Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   hijackthis editor datei erstellt, was nun? (https://www.trojaner-board.de/130626-hijackthis-editor-datei-erstellt.html)

markusg 06.02.2013 19:35
hi
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

yazid 06.02.2013 20:02
also ich muss sagen, aktuell läuft es wieder bestens, mozilla arbeitet schnell und flüssig :))))

hier die liste:

Adobe AIR Adobe Systems Inc. 09/10/2010 1.5.1.8210 NÖTIG
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 08/01/2013 6,00MB 11.5.502.146 NÖTIG
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 09/01/2013 6,00MB 11.5.502.146 NÖTIG
Anzeige am Bildschirm 28/09/2012 6.61.00 NÖTIG
Apple Application Support Apple Inc. 28/02/2011 52,8MB 1.4.1 NÖTIG
Apple Mobile Device Support Apple Inc. 28/02/2011 22,3MB 3.3.1.3 NÖTIG
Apple Software Update Apple Inc. 28/02/2011 2,25MB 2.1.2.120 NÖTIG
Audio Recorder for Free v12.9.8 Copyright(C) 2006-2012 AudioToolMedia Software. 03/09/2012 23,5MB UNNÖTIG
Bonjour Apple Inc. 28/02/2011 1,74MB 2.0.4.0 NÖTIG
Brother HL-2030 Brother 05/06/2011 1.00 NÖTIG
CCleaner Piriform 23/01/2013 3.27 NÖTIG
Dienstprogramm "ThinkPad UltraNav" Lenovo 18/09/2010 2.12.0 NÖTIG
DotAlicious Gaming Client 27/02/2011 NÖTIG
Dropbox Dropbox, Inc. 27/01/2013 1.6.16 NÖTIG
E3MC - Windows Shutdown Timer v5.7 Full E3MC Clan 23/06/2011 2,11MB 5.7.0.0 UNNÖTIG
Free YouTube to MP3 Converter version 3.10.8.815 DVDVideoSoft Ltd. 01/09/2011 45,3MB NÖTIG
Google Chrome Google Inc. 02/02/2013 24.0.1312.57 UNNÖTIG
GoToMeeting 5.3.0.978 CitrixOnline 16/07/2012 5.3.0.978 UNNÖTIG
HiJackThis Trend Micro 04/02/2013 369KB 1.0.0 UNNÖTIG
HTC Driver Installer HTC Corporation 03/08/2012 2,09MB 3.0.0.023 NÖTIG
HTC Sync Manager HTC 03/08/2012 257MB 1.0.39.1 NÖTIG
Intel(R) Graphics Media Accelerator Driver Intel Corporation 18/09/2010 54,2MB NÖTIG
Intel(R) PROSet/Wireless WiFi-Software Intel Corporation 18/09/2010 87,2MB 13.02.0000 NÖTIG
Intel® Matrix Storage Manager Intel Corporation 18/09/2010 NÖTIG
iTunes Apple Inc. 28/02/2011 145MB 10.1.2.17 NÖTIG
Java 7 Update 13 Oracle 02/02/2013 130MB 7.0.130 NÖTIG
JMicron Flash Media Controller Driver JMicron Technology Corp. 18/09/2010 1.00.29.02 NÖTIG
kikin Plugin (NO23 Edition) 1.11 kikin 12/02/2011 1.11 UNBEKANNT
Lenovo Auto Scroll Utility 28/09/2012 1.11 NÖTIG
Lenovo Patch Utility Lenovo Group Limited 28/09/2012 1,22MB 1.0.1.1 NÖTIG
Lenovo Patch Utility 64 bit Lenovo Group Limited 28/09/2012 1,24MB 1.2.0.1 NÖTIG
Lenovo Power Management Driver 28/09/2012 1.65.05.21 NÖTIG
Lenovo System Interface Driver 28/09/2012 1.05 NÖTIG
Lenovo ThinkVantage Toolbox PC-Doctor, Inc. 18/09/2010 6.0.5692.08 NÖTIG
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 06/02/2013 18,4MB 1.70.0.1100 NÖTIG
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 02/02/2013 38,8MB 4.0.30319 NÖTIG
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 02/02/2013 2,93MB 4.0.30319 NÖTIG
Microsoft Office Enterprise 2007 Microsoft Corporation 27/09/2010 12.0.4518.1014 NÖTIG
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 03/08/2012 346KB 8.0.59193 NÖTIG
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 18/09/2010 840KB 8.0.50727.42 NÖTIG
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 02/06/2011 240KB 9.0.30729 NÖTIG
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 19/09/2010 596KB 9.0.30729.4148 NÖTIG
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 02/02/2013 11,1MB 10.0.40219 NÖTIG
Mozilla Firefox 18.0.1 (x86 de) Mozilla 02/02/2013 44,2MB 18.0.1
Mozilla Maintenance Service Mozilla 19/01/2013 330KB 18.0.1 NÖTIG
Mozilla Thunderbird 17.0.2 (x86 de) Mozilla 11/01/2013 43,3MB 17.0.2 NÖTIG
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 02/02/2013 1,27MB 4.20.9870.0 UNBEKANNT
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 02/02/2013 1,34MB 4.20.9876.0 UNBEKANNT
Pando Media Booster Pando Networks Inc. 02/06/2011 5,46MB 2.3.5.9 UNBEKANNT
PDF-Viewer Tracker Software Products Ltd 04/12/2010 23,1MB 2.0.57.0 UNNÖTIG
PDF24 Creator 4.1.2 PDF24.org 19/01/2012 33,6MB NÖTIG
phonostar-Player Version 3.02.0 12/02/2012 UNNÖTIG
QuickTime Apple Inc. 28/02/2011 73,7MB 7.69.80.9 NÖTIG
Realtek Ethernet Controller Driver For Windows 7 Realtek 18/09/2010 7.11.1127.2009 NÖTIG
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 18/09/2010 6.0.1.6053 NÖTIG
Skype™ 5.3 Skype Technologies S.A. 11/06/2011 22,5MB 5.3.116 UNNÖTIG
System Update Lenovo 28/09/2012 13,7MB 4.03.0012 NÖTIG
ThinkPad Energie-Manager 18/09/2010 3.30 NÖTIG
ThinkPad FullScreen Magnifier 18/09/2010 2.15 NÖTIG
ThinkPad UltraNav Driver 18/09/2010 46,4MB 15.0.18.0 NÖTIG
ThinkPad Wireless LAN Adapter Software REALTEK Semiconductor Corp. 18/09/2010 1.00.0026.0 NÖTIG
ThinkVantage Communications Utility Lenovo 18/09/2010 2,43MB 1.41 NÖTIG
ThinkVantage System für aktiven Festplattenschutz Lenovo 18/09/2010 15,6MB 1.71 NÖTIG
ThinkVantage System Update 28/09/2012 NÖTIG
Trojan Remover 6.8.5 Simply Super Software 04/02/2013 18,7MB 6.8.5 NÖTIG
VLC media player 1.1.5 VideoLAN 30/12/2010 1.1.5 NÖTIG
WinRAR 26/02/2011 UNNÖTIG
WinZip WinZip Computing, Inc. und H.C. Top Systems B.V. 29/11/2010 9.0 (6028g) UNNÖTIG
Wise Registry Cleaner 6.14 WiseCleaner.com, Inc. 24/09/2011 2,80MB UNNÖTIG

markusg 06.02.2013 20:06
Hi
so solls ja auch sein :-)
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
deinstaliere:
Audio Recorder
E3MC
Google
GoToMeeting
HiJackThis
kikin
PDF-Viewer
phonostar
Skype™
Trojan Remover : da kann man drauf verzichten, zu viele Fehlalarme, schlechte Erkennung
Wise

Öffne CCleaner, analysieren, starten, PC neustarten
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

yazid 06.02.2013 20:20
alles klar... done! ;-)


vielen vieeeeeeeeelen dank für die hilfe :-)

was empfiehlst du als ständigen virenschutz? avira? avast? kaspersky?

markusg 06.02.2013 20:32
hi
wir sind ja noch nicht durch, adw cleaner fehlt + deinstalationen bzw Updates

yazid 06.02.2013 21:11
ah okay :)

adw cleaner? und was dann im detail deinstallieren? :dankeschoen:

adw cleaner sagt:AdwCleaner Logfile:
Code:
# AdwCleaner v2.111 - Datei am 06/02/2013 um 21:23:42 erstellt
# Aktualisiert am 05/02/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : J - JULIUS
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\J\Downloads\adwcleaner_2.111.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\vs35w62k.Geheim\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\vs35w62k.Geheim\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\xhtgp919.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1850 octets] - [06/02/2013 21:23:42]

########## EOF - C:\AdwCleaner[R1].txt - [1910 octets] ##########
--- --- ---

markusg 07.02.2013 12:19
hi
bitte beim adw cleaner auf löschen klicken, neustarten, testen, wie PC + Programme wie Browser laufen.

yazid 07.02.2013 23:02
adw cleaner hat dateien wie gewünscht gelöscht... ;-)

also der browser läuft, aber nicht gerade flüssig, manchmal wird eine seite schnell geladen, aber oft auch nur mit wartezeit... ist in jedem fall wieder funktionsfähig, soweit schon mal seeeehr gut

ok, mit dem neusten flashplayer läuft jetzt wieder alles schnell und gut... :daumenhoc

danke schonmal jetzt für deine mühe! :)

hmnnn irgendwie läuft da doch noch nicht alles glatt... manchmal lädt der browser sehr lange zum laden einer seite, bis dann sogar die meldung:

Fehler: Server nicht gefunden

erscheint, erst bei `aktualisieren´ wird dann die seite nochmal neu geladen und angezeigt...

habe auch festgestellt, dass teilweise bei der wlan verbindung zwar die verbindungsstärke des signals gut oder hervorragend ist, aber es erscheint die meldung: keine internetzugriff...

weißt du was es damit auf sich haben könnte :/ ?

markusg 08.02.2013 12:38
wo ist das adw cleaner log?
versuch mal einen Reset des routers, spiel die neueste Firmware ein.
Poste ein OTL log.

yazid 08.02.2013 21:18
hier das adw-protokoll:AdwCleaner Logfile:
Code:
# AdwCleaner v2.111 - Datei am 07/02/2013 um 22:49:06 erstellt
# Aktualisiert am 05/02/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : J - JULIUS
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\J\Downloads\adwcleaner_2.111.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\vs35w62k.Geheim\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.2 (de)

Datei : C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\vs35w62k.Geheim\prefs.js

C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\vs35w62k.Geheim\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

Datei : C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\xhtgp919.default\prefs.js

C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\xhtgp919.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1979 octets] - [06/02/2013 21:23:42]
AdwCleaner[R2].txt - [2039 octets] - [07/02/2013 22:48:33]
AdwCleaner[S1].txt - [2161 octets] - [07/02/2013 22:49:06]

########## EOF - C:\AdwCleaner[S1].txt - [2221 octets] ##########
--- --- ---


ich mach jetzt nochmal einen router-reboot...

komisch ist, dass downloads permanent mit guter verbindungsgeschwindigkeit durchlaufen, aber der browser beim laden von websiten abspackt.... -.-

markusg 08.02.2013 21:24
hi,
auch mal router updaten und folgenes:

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


yazid 08.02.2013 21:34
okay...

hier noch das neue otl logOTL Logfile:
Code:
OTL logfile created on: 08/02/2013 21:22:47 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\J\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy
 
1,87 Gb Total Physical Memory | 0,36 Gb Available Physical Memory | 19,23% Memory free
3,74 Gb Paging File | 1,94 Gb Available in Paging File | 52,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 156,46 Gb Free Space | 67,21% Space Free | Partition Type: NTFS
 
Computer Name: JULIUS | User Name: J | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/02/07 23:27:28 | 001,808,240 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
PRC - [2013/02/06 20:33:46 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/02/04 22:18:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\J\Desktop\OTL.exe
PRC - [2013/01/20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\J\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/06/08 16:02:06 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
PRC - [2012/05/11 16:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2012/04/13 09:12:00 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/12/16 12:54:22 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2011/11/04 14:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/07/12 17:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2011/07/12 15:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe
PRC - [2011/07/12 15:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/03/18 21:03:55 | 000,471,040 | ---- | M] (Blizzard Entertainment) -- c:\users\j\desktop\spiele\warcraft iii\war3.exe
PRC - [2010/04/26 12:46:32 | 000,144,824 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2010/04/20 12:23:32 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2010/04/20 12:23:28 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe
PRC - [2010/04/20 12:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe
PRC - [2009/08/07 04:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/07 04:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/02/07 23:27:28 | 014,586,736 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
MOD - [2013/02/06 20:33:46 | 003,023,256 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/12/11 06:22:08 | 000,060,272 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009/10/09 11:12:52 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/02/07 23:27:28 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/06 20:33:46 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/06/08 16:02:06 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService)
SRV - [2012/05/11 16:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2012/04/13 09:12:00 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/07/12 15:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2011/07/12 15:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011/07/12 15:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011/07/12 15:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/08/25 02:30:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2010/04/20 12:23:32 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2010/04/20 12:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/05 09:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010/03/05 09:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009/08/07 04:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/11 06:22:08 | 000,042,824 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/27 02:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/14 18:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/27 13:49:05 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys.vir -- (sptd)
DRV:64bit: - [2010/09/07 13:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/08/25 02:30:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2010/06/25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/04/22 16:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/17 21:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009/10/09 11:11:38 | 000,136,744 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2009/10/09 11:10:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009/08/07 04:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/28 14:35:52 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 03:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/05/18 13:23:42 | 000,143,320 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/05/07 20:52:20 | 000,024,560 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020000}_0)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2001/08/18 10:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\Windows\SysWow64\winsock.dll -- (Winsock)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 39 E0 E9 BE 00 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.11.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17:  File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/06 20:33:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/06 20:33:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/11 16:34:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/06 20:33:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/06 20:33:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/11 16:34:24 | 000,000,000 | ---D | M]
 
[2011/01/14 19:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\J\AppData\Roaming\mozilla\Extensions
[2011/01/14 19:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\J\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/02/07 22:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\J\AppData\Roaming\mozilla\Firefox\Profiles\vs35w62k.Geheim\extensions
[2013/02/02 08:56:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\J\AppData\Roaming\mozilla\Firefox\Profiles\xhtgp919.default\extensions
[2012/12/19 18:41:14 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\J\AppData\Roaming\mozilla\Firefox\Profiles\xhtgp919.default\extensions\zotero@chnm.gmu.edu
[2013/01/27 19:48:26 | 000,000,000 | ---D | M] (Zotero Word for Windows Integration) -- C:\Users\J\AppData\Roaming\mozilla\Firefox\Profiles\xhtgp919.default\extensions\zoteroWinWordIntegration@zotero.org
[2011/10/17 09:16:46 | 000,002,548 | ---- | M] () -- C:\Users\J\AppData\Roaming\mozilla\firefox\profiles\xhtgp919.default\searchplugins\alibaba.xml
[2013/02/06 20:33:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/02/06 20:33:46 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/01/17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013/01/17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/01/17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/01/17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.89\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Google Mail = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/02/05 20:07:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - Startup: C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\J\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\J\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\J\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4695B1B1-EC87-49C8-A964-25D56BA6429F}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/07 23:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/02/06 23:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
[2013/02/06 23:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2013/02/06 20:33:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/06 18:43:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013/02/06 07:33:02 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Roaming\Malwarebytes
[2013/02/06 07:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/06 07:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/06 07:32:43 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/02/06 07:32:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/02/06 07:32:29 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Local\Programs
[2013/02/06 07:31:16 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\J\Desktop\mbam-setup-1.70.0.1100.exe
[2013/02/05 20:37:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/05 20:24:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/02/05 19:49:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/05 19:49:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/05 19:49:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/05 19:48:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/05 19:48:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/05 19:46:03 | 005,029,686 | R--- | C] (Swearware) -- C:\Users\J\Desktop\ComboFix.exe
[2013/02/05 18:14:09 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\J\Desktop\tdsskiller.exe
[2013/02/05 17:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/02/04 22:26:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013/02/04 22:18:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\J\Desktop\OTL.exe
[2013/02/04 22:17:23 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2013/02/04 22:16:29 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2013/02/04 19:33:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/02/04 19:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2013/02/02 21:41:29 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2013/02/02 13:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/02/02 13:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/02/02 11:43:49 | 000,000,000 | ---D | C] -- C:\Users\J\Desktop\Sicherung
[2013/02/02 09:36:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/01/11 16:34:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2010/11/30 19:57:34 | 000,216,576 | ---- | C] (Newtonsoft) -- C:\Users\J\Newtonsoft.Json.Compact.dll
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/08 20:58:19 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/08 20:58:19 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/08 20:52:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/08 20:52:53 | 1504,333,824 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/08 16:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/08 10:02:27 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013/02/06 20:17:28 | 000,416,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/06 20:11:06 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/06 20:11:06 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/02/06 20:11:06 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/06 20:11:06 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/02/06 20:11:06 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/06 18:02:40 | 000,156,810 | ---- | M] () -- C:\Users\J\Desktop\confirmation.aspx
[2013/02/06 07:32:44 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/06 07:31:45 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\J\Desktop\mbam-setup-1.70.0.1100.exe
[2013/02/05 20:07:50 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/05 19:46:36 | 005,029,686 | R--- | M] (Swearware) -- C:\Users\J\Desktop\ComboFix.exe
[2013/02/05 18:14:14 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\J\Desktop\tdsskiller.exe
[2013/02/04 22:18:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\J\Desktop\OTL.exe
[2013/02/04 07:31:20 | 000,339,179 | ---- | M] () -- C:\Users\J\Desktop\Inkasso.pdf
[2013/02/04 07:25:14 | 000,001,246 | ---- | M] () -- C:\Users\J\Desktop\Frozen Throne - Verknüpfung.lnk
[2013/02/04 07:24:56 | 001,866,407 | ---- | M] () -- C:\Users\J\Desktop\7B25DDFC-3313-43DC-9258-1C11C43214FA.jpg
[2013/02/02 20:15:52 | 000,036,296 | ---- | M] () -- C:\Users\J\Desktop\cc_20130202_201532.reg
[2013/02/02 17:49:58 | 000,001,667 | ---- | M] () -- C:\Users\J\Desktop\Hotkey Tool - Verknüpfung (2).lnk
[2013/02/02 17:39:42 | 000,465,140 | ---- | M] () -- C:\Users\J\Desktop\qpjyrir.jpg
[2013/02/02 16:18:52 | 000,296,050 | ---- | M] () -- C:\Users\J\Desktop\tx3bftk.jpg
[2013/02/02 13:36:23 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/02/02 13:23:45 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/02/02 13:23:43 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/02/02 10:41:28 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/02 10:33:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/01/27 04:24:35 | 000,001,007 | ---- | M] () -- C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/27 04:24:26 | 000,000,967 | ---- | M] () -- C:\Users\J\Desktop\Dropbox.lnk
[2013/01/26 15:02:38 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/02/07 23:27:29 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/06 18:02:40 | 000,156,810 | ---- | C] () -- C:\Users\J\Desktop\confirmation.aspx
[2013/02/06 07:32:44 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/05 19:49:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/05 19:49:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/05 19:49:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/05 19:49:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/05 19:49:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/04 22:20:01 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
[2013/02/04 22:19:30 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2013/02/04 22:15:57 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2013/02/04 22:15:33 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2013/02/04 22:15:33 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2013/02/04 22:14:53 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2013/02/04 22:14:52 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2013/02/04 07:31:40 | 000,339,179 | ---- | C] () -- C:\Users\J\Desktop\Inkasso.pdf
[2013/02/04 07:24:53 | 001,866,407 | ---- | C] () -- C:\Users\J\Desktop\7B25DDFC-3313-43DC-9258-1C11C43214FA.jpg
[2013/02/02 20:15:39 | 000,036,296 | ---- | C] () -- C:\Users\J\Desktop\cc_20130202_201532.reg
[2013/02/02 17:49:58 | 000,001,667 | ---- | C] () -- C:\Users\J\Desktop\Hotkey Tool - Verknüpfung (2).lnk
[2013/02/02 17:38:33 | 000,465,140 | ---- | C] () -- C:\Users\J\Desktop\qpjyrir.jpg
[2013/02/02 16:18:41 | 000,296,050 | ---- | C] () -- C:\Users\J\Desktop\tx3bftk.jpg
[2013/02/02 14:24:33 | 000,001,246 | ---- | C] () -- C:\Users\J\Desktop\Frozen Throne - Verknüpfung.lnk
[2013/02/02 13:36:23 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/02/02 13:23:45 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/02/02 13:23:43 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/02/02 10:41:28 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/02/02 10:41:28 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/02 00:14:46 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/02/01 23:06:16 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/09/03 19:42:37 | 000,001,481 | ---- | C] () -- C:\Users\J\AppData\Local\RecConfig.xml
[2011/09/17 08:56:21 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/09/17 08:56:21 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/09/17 08:56:21 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/06/05 18:51:26 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/06/05 18:51:18 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011/06/05 18:51:18 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011/06/05 18:51:17 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2030.INI
[2011/06/05 18:51:17 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2011/06/05 18:51:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\bd2030.dat
[2011/05/22 14:54:43 | 000,000,000 | ---- | C] () -- C:\Windows\Editor.INI
[2011/01/28 17:20:37 | 000,004,608 | ---- | C] () -- C:\Users\J\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/30 19:57:34 | 000,335,872 | ---- | C] () -- C:\Users\J\SciLors GrooveDownloader.exe
[2010/11/30 19:57:34 | 000,027,648 | ---- | C] () -- C:\Users\J\SciLorsGroovesharkAPI.dll
[2010/11/30 19:57:34 | 000,011,264 | ---- | C] () -- C:\Users\J\SciLors UpdateCheck.dll
[2010/11/30 19:57:34 | 000,000,280 | ---- | C] () -- C:\Users\J\config.xml
[2010/11/30 19:57:34 | 000,000,240 | ---- | C] () -- C:\Users\J\GrooveFix.xml
[2010/11/19 19:33:22 | 000,198,543 | ---- | C] () -- C:\Users\J\Foto 0369.jpg
[2010/11/19 19:33:22 | 000,190,949 | ---- | C] () -- C:\Users\J\Foto 0368.jpg
[2010/09/19 19:43:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/02/12 17:42:40 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Audio Record Edit Toolbox
[2012/09/03 19:34:40 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Audio Recorder for Free
[2010/12/24 15:50:38 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Audio Recorder for Free 2010
[2013/02/02 13:41:00 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\DAEMON Tools Lite
[2010/11/29 17:45:59 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Das Fussball Studio
[2013/02/08 20:53:39 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Dropbox
[2011/09/01 20:05:28 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\DVDVideoSoft
[2011/02/18 19:06:49 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/01/02 14:23:36 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Eduny
[2012/06/20 21:31:11 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Heucx
[2012/08/03 22:14:39 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\HTC
[2012/08/03 22:14:43 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\HTC Sync
[2011/09/14 17:01:17 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\ICQ
[2011/12/30 17:24:49 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Ivp
[2012/06/20 21:31:11 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Iwveum
[2011/06/02 11:23:56 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\LolClient
[2011/02/12 17:58:54 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\phonostar GmbH
[2011/02/12 17:48:41 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\REAPER
[2011/01/14 19:25:19 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Thunderbird
[2011/06/17 18:15:17 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\TS3Client
[2012/09/28 13:34:00 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Update
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >
--- --- ---

markusg 08.02.2013 21:37
hi
sorry, mach erst mal weiter mit
Junkware Removal Tool
und ich guck mir das otl log an

yazid 08.02.2013 21:47
hier das ergebnis des tools...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows 7 Ultimate x64
Ran by J on 08/02/2013 at 21:37:05,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\J\AppData\Roaming\dvdvideosoftiehelpers"



~~~ FireFox

Successfully deleted the following from C:\Users\J\AppData\Roaming\mozilla\firefox\profiles\xhtgp919.default\prefs.js

user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.baidu.com.url", "^hxxp\\:\\/\\/www\\.baidu\\.com\\/.*");
user_pref("extensions.wrc.SearchRules.excite.com.style", ".WRCN {display:none} .searchResult .resultTitlePane .WRCN {display:inline !important; background: url(\"IMAGE\") righ
user_pref("extensions.wrc.SearchRules.excite.com.url", "^hxxp\\:\\/\\/msxml\\.excite\\.com\\/search\\/.*");
Emptied folder: C:\Users\J\AppData\Roaming\mozilla\firefox\profiles\xhtgp919.default\minidumps [222 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/02/2013 at 21:46:37,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

markusg 08.02.2013 22:02
otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}src=IE-SearchBoxFORM=IE8SRC
FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.11.9
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17:  File not found
:files
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

wie läuft der browser?


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:19 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131