91E3CAF0-5F77-4DAE-A72A-B70F5FC2C8B8} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=05311972-0023-4301-9558-e44692d67ada&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {9EACB0BE-EDB1-4D60-9266-354A0CC6E2AD} URL = hxxp://downloads.phpnuke.org.anonymize-me.de/?anonymto=687474703A2F2F646F776E6C6F6164732E7068706E756B652E6F72672F64652F696E6465782E7068703F7276733D676F6F676C65&st={searchTerms}&clid=05311972-0023-4301-9558-e44692d67ada&pid=freewarede&k=0
SearchScopes: HKCU - {AA5E1114-9742-4A64-8CB6-DA405CB24949} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=05311972-0023-4301-9558-e44692d67ada&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {B75492BF-CF43-4F46-A7AA-E49EE9FF740A} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=05311972-0023-4301-9558-e44692d67ada&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {E4B2A159-30F8-49D3-AC1E-EF854DD92BB7} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=05311972-0023-4301-9558-e44692d67ada&pid=freewarede&mode=bounce&k=0
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @fluxdvd.com/NPWMDRMWrapper - C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll ( )
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @protectdisc.com/NPMPDRM - C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\searchplugins\nation-secure-search.xml
FF SearchPlugin: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\searchplugins\{08AA91A0-A545-47D5-AA85-6C91694EAC34}.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\nation-secure-search.xml
FF Extension: a2zLyrics-16 - C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\Extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: AddThis - C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF Extension: noscript - C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (Microsoft\u00C3\u00C2\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00C3\u00C2\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (fluxDVD Browser Plugin) - C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (fluxDVD Placeholder Plugin) - C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll ( )
CHR Plugin: (Windows Live\u00C3\u00C2\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Koji NISHIDA) - C:\DOCUME~1\MARIAG~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\acganlmcjehnfmehkmlimgkaloifodlf\2_0
CHR Extension: (Google Docs) - C:\DOCUME~1\MARIAG~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (YouTube) - C:\DOCUME~1\MARIAG~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOCUME~1\MARIAG~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\DOCUME~1\MARIAG~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\DOCUME~1\MARIAG~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM\...\Chrome\Extension: [kdneagjiboclldmglpjofpeipkbollcf] - C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
========================== Services (Whitelisted) =================
R2 AppleOSSMgr; C:\WINDOWS\system32\AppleOSSMgr.exe [140592 2007-10-08] ()
R2 AppleTimeSrv; C:\WINDOWS\system32\AppleTimeSrv.exe [99632 2007-10-08] (Apple Inc.)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [520192 2007-06-14] ()
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
S4 HDDlife HDD Access service; C:\Program Files\Common Files\BinarySense\hldasvc.exe [2095368 2013-02-14] (BinarySense, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG)
S4 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 STacSV; C:\WINDOWS\system32\STacSV.exe [86016 2007-10-08] (SigmaTel, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1739064 2013-10-08] (AVG)
S4 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
==================== Drivers (Whitelisted) ====================
R3 applebmt; C:\Windows\System32\DRIVERS\applebmt.sys [34304 2009-10-15] (Apple Inc.)
R3 applebt; C:\Windows\System32\DRIVERS\applebt.sys [8064 2007-10-08] (Apple Inc.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120632 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209208 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [145720 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102200 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-11-01] (AVG Technologies)
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [592256 2007-10-08] (Broadcom Corporation)
S3 BthKicker; C:\Windows\System32\DRIVERS\BthKicker.sys [7424 2007-10-08] (Apple Inc.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2004-08-03] (Microsoft Corporation)
R3 DevUpper; C:\Windows\System32\DRIVERS\iSightFT.sys [8320 2007-10-08] (Apple Inc.)
S2 DgiVecp; C:\WINDOWS\system32\Drivers\DgiVecp.sys [41984 2004-08-11] (Samsung Electronics Co., Ltd.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2012-12-12] (GFI Software)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51088 2004-06-22] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-06-22] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP)
R3 IRRemoteFlt; C:\Windows\System32\DRIVERS\IRFilter.sys [16512 2007-10-08] (Apple Inc.)
S3 iSightUpdate; C:\Windows\System32\DRIVERS\iSightUP.sys [18304 2007-10-08] (Apple Inc.)
R2 KeyAgent; C:\WINDOWS\system32\drivers\KeyAgent.sys [4864 2007-10-08] (Apple Inc.)
R3 KeyMagic; C:\Windows\System32\DRIVERS\KeyMagic.sys [17920 2007-10-08] (Apple Inc.)
R2 MacHALDriver; C:\WINDOWS\system32\drivers\MacHALDriver.sys [6528 2007-10-08] (Apple Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2004-08-03] (Microsoft Corporation)
R1 SBRE; C:\Windows\system32\drivers\SBREDrv.sys [101720 2012-02-14] (Sunbelt Software)
S3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2006-02-28] ()
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1177864 2007-10-08] (SigmaTel, Inc.)
R3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [12320 2013-09-18] (TuneUp Software)
S3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [255232 2007-10-08] (Marvell)
S3 cpuz132; \??\C:\DOCUME~1\MARIAG~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [x]
S4 IntelIde; No ImagePath
S3 NSNDIS5; \??\C:\WINDOWS\system32\NSNDIS5.SYS [x]
S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [x]
U1 WS2IFSL;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-02 23:14 - 2013-11-02 23:14 - 00000000 ____D C:\FRST
2013-11-02 22:51 - 2013-11-02 22:51 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\AVG
2013-11-02 22:48 - 2013-11-02 22:55 - 00000000 ____D C:\AdwCleaner
2013-11-01 22:25 - 2013-11-01 22:25 - 00001747 _____ C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2013-11-01 22:25 - 2013-11-01 22:25 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Application Data\AVG
2013-11-01 22:25 - 2013-11-01 22:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014
2013-11-01 22:25 - 2013-10-08 13:46 - 00036152 _____ (AVG) C:\WINDOWS\system32\TURegOpt.exe
2013-11-01 22:22 - 2013-11-01 22:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG
2013-11-01 22:21 - 2013-11-01 22:30 - 00000000 __SHD C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-11-01 22:15 - 2013-11-01 22:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2013-11-01 22:09 - 2013-11-01 22:09 - 00001702 _____ C:\Program Files\Mozilla Firefoxnation-secure-search.xml
2013-11-01 22:09 - 2013-11-01 22:08 - 00037664 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2013-11-01 22:06 - 2013-11-01 22:23 - 00000000 ____D C:\Program Files\AVG
2013-11-01 21:41 - 2013-11-01 22:09 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-01 21:36 - 2013-11-02 22:36 - 00000420 _____ C:\WINDOWS\Tasks\At2.job
2013-11-01 21:35 - 2013-11-02 22:35 - 00000416 _____ C:\WINDOWS\Tasks\At1.job
2013-11-01 21:35 - 2013-11-01 21:35 - 00000000 ____D C:\Program Files\Foxtab
2013-11-01 21:35 - 2013-11-01 21:35 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Application Data\FoxTab
2013-11-01 18:49 - 2013-11-01 18:49 - 00000000 ____D C:\Program Files\Zula Games
2013-11-01 18:49 - 2013-11-01 18:49 - 00000000 ____D C:\Program Files\ffdshow
2013-11-01 18:49 - 2013-11-01 18:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ffdshow
2013-11-01 18:17 - 2013-11-01 18:17 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\NativeMessaging
2013-11-01 18:10 - 2013-11-01 18:10 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Application Data\AVAST Software
2013-11-01 18:07 - 2013-11-01 18:07 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-01 18:07 - 2013-11-01 18:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-11-01 08:47 - 2013-11-01 08:49 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Desktop\301013(2)
2013-10-30 13:34 - 2013-10-30 13:37 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Desktop\101MSDCF
2013-10-27 16:50 - 2013-10-27 18:31 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Desktop\Anneliese Forwick
2013-10-17 08:03 - 2013-11-01 18:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Netzmanager
2013-10-17 08:03 - 2013-10-19 08:23 - 00000000 __HDC C:\Documents and Settings\All Users\Application Data\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
2013-10-17 08:03 - 2013-10-17 08:03 - 00000792 _____ C:\Documents and Settings\All Users\Start Menu\Netzmanager.lnk
2013-10-17 08:03 - 2013-10-17 08:03 - 00000000 ____D C:\Program Files\Netzmanager
2013-10-17 08:03 - 2013-10-17 08:03 - 00000000 ____D C:\Program Files\Microsoft WSE
2013-10-17 08:03 - 2013-10-17 08:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Netzmanager
2013-10-17 07:45 - 2013-10-17 07:45 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\CanonIJFAX
2013-10-17 07:45 - 2010-09-13 13:44 - 00106496 _____ (CANON INC.) C:\WINDOWS\system32\CNC360U.dll
2013-10-17 07:45 - 2010-09-13 13:42 - 01347584 _____ (CANON INC.) C:\WINDOWS\system32\CNC360C.dll
2013-10-17 07:45 - 2010-09-13 13:42 - 00114688 _____ (CANON INC.) C:\WINDOWS\system32\CNC360I.dll
2013-10-17 07:45 - 2010-09-06 16:03 - 00315392 _____ (CANON INC.) C:\WINDOWS\system32\CNC360L.dll
2013-10-17 07:45 - 2010-05-14 09:45 - 00015104 _____ C:\WINDOWS\system32\CNC174DD.TBL
2013-10-17 07:45 - 2008-08-25 17:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA.dll
2013-10-17 06:41 - 2013-10-17 06:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2013-10-14 15:07 - 2013-10-14 15:07 - 00000000 ____D C:\output
2013-10-09 11:16 - 2013-10-09 14:17 - 17813896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
==================== One Month Modified Files and Folders =======
2013-11-02 23:16 - 2012-04-09 09:31 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-02 23:14 - 2013-11-02 23:14 - 00000000 ____D C:\FRST
2013-11-02 23:03 - 2010-10-23 10:02 - 00521444 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-02 22:59 - 2013-03-13 20:38 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-11-02 22:59 - 2012-10-27 07:01 - 00000296 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1275210071-839522115-1003.job
2013-11-02 22:59 - 2010-10-23 10:04 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-02 22:59 - 2006-02-28 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-02 22:58 - 2010-10-23 23:30 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-02 22:57 - 2013-05-06 21:33 - 00327640 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-11-02 22:57 - 2011-02-11 07:56 - 00004956 _____ C:\WINDOWS\bthservsdp.dat
2013-11-02 22:57 - 2010-11-25 12:39 - 00131072 _____ C:\WINDOWS\system32\config\TuneUp.evt
2013-11-02 22:57 - 2010-10-23 23:30 - 00032208 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-02 22:56 - 2013-03-18 23:01 - 00268203 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-02 22:56 - 2010-10-23 23:33 - 00000178 ___SH C:\Documents and Settings\Maria Gabriela\ntuser.ini
2013-11-02 22:56 - 2010-10-23 23:33 - 00000000 ____D C:\Documents and Settings\Maria Gabriela
2013-11-02 22:55 - 2013-11-02 22:48 - 00000000 ____D C:\AdwCleaner
2013-11-02 22:51 - 2013-11-02 22:51 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\AVG
2013-11-02 22:36 - 2013-11-01 21:36 - 00000420 _____ C:\WINDOWS\Tasks\At2.job
2013-11-02 22:35 - 2013-11-01 21:35 - 00000416 _____ C:\WINDOWS\Tasks\At1.job
2013-11-02 22:35 - 2013-09-21 11:41 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Desktop\Love Ohlala
2013-11-02 22:30 - 2010-10-23 14:22 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Desktop\Programme
2013-11-02 22:29 - 2010-10-27 12:49 - 00002519 _____ C:\Documents and Settings\Maria Gabriela\Desktop\Word.lnk
2013-11-02 18:51 - 2013-03-02 18:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-11-02 11:34 - 2010-10-23 18:07 - 00000000 ____D C:\WINDOWS\SxsCaPendDel
2013-11-02 09:49 - 2013-07-16 19:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$
2013-11-02 08:59 - 2010-11-08 15:34 - 00001114 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-02 08:59 - 2010-11-08 15:34 - 00001110 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-02 02:23 - 2012-05-02 19:25 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-01 22:30 - 2013-11-01 22:21 - 00000000 __SHD C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-11-01 22:25 - 2013-11-01 22:25 - 00001747 _____ C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2013-11-01 22:25 - 2013-11-01 22:25 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Application Data\AVG
2013-11-01 22:25 - 2013-11-01 22:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014
2013-11-01 22:25 - 2013-11-01 22:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG
2013-11-01 22:23 - 2013-11-01 22:06 - 00000000 ____D C:\Program Files\AVG
2013-11-01 22:22 - 2012-12-18 21:08 - 00000000 ____D C:\Program Files\TuneUp Utilities 2013
2013-11-01 22:15 - 2013-11-01 22:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2013-11-01 22:15 - 2013-05-10 08:38 - 01146461 _____ C:\WINDOWS\setupapi.log
2013-11-01 22:11 - 2013-09-24 16:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2014
2013-11-01 22:09 - 2013-11-01 22:09 - 00001702 _____ C:\Program Files\Mozilla Firefoxnation-secure-search.xml
2013-11-01 22:09 - 2013-11-01 21:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-01 22:08 - 2013-11-01 22:09 - 00037664 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2013-11-01 22:07 - 2013-03-02 18:11 - 00000000 ___HD C:\$AVG
2013-11-01 21:35 - 2013-11-01 21:35 - 00000000 ____D C:\Program Files\Foxtab
2013-11-01 21:35 - 2013-11-01 21:35 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Application Data\FoxTab
2013-11-01 21:30 - 2013-01-22 12:18 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Desktop\FOTOS 2013
2013-11-01 18:53 - 2010-10-23 23:30 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-11-01 18:53 - 2010-10-23 23:29 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-11-01 18:53 - 2010-10-23 23:22 - 00000000 ____D C:\WINDOWS\Registration
2013-11-01 18:49 - 2013-11-01 18:49 - 00000000 ____D C:\Program Files\Zula Games
2013-11-01 18:49 - 2013-11-01 18:49 - 00000000 ____D C:\Program Files\ffdshow
2013-11-01 18:49 - 2013-11-01 18:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ffdshow
2013-11-01 18:49 - 2013-09-10 07:42 - 00000000 ____D C:\Program Files\EPSON
2013-11-01 18:47 - 2013-09-29 15:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\GamePacks
2013-11-01 18:47 - 2013-09-10 07:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\EPSON
2013-11-01 18:45 - 2013-10-17 08:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Netzmanager
2013-11-01 18:17 - 2013-11-01 18:17 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\NativeMessaging
2013-11-01 18:10 - 2013-11-01 18:10 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Application Data\AVAST Software
2013-11-01 18:07 - 2013-11-01 18:07 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-01 18:07 - 2013-11-01 18:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-11-01 08:49 - 2013-11-01 08:47 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Desktop\301013(2)
2013-10-30 13:37 - 2013-10-30 13:34 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Desktop\101MSDCF
2013-10-29 17:33 - 2012-10-27 07:01 - 00000304 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1275210071-839522115-1003.job
2013-10-27 18:31 - 2013-10-27 16:50 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Desktop\Anneliese Forwick
2013-10-25 14:25 - 2013-09-25 05:45 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Desktop\Originals
2013-10-25 08:01 - 2013-01-11 08:49 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Desktop\Neuendorf
2013-10-25 05:36 - 2013-09-24 16:56 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Avg2014
2013-10-24 22:24 - 2010-10-26 19:12 - 02036584 ___SH C:\Documents and Settings\Maria Gabriela\Desktop\Thumbs.db
2013-10-19 21:23 - 2010-10-26 06:19 - 00002875 _____ C:\Documents and Settings\Maria Gabriela\Start Menu\Program Updates.lnk
2013-10-19 08:23 - 2013-10-17 08:03 - 00000000 __HDC C:\Documents and Settings\All Users\Application Data\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
2013-10-17 17:39 - 2010-10-23 23:42 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-10-17 08:03 - 2013-10-17 08:03 - 00000792 _____ C:\Documents and Settings\All Users\Start Menu\Netzmanager.lnk
2013-10-17 08:03 - 2013-10-17 08:03 - 00000000 ____D C:\Program Files\Netzmanager
2013-10-17 08:03 - 2013-10-17 08:03 - 00000000 ____D C:\Program Files\Microsoft WSE
2013-10-17 08:03 - 2013-10-17 08:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Netzmanager
2013-10-17 07:45 - 2013-10-17 07:45 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\CanonIJFAX
2013-10-17 07:45 - 2010-10-23 09:53 - 00000000 ____D C:\WINDOWS\twain_32
2013-10-17 07:45 - 2010-10-23 09:53 - 00000000 ____D C:\WINDOWS\Media
2013-10-17 06:41 - 2013-10-17 06:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2013-10-17 06:41 - 2013-08-18 06:41 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-15 06:48 - 2013-08-01 21:44 - 00000000 ___RD C:\Program Files\Skype
2013-10-14 15:07 - 2013-10-14 15:07 - 00000000 ____D C:\output
2013-10-09 14:17 - 2013-10-09 11:16 - 17813896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-10-09 14:17 - 2012-04-09 09:30 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-09 14:17 - 2011-07-17 09:17 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-09 06:42 - 2010-10-23 10:01 - 03550776 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-08 13:46 - 2013-11-01 22:25 - 00036152 _____ (AVG) C:\WINDOWS\system32\TURegOpt.exe
2013-10-08 08:27 - 2010-10-23 14:49 - 00063280 _____ C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-08 06:31 - 2006-02-28 13:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-10-05 07:25 - 2013-04-12 06:09 - 00000000 ___RD C:\Documents and Settings\Maria Gabriela\My Documents\Gabriela
2013-10-05 07:25 - 2013-02-24 11:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Wincert
2013-10-04 08:40 - 2012-12-27 11:00 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\My Documents\27122012
2013-10-03 14:51 - 2013-05-22 16:40 - 00000000 ____D C:\WINDOWS\system32\cache
ZeroAccess:
C:\Windows\Installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}
C:\Windows\Installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\@
ZeroAccess:
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\@
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
Some content of TEMP:
====================
C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\FLVPlayerSetup.exe
C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\LiveSupport_setup.exe
C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\oi_{1E12F16D-2758-4948-8334-1E5347A15231}.exe
C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\tbappb.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2006-02-28 13:00] - [2006-02-28 13:00] - 1032192 ____A (Microsoft Corporation) a0732187050030ae399b241436565e64
C:\Windows\System32\winlogon.exe
[2006-02-28 13:00] - [2006-02-28 13:00] - 0502272 ____A (Microsoft Corporation) 01c3346c241652f43aed8e2149881bfe
C:\Windows\System32\svchost.exe
[2006-02-28 13:00] - [2006-02-28 13:00] - 0014336 ____A (Microsoft Corporation) 8f078ae4ed187aaabc0a305146de6716
C:\Windows\System32\services.exe
[2006-02-28 13:00] - [2009-02-06 18:14] - 0110592 ____A (Microsoft Corporation) 37561f8d4160d62da86d24ae41fae8de
C:\Windows\System32\User32.dll
[2006-02-28 13:00] - [2006-02-28 13:00] - 0577024 ____A (Microsoft Corporation) c72661f8552ace7c5c85e16a3cf505c4
C:\Windows\System32\userinit.exe
[2006-02-28 13:00] - [2012-05-02 19:19] - 0024576 ____A (Microsoft Corporation) 39b1ffb03c2296323832acbae50d2aff
C:\Windows\System32\Drivers\volsnap.sys
[2006-02-28 13:00] - [2006-02-28 13:00] - 0052352 ____A (Microsoft Corporation) ee4660083deba849ff6c485d944b379b
==================== End Of Log ============================
--- --- --- --- --- --- ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:55B41E6A AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9B013599 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Faulty Device Manager Devices ============= Name: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Marvell Service: yukonwxp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Bluetooth Device (Personal Area Network) Description: Bluetooth Device (Personal Area Network) Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Microsoft Service: BthPan Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Nokia 6600 fold Description: Nokia 6600 fold Class Guid: {EEC5AD98-8080-425F-922A-DABF3DE3F69A} Manufacturer: Nokia Service: WUDFRd Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (11/01/2013 09:35:52 PM) (Source: MsiInstaller) (User: MOONLIGHTSONATA) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\GoogleUpdateHelper.msi Error: (11/01/2013 06:43:43 PM) (Source: Application Error) (User: ) Description: Fault bucket -362004852. The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected. Error: (11/01/2013 06:43:12 PM) (Source: Application Error) (User: ) Description: Faulting application McCHSvc.exe, version 3.8.130.0, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x00011948. Processing media-specific event for [McCHSvc.exe!ws!] Error: (11/01/2013 03:20:23 PM) (Source: Application Error) (User: ) Description: Fault bucket -964704830. The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected. Error: (11/01/2013 03:20:16 PM) (Source: Application Error) (User: ) Description: Faulting application webplayer.exe, version 1.1.0.0, faulting module shdocvw.dll, version 6.0.2900.3698, fault address 0x000342cd. Processing media-specific event for [webplayer.exe!ws!] Error: (11/01/2013 03:19:44 PM) (Source: Application Error) (User: ) Description: Fault bucket -964704830. The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected. Error: (11/01/2013 03:19:39 PM) (Source: Application Error) (User: ) Description: Faulting application webplayer.exe, version 1.1.0.0, faulting module shdocvw.dll, version 6.0.2900.3698, fault address 0x000342cd. Processing media-specific event for [webplayer.exe!ws!] Error: (10/31/2013 06:51:53 PM) (Source: Bonjour Service) (User: ) Description: Timed out waiting for acknowledgement of machine sleep Error: (10/31/2013 07:41:30 AM) (Source: Application Error) (User: ) Description: Faulting application McCHSvc.exe, version 3.8.130.0, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x0001817a. Processing media-specific event for [McCHSvc.exe!ws!] Error: (10/31/2013 06:46:58 AM) (Source: Application Error) (User: ) Description: Fault bucket -398071053. The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected. System errors: ============= Error: (11/02/2013 11:04:09 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service terminated with the following error: %%1460 Error: (11/02/2013 10:59:45 PM) (Source: Service Control Manager) (User: ) Description: The SSPORT service failed to start due to the following error: %%2 Error: (11/02/2013 10:59:45 PM) (Source: Service Control Manager) (User: ) Description: The DgiVecp service failed to start due to the following error: %%20 Error: (11/02/2013 10:01:18 PM) (Source: Service Control Manager) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the AppleOSSMgr service. Error: (11/02/2013 10:00:41 PM) (Source: Service Control Manager) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the AppleOSSMgr service. Error: (11/02/2013 10:00:07 PM) (Source: Service Control Manager) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the AppleOSSMgr service. Error: (11/02/2013 10:00:07 PM) (Source: 0) (User: ) Description: Error: (11/02/2013 08:01:23 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service terminated with the following error: %%1460 Error: (11/02/2013 07:57:00 PM) (Source: Service Control Manager) (User: ) Description: The SSPORT service failed to start due to the following error: %%2 Error: (11/02/2013 07:57:00 PM) (Source: Service Control Manager) (User: ) Description: The DgiVecp service failed to start due to the following error: %%20 Microsoft Office Sessions: ========================= Error: (10/01/2013 04:40:59 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 36904 seconds with 420 seconds of active time. This session ended with a crash. Error: (09/15/2013 11:13:53 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3601 seconds with 180 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 60% Total physical RAM: 2032.27 MB Available physical RAM: 812.42 MB Total Pagefile: 3924.82 MB Available Pagefile: 2818.15 MB Total Virtual: 2047.88 MB Available Virtual: 1967.5 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:105.69 GB) (Free:55.55 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: F21DF21D) Partition: GPT Partition TypePartition 2: (Not Active) - (Size=127 GB) - (Type=AF) Partition 3: (Active) - (Size=106 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
03.11.2013, 00:02
| #2 |
| /// Malwareteam / Visitor  | a2ZLyrics - ich verzweifele Ich bin smeenk und ich werde versuchen dir zu helfen  Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
|
|
03.11.2013, 20:34
| #3 |
| | a2ZLyrics - ich verzweifeleCode:
ATTFilter Zoek.exe Version 4.0.0.5 Updated 26-October-2013
Tool run by Maria Gabriela on 03.11.2013 at 20:03:09,98.
Microsoft Windows XP Professional 5.1.2600 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\DOCUME~1\MARIAG~1\LOCALS~1\Temp\Rar$EXa0.763\zoek.exe [Script inserted]
==== System Restore Info ======================
03.11.2013 20:06:47 Zoek.exe System Restore Point Created Succesfully.
==== Possible Rootkit Infection ======================
C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\L
C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\U
C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\@
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{30A741AB-839D-4E72-A2A1-4A1D76493F67} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{36683662-D727-4AD9-8794-1F5B902999CB} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{581A8400-3854-4532-901A-91BC91655A73} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6469811C-FFC9-493A-8AFC-82E43F2B9999} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{91E3CAF0-5F77-4DAE-A72A-B70F5FC2C8B8} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9EACB0BE-EDB1-4D60-9266-354A0CC6E2AD} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AA5E1114-9742-4A64-8CB6-DA405CB24949} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{B75492BF-CF43-4F46-A7AA-E49EE9FF740A} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{E4B2A159-30F8-49D3-AC1E-EF854DD92BB7} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Installed Programs ======================
7-Zip 9.20
Ad-Aware Browsing Protection
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Community Help
Adobe Digital Editions
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 1.0
Adobe Media Player
Adobe Photoshop CS2
Adobe Reader XI (11.0.05) - Deutsch
Adobe Stock Photos 1.0
AIDA64 Extreme Edition v1.80
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
AVG 2014
AVG Nation toolbar
AVG PC TuneUp 2014
AVG PC TuneUp 2014 (de-DE)
Bewerbungsfoto-/Passbild-Generator v3.2c
Bildschutz Pro
Bonjour
Boot Camp-Dienste
Bubble Hit Bundle by GamePacks
Bubble Hit by GamePacks
calibre
Canon iP5200
Canon MX360 series MP Drivers
Canon PhotoRecord
Canon RAW Codec
Canon Setup Utility 2.0
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CCleaner
CorelDRAW Graphics Suite X3
DE
Dup Detector
Easy-WebPrint
Easy Poster Printer
EPSON-Drucker-Software
Extended Update
ffdshow v1.2.4422 [2012-04-09]
FontNav
Foxtab
GIMP 2.6.6
Google Chrome
Google Earth
Google Update Helper
GTK+ 2.4.3 runtime environment
HDDlife Pro 4.0
HiJackThis
HomepageFIX 2012
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImageBlizzard 1.0
IrfanView (remove only)
iTunes
Java 7 Update 17
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 26
Junk Mail filter update
Malwarebytes Anti-Malware Version 1.75.0.1300
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft IntelliPoint 8.2
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (German) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft_VC100_CRT_SP1_x86
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MobileMe Control Panel
Mozilla Firefox 25.0 (x86 en-US)
Mozilla Maintenance Service
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Netzmanager
Nokia Connectivity Cable Driver
Nokia Suite
Nuance OmniPage 17
Panorama Maker
PC Connectivity Solution
PhotoScape
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
RonyaSoft Poster Printer (ProPoster) 3.01
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Segoe UI
SF Briefkopf 7.14
SigmaTel Audio
Skype Click to Call
SkypeT 6.7
Spybot - Search & Destroy
TuneUp Utilities Language Pack (de-DE)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB911164)
Update Manager
VBA
Videoload Manager 2.0.2220
Visual Studio 2012 x86 Redistributables
VLC media player 2.0.4
WebFldrs XP
Windows Driver Package - Apple Inc. (applebt) Bluetooth (06/27/2007 2.0.0.1)
Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
Windows Driver Package - Apple Inc. Apple Built-in iSight (04/09/2007 1.3.0.0)
Windows Driver Package - Apple Inc. Apple IR Receiver (07/16/2007 2.0.0.1)
Windows Driver Package - Apple Inc. Apple Keyboard (08/30/2007 2.0.1.4)
Windows Driver Package - Apple Inc. Apple Trackpad (08/28/2007 2.0.1.4)
Windows Driver Package - Apple Inc. Apple Trackpad Enabler (08/28/2007 2.0.1.4)
Windows Driver Package - Apple Inc. Apple Wireless Mouse (09/17/2009 3.0.0.5)
Windows Driver Package - Apple Inc. System (06/21/2007 2.0.0.0)
Windows Driver Package - Atheros (AR5211) Net (04/05/2007 5.3.0.35)
Windows Driver Package - Atheros (AR5416) Net (06/26/2007 6.0.3.94)
Windows Driver Package - Broadcom (BCM43XX) Net (01/08/2007 4.80.75.0)
Windows Driver Package - Intel (E1000) Net (01/06/2006 8.6.17.0)
Windows Driver Package - Intel (e1express) Net (04/03/2006 9.3.39.0)
Windows Driver Package - Marvell (yukonwxp) Net (03/23/2007 10.12.7.3)
Windows Driver Package - Nokia pccsmcfd "LegacyDriver" (05/31/2012 7.1.2.0)
Windows Installer 3.1 (KB893803)
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Mail
Windows Live Sync
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR 4.11 (32-Bit)
Yahoo Messenger
Yahoo Software Update
YoWindow
Zula Games
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default
user.js not found
---- Lines Lyric removed from prefs.js ----
user_pref("extensions.a2f86d47111224c15901ad7fd67316cd9ca42b8d20eb647be84a26d95abe186e8com44168.44168.description", "A2ZLyrics will find any lyrics on
user_pref("extensions.a2f86d47111224c15901ad7fd67316cd9ca42b8d20eb647be84a26d95abe186e8com44168.44168.name", "a2zLyrics-16");
---- Lines defaulttab removed from prefs.js ----
user_pref("extensions.defaulttab.installdate", 1377412178);
user_pref("extensions.defaulttab.lastUsed", 1379757223);
---- FireFox user.js and prefs.js backups ----
prefs__2014_.backup
ProfilePath: C:\Documents and Settings\Maria Gabriela.MOONLIGHTSONATA\Application Data\Mozilla\Firefox\Profiles\c323yhnk.default
---- FireFox user.js and prefs.js backups ----
user__2014_.backup
prefs__2014_.backup
==== Deleting Files \ Folders ======================
C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted
C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} deleted
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} deleted
C:\Documents and Settings\All Users\Application Data\{87B61FE8-334F-4066-B7AA-68DC81782D4D} deleted
C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted
C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} deleted
C:\Program Files\Zula Games deleted
C:\Program Files\Amazon deleted
C:\found.000 deleted
C:\Documents and Settings\Maria Gabriela\Application Data\FoxTab deleted
C:\Documents and Settings\All Users\Application Data\Wincert deleted
C:\Documents and Settings\All Users\Application Data\InstallMate deleted
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\CRE deleted
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\NativeMessaging deleted
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\adawarebp deleted
C:\WINDOWS\tasks\At1.job deleted
C:\WINDOWS\tasks\At2.job deleted
C:\WINDOWS\System32\cnm1D3.tmp deleted
C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\searchplugins\nation-secure-search.xml deleted
C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\CT2102572 deleted
C:\Documents and Settings\Maria Gabriela.MOONLIGHTSONATA\Application Data\Mozilla\Firefox\Profiles\c323yhnk.default\extensions\staged deleted
"C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\@" deleted
"C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}" deleted
"C:\Documents and Settings\Maria Gabriela\Application Data\Amazon" deleted
"C:\Documents and Settings\Maria Gabriela\Application Data\mresreg" deleted
"C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\L" deleted
"C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\U" deleted
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
====== C:\DOCUME~1\MARIAG~1\LOCALS~1\Temp ====
2013-11-01 21:08:51 20F03B1B926F4EA65763E364ACAD7C59 4698984 ----a-w- C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\oi_{1E12F16D-2758-4948-8334-1E5347A15231}.exe
2013-11-01 20:34:59 7C75731DBDBC400C41F20F9A28A2FD83 22404568 ----a-w- C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\is1275519350\311669_stp.EXE
2013-11-01 14:15:32 8DE9D8FDA8DF6DD2E1B99A1F297FAA8A 5134624 ----a-w- C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\tbappb.dll
2013-11-01 14:09:37 72434667CA630FD5C21812F47034AC83 1037744 ----a-w- C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\LiveSupport_setup.exe
2013-11-01 14:09:09 304FA96174AFE1DAEF8C308811C47E14 6526952 ----a-w- C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\{73DCB7B2-1966-470D-B68B-A234C8F94214}\setup.exe
2013-11-01 14:09:07 2D10A980CC1539C4CA29387E82267B4D 279752 ----a-w- C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\FLVPlayerSetup.exe
====== Java Cache =====
====== C:\WINDOWS\system32 =====
2013-11-01 21:25:42 669E624F7637F4B722FE27DF09D4DA75 36152 ----a-w- C:\WINDOWS\System32\TURegOpt.exe
====== C:\WINDOWS\system32\drivers =====
2013-11-01 21:09:26 15ACA2AD17ACECA4814F249783E63AD3 37664 ----a-w- C:\WINDOWS\System32\drivers\avgtpx86.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2013-11-01 21:06:51 -------- d-----w- C:\Program Files\AVG
2013-11-01 20:35:26 -------- d-----w- C:\Program Files\Foxtab
2013-11-01 17:49:15 -------- d-----w- C:\Program Files\ffdshow
2013-10-17 07:03:56 -------- d-----w- C:\Program Files\Microsoft WSE
2013-10-17 07:03:29 -------- d-----w- C:\Program Files\Netzmanager
======= C: =====
====== C:\Documents and Settings\Maria Gabriela\Application Data ======
2013-11-02 21:51:53 -------- d-----w- C:\Documents and Settings\LocalService\Application Data\AVG
2013-11-01 21:25:24 -------- d-----w- C:\Documents and Settings\Maria Gabriela\Application Data\AVG
2013-11-01 21:11:01 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\Application Data\AVG2014
2013-11-01 21:06:53 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg2014
====== C:\Documents and Settings\Maria Gabriela ======
====== C: exe-files ==
2013-11-02 22:14:14 3E33EF44834B9A17FE6392FD331887D7 1089445 ----a-w- C:\Documents and Settings\Maria Gabriela\My Documents\Downloads\FRST.exe
2013-11-02 21:47:14 8C27D71B2F6719136407C525ECF18D51 1060070 ----a-w- C:\Documents and Settings\Maria Gabriela\My Documents\Downloads\adwcleaner-3.010.exe
2013-11-01 21:25:42 669E624F7637F4B722FE27DF09D4DA75 36152 ----a-w- C:\WINDOWS\system32\TURegOpt.exe
2013-11-01 21:12:48 A5027445F15DBA980764D6F7909C0E94 5914640 ----a-w- C:\Program Files\AVG\AVG2014\avgmfapx.exe
2013-11-01 21:08:51 20F03B1B926F4EA65763E364ACAD7C59 4698984 ----a-w- C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\oi_{1E12F16D-2758-4948-8334-1E5347A15231}.exe
2013-11-01 20:35:29 84D280E42F3A337BF993023A9B3C0437 274944 ----a-w- C:\Program Files\Foxtab\1.8.12.0\uninstall.exe
2013-11-01 20:35:24 7C75731DBDBC400C41F20F9A28A2FD83 22404568 ----a-w- C:\Documents and Settings\Maria Gabriela\My Documents\Downloads\Firefox_Setup.exe
2013-11-01 20:34:59 7C75731DBDBC400C41F20F9A28A2FD83 22404568 ----a-w- C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\is1275519350\311669_stp.EXE
2013-11-01 16:59:58 24F3708CF5504C67F1CB2685C7BBAD78 85444160 ----a-w- C:\Documents and Settings\Maria Gabriela\My Documents\Downloads\avast_free_antivirus_setup.exe
2013-11-01 14:09:37 72434667CA630FD5C21812F47034AC83 1037744 ----a-w- C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\LiveSupport_setup.exe
2013-11-01 14:09:09 304FA96174AFE1DAEF8C308811C47E14 6526952 ----a-w- C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\{73DCB7B2-1966-470D-B68B-A234C8F94214}\setup.exe
2013-11-01 14:09:07 2D10A980CC1539C4CA29387E82267B4D 279752 ----a-w- C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\FLVPlayerSetup.exe
=== C: other files ==
2013-11-01 21:09:26 15ACA2AD17ACECA4814F249783E63AD3 37664 ----a-w- C:\WINDOWS\system32\drivers\avgtpx86.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
[HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IRW"="C:\WINDOWS\system32\IRW.exe"
"Apple_KbdMgr"="C:\Program Files\Boot Camp\KbdMgr.exe"
"Ad-Aware Browsing Protection"="C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -startup "
"AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe /TRAYONLY"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\docume~1\\alluse~1\\applic~1\\browse~1\\261095~1.52\\{c16c1~1\\browse~1.dll"
==== Startup Registry Disabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TeaTimer"
"hkey"="HKCU"
"command"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Maria Gabriela^Start Menu^Programs^Startup^HDDlife.lnk]
"path"="C:\\Documents and Settings\\Maria Gabriela\\Start Menu\\Programs\\Startup\\HDDlife.lnk"
"backup"="C:\\WINDOWS\\pss\\HDDlife.lnkStartup"
"command"="C:\\PROGRA~1\\BINARY~1\\HDDLIF~1\\HDDLIF~1.EXE "
"item"="HDDlife"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"2007 Microsoft Office component"="C:\\WINDOWS\\Installer\\{91120000-002F-0000-0000-0000000FF1CE}\\wordicon.exe"
"2007 Microsoft Office component877"="C:\\WINDOWS\\Installer\\{91120000-002F-0000-0000-0000000FF1CE}\\oisicon.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"AppleSyncNotifier"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleSyncNotifier.exe "
"AdobeAAMUpdater-1.0"="\"C:\\Program Files\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\" "
"APSDaemon"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
"TkBellExe"="\"C:\\Program Files\\Real\\RealPlayer\\update\\realsched.exe\" -osboot "
==== Startup Folders ======================
2013-10-17 07:04:05 752 ----a-w- C:\Documents and Settings\Maria Gabriela\Start Menu\Programs\Startup\Netzmanager.lnk
2012-10-27 05:58:34 774 ----a-w- C:\Documents and Settings\Maria Gabriela\Start Menu\Programs\Startup\YoWindow.lnk
==== Task Scheduler Jobs ======================
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09.10.2013 14:17]
C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MOONLIGHTSONATA-Maria Gabriela.job --a------ C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [20.09.2012 07:27]
C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ :C:\Program Files\Apple Software Update\SoftwareUpdate.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [08.11.2010 15:33]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [08.11.2010 15:33]
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1275210071-839522115-1003.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe [27.07.2012 13:27]
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1275210071-839522115-1003.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe [27.07.2012 13:27]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{0153E448-190B-4987-BDE1-F256CADA672F}"="C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [27.10.2012 07:01]
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default
- RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
- a2zLyrics-16 - %ProfilePath%\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- AddThis - %ProfilePath%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Undetermined - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default
4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash
CFAF7B67C78D09D79688AEDCA3D090E2 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll - Google Update
69AA47F09AA281C7D3C7716CA7E283B4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
380F9A643A149B9030142E7171EFA91B - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
7EF7E4C1325D533F5186E7118ABB0E7C - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll - McAfee Security Scanner +
871C7A4B3466ED1B1D1D7588D14EC816 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4
53B55AB0CF4872F9C420D78D92C1033B - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4
3A6EBB668DB997B1874981F153403B46 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4
0805C33F24F45B11EE2CFCCD8F9C6693 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4
5F63DC3C36366FF4A90AEAA334509BE8 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4
F234B77750D9E0C3AEA0432F55E1CD17 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
05C4A7136F3012BB47107333B5D351D3 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U17
D4BD9F86123C87ECA570418B69326F99 - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.170.2
F00A0EF5835E1B96F783D617F1948704 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
A5C14075B571AF1C9592595BE724D9D2 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll - Silverlight Plug-In
F7B27774DAF8660ADD71EA29AE8C1B1A - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll - Nokia Suite Enabler Plugin
256C847CD03160C9088FB440DB929448 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll - RealJukebox NS Plugin
555E65306A5D3A5978BE74E1DD62CDD9 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)
E32771B0AE3F18CEFFC12D682025238A - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
2DC6257A367A6182E40F748D0396AAF9 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
1E3AA02F2C91A2B25EFB4E355160CDCA - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
C7794A997CEC29173A4401F3AE16C51F - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
F00DA1A135FCA11D4426D9A5AB72CF0F - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll - AdobeAAMDetect
3F60CEF38059440F3A82819684E10894 - C:\Program Files\Common Files\mpDRM\NPMPDRM.dll - fluxDVD Browser Plugin
1C8124B6A03A620EB0CBCA615666D2AE - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery
0289477CB4D6543B49448CD54366B4B5 - C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll - fluxDVD Placeholder Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
509335C61594A73AB32E1B572AEE61A8 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
969983AB670681301F7A91DC4AD3D1F1 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
6D8F27BEE96589722EE485324FDD88D9 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
41561B8AE9E551BD08304D48DAA900FA - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll - AdobeAAMDetect
2AA3703D87E1327A2290C9D416D89A28 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll - Microsoft® Silverlight
28DB0CD8BCCEB5229052C835BFBA988A - C:\WINDOWS\system32\npptools.dll - Microsoft® Windows® Operating System
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[27.10.2012 07:01]
kdneagjiboclldmglpjofpeipkbollcf - C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[09.10.2013 09:59]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
kdneagjiboclldmglpjofpeipkbollcf - C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx[]
Koji NISHIDA - Maria Gabriela - Default\Extensions\acganlmcjehnfmehkmlimgkaloifodlf
Google Docs - Maria Gabriela - Default\Extensions\aohghmighlieiainnegkcijnfilokake
YouTube - Maria Gabriela - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Maria Gabriela - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
RealPlayer HTML5Video Downloader Extension - Maria Gabriela - Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
Gmail - Maria Gabriela - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_bday.conduitapps.com_0.localstorage deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_bday.conduitapps.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdneagjiboclldmglpjofpeipkbollcf deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kdneagjiboclldmglpjofpeipkbollcf_0.localstorage deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kdneagjiboclldmglpjofpeipkbollcf_0.localstorage-journal deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_kdneagjiboclldmglpjofpeipkbollcf_0 deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://downloads.phpnuke.org/de/index.php?rvs=google"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kdneagjiboclldmglpjofpeipkbollcf deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\kdneagjiboclldmglpjofpeipkbollcf deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 deleted successfully
==== Empty IE Cache ======================
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Maria Gabriela.MOONLIGHTSONATA\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\Maria Gabriela\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\Cache emptied successfully
C:\Documents and Settings\Maria Gabriela.MOONLIGHTSONATA\Local Settings\Application Data\Mozilla\Firefox\Profiles\c323yhnk.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
Code:
ATTFilter
Zoek.exe Version 4.0.0.5 Updated 26-October-2013
Tool run by Maria Gabriela on 03.11.2013 at 20:03:09,98.
Microsoft Windows XP Professional 5.1.2600 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\DOCUME~1\MARIAG~1\LOCALS~1\Temp\Rar$EXa0.763\zoek.exe [Script inserted]
==== System Restore Info ======================
03.11.2013 20:06:47 Zoek.exe System Restore Point Created Succesfully.
==== Possible Rootkit Infection ======================
C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\L
C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\U
C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\@
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{30A741AB-839D-4E72-A2A1-4A1D76493F67} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{36683662-D727-4AD9-8794-1F5B902999CB} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{581A8400-3854-4532-901A-91BC91655A73} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6469811C-FFC9-493A-8AFC-82E43F2B9999} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{91E3CAF0-5F77-4DAE-A72A-B70F5FC2C8B8} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9EACB0BE-EDB1-4D60-9266-354A0CC6E2AD} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AA5E1114-9742-4A64-8CB6-DA405CB24949} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{B75492BF-CF43-4F46-A7AA-E49EE9FF740A} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{E4B2A159-30F8-49D3-AC1E-EF854DD92BB7} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Installed Programs ======================
7-Zip 9.20
Ad-Aware Browsing Protection
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Community Help
Adobe Digital Editions
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 1.0
Adobe Media Player
Adobe Photoshop CS2
Adobe Reader XI (11.0.05) - Deutsch
Adobe Stock Photos 1.0
AIDA64 Extreme Edition v1.80
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
AVG 2014
AVG Nation toolbar
AVG PC TuneUp 2014
AVG PC TuneUp 2014 (de-DE)
Bewerbungsfoto-/Passbild-Generator v3.2c
Bildschutz Pro
Bonjour
Boot Camp-Dienste
Bubble Hit Bundle by GamePacks
Bubble Hit by GamePacks
calibre
Canon iP5200
Canon MX360 series MP Drivers
Canon PhotoRecord
Canon RAW Codec
Canon Setup Utility 2.0
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CCleaner
CorelDRAW Graphics Suite X3
DE
Dup Detector
Easy-WebPrint
Easy Poster Printer
EPSON-Drucker-Software
Extended Update
ffdshow v1.2.4422 [2012-04-09]
FontNav
Foxtab
GIMP 2.6.6
Google Chrome
Google Earth
Google Update Helper
GTK+ 2.4.3 runtime environment
HDDlife Pro 4.0
HiJackThis
HomepageFIX 2012
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImageBlizzard 1.0
IrfanView (remove only)
iTunes
Java 7 Update 17
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 26
Junk Mail filter update
Malwarebytes Anti-Malware Version 1.75.0.1300
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft IntelliPoint 8.2
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (German) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft_VC100_CRT_SP1_x86
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MobileMe Control Panel
Mozilla Firefox 25.0 (x86 en-US)
Mozilla Maintenance Service
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Netzmanager
Nokia Connectivity Cable Driver
Nokia Suite
Nuance OmniPage 17
Panorama Maker
PC Connectivity Solution
PhotoScape
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
RonyaSoft Poster Printer (ProPoster) 3.01
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Segoe UI
SF Briefkopf 7.14
SigmaTel Audio
Skype Click to Call
SkypeT 6.7
Spybot - Search & Destroy
TuneUp Utilities Language Pack (de-DE)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB911164)
Update Manager
VBA
Videoload Manager 2.0.2220
Visual Studio 2012 x86 Redistributables
VLC media player 2.0.4
WebFldrs XP
Windows Driver Package - Apple Inc. (applebt) Bluetooth (06/27/2007 2.0.0.1)
Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
Windows Driver Package - Apple Inc. Apple Built-in iSight (04/09/2007 1.3.0.0)
Windows Driver Package - Apple Inc. Apple IR Receiver (07/16/2007 2.0.0.1)
Windows Driver Package - Apple Inc. Apple Keyboard (08/30/2007 2.0.1.4)
Windows Driver Package - Apple Inc. Apple Trackpad (08/28/2007 2.0.1.4)
Windows Driver Package - Apple Inc. Apple Trackpad Enabler (08/28/2007 2.0.1.4)
Windows Driver Package - Apple Inc. Apple Wireless Mouse (09/17/2009 3.0.0.5)
Windows Driver Package - Apple Inc. System (06/21/2007 2.0.0.0)
Windows Driver Package - Atheros (AR5211) Net (04/05/2007 5.3.0.35)
Windows Driver Package - Atheros (AR5416) Net (06/26/2007 6.0.3.94)
Windows Driver Package - Broadcom (BCM43XX) Net (01/08/2007 4.80.75.0)
Windows Driver Package - Intel (E1000) Net (01/06/2006 8.6.17.0)
Windows Driver Package - Intel (e1express) Net (04/03/2006 9.3.39.0)
Windows Driver Package - Marvell (yukonwxp) Net (03/23/2007 10.12.7.3)
Windows Driver Package - Nokia pccsmcfd "LegacyDriver" (05/31/2012 7.1.2.0)
Windows Installer 3.1 (KB893803)
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Mail
Windows Live Sync
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR 4.11 (32-Bit)
Yahoo Messenger
Yahoo Software Update
YoWindow
Zula Games
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default
user.js not found
---- Lines Lyric removed from prefs.js ----
user_pref("extensions.a2f86d47111224c15901ad7fd67316cd9ca42b8d20eb647be84a26d95abe186e8com44168.44168.description", "A2ZLyrics will find any lyrics on
user_pref("extensions.a2f86d47111224c15901ad7fd67316cd9ca42b8d20eb647be84a26d95abe186e8com44168.44168.name", "a2zLyrics-16");
---- Lines defaulttab removed from prefs.js ----
user_pref("extensions.defaulttab.installdate", 1377412178);
user_pref("extensions.defaulttab.lastUsed", 1379757223);
---- FireFox user.js and prefs.js backups ----
prefs__2014_.backup
ProfilePath: C:\Documents and Settings\Maria Gabriela.MOONLIGHTSONATA\Application Data\Mozilla\Firefox\Profiles\c323yhnk.default
---- FireFox user.js and prefs.js backups ----
user__2014_.backup
prefs__2014_.backup
==== Deleting Files \ Folders ======================
C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted
C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} deleted
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} deleted
C:\Documents and Settings\All Users\Application Data\{87B61FE8-334F-4066-B7AA-68DC81782D4D} deleted
C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted
C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} deleted
C:\Program Files\Zula Games deleted
C:\Program Files\Amazon deleted
C:\found.000 deleted
C:\Documents and Settings\Maria Gabriela\Application Data\FoxTab deleted
C:\Documents and Settings\All Users\Application Data\Wincert deleted
C:\Documents and Settings\All Users\Application Data\InstallMate deleted
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\CRE deleted
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\NativeMessaging deleted
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\adawarebp deleted
C:\WINDOWS\tasks\At1.job deleted
C:\WINDOWS\tasks\At2.job deleted
C:\WINDOWS\System32\cnm1D3.tmp deleted
C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\searchplugins\nation-secure-search.xml deleted
C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\CT2102572 deleted
C:\Documents and Settings\Maria Gabriela.MOONLIGHTSONATA\Application Data\Mozilla\Firefox\Profiles\c323yhnk.default\extensions\staged deleted
"C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\@" deleted
"C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}" deleted
"C:\Documents and Settings\Maria Gabriela\Application Data\Amazon" deleted
"C:\Documents and Settings\Maria Gabriela\Application Data\mresreg" deleted
"C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\L" deleted
"C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\U" deleted
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
====== C:\DOCUME~1\MARIAG~1\LOCALS~1\Temp ====
2013-11-01 21:08:51 20F03B1B926F4EA65763E364ACAD7C59 4698984 ----a-w- C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\oi_{1E12F16D-2758-4948-8334-1E5347A15231}.exe
2013-11-01 20:34:59 7C75731DBDBC400C41F20F9A28A2FD83 22404568 ----a-w- C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\is1275519350\311669_stp.EXE
2013-11-01 14:15:32 8DE9D8FDA8DF6DD2E1B99A1F297FAA8A 5134624 ----a-w- C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\tbappb.dll
2013-11-01 14:09:37 72434667CA630FD5C21812F47034AC83 1037744 ----a-w- C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\LiveSupport_setup.exe
2013-11-01 14:09:09 304FA96174AFE1DAEF8C308811C47E14 6526952 ----a-w- C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\{73DCB7B2-1966-470D-B68B-A234C8F94214}\setup.exe
2013-11-01 14:09:07 2D10A980CC1539C4CA29387E82267B4D 279752 ----a-w- C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\FLVPlayerSetup.exe
====== Java Cache =====
====== C:\WINDOWS\system32 =====
2013-11-01 21:25:42 669E624F7637F4B722FE27DF09D4DA75 36152 ----a-w- C:\WINDOWS\System32\TURegOpt.exe
====== C:\WINDOWS\system32\drivers =====
2013-11-01 21:09:26 15ACA2AD17ACECA4814F249783E63AD3 37664 ----a-w- C:\WINDOWS\System32\drivers\avgtpx86.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2013-11-01 21:06:51 -------- d-----w- C:\Program Files\AVG
2013-11-01 20:35:26 -------- d-----w- C:\Program Files\Foxtab
2013-11-01 17:49:15 -------- d-----w- C:\Program Files\ffdshow
2013-10-17 07:03:56 -------- d-----w- C:\Program Files\Microsoft WSE
2013-10-17 07:03:29 -------- d-----w- C:\Program Files\Netzmanager
======= C: =====
====== C:\Documents and Settings\Maria Gabriela\Application Data ======
2013-11-02 21:51:53 -------- d-----w- C:\Documents and Settings\LocalService\Application Data\AVG
2013-11-01 21:25:24 -------- d-----w- C:\Documents and Settings\Maria Gabriela\Application Data\AVG
2013-11-01 21:11:01 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\Application Data\AVG2014
2013-11-01 21:06:53 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg2014
====== C:\Documents and Settings\Maria Gabriela ======
====== C: exe-files ==
2013-11-02 22:14:14 3E33EF44834B9A17FE6392FD331887D7 1089445 ----a-w- C:\Documents and Settings\Maria Gabriela\My Documents\Downloads\FRST.exe
2013-11-02 21:47:14 8C27D71B2F6719136407C525ECF18D51 1060070 ----a-w- C:\Documents and Settings\Maria Gabriela\My Documents\Downloads\adwcleaner-3.010.exe
2013-11-01 21:25:42 669E624F7637F4B722FE27DF09D4DA75 36152 ----a-w- C:\WINDOWS\system32\TURegOpt.exe
2013-11-01 21:12:48 A5027445F15DBA980764D6F7909C0E94 5914640 ----a-w- C:\Program Files\AVG\AVG2014\avgmfapx.exe
2013-11-01 21:08:51 20F03B1B926F4EA65763E364ACAD7C59 4698984 ----a-w- C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\oi_{1E12F16D-2758-4948-8334-1E5347A15231}.exe
2013-11-01 20:35:29 84D280E42F3A337BF993023A9B3C0437 274944 ----a-w- C:\Program Files\Foxtab\1.8.12.0\uninstall.exe
2013-11-01 20:35:24 7C75731DBDBC400C41F20F9A28A2FD83 22404568 ----a-w- C:\Documents and Settings\Maria Gabriela\My Documents\Downloads\Firefox_Setup.exe
2013-11-01 20:34:59 7C75731DBDBC400C41F20F9A28A2FD83 22404568 ----a-w- C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\is1275519350\311669_stp.EXE
2013-11-01 16:59:58 24F3708CF5504C67F1CB2685C7BBAD78 85444160 ----a-w- C:\Documents and Settings\Maria Gabriela\My Documents\Downloads\avast_free_antivirus_setup.exe
2013-11-01 14:09:37 72434667CA630FD5C21812F47034AC83 1037744 ----a-w- C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\LiveSupport_setup.exe
2013-11-01 14:09:09 304FA96174AFE1DAEF8C308811C47E14 6526952 ----a-w- C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\{73DCB7B2-1966-470D-B68B-A234C8F94214}\setup.exe
2013-11-01 14:09:07 2D10A980CC1539C4CA29387E82267B4D 279752 ----a-w- C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\FLVPlayerSetup.exe
=== C: other files ==
2013-11-01 21:09:26 15ACA2AD17ACECA4814F249783E63AD3 37664 ----a-w- C:\WINDOWS\system32\drivers\avgtpx86.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
[HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IRW"="C:\WINDOWS\system32\IRW.exe"
"Apple_KbdMgr"="C:\Program Files\Boot Camp\KbdMgr.exe"
"Ad-Aware Browsing Protection"="C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -startup "
"AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe /TRAYONLY"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\docume~1\\alluse~1\\applic~1\\browse~1\\261095~1.52\\{c16c1~1\\browse~1.dll"
==== Startup Registry Disabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TeaTimer"
"hkey"="HKCU"
"command"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Maria Gabriela^Start Menu^Programs^Startup^HDDlife.lnk]
"path"="C:\\Documents and Settings\\Maria Gabriela\\Start Menu\\Programs\\Startup\\HDDlife.lnk"
"backup"="C:\\WINDOWS\\pss\\HDDlife.lnkStartup"
"command"="C:\\PROGRA~1\\BINARY~1\\HDDLIF~1\\HDDLIF~1.EXE "
"item"="HDDlife"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"2007 Microsoft Office component"="C:\\WINDOWS\\Installer\\{91120000-002F-0000-0000-0000000FF1CE}\\wordicon.exe"
"2007 Microsoft Office component877"="C:\\WINDOWS\\Installer\\{91120000-002F-0000-0000-0000000FF1CE}\\oisicon.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"AppleSyncNotifier"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleSyncNotifier.exe "
"AdobeAAMUpdater-1.0"="\"C:\\Program Files\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\" "
"APSDaemon"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
"TkBellExe"="\"C:\\Program Files\\Real\\RealPlayer\\update\\realsched.exe\" -osboot "
==== Startup Folders ======================
2013-10-17 07:04:05 752 ----a-w- C:\Documents and Settings\Maria Gabriela\Start Menu\Programs\Startup\Netzmanager.lnk
2012-10-27 05:58:34 774 ----a-w- C:\Documents and Settings\Maria Gabriela\Start Menu\Programs\Startup\YoWindow.lnk
==== Task Scheduler Jobs ======================
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09.10.2013 14:17]
C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MOONLIGHTSONATA-Maria Gabriela.job --a------ C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [20.09.2012 07:27]
C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ :C:\Program Files\Apple Software Update\SoftwareUpdate.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [08.11.2010 15:33]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [08.11.2010 15:33]
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1275210071-839522115-1003.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe [27.07.2012 13:27]
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1275210071-839522115-1003.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe [27.07.2012 13:27]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{0153E448-190B-4987-BDE1-F256CADA672F}"="C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [27.10.2012 07:01]
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default
- RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
- a2zLyrics-16 - %ProfilePath%\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- AddThis - %ProfilePath%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Undetermined - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default
4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash
CFAF7B67C78D09D79688AEDCA3D090E2 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll - Google Update
69AA47F09AA281C7D3C7716CA7E283B4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
380F9A643A149B9030142E7171EFA91B - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
7EF7E4C1325D533F5186E7118ABB0E7C - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll - McAfee Security Scanner +
871C7A4B3466ED1B1D1D7588D14EC816 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4
53B55AB0CF4872F9C420D78D92C1033B - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4
3A6EBB668DB997B1874981F153403B46 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4
0805C33F24F45B11EE2CFCCD8F9C6693 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4
5F63DC3C36366FF4A90AEAA334509BE8 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4
F234B77750D9E0C3AEA0432F55E1CD17 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
05C4A7136F3012BB47107333B5D351D3 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U17
D4BD9F86123C87ECA570418B69326F99 - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.170.2
F00A0EF5835E1B96F783D617F1948704 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
A5C14075B571AF1C9592595BE724D9D2 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll - Silverlight Plug-In
F7B27774DAF8660ADD71EA29AE8C1B1A - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll - Nokia Suite Enabler Plugin
256C847CD03160C9088FB440DB929448 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll - RealJukebox NS Plugin
555E65306A5D3A5978BE74E1DD62CDD9 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)
E32771B0AE3F18CEFFC12D682025238A - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
2DC6257A367A6182E40F748D0396AAF9 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
1E3AA02F2C91A2B25EFB4E355160CDCA - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
C7794A997CEC29173A4401F3AE16C51F - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
F00DA1A135FCA11D4426D9A5AB72CF0F - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll - AdobeAAMDetect
3F60CEF38059440F3A82819684E10894 - C:\Program Files\Common Files\mpDRM\NPMPDRM.dll - fluxDVD Browser Plugin
1C8124B6A03A620EB0CBCA615666D2AE - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery
0289477CB4D6543B49448CD54366B4B5 - C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll - fluxDVD Placeholder Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
509335C61594A73AB32E1B572AEE61A8 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
969983AB670681301F7A91DC4AD3D1F1 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
6D8F27BEE96589722EE485324FDD88D9 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
41561B8AE9E551BD08304D48DAA900FA - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll - AdobeAAMDetect
2AA3703D87E1327A2290C9D416D89A28 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll - Microsoft® Silverlight
28DB0CD8BCCEB5229052C835BFBA988A - C:\WINDOWS\system32\npptools.dll - Microsoft® Windows® Operating System
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[27.10.2012 07:01]
kdneagjiboclldmglpjofpeipkbollcf - C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[09.10.2013 09:59]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
kdneagjiboclldmglpjofpeipkbollcf - C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx[]
Koji NISHIDA - Maria Gabriela - Default\Extensions\acganlmcjehnfmehkmlimgkaloifodlf
Google Docs - Maria Gabriela - Default\Extensions\aohghmighlieiainnegkcijnfilokake
YouTube - Maria Gabriela - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Maria Gabriela - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
RealPlayer HTML5Video Downloader Extension - Maria Gabriela - Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
Gmail - Maria Gabriela - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_bday.conduitapps.com_0.localstorage deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_bday.conduitapps.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdneagjiboclldmglpjofpeipkbollcf deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kdneagjiboclldmglpjofpeipkbollcf_0.localstorage deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kdneagjiboclldmglpjofpeipkbollcf_0.localstorage-journal deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_kdneagjiboclldmglpjofpeipkbollcf_0 deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://downloads.phpnuke.org/de/index.php?rvs=google"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kdneagjiboclldmglpjofpeipkbollcf deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\kdneagjiboclldmglpjofpeipkbollcf deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 deleted successfully
==== Empty IE Cache ======================
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Maria Gabriela.MOONLIGHTSONATA\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\Maria Gabriela\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\Cache emptied successfully
C:\Documents and Settings\Maria Gabriela.MOONLIGHTSONATA\Local Settings\Application Data\Mozilla\Firefox\Profiles\c323yhnk.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
|
|
03.11.2013, 23:18
| #4 |
| /// Malwareteam / Visitor | a2ZLyrics - ich verzweifele Offenbar sind nicht alle Adware gelöscht worden 
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
|
|
04.11.2013, 06:46
| #5 |
| | a2ZLyrics - ich verzweifeleCode:
ATTFilter
Zoek.exe Version 4.0.0.5 Updated 26-October-2013
Tool run by Maria Gabriela on 04.11.2013 at 6:26:52,71.
Microsoft Windows XP Professional 5.1.2600 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\DOCUME~1\MARIAG~1\LOCALS~1\Temp\Rar$EXa0.296\zoek.exe [Script inserted]
==== Older Logs ======================
C:\zoek-results2013-11-03-192103.log 36536 bytes
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{0153E448-190B-4987-BDE1-F256CADA672F}"="C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [27.10.2012 07:01]
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default
- RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
- a2zLyrics-16 - %ProfilePath%\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- AddThis - %ProfilePath%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Undetermined - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default
4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash
CFAF7B67C78D09D79688AEDCA3D090E2 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll - Google Update
69AA47F09AA281C7D3C7716CA7E283B4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
380F9A643A149B9030142E7171EFA91B - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
7EF7E4C1325D533F5186E7118ABB0E7C - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll - McAfee Security Scanner +
871C7A4B3466ED1B1D1D7588D14EC816 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4
53B55AB0CF4872F9C420D78D92C1033B - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4
3A6EBB668DB997B1874981F153403B46 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4
0805C33F24F45B11EE2CFCCD8F9C6693 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4
5F63DC3C36366FF4A90AEAA334509BE8 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4
F234B77750D9E0C3AEA0432F55E1CD17 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
05C4A7136F3012BB47107333B5D351D3 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U17
D4BD9F86123C87ECA570418B69326F99 - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.170.2
F00A0EF5835E1B96F783D617F1948704 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
A5C14075B571AF1C9592595BE724D9D2 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll - Silverlight Plug-In
F7B27774DAF8660ADD71EA29AE8C1B1A - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll - Nokia Suite Enabler Plugin
256C847CD03160C9088FB440DB929448 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll - RealJukebox NS Plugin
555E65306A5D3A5978BE74E1DD62CDD9 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)
E32771B0AE3F18CEFFC12D682025238A - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
2DC6257A367A6182E40F748D0396AAF9 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
1E3AA02F2C91A2B25EFB4E355160CDCA - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
C7794A997CEC29173A4401F3AE16C51F - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
F00DA1A135FCA11D4426D9A5AB72CF0F - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll - AdobeAAMDetect
3F60CEF38059440F3A82819684E10894 - C:\Program Files\Common Files\mpDRM\NPMPDRM.dll - fluxDVD Browser Plugin
1C8124B6A03A620EB0CBCA615666D2AE - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery
0289477CB4D6543B49448CD54366B4B5 - C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll - fluxDVD Placeholder Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
509335C61594A73AB32E1B572AEE61A8 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
969983AB670681301F7A91DC4AD3D1F1 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
6D8F27BEE96589722EE485324FDD88D9 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
41561B8AE9E551BD08304D48DAA900FA - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll - AdobeAAMDetect
2AA3703D87E1327A2290C9D416D89A28 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll - Microsoft® Silverlight
28DB0CD8BCCEB5229052C835BFBA988A - C:\WINDOWS\system32\npptools.dll - Microsoft® Windows® Operating System
==== Deleted Firefox Extensions ======================
C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com deleted
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zula Games deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AVG Nation toolbar deleted successfully
==== After Reboot ======================
==== Deleting Files / Folders ======================
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" deleted
"C:\Documents and Settings\Maria Gabriela\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
==== EOF on 04.11.2013 at 6:33:07,20 ======================
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{0153E448-190B-4987-BDE1-F256CADA672F}"="C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [27.10.2012 07:01]
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default
- RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- AddThis - %ProfilePath%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Undetermined - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default
4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash
CFAF7B67C78D09D79688AEDCA3D090E2 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll - Google Update
69AA47F09AA281C7D3C7716CA7E283B4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
380F9A643A149B9030142E7171EFA91B - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
7EF7E4C1325D533F5186E7118ABB0E7C - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll - McAfee Security Scanner +
871C7A4B3466ED1B1D1D7588D14EC816 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4
53B55AB0CF4872F9C420D78D92C1033B - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4
3A6EBB668DB997B1874981F153403B46 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4
0805C33F24F45B11EE2CFCCD8F9C6693 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4
5F63DC3C36366FF4A90AEAA334509BE8 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4
F234B77750D9E0C3AEA0432F55E1CD17 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
05C4A7136F3012BB47107333B5D351D3 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U17
D4BD9F86123C87ECA570418B69326F99 - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.170.2
F00A0EF5835E1B96F783D617F1948704 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
A5C14075B571AF1C9592595BE724D9D2 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll - Silverlight Plug-In
F7B27774DAF8660ADD71EA29AE8C1B1A - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll - Nokia Suite Enabler Plugin
256C847CD03160C9088FB440DB929448 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll - RealJukebox NS Plugin
555E65306A5D3A5978BE74E1DD62CDD9 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)
E32771B0AE3F18CEFFC12D682025238A - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
2DC6257A367A6182E40F748D0396AAF9 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
1E3AA02F2C91A2B25EFB4E355160CDCA - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
C7794A997CEC29173A4401F3AE16C51F - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
F00DA1A135FCA11D4426D9A5AB72CF0F - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll - AdobeAAMDetect
3F60CEF38059440F3A82819684E10894 - C:\Program Files\Common Files\mpDRM\NPMPDRM.dll - fluxDVD Browser Plugin
1C8124B6A03A620EB0CBCA615666D2AE - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery
0289477CB4D6543B49448CD54366B4B5 - C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll - fluxDVD Placeholder Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
509335C61594A73AB32E1B572AEE61A8 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
969983AB670681301F7A91DC4AD3D1F1 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
6D8F27BEE96589722EE485324FDD88D9 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
41561B8AE9E551BD08304D48DAA900FA - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll - AdobeAAMDetect
2AA3703D87E1327A2290C9D416D89A28 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll - Microsoft® Silverlight
28DB0CD8BCCEB5229052C835BFBA988A - C:\WINDOWS\system32\npptools.dll - Microsoft® Windows® Operating System
==== EOF on 04.11.2013 at 6:39:18,78 ======================
guten Morgen, ich hatte es zweimal laufen lassen, weil ich beim ersten Mal vergessen hatte, AVG abzuschalten. Ich sehe im Log keine Löschung von: "a2zlyrics-16;" ist er noch da und hat sich vesteckt? Oder sehe ich ihn einfach vor lauter Zeichen nicht? Oder war er versteckt und ist im Versteck verreckt? <- eindeutig die Antwort, die mir am besten gefallen würde. :-) Kann man an den Logs ablesen, ob sich da noch irgendein Schädling breitgefressen hat? Ich hatte eine ganze Zeit immer wieder so ein seltsames "Search... irgendwas"-Ding im Browser. Ich lasse schon jede Wohe adAware und Spybot laufen, aber in der heutigen Zeit scheint das nicht mehr auszureichen. Auf jeden Fall möchte ich hier mal stellvertretend für alle anderen, die auch hier Hilfe bekommen haben, ganz laut DANKE sagen. Herzliche Grüße aus der nassen und kalten Eifel! Geändert von IchweißNix (04.11.2013 um 07:43 Uhr) |
|
04.11.2013, 17:50
| #6 | ||
| /// Malwareteam / Visitor | a2ZLyrics - ich verzweifele Hier is es auch kalt und nass  Zitat:
Zitat:
|
|
04.11.2013, 19:58
| #7 |
| | a2ZLyrics - ich verzweifele aber gerne doch - und vielen Dank noch einmal AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.011 - Report created 04/11/2013 at 19:54:18
# Updated 03/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : Maria Gabriela - MOONLIGHTSONATA
# Running from : C:\Documents and Settings\Maria Gabriela\Desktop\adwcleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found C:\Program Files\FoxTab
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022502260}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zulagames
***** [ Browsers ] *****
-\\ Internet Explorer v6.0.2900.2180
-\\ Mozilla Firefox v25.0 (en-US)
[ File : C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\prefs.js ]
-\\ Google Chrome v30.0.1599.101
[ File : C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [24361 octets] - [02/11/2013 22:48:16]
AdwCleaner[R1].txt - [1422 octets] - [04/11/2013 07:45:20]
AdwCleaner[R2].txt - [1266 octets] - [04/11/2013 19:54:18]
AdwCleaner[S0].txt - [24785 octets] - [02/11/2013 22:53:33]
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1387 octets] ##########
|
|
04.11.2013, 22:28
| #8 |
| /// Malwareteam / Visitor | a2ZLyrics - ich verzweifele Sieht gut aus  Wir spüren die letzten Reste auf, damit wir sie später entfernen können:
|
|
05.11.2013, 09:10
| #9 |
| | a2ZLyrics - ich verzweifeleCode:
ATTFilter
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\lyrics-finden.com\www]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\nellyslyrics.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\hitlistlyrics.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lyrics-finden.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lyrics-finden.com\www]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\nellyslyrics.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hitlistlyrics.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lyrics-finden.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lyrics-finden.com\www]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nellyslyrics.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\hitlistlyrics.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lyrics-finden.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lyrics-finden.com\www]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\nellyslyrics.com]
"Item 3"="[F00000000][T01CED88DE9261AE0]*C:\\Documents and Settings\\Maria Gabriela\\My Documents\\az2lyrics trojaner.docx"
[HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\hitlistlyrics.com]
[HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\lyrics-finden.com]
[HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\lyrics-finden.com\www]
[HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\nellyslyrics.com]
[HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\hitlistlyrics.com]
[HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lyrics-finden.com]
[HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lyrics-finden.com\www]
[HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\nellyslyrics.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hitlistlyrics.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lyrics-finden.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lyrics-finden.com\www]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nellyslyrics.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\hitlistlyrics.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lyrics-finden.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lyrics-finden.com\www]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\nellyslyrics.com]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{0153E448-190B-4987-BDE1-F256CADA672F}"="C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [27.10.2012 07:01]
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default
- RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- AddThis - %ProfilePath%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Undetermined - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default
4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash
CFAF7B67C78D09D79688AEDCA3D090E2 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll - Google Update
69AA47F09AA281C7D3C7716CA7E283B4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
380F9A643A149B9030142E7171EFA91B - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
7EF7E4C1325D533F5186E7118ABB0E7C - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll - McAfee Security Scanner +
871C7A4B3466ED1B1D1D7588D14EC816 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4
53B55AB0CF4872F9C420D78D92C1033B - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4
3A6EBB668DB997B1874981F153403B46 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4
0805C33F24F45B11EE2CFCCD8F9C6693 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4
5F63DC3C36366FF4A90AEAA334509BE8 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4
F234B77750D9E0C3AEA0432F55E1CD17 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
05C4A7136F3012BB47107333B5D351D3 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U17
D4BD9F86123C87ECA570418B69326F99 - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.170.2
F00A0EF5835E1B96F783D617F1948704 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
A5C14075B571AF1C9592595BE724D9D2 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll - Silverlight Plug-In
F7B27774DAF8660ADD71EA29AE8C1B1A - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll - Nokia Suite Enabler Plugin
256C847CD03160C9088FB440DB929448 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll - RealJukebox NS Plugin
555E65306A5D3A5978BE74E1DD62CDD9 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)
E32771B0AE3F18CEFFC12D682025238A - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
2DC6257A367A6182E40F748D0396AAF9 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
1E3AA02F2C91A2B25EFB4E355160CDCA - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
C7794A997CEC29173A4401F3AE16C51F - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
F00DA1A135FCA11D4426D9A5AB72CF0F - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll - AdobeAAMDetect
3F60CEF38059440F3A82819684E10894 - C:\Program Files\Common Files\mpDRM\NPMPDRM.dll - fluxDVD Browser Plugin
1C8124B6A03A620EB0CBCA615666D2AE - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery
0289477CB4D6543B49448CD54366B4B5 - C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll - fluxDVD Placeholder Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
509335C61594A73AB32E1B572AEE61A8 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
969983AB670681301F7A91DC4AD3D1F1 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
6D8F27BEE96589722EE485324FDD88D9 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
41561B8AE9E551BD08304D48DAA900FA - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll - AdobeAAMDetect
2AA3703D87E1327A2290C9D416D89A28 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll - Microsoft® Silverlight
28DB0CD8BCCEB5229052C835BFBA988A - C:\WINDOWS\system32\npptools.dll - Microsoft® Windows® Operating System
==== EOF on 05.11.2013 at 9:07:15,73 ======================
|
|
05.11.2013, 10:49
| #10 |
| /// Malwareteam / Visitor | a2ZLyrics - ich verzweifele Es sieht sauber aus  Downloade Dir bitte  SecurityCheck und:
|
|
05.11.2013, 13:01
| #11 |
| | a2ZLyrics - ich verzweifele Wirklich ganz herzlichen dank für die wunderbare hilfe !!! :-) Code:
ATTFilter Results of screen317's Security Check version 0.99.74 Windows XP Service Pack 2 x86 Out of date service pack!! Internet Explorer 6 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Bitdefender Antivirus Free Edition AVG update module Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Ad-Aware MVPS Hosts File Malwarebytes Anti-Malware Version 1.75.0.1300 TuneUp Utilities Language Pack (de-DE) AVG PC TuneUp 2014 (de-DE) TuneUp Utilities Language Pack (de-DE) CCleaner Java(TM) 6 Update 26 Java(TM) 6 Update 22 Java 7 Update 17 Java version out of Date! Adobe Flash Player 11.9.900.117 Adobe Reader XI Mozilla Firefox (25.0) Google Chrome 30.0.1599.101 Google Chrome 30.0.1599.69 ````````Process Check: objlist.exe by Laurent```````` Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! AVG avgwdsvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 1% ````````````````````End of Log`````````````````````` |
|
05.11.2013, 13:24
| #12 |
| /// Malwareteam / Visitor | a2ZLyrics - ich verzweifele Hier ist noch einiges zu tun Es fehlt XP Service Pack 3: http://www.microsoft.com/de-de/downl...ils.aspx?id=24 Java ist veraltet: http://filepony.de/download-jre_32/ |
|
06.11.2013, 16:01
| #13 |
| | a2ZLyrics - ich verzweifele also - Java habe ich aktualisiert... aber bei dem SP 3 zeigen sich ein Paar Herausforderungen: "There is not enough disk space on C:\WINDOWS\$NtServicePackUninstall$ to install Service Pack 3" <- die Meldung sagt, ich hätte nicht genügend Platz also, nach einigem Suchen in den Weiten des Inets bin ich auf Folgendes gestoßen: HKEY_LOCAL_MACHINE \Software \Microsoft \Windows \CurrentVersion \Setup 3. In the right pane, Right-click and select New – String value 4. Name it as “BootDir” and set its value to “C:\” leider bin ich mal wieder zu dämlich dafür, weil ich nämlich nur bis zu "BootDir" komme - und dann geht nix mehr, weil kein Tab, kein Leer, kein was-auch-immer... Hab dann vorsorglich den neuen String sofort wieder entfernt... ich brauche Erleuchtung :-D bitte :-D |
|
06.11.2013, 21:56
| #14 |
| /// Malwareteam / Visitor | a2ZLyrics - ich verzweifele Sind da Sachen auf deine Festplatte(Fotos/Filme) die auf eine andere Festplatte kopieert werden können um mehr Platz auf deine Festplatte zu bekommen? Vielleicht auch Programme deinstallieren die nicht gebraucht werden? |
|
07.11.2013, 07:52
| #15 |
| | a2ZLyrics - ich verzweifele C: hat 105 GB - davon sind 51,4 GB belegt.... und dann war da noch: the instruction at !0x6240d0a2" referenced memory at "0x6240d0a2". The memory could not be "read" und weil es sonst nicht genug wäre: The system could not log you on, make sure your username and domain are correct.... verstehe ich absolut nicht, habe nämlich gar nichts verändert, aaaaaaaaaahhh warum mir=!= Ich bin mir ganz sicher, dass Du schon längst gesehen hast, dass es sich hierbei um einen iMac handlet, auf welchem ich in zweiter Partition Windows installiert habe - ich erwähne es nur der Form halber noch einmal. Wenn Du mir Deine Adresse schickst, schicke ich Dir ... eine Kiste Bier oder so, sag mir einfach, was... Danke |
|
| Themen zu a2ZLyrics - ich verzweifele |
| 4d36e972-e325-11ce-bfc1-08002be10318, a2zlyrics, adblock, brauche, chromium, dringend, einzige, erwischt, farbar, farbar recovery scan tool, herzlichen, herzlichen dank, leben, msiinstaller, msn deutschland, ntdll.dll, plug-in, safer networking, verzweifel, verzweifele |
Linear-Darstellung
