| Andy.pol | 28.05.2013 00:21 |
Hallo cosinus,
anbei die Logfiles:
1. JRT: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista (TM) Home Basic x86
Ran by Kunde on 27.05.2013 at 23:38:11,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] browserprotect
Successfully deleted: [Service] browserprotect
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3796133184-2747058595-3010327798-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\lowregistry\search settings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a6eb8fe4c9986914497e92c7f5a702e3
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a6eb8fe4c9986914497e92c7f5a702e3
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\Kunde\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Kunde\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Kunde\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Kunde\appdata\locallow\pdfforge"
Successfully deleted: [Folder] "C:\Users\Kunde\appdata\locallow\search settings"
Successfully deleted: [Folder] "C:\Program Files\pdfforge toolbar"
Successfully deleted: [Folder] "C:\Users\Kunde\AppData\Roaming\microsoft\windows\start menu\programs\BrowserProtect"
~~~ FireFox
Successfully deleted: [File] C:\Users\Kunde\AppData\Roaming\mozilla\firefox\profiles\caserjqh.default\user.js
Successfully deleted: [File] C:\Users\Kunde\AppData\Roaming\mozilla\firefox\profiles\caserjqh.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\Kunde\AppData\Roaming\mozilla\firefox\profiles\caserjqh.default\bprotector_prefs.js
Successfully deleted: [File] C:\Users\Kunde\AppData\Roaming\mozilla\firefox\profiles\caserjqh.default\invalidprefs.js
Successfully deleted: [File] C:\Users\Kunde\AppData\Roaming\mozilla\firefox\profiles\caserjqh.default\searchplugins\babylon.xml
Successfully deleted: [File] C:\Users\Kunde\AppData\Roaming\mozilla\firefox\profiles\caserjqh.default\searchplugins\delta.xml
Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com"
Successfully deleted the following from C:\Users\Kunde\AppData\Roaming\mozilla\firefox\profiles\caserjqh.default\prefs.js
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "acf6136800000000000000224383e24b");
user_pref("extensions.delta.instlDay", "15849");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.21.5");
user_pref("extensions.delta.vrsnTs", "1.8.21.520:39:42");
user_pref("extensions.delta.vrsni", "1.8.21.5");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.babTrack", "affID=119357&tt=gc_");
user_pref("extensions.delta_i.srcExt", "ss");
Emptied folder: C:\Users\Kunde\AppData\Roaming\mozilla\firefox\profiles\caserjqh.default\minidumps [25 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.05.2013 at 23:40:03,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2. AdwCleaner Code:
# AdwCleaner v2.301 - Datei am 28/05/2013 um 00:09:57 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Benutzer : Kunde - KUNDEN-NB
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Kunde\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Gelöscht mit Neustart : C:\Program Files\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Users\Kunde\AppData\Local\Temp\avg@toolbar
Ordner Gelöscht : C:\Users\Kunde\AppData\LocalLow\AVG Secure Search
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\5b6ded9b43cec41
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\BrowserProtect
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\5b6ded9b43cec41
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A6EB8FE4C9986914497E92C7F5A702E3
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16483
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Kunde\AppData\Roaming\Mozilla\Firefox\Profiles\caserjqh.default\prefs.js
Gelöscht : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.2.0.5");
Gelöscht : user_pref("avg.install.userSPSettings", "AVG Secure Search");
*************************
AdwCleaner[S1].txt - [377 octets] - [27/05/2013 23:41:20]
AdwCleaner[S2].txt - [7572 octets] - [28/05/2013 00:09:57]
########## EOF - C:\AdwCleaner[S2].txt - [7632 octets] ##########
3. OTL Code:
OTL logfile created on: 28.05.2013 01:08:05 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kunde\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 58,52% Memory free
6,18 Gb Paging File | 4,97 Gb Available in Paging File | 80,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110,46 Gb Total Space | 19,91 Gb Free Space | 18,03% Space Free | Partition Type: NTFS
Drive D: | 58,95 Gb Total Space | 56,81 Gb Free Space | 96,37% Space Free | Partition Type: NTFS
Drive F: | 53,71 Gb Total Space | 48,75 Gb Free Space | 90,77% Space Free | Partition Type: NTFS
Drive H: | 9,76 Gb Total Space | 5,18 Gb Free Space | 53,04% Space Free | Partition Type: FAT32
Computer Name: KUNDEN-NB | User Name: Kunde | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Kunde\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\PROGRA~1\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\ASScrPro.exe ()
PRC - C:\Program files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files\ASUS\ATK Hotkey\WDC.exe ()
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe ()
PRC - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Windows\ASScrPro.exe ()
MOD - C:\Program files\P4G\OvrClk.dll ()
MOD - C:\Program files\P4G\DevMng.dll ()
MOD - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ()
MOD - C:\Program Files\ATKGFNEX\AGFNEX.dll ()
========== Services (SafeList) ==========
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vToolbarUpdater15.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Symantec Core LC) -- C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe ()
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe ()
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (cpuz132) -- C:\Users\Kunde\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (w800bus) -- C:\Windows\System32\drivers\w800bus.sys (MCCI)
DRV - (w800obex) -- C:\Windows\System32\drivers\w800obex.sys (MCCI)
DRV - (w800mgmt) -- C:\Windows\System32\drivers\w800mgmt.sys (MCCI)
DRV - (w800mdm) -- C:\Windows\System32\drivers\w800mdm.sys (MCCI)
DRV - (w800mdfl) -- C:\Windows\System32\drivers\w800mdfl.sys (MCCI)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3796133184-2747058595-3010327798-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKU\S-1-5-21-3796133184-2747058595-3010327798-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3796133184-2747058595-3010327798-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3796133184-2747058595-3010327798-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3796133184-2747058595-3010327798-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3796133184-2747058595-3010327798-1000\..\SearchScopes\{7D4539A9-D7B3-4C67-ADD7-A5BAFC5DAE18}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
IE - HKU\S-1-5-21-3796133184-2747058595-3010327798-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.24 20:56:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.24 20:56:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.24 20:56:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.24 20:56:00 | 000,000,000 | ---D | M]
[2012.02.01 21:27:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kunde\AppData\Roaming\mozilla\Extensions
[2009.09.26 13:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kunde\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.05.24 20:52:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kunde\AppData\Roaming\mozilla\Firefox\Profiles\caserjqh.default\extensions
[2013.05.27 23:39:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2013.05.24 20:55:58 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Program Files\mozilla firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2013.05.24 20:56:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions
[2013.05.24 20:56:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.03.06 09:31:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3796133184-2747058595-3010327798-1000..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found
O4 - Startup: C:\Users\Kunde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kunde\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{240CE465-C3AF-4234-A791-2C2008F083F1}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6648191f-e2ca-11df-8a0e-00248cc3feb5}\Shell\AutoRun\command - "" = G:\installer.exe
O33 - MountPoints2\{6648191f-e2ca-11df-8a0e-00248cc3feb5}\Shell\verb\command - "" = G:\installer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.27 23:38:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.27 23:37:27 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.27 23:37:27 | 000,000,000 | ---D | C] -- \JRT
[2013.05.27 23:35:47 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Kunde\Desktop\JRT.exe
[2013.05.27 22:37:45 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kunde\Desktop\tdsskiller.exe
[2013.05.27 22:37:22 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Kunde\Desktop\aswMBR.exe
[2013.05.26 22:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.05.26 22:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.26 22:35:52 | 000,000,000 | ---D | C] -- C:\Users\Kunde\Desktop\mbar-1.06.0.1003
[2013.05.26 19:55:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kunde\Desktop\OTL.exe
[2013.05.24 21:20:23 | 000,000,000 | ---D | C] -- C:\Users\Kunde\Local Settings
[2013.05.24 20:55:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.24 20:39:16 | 000,000,000 | ---D | C] -- C:\Users\Kunde\AppData\Roaming\DSite
[2013.05.22 22:24:04 | 000,000,000 | ---D | C] -- C:\Users\Kunde\AppData\Roaming\TagScanner
[2013.05.22 22:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner
[2013.05.22 22:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\TagScanner
[2013.05.21 22:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.05.14 22:37:39 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.14 22:33:44 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.14 22:33:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.14 22:33:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.05.14 22:33:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.14 22:33:43 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.14 22:33:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.14 22:33:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.05.14 21:37:48 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013.05.14 21:37:44 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.12 16:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D-Garten 8.0
[2013.05.12 15:57:22 | 000,000,000 | ---D | C] -- C:\Users\Kunde\Documents\3D-Garten 8.0 Beispiele
[2013.05.12 15:54:07 | 000,000,000 | ---D | C] -- C:\ProgramData\GARTEN8C
[2013.05.12 15:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\3D-Garten 8.0
[2013.05.08 23:37:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.05.08 23:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
========== Files - Modified Within 30 Days ==========
[2013.05.28 01:03:29 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2013.05.28 01:03:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.28 01:03:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.28 01:03:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.28 01:03:04 | 3212,042,240 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.28 01:02:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.05.28 01:01:48 | 000,000,178 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.05.28 00:57:39 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.27 23:36:13 | 000,632,031 | ---- | M] () -- C:\Users\Kunde\Desktop\adwcleaner.exe
[2013.05.27 23:35:48 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Kunde\Desktop\JRT.exe
[2013.05.27 22:51:46 | 000,000,512 | ---- | M] () -- C:\Users\Kunde\Desktop\MBR.dat
[2013.05.27 22:38:51 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Kunde\Desktop\aswMBR.exe
[2013.05.27 22:37:49 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kunde\Desktop\tdsskiller.exe
[2013.05.26 22:58:01 | 013,338,660 | ---- | M] () -- C:\Users\Kunde\Desktop\mbar-1.06.0.1003.zip
[2013.05.26 21:05:19 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2013.05.26 20:48:54 | 000,000,680 | ---- | M] () -- C:\Users\Kunde\AppData\Local\d3d9caps.dat
[2013.05.26 20:23:28 | 000,377,856 | ---- | M] () -- C:\Users\Kunde\Desktop\gmer_2.1.19163.exe
[2013.05.26 19:55:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kunde\Desktop\OTL.exe
[2013.05.26 07:53:47 | 000,002,631 | ---- | M] () -- C:\Users\Kunde\Desktop\Microsoft Office Word 2007.lnk
[2013.05.24 20:39:16 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013.05.22 22:24:00 | 000,000,817 | ---- | M] () -- C:\Users\Kunde\Desktop\TagScanner.lnk
[2013.05.21 22:50:19 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.05.21 22:41:02 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013.05.20 13:07:23 | 000,682,590 | ---- | M] () -- C:\Users\Kunde\Desktop\23442_xxx_Aupl_HSB_PDF.pdf
[2013.05.20 11:43:58 | 000,765,985 | ---- | M] () -- C:\Users\Kunde\Desktop\Bild 3 001.jpg
[2013.05.20 11:42:38 | 000,794,069 | ---- | M] () -- C:\Users\Kunde\Desktop\Bild 2 001.jpg
[2013.05.20 11:40:32 | 001,055,633 | ---- | M] () -- C:\Users\Kunde\Desktop\Bild 1 001.jpg
[2013.05.20 08:58:10 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.20 08:58:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.16 21:12:18 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.16 21:12:18 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.16 21:12:18 | 000,125,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.16 21:12:18 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.16 21:05:33 | 000,270,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.12 16:05:04 | 000,001,695 | ---- | M] () -- C:\Users\Public\Desktop\3D-Garten 8.0.lnk
[2013.05.12 11:04:49 | 000,120,666 | ---- | M] () -- C:\Users\Kunde\Desktop\Grundriss_Carport_und_Garage.pdf
[2013.05.12 11:03:57 | 003,729,960 | R--- | M] () -- C:\Users\Kunde\Desktop\%0d%0a Garage_und_Carport_in_grautönen.jpg
[2013.05.10 19:09:24 | 000,002,633 | ---- | M] () -- C:\Users\Kunde\Desktop\Microsoft Office Excel 2007.lnk
[2013.05.08 23:01:08 | 000,001,197 | ---- | M] () -- C:\Users\Kunde\Desktop\Free YouTube to MP3 Converter.lnk
[2013.05.05 21:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.28 19:40:29 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Kobo.lnk
========== Files Created - No Company Name ==========
[2013.05.27 23:41:37 | 000,000,178 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.05.27 23:36:11 | 000,632,031 | ---- | C] () -- C:\Users\Kunde\Desktop\adwcleaner.exe
[2013.05.27 22:51:46 | 000,000,512 | ---- | C] () -- C:\Users\Kunde\Desktop\MBR.dat
[2013.05.26 22:34:28 | 013,338,660 | ---- | C] () -- C:\Users\Kunde\Desktop\mbar-1.06.0.1003.zip
[2013.05.26 21:04:55 | 3212,042,240 | -HS- | C] () -- C:\hiberfil.sys
[2013.05.26 21:04:55 | 3212,042,240 | -HS- | C] () -- \hiberfil.sys
[2013.05.26 20:48:54 | 000,000,680 | ---- | C] () -- C:\Users\Kunde\AppData\Local\d3d9caps.dat
[2013.05.26 20:23:26 | 000,377,856 | ---- | C] () -- C:\Users\Kunde\Desktop\gmer_2.1.19163.exe
[2013.05.24 20:39:16 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\DSite.job
[2013.05.22 22:24:00 | 000,000,817 | ---- | C] () -- C:\Users\Kunde\Desktop\TagScanner.lnk
[2013.05.20 13:07:18 | 000,682,590 | ---- | C] () -- C:\Users\Kunde\Desktop\23442_xxx_Aupl_HSB_PDF.pdf
[2013.05.20 11:43:58 | 000,765,985 | ---- | C] () -- C:\Users\Kunde\Desktop\Bild 3 001.jpg
[2013.05.20 11:42:38 | 000,794,069 | ---- | C] () -- C:\Users\Kunde\Desktop\Bild 2 001.jpg
[2013.05.20 11:40:32 | 001,055,633 | ---- | C] () -- C:\Users\Kunde\Desktop\Bild 1 001.jpg
[2013.05.12 16:05:04 | 000,001,695 | ---- | C] () -- C:\Users\Public\Desktop\3D-Garten 8.0.lnk
[2013.05.12 11:04:48 | 000,120,666 | ---- | C] () -- C:\Users\Kunde\Desktop\Grundriss_Carport_und_Garage.pdf
[2013.05.12 11:03:48 | 003,729,960 | R--- | C] () -- C:\Users\Kunde\Desktop\%0d%0a Garage_und_Carport_in_grautönen.jpg
[2013.05.08 23:01:08 | 000,001,197 | ---- | C] () -- C:\Users\Kunde\Desktop\Free YouTube to MP3 Converter.lnk
[2013.03.11 21:05:05 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2013.03.11 21:05:05 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2012.05.24 01:49:44 | 000,142,111 | ---- | C] () -- C:\Users\Kunde\xxx.elfo
[2011.05.23 22:42:23 | 000,146,064 | ---- | C] () -- C:\Users\Kunde\xxx.elfo
[2010.07.06 21:26:44 | 000,178,322 | ---- | C] () -- C:\Users\Kunde\xxx.elfo
[2010.06.28 00:24:17 | 000,000,211 | -HS- | C] () -- \boot.ini
[2010.06.27 22:52:12 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2010.06.27 22:52:12 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2009.10.05 15:07:56 | 000,000,058 | ---- | C] () -- C:\Users\Kunde\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2009.07.04 14:58:51 | 000,025,600 | ---- | C] () -- C:\Users\Kunde\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.14 04:23:17 | 000,000,027 | ---- | C] () -- \Driver.20
[2008.12.09 08:37:37 | 001,048,576 | RH-- | C] () -- \X58LE.BIN
[2008.11.06 05:14:01 | 000,000,022 | ---- | C] () -- \RECOVERY.DAT
[2008.04.16 11:45:26 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008.04.16 11:45:24 | 000,333,257 | RHS- | C] () -- \bootmgr
[2008.04.14 14:00:00 | 000,251,712 | RHS- | C] () -- \ntldr
[2008.04.14 14:00:00 | 000,047,564 | RHS- | C] () -- \NTDETECT.COM
[2008.04.14 14:00:00 | 000,004,952 | RHS- | C] () -- \bootfont.bin
[2006.11.02 12:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006.11.02 08:25:08 | 000,000,010 | ---- | C] () -- \config.sys
========== ZeroAccess Check ==========
[2006.11.02 14:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
Viele Grüße
Andy.pol |
aswMBR.exe und speichere die Datei auf deinem Desktop.
TDSSKiller.exe und speichere diese Datei auf dem Desktop
AdwCleaner auf deinen Desktop.
