Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
a2ZLyrics - ich verzweifele

a2ZLyrics - ich verzweifele


Log-Analyse und Auswertung: a2ZLyrics - ich verzweifele

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Seite 1 von 2 1 2
Alt 02.11.2013, 23:34   #1
IchweißNix
 
a2ZLyrics - ich verzweifele - Standard

a2ZLyrics - ich verzweifele


Tja, ich bin ja wohl die die Einzige, die es erwischt hat: A2Zlyrics macht mir das Leben schwer. Ich brauche dringend Hilfe. Ganz herzlichen Dank schon mal!


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Maria Gabriela (administrator) on MOONLIGHTSONATA on 02-11-2013 23:14:38
Running from C:\Documents and Settings\Maria Gabriela\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 6
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
() C:\WINDOWS\system32\AppleOSSMgr.exe
(Apple Inc.) C:\WINDOWS\system32\AppleTimeSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(SigmaTel, Inc.) C:\WINDOWS\system32\STacSV.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Apple Inc.) C:\WINDOWS\system32\IRW.exe
(Apple Inc.) C:\Program Files\Boot Camp\KbdMgr.exe
(Lavasoft) C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(Repkasoft) C:\Program Files\YoWindow\yowindow.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IRW] - C:\WINDOWS\system32\IRW.exe [147456 2007-10-08] (Apple Inc.)
HKLM\...\Run: [Apple_KbdMgr] - C:\Program Files\Boot Camp\KbdMgr.exe [419120 2007-10-08] (Apple Inc.)
HKLM\...\Run: [Ad-Aware Browsing Protection] - C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe [542104 2012-11-16] (Lavasoft)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\InprocServer32: [Default-wbemess] wbemess.dll ATTENTION! ====> ZeroAccess?
HKCU\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
MountPoints2: {071b8471-de90-11df-b5bb-001b6313f77e} - E:\LaunchU3.exe -a
MountPoints2: {f21a3798-4e9a-11e1-b63e-001b6313f77e} - E:\LaunchU3.exe -a
AppInit_DLLs: c:\docume~1\alluse~1\applic~1\browse~1\261095~1.52\{c16c1~1\browse~1.dll [ 2006-02-28] ()
IMEO\capture.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IMEO\coreldrw.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IMEO\corelpp.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IMEO\excel.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IMEO\hddlifepro.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IMEO\mstore.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IMEO\offdiag.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IMEO\ois.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IMEO\onenote.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IMEO\onenotem.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IMEO\pdapp.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IMEO\powerpnt.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IMEO\skype.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IMEO\winword.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\Maria Gabriela\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
Startup: C:\Documents and Settings\Maria Gabriela\Start Menu\Programs\Startup\YoWindow.lnk
ShortcutTarget: YoWindow.lnk -> C:\Program Files\YoWindow\yowindow.exe (Repkasoft)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Sign In
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = Sign In
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Sign In
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {36683662-D727-4AD9-8794-1F5B902999CB} URL = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
SearchScopes: HKLM - {581A8400-3854-4532-901A-91BC91655A73} URL = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
SearchScopes: HKLM - {9EACB0BE-EDB1-4D60-9266-354A0CC6E2AD} URL = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
SearchScopes: HKCU - {30A741AB-839D-4E72-A2A1-4A1D76493F67} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=05311972-0023-4301-9558-e44692d67ada&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {36683662-D727-4AD9-8794-1F5B902999CB} URL = hxxp://downloads.phpnuke.org.anonymize-me.de/?anonymto=687474703A2F2F646F776E6C6F6164732E7068706E756B652E6F72672F64652F696E6465782E7068703F7276733D676F6F676C65&st={searchTerms}&clid=05311972-0023-4301-9558-e44692d67ada&pid=freewarede&k=0
SearchScopes: HKCU - {581A8400-3854-4532-901A-91BC91655A73} URL = hxxp://downloads.phpnuke.org.anonymize-me.de/?anonymto=687474703A2F2F646F776E6C6F6164732E7068706E756B652E6F72672F64652F696E6465782E7068703F7276733D676F6F676C65&st={searchTerms}&clid=05311972-0023-4301-9558-e44692d67ada&pid=freewarede&k=0
SearchScopes: HKCU - {6469811C-FFC9-493A-8AFC-82E43F2B9999} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=05311972-0023-4301-9558-e44692d67ada&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {91E3CAF0-5F77-4DAE-A72A-B70F5FC2C8B8} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=05311972-0023-4301-9558-e44692d67ada&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {9EACB0BE-EDB1-4D60-9266-354A0CC6E2AD} URL = hxxp://downloads.phpnuke.org.anonymize-me.de/?anonymto=687474703A2F2F646F776E6C6F6164732E7068706E756B652E6F72672F64652F696E6465782E7068703F7276733D676F6F676C65&st={searchTerms}&clid=05311972-0023-4301-9558-e44692d67ada&pid=freewarede&k=0
SearchScopes: HKCU - {AA5E1114-9742-4A64-8CB6-DA405CB24949} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=05311972-0023-4301-9558-e44692d67ada&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {B75492BF-CF43-4F46-A7AA-E49EE9FF740A} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=05311972-0023-4301-9558-e44692d67ada&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {E4B2A159-30F8-49D3-AC1E-EF854DD92BB7} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=05311972-0023-4301-9558-e44692d67ada&pid=freewarede&mode=bounce&k=0
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @fluxdvd.com/NPWMDRMWrapper - C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll ( )
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @protectdisc.com/NPMPDRM - C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\searchplugins\nation-secure-search.xml
FF SearchPlugin: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\searchplugins\{08AA91A0-A545-47D5-AA85-6C91694EAC34}.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\nation-secure-search.xml
FF Extension: a2zLyrics-16 - C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\Extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: AddThis - C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF Extension: noscript - C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (Microsoft\u00C3\u00C2\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00C3\u00C2\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (fluxDVD Browser Plugin) - C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (fluxDVD Placeholder Plugin) - C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll ( )
CHR Plugin: (Windows Live\u00C3\u00C2\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Koji NISHIDA) - C:\DOCUME~1\MARIAG~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\acganlmcjehnfmehkmlimgkaloifodlf\2_0
CHR Extension: (Google Docs) - C:\DOCUME~1\MARIAG~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (YouTube) - C:\DOCUME~1\MARIAG~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOCUME~1\MARIAG~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\DOCUME~1\MARIAG~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\DOCUME~1\MARIAG~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM\...\Chrome\Extension: [kdneagjiboclldmglpjofpeipkbollcf] - C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

========================== Services (Whitelisted) =================

R2 AppleOSSMgr; C:\WINDOWS\system32\AppleOSSMgr.exe [140592 2007-10-08] ()
R2 AppleTimeSrv; C:\WINDOWS\system32\AppleTimeSrv.exe [99632 2007-10-08] (Apple Inc.)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [520192 2007-06-14] ()
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
S4 HDDlife HDD Access service; C:\Program Files\Common Files\BinarySense\hldasvc.exe [2095368 2013-02-14] (BinarySense, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG)
S4 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 STacSV; C:\WINDOWS\system32\STacSV.exe [86016 2007-10-08] (SigmaTel, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1739064 2013-10-08] (AVG)
S4 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R3 applebmt; C:\Windows\System32\DRIVERS\applebmt.sys [34304 2009-10-15] (Apple Inc.)
R3 applebt; C:\Windows\System32\DRIVERS\applebt.sys [8064 2007-10-08] (Apple Inc.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120632 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209208 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [145720 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102200 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-11-01] (AVG Technologies)
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [592256 2007-10-08] (Broadcom Corporation)
S3 BthKicker; C:\Windows\System32\DRIVERS\BthKicker.sys [7424 2007-10-08] (Apple Inc.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2004-08-03] (Microsoft Corporation)
R3 DevUpper; C:\Windows\System32\DRIVERS\iSightFT.sys [8320 2007-10-08] (Apple Inc.)
S2 DgiVecp; C:\WINDOWS\system32\Drivers\DgiVecp.sys [41984 2004-08-11] (Samsung Electronics Co., Ltd.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2012-12-12] (GFI Software)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51088 2004-06-22] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-06-22] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP)
R3 IRRemoteFlt; C:\Windows\System32\DRIVERS\IRFilter.sys [16512 2007-10-08] (Apple Inc.)
S3 iSightUpdate; C:\Windows\System32\DRIVERS\iSightUP.sys [18304 2007-10-08] (Apple Inc.)
R2 KeyAgent; C:\WINDOWS\system32\drivers\KeyAgent.sys [4864 2007-10-08] (Apple Inc.)
R3 KeyMagic; C:\Windows\System32\DRIVERS\KeyMagic.sys [17920 2007-10-08] (Apple Inc.)
R2 MacHALDriver; C:\WINDOWS\system32\drivers\MacHALDriver.sys [6528 2007-10-08] (Apple Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2004-08-03] (Microsoft Corporation)
R1 SBRE; C:\Windows\system32\drivers\SBREDrv.sys [101720 2012-02-14] (Sunbelt Software)
S3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2006-02-28] ()
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1177864 2007-10-08] (SigmaTel, Inc.)
R3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [12320 2013-09-18] (TuneUp Software)
S3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [255232 2007-10-08] (Marvell)
S3 cpuz132; \??\C:\DOCUME~1\MARIAG~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [x]
S4 IntelIde; No ImagePath
S3 NSNDIS5; \??\C:\WINDOWS\system32\NSNDIS5.SYS [x]
S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [x]
U1 WS2IFSL; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-02 23:14 - 2013-11-02 23:14 - 00000000 ____D C:\FRST
2013-11-02 22:51 - 2013-11-02 22:51 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\AVG
2013-11-02 22:48 - 2013-11-02 22:55 - 00000000 ____D C:\AdwCleaner
2013-11-01 22:25 - 2013-11-01 22:25 - 00001747 _____ C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2013-11-01 22:25 - 2013-11-01 22:25 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Application Data\AVG
2013-11-01 22:25 - 2013-11-01 22:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014
2013-11-01 22:25 - 2013-10-08 13:46 - 00036152 _____ (AVG) C:\WINDOWS\system32\TURegOpt.exe
2013-11-01 22:22 - 2013-11-01 22:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG
2013-11-01 22:21 - 2013-11-01 22:30 - 00000000 __SHD C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-11-01 22:15 - 2013-11-01 22:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2013-11-01 22:09 - 2013-11-01 22:09 - 00001702 _____ C:\Program Files\Mozilla Firefoxnation-secure-search.xml
2013-11-01 22:09 - 2013-11-01 22:08 - 00037664 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2013-11-01 22:06 - 2013-11-01 22:23 - 00000000 ____D C:\Program Files\AVG
2013-11-01 21:41 - 2013-11-01 22:09 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-01 21:36 - 2013-11-02 22:36 - 00000420 _____ C:\WINDOWS\Tasks\At2.job
2013-11-01 21:35 - 2013-11-02 22:35 - 00000416 _____ C:\WINDOWS\Tasks\At1.job
2013-11-01 21:35 - 2013-11-01 21:35 - 00000000 ____D C:\Program Files\Foxtab
2013-11-01 21:35 - 2013-11-01 21:35 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Application Data\FoxTab
2013-11-01 18:49 - 2013-11-01 18:49 - 00000000 ____D C:\Program Files\Zula Games
2013-11-01 18:49 - 2013-11-01 18:49 - 00000000 ____D C:\Program Files\ffdshow
2013-11-01 18:49 - 2013-11-01 18:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ffdshow
2013-11-01 18:17 - 2013-11-01 18:17 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\NativeMessaging
2013-11-01 18:10 - 2013-11-01 18:10 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Application Data\AVAST Software
2013-11-01 18:07 - 2013-11-01 18:07 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-01 18:07 - 2013-11-01 18:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-11-01 08:47 - 2013-11-01 08:49 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Desktop\301013(2)
2013-10-30 13:34 - 2013-10-30 13:37 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Desktop\101MSDCF
2013-10-27 16:50 - 2013-10-27 18:31 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Desktop\Anneliese Forwick
2013-10-17 08:03 - 2013-11-01 18:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Netzmanager
2013-10-17 08:03 - 2013-10-19 08:23 - 00000000 __HDC C:\Documents and Settings\All Users\Application Data\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
2013-10-17 08:03 - 2013-10-17 08:03 - 00000792 _____ C:\Documents and Settings\All Users\Start Menu\Netzmanager.lnk
2013-10-17 08:03 - 2013-10-17 08:03 - 00000000 ____D C:\Program Files\Netzmanager
2013-10-17 08:03 - 2013-10-17 08:03 - 00000000 ____D C:\Program Files\Microsoft WSE
2013-10-17 08:03 - 2013-10-17 08:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Netzmanager
2013-10-17 07:45 - 2013-10-17 07:45 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\CanonIJFAX
2013-10-17 07:45 - 2010-09-13 13:44 - 00106496 _____ (CANON INC.) C:\WINDOWS\system32\CNC360U.dll
2013-10-17 07:45 - 2010-09-13 13:42 - 01347584 _____ (CANON INC.) C:\WINDOWS\system32\CNC360C.dll
2013-10-17 07:45 - 2010-09-13 13:42 - 00114688 _____ (CANON INC.) C:\WINDOWS\system32\CNC360I.dll
2013-10-17 07:45 - 2010-09-06 16:03 - 00315392 _____ (CANON INC.) C:\WINDOWS\system32\CNC360L.dll
2013-10-17 07:45 - 2010-05-14 09:45 - 00015104 _____ C:\WINDOWS\system32\CNC174DD.TBL
2013-10-17 07:45 - 2008-08-25 17:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA.dll
2013-10-17 06:41 - 2013-10-17 06:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2013-10-14 15:07 - 2013-10-14 15:07 - 00000000 ____D C:\output
2013-10-09 11:16 - 2013-10-09 14:17 - 17813896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders =======

2013-11-02 23:16 - 2012-04-09 09:31 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-02 23:14 - 2013-11-02 23:14 - 00000000 ____D C:\FRST
2013-11-02 23:03 - 2010-10-23 10:02 - 00521444 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-02 22:59 - 2013-03-13 20:38 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-11-02 22:59 - 2012-10-27 07:01 - 00000296 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1275210071-839522115-1003.job
2013-11-02 22:59 - 2010-10-23 10:04 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-02 22:59 - 2006-02-28 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-02 22:58 - 2010-10-23 23:30 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-02 22:57 - 2013-05-06 21:33 - 00327640 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-11-02 22:57 - 2011-02-11 07:56 - 00004956 _____ C:\WINDOWS\bthservsdp.dat
2013-11-02 22:57 - 2010-11-25 12:39 - 00131072 _____ C:\WINDOWS\system32\config\TuneUp.evt
2013-11-02 22:57 - 2010-10-23 23:30 - 00032208 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-02 22:56 - 2013-03-18 23:01 - 00268203 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-02 22:56 - 2010-10-23 23:33 - 00000178 ___SH C:\Documents and Settings\Maria Gabriela\ntuser.ini
2013-11-02 22:56 - 2010-10-23 23:33 - 00000000 ____D C:\Documents and Settings\Maria Gabriela
2013-11-02 22:55 - 2013-11-02 22:48 - 00000000 ____D C:\AdwCleaner
2013-11-02 22:51 - 2013-11-02 22:51 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\AVG
2013-11-02 22:36 - 2013-11-01 21:36 - 00000420 _____ C:\WINDOWS\Tasks\At2.job
2013-11-02 22:35 - 2013-11-01 21:35 - 00000416 _____ C:\WINDOWS\Tasks\At1.job
2013-11-02 22:35 - 2013-09-21 11:41 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Desktop\Love Ohlala
2013-11-02 22:30 - 2010-10-23 14:22 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Desktop\Programme
2013-11-02 22:29 - 2010-10-27 12:49 - 00002519 _____ C:\Documents and Settings\Maria Gabriela\Desktop\Word.lnk
2013-11-02 18:51 - 2013-03-02 18:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-11-02 11:34 - 2010-10-23 18:07 - 00000000 ____D C:\WINDOWS\SxsCaPendDel
2013-11-02 09:49 - 2013-07-16 19:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$
2013-11-02 08:59 - 2010-11-08 15:34 - 00001114 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-02 08:59 - 2010-11-08 15:34 - 00001110 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-02 02:23 - 2012-05-02 19:25 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-01 22:30 - 2013-11-01 22:21 - 00000000 __SHD C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-11-01 22:25 - 2013-11-01 22:25 - 00001747 _____ C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2013-11-01 22:25 - 2013-11-01 22:25 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Application Data\AVG
2013-11-01 22:25 - 2013-11-01 22:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014
2013-11-01 22:25 - 2013-11-01 22:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG
2013-11-01 22:23 - 2013-11-01 22:06 - 00000000 ____D C:\Program Files\AVG
2013-11-01 22:22 - 2012-12-18 21:08 - 00000000 ____D C:\Program Files\TuneUp Utilities 2013
2013-11-01 22:15 - 2013-11-01 22:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2013-11-01 22:15 - 2013-05-10 08:38 - 01146461 _____ C:\WINDOWS\setupapi.log
2013-11-01 22:11 - 2013-09-24 16:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2014
2013-11-01 22:09 - 2013-11-01 22:09 - 00001702 _____ C:\Program Files\Mozilla Firefoxnation-secure-search.xml
2013-11-01 22:09 - 2013-11-01 21:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-01 22:08 - 2013-11-01 22:09 - 00037664 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2013-11-01 22:07 - 2013-03-02 18:11 - 00000000 ___HD C:\$AVG
2013-11-01 21:35 - 2013-11-01 21:35 - 00000000 ____D C:\Program Files\Foxtab
2013-11-01 21:35 - 2013-11-01 21:35 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Application Data\FoxTab
2013-11-01 21:30 - 2013-01-22 12:18 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Desktop\FOTOS 2013
2013-11-01 18:53 - 2010-10-23 23:30 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-11-01 18:53 - 2010-10-23 23:29 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-11-01 18:53 - 2010-10-23 23:22 - 00000000 ____D C:\WINDOWS\Registration
2013-11-01 18:49 - 2013-11-01 18:49 - 00000000 ____D C:\Program Files\Zula Games
2013-11-01 18:49 - 2013-11-01 18:49 - 00000000 ____D C:\Program Files\ffdshow
2013-11-01 18:49 - 2013-11-01 18:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ffdshow
2013-11-01 18:49 - 2013-09-10 07:42 - 00000000 ____D C:\Program Files\EPSON
2013-11-01 18:47 - 2013-09-29 15:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\GamePacks
2013-11-01 18:47 - 2013-09-10 07:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\EPSON
2013-11-01 18:45 - 2013-10-17 08:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Netzmanager
2013-11-01 18:17 - 2013-11-01 18:17 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\NativeMessaging
2013-11-01 18:10 - 2013-11-01 18:10 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Application Data\AVAST Software
2013-11-01 18:07 - 2013-11-01 18:07 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-01 18:07 - 2013-11-01 18:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-11-01 08:49 - 2013-11-01 08:47 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Desktop\301013(2)
2013-10-30 13:37 - 2013-10-30 13:34 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Desktop\101MSDCF
2013-10-29 17:33 - 2012-10-27 07:01 - 00000304 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1275210071-839522115-1003.job
2013-10-27 18:31 - 2013-10-27 16:50 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Desktop\Anneliese Forwick
2013-10-25 14:25 - 2013-09-25 05:45 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Desktop\Originals
2013-10-25 08:01 - 2013-01-11 08:49 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Desktop\Neuendorf
2013-10-25 05:36 - 2013-09-24 16:56 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Avg2014
2013-10-24 22:24 - 2010-10-26 19:12 - 02036584 ___SH C:\Documents and Settings\Maria Gabriela\Desktop\Thumbs.db
2013-10-19 21:23 - 2010-10-26 06:19 - 00002875 _____ C:\Documents and Settings\Maria Gabriela\Start Menu\Program Updates.lnk
2013-10-19 08:23 - 2013-10-17 08:03 - 00000000 __HDC C:\Documents and Settings\All Users\Application Data\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
2013-10-17 17:39 - 2010-10-23 23:42 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-10-17 08:03 - 2013-10-17 08:03 - 00000792 _____ C:\Documents and Settings\All Users\Start Menu\Netzmanager.lnk
2013-10-17 08:03 - 2013-10-17 08:03 - 00000000 ____D C:\Program Files\Netzmanager
2013-10-17 08:03 - 2013-10-17 08:03 - 00000000 ____D C:\Program Files\Microsoft WSE
2013-10-17 08:03 - 2013-10-17 08:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Netzmanager
2013-10-17 07:45 - 2013-10-17 07:45 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\CanonIJFAX
2013-10-17 07:45 - 2010-10-23 09:53 - 00000000 ____D C:\WINDOWS\twain_32
2013-10-17 07:45 - 2010-10-23 09:53 - 00000000 ____D C:\WINDOWS\Media
2013-10-17 06:41 - 2013-10-17 06:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2013-10-17 06:41 - 2013-08-18 06:41 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-15 06:48 - 2013-08-01 21:44 - 00000000 ___RD C:\Program Files\Skype
2013-10-14 15:07 - 2013-10-14 15:07 - 00000000 ____D C:\output
2013-10-09 14:17 - 2013-10-09 11:16 - 17813896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-10-09 14:17 - 2012-04-09 09:30 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-09 14:17 - 2011-07-17 09:17 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-09 06:42 - 2010-10-23 10:01 - 03550776 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-08 13:46 - 2013-11-01 22:25 - 00036152 _____ (AVG) C:\WINDOWS\system32\TURegOpt.exe
2013-10-08 08:27 - 2010-10-23 14:49 - 00063280 _____ C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-08 06:31 - 2006-02-28 13:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-10-05 07:25 - 2013-04-12 06:09 - 00000000 ___RD C:\Documents and Settings\Maria Gabriela\My Documents\Gabriela
2013-10-05 07:25 - 2013-02-24 11:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Wincert
2013-10-04 08:40 - 2012-12-27 11:00 - 00000000 ____D C:\Documents and Settings\Maria Gabriela\My Documents\27122012
2013-10-03 14:51 - 2013-05-22 16:40 - 00000000 ____D C:\WINDOWS\system32\cache

ZeroAccess:
C:\Windows\Installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}
C:\Windows\Installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\@

ZeroAccess:
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\@

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job


Some content of TEMP:
====================
C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\FLVPlayerSetup.exe
C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\LiveSupport_setup.exe
C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\oi_{1E12F16D-2758-4948-8334-1E5347A15231}.exe
C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\tbappb.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2006-02-28 13:00] - [2006-02-28 13:00] - 1032192 ____A (Microsoft Corporation) a0732187050030ae399b241436565e64 

C:\Windows\System32\winlogon.exe
[2006-02-28 13:00] - [2006-02-28 13:00] - 0502272 ____A (Microsoft Corporation) 01c3346c241652f43aed8e2149881bfe 

C:\Windows\System32\svchost.exe
[2006-02-28 13:00] - [2006-02-28 13:00] - 0014336 ____A (Microsoft Corporation) 8f078ae4ed187aaabc0a305146de6716 

C:\Windows\System32\services.exe
[2006-02-28 13:00] - [2009-02-06 18:14] - 0110592 ____A (Microsoft Corporation) 37561f8d4160d62da86d24ae41fae8de 

C:\Windows\System32\User32.dll
[2006-02-28 13:00] - [2006-02-28 13:00] - 0577024 ____A (Microsoft Corporation) c72661f8552ace7c5c85e16a3cf505c4 

C:\Windows\System32\userinit.exe
[2006-02-28 13:00] - [2012-05-02 19:19] - 0024576 ____A (Microsoft Corporation) 39b1ffb03c2296323832acbae50d2aff 

C:\Windows\System32\Drivers\volsnap.sys
[2006-02-28 13:00] - [2006-02-28 13:00] - 0052352 ____A (Microsoft Corporation) ee4660083deba849ff6c485d944b379b 


==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:55B41E6A
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9B013599

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Marvell
Service: yukonwxp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Nokia 6600 fold
Description: Nokia 6600 fold
Class Guid: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Manufacturer: Nokia
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/01/2013 09:35:52 PM) (Source: MsiInstaller) (User: MOONLIGHTSONATA)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\GoogleUpdateHelper.msi

Error: (11/01/2013 06:43:43 PM) (Source: Application Error) (User: )
Description: Fault bucket -362004852.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (11/01/2013 06:43:12 PM) (Source: Application Error) (User: )
Description: Faulting application McCHSvc.exe, version 3.8.130.0, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x00011948.
Processing media-specific event for [McCHSvc.exe!ws!]

Error: (11/01/2013 03:20:23 PM) (Source: Application Error) (User: )
Description: Fault bucket -964704830.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (11/01/2013 03:20:16 PM) (Source: Application Error) (User: )
Description: Faulting application webplayer.exe, version 1.1.0.0, faulting module shdocvw.dll, version 6.0.2900.3698, fault address 0x000342cd.
Processing media-specific event for [webplayer.exe!ws!]

Error: (11/01/2013 03:19:44 PM) (Source: Application Error) (User: )
Description: Fault bucket -964704830.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (11/01/2013 03:19:39 PM) (Source: Application Error) (User: )
Description: Faulting application webplayer.exe, version 1.1.0.0, faulting module shdocvw.dll, version 6.0.2900.3698, fault address 0x000342cd.
Processing media-specific event for [webplayer.exe!ws!]

Error: (10/31/2013 06:51:53 PM) (Source: Bonjour Service) (User: )
Description: Timed out waiting for acknowledgement of machine sleep

Error: (10/31/2013 07:41:30 AM) (Source: Application Error) (User: )
Description: Faulting application McCHSvc.exe, version 3.8.130.0, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x0001817a.
Processing media-specific event for [McCHSvc.exe!ws!]

Error: (10/31/2013 06:46:58 AM) (Source: Application Error) (User: )
Description: Fault bucket -398071053.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.


System errors:
=============
Error: (11/02/2013 11:04:09 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1460

Error: (11/02/2013 10:59:45 PM) (Source: Service Control Manager) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2

Error: (11/02/2013 10:59:45 PM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20

Error: (11/02/2013 10:01:18 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the AppleOSSMgr service.

Error: (11/02/2013 10:00:41 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the AppleOSSMgr service.

Error: (11/02/2013 10:00:07 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the AppleOSSMgr service.

Error: (11/02/2013 10:00:07 PM) (Source: 0) (User: )
Description:

Error: (11/02/2013 08:01:23 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1460

Error: (11/02/2013 07:57:00 PM) (Source: Service Control Manager) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2

Error: (11/02/2013 07:57:00 PM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20


Microsoft Office Sessions:
=========================
Error: (10/01/2013 04:40:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 36904 seconds with 420 seconds of active time. This session ended with a crash.

Error: (09/15/2013 11:13:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3601 seconds with 180 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 60%
Total physical RAM: 2032.27 MB
Available physical RAM: 812.42 MB
Total Pagefile: 3924.82 MB
Available Pagefile: 2818.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 1967.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:105.69 GB) (Free:55.55 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: F21DF21D)

Partition: GPT Partition TypePartition 2: (Not Active) - (Size=127 GB) - (Type=AF)
Partition 3: (Active) - (Size=106 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Alt 03.11.2013, 00:02   #2
smeenk
/// Malwareteam / Visitor
 
a2ZLyrics - ich verzweifele - Standard

a2ZLyrics - ich verzweifele




Ich bin smeenk und ich werde versuchen dir zu helfen

Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:
    Code:
    ATTFilter
    firefoxlook;
filesrcm;
autoclean;
installedprogs;
chromelook;
startupall;
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
  • Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)
__________________
Alt 03.11.2013, 20:34   #3
IchweißNix
 
a2ZLyrics - ich verzweifele - Standard

a2ZLyrics - ich verzweifele


Code:
ATTFilter
Zoek.exe Version 4.0.0.5 Updated 26-October-2013
Tool run by Maria Gabriela on 03.11.2013 at 20:03:09,98.
Microsoft Windows XP Professional 5.1.2600 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\DOCUME~1\MARIAG~1\LOCALS~1\Temp\Rar$EXa0.763\zoek.exe [Script inserted] 

==== System Restore Info ======================

03.11.2013 20:06:47 Zoek.exe System Restore Point Created Succesfully.

==== Possible Rootkit Infection ======================

C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\L
C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\U
C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\@

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{30A741AB-839D-4E72-A2A1-4A1D76493F67} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{36683662-D727-4AD9-8794-1F5B902999CB} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{581A8400-3854-4532-901A-91BC91655A73} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6469811C-FFC9-493A-8AFC-82E43F2B9999} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{91E3CAF0-5F77-4DAE-A72A-B70F5FC2C8B8} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9EACB0BE-EDB1-4D60-9266-354A0CC6E2AD} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AA5E1114-9742-4A64-8CB6-DA405CB24949} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{B75492BF-CF43-4F46-A7AA-E49EE9FF740A} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{E4B2A159-30F8-49D3-AC1E-EF854DD92BB7} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Installed Programs ======================

7-Zip 9.20  
Ad-Aware Browsing Protection  
Adobe AIR  
Adobe Bridge 1.0  
Adobe Common File Installer  
Adobe Community Help  
Adobe Digital Editions  
Adobe Download Assistant  
Adobe Flash Player 11 ActiveX  
Adobe Flash Player 11 Plugin  
Adobe Help Center 1.0  
Adobe Media Player  
Adobe Photoshop CS2  
Adobe Reader XI (11.0.05) - Deutsch  
Adobe Stock Photos 1.0  
AIDA64 Extreme Edition v1.80  
Apple Application Support  
Apple Mobile Device Support  
Apple Software Update  
ATI - Software Uninstall Utility  
ATI Display Driver  
AVG 2014  
AVG Nation toolbar  
AVG PC TuneUp 2014  
AVG PC TuneUp 2014 (de-DE)  
Bewerbungsfoto-/Passbild-Generator v3.2c  
Bildschutz Pro  
Bonjour  
Boot Camp-Dienste  
Bubble Hit Bundle by GamePacks  
Bubble Hit by GamePacks  
calibre  
Canon iP5200  
Canon MX360 series MP Drivers  
Canon PhotoRecord  
Canon RAW Codec  
Canon Setup Utility 2.0  
Canon Utilities Easy-PhotoPrint  
Canon Utilities Easy-PrintToolBox  
CCleaner  
CorelDRAW Graphics Suite X3  
DE  
Dup Detector  
Easy-WebPrint  
Easy Poster Printer  
EPSON-Drucker-Software  
Extended Update  
ffdshow v1.2.4422 [2012-04-09]  
FontNav  
Foxtab  
GIMP 2.6.6  
Google Chrome  
Google Earth  
Google Update Helper  
GTK+ 2.4.3 runtime environment  
HDDlife Pro 4.0  
HiJackThis  
HomepageFIX 2012  
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)  
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)  
ImageBlizzard 1.0  
IrfanView (remove only)  
iTunes  
Java 7 Update 17  
Java Auto Updater  
Java(TM) 6 Update 22  
Java(TM) 6 Update 26  
Junk Mail filter update  
Malwarebytes Anti-Malware Version 1.75.0.1300  
McAfee Security Scan Plus  
Microsoft .NET Framework 1.1  
Microsoft .NET Framework 1.1 German Language Pack  
Microsoft .NET Framework 1.1 Security Update (KB979906)  
Microsoft .NET Framework 2.0 Service Pack 2  
Microsoft .NET Framework 3.0 Service Pack 2  
Microsoft .NET Framework 3.5 SP1  
Microsoft Application Error Reporting  
Microsoft Choice Guard  
Microsoft IntelliPoint 8.2  
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9  
Microsoft Office 2007 Service Pack 3 (SP3)  
Microsoft Office Excel MUI (German) 2007  
Microsoft Office File Validation Add-In  
Microsoft Office Home and Student 2007  
Microsoft Office OneNote MUI (German) 2007  
Microsoft Office PowerPoint MUI (German) 2007  
Microsoft Office Proof (English) 2007  
Microsoft Office Proof (French) 2007  
Microsoft Office Proof (German) 2007  
Microsoft Office Proof (Italian) 2007  
Microsoft Office Proofing (German) 2007  
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)  
Microsoft Office Shared MUI (German) 2007  
Microsoft Office Word MUI (German) 2007  
Microsoft Silverlight  
Microsoft Software Update for Web Folders  (German) 12  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft SQL Server Compact 3.5 SP2 ENU  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft WSE 3.0 Runtime  
Microsoft_VC100_CRT_SP1_x86  
Microsoft_VC80_ATL_x86  
Microsoft_VC80_CRT_x86  
Microsoft_VC80_MFC_x86  
Microsoft_VC80_MFCLOC_x86  
Microsoft_VC90_ATL_x86  
Microsoft_VC90_CRT_x86  
Microsoft_VC90_MFC_x86  
Microsoft_VC90_MFCLOC_x86  
MobileMe Control Panel  
Mozilla Firefox 25.0 (x86 en-US)  
Mozilla Maintenance Service  
MSVC80_x86_v2  
MSVC90_x86  
MSVCRT  
MSXML 4.0 SP2 (KB954430)  
MSXML 4.0 SP2 (KB973688)  
MSXML 6 Service Pack 2 (KB973686)  
Netzmanager  
Nokia Connectivity Cable Driver  
Nokia Suite  
Nuance OmniPage 17  
Panorama Maker  
PC Connectivity Solution  
PhotoScape  
QuickTime  
RealNetworks - Microsoft Visual C++ 2008 Runtime  
RealPlayer  
Realtek High Definition Audio Driver  
RealUpgrade 1.1  
RonyaSoft Poster Printer (ProPoster) 3.01  
Security Update for CAPICOM (KB931906)  
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition  
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition   
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition  
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition  
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition   
Segoe UI  
SF Briefkopf 7.14  
SigmaTel Audio  
Skype Click to Call  
SkypeT 6.7  
Spybot - Search & Destroy  
TuneUp Utilities Language Pack (de-DE)  
Update for 2007 Microsoft Office System (KB967642)  
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)  
Update for Windows XP (KB911164)  
Update Manager  
VBA  
Videoload Manager 2.0.2220  
Visual Studio 2012 x86 Redistributables  
VLC media player 2.0.4  
WebFldrs XP  
Windows Driver Package - Apple Inc. (applebt) Bluetooth  (06/27/2007 2.0.0.1)  
Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)  
Windows Driver Package - Apple Inc. Apple Built-in iSight (04/09/2007 1.3.0.0)  
Windows Driver Package - Apple Inc. Apple IR Receiver (07/16/2007 2.0.0.1)  
Windows Driver Package - Apple Inc. Apple Keyboard (08/30/2007 2.0.1.4)  
Windows Driver Package - Apple Inc. Apple Trackpad (08/28/2007 2.0.1.4)  
Windows Driver Package - Apple Inc. Apple Trackpad Enabler (08/28/2007 2.0.1.4)  
Windows Driver Package - Apple Inc. Apple Wireless Mouse (09/17/2009 3.0.0.5)  
Windows Driver Package - Apple Inc. System  (06/21/2007 2.0.0.0)  
Windows Driver Package - Atheros (AR5211) Net  (04/05/2007 5.3.0.35)  
Windows Driver Package - Atheros (AR5416) Net  (06/26/2007 6.0.3.94)  
Windows Driver Package - Broadcom (BCM43XX) Net  (01/08/2007 4.80.75.0)  
Windows Driver Package - Intel (E1000) Net  (01/06/2006 8.6.17.0)  
Windows Driver Package - Intel (e1express) Net  (04/03/2006 9.3.39.0)  
Windows Driver Package - Marvell (yukonwxp) Net  (03/23/2007 10.12.7.3)  
Windows Driver Package - Nokia pccsmcfd "LegacyDriver"  (05/31/2012 7.1.2.0)  
Windows Installer 3.1 (KB893803)  
Windows Live-Uploadtool  
Windows Live Anmelde-Assistent  
Windows Live Call  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live Fotogalerie  
Windows Live Mail  
Windows Live Sync  
Windows Live Writer  
Windows Media Format 11 runtime  
Windows Media Player 11  
WinRAR 4.11 (32-Bit)  
Yahoo Messenger  
Yahoo Software Update  
YoWindow  
Zula Games  

==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default

user.js not found
---- Lines Lyric removed from prefs.js ----
user_pref("extensions.a2f86d47111224c15901ad7fd67316cd9ca42b8d20eb647be84a26d95abe186e8com44168.44168.description", "A2ZLyrics will find any lyrics on
user_pref("extensions.a2f86d47111224c15901ad7fd67316cd9ca42b8d20eb647be84a26d95abe186e8com44168.44168.name", "a2zLyrics-16");
---- Lines defaulttab removed from prefs.js ----
user_pref("extensions.defaulttab.installdate", 1377412178);
user_pref("extensions.defaulttab.lastUsed", 1379757223);
---- FireFox user.js and prefs.js backups ---- 

prefs__2014_.backup

ProfilePath: C:\Documents and Settings\Maria Gabriela.MOONLIGHTSONATA\Application Data\Mozilla\Firefox\Profiles\c323yhnk.default

---- FireFox user.js and prefs.js backups ---- 

user__2014_.backup
prefs__2014_.backup

==== Deleting Files \ Folders ======================

C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted
C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} deleted
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} deleted
C:\Documents and Settings\All Users\Application Data\{87B61FE8-334F-4066-B7AA-68DC81782D4D} deleted
C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted
C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} deleted
C:\Program Files\Zula Games deleted
C:\Program Files\Amazon deleted
C:\found.000 deleted
C:\Documents and Settings\Maria Gabriela\Application Data\FoxTab deleted
C:\Documents and Settings\All Users\Application Data\Wincert deleted
C:\Documents and Settings\All Users\Application Data\InstallMate deleted
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\CRE deleted
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\NativeMessaging deleted
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\adawarebp deleted
C:\WINDOWS\tasks\At1.job deleted
C:\WINDOWS\tasks\At2.job deleted
C:\WINDOWS\System32\cnm1D3.tmp deleted
C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\searchplugins\nation-secure-search.xml deleted
C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\CT2102572 deleted
C:\Documents and Settings\Maria Gabriela.MOONLIGHTSONATA\Application Data\Mozilla\Firefox\Profiles\c323yhnk.default\extensions\staged deleted
"C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\@" deleted
"C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}" deleted
"C:\Documents and Settings\Maria Gabriela\Application Data\Amazon" deleted
"C:\Documents and Settings\Maria Gabriela\Application Data\mresreg" deleted
"C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\L" deleted
"C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\U" deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
====== C:\DOCUME~1\MARIAG~1\LOCALS~1\Temp ====
2013-11-01 21:08:51	20F03B1B926F4EA65763E364ACAD7C59	4698984	----a-w-	C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\oi_{1E12F16D-2758-4948-8334-1E5347A15231}.exe
2013-11-01 20:34:59	7C75731DBDBC400C41F20F9A28A2FD83	22404568	----a-w-	C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\is1275519350\311669_stp.EXE
2013-11-01 14:15:32	8DE9D8FDA8DF6DD2E1B99A1F297FAA8A	5134624	----a-w-	C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\tbappb.dll
2013-11-01 14:09:37	72434667CA630FD5C21812F47034AC83	1037744	----a-w-	C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\LiveSupport_setup.exe
2013-11-01 14:09:09	304FA96174AFE1DAEF8C308811C47E14	6526952	----a-w-	C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\{73DCB7B2-1966-470D-B68B-A234C8F94214}\setup.exe
2013-11-01 14:09:07	2D10A980CC1539C4CA29387E82267B4D	279752	----a-w-	C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\FLVPlayerSetup.exe
====== Java Cache =====
====== C:\WINDOWS\system32 =====
2013-11-01 21:25:42	669E624F7637F4B722FE27DF09D4DA75	36152	----a-w-	C:\WINDOWS\System32\TURegOpt.exe
====== C:\WINDOWS\system32\drivers =====
2013-11-01 21:09:26	15ACA2AD17ACECA4814F249783E63AD3	37664	----a-w-	C:\WINDOWS\System32\drivers\avgtpx86.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2013-11-01 21:06:51	--------	d-----w-	C:\Program Files\AVG
2013-11-01 20:35:26	--------	d-----w-	C:\Program Files\Foxtab
2013-11-01 17:49:15	--------	d-----w-	C:\Program Files\ffdshow
2013-10-17 07:03:56	--------	d-----w-	C:\Program Files\Microsoft WSE
2013-10-17 07:03:29	--------	d-----w-	C:\Program Files\Netzmanager
======= C: =====
====== C:\Documents and Settings\Maria Gabriela\Application Data ======
2013-11-02 21:51:53	--------	d-----w-	C:\Documents and Settings\LocalService\Application Data\AVG
2013-11-01 21:25:24	--------	d-----w-	C:\Documents and Settings\Maria Gabriela\Application Data\AVG
2013-11-01 21:11:01	--------	d-----w-	C:\WINDOWS\system32\config\systemprofile\Application Data\AVG2014
2013-11-01 21:06:53	--------	d-----w-	C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg2014
====== C:\Documents and Settings\Maria Gabriela ======

====== C: exe-files ==
2013-11-02 22:14:14	3E33EF44834B9A17FE6392FD331887D7	1089445	----a-w-	C:\Documents and Settings\Maria Gabriela\My Documents\Downloads\FRST.exe
2013-11-02 21:47:14	8C27D71B2F6719136407C525ECF18D51	1060070	----a-w-	C:\Documents and Settings\Maria Gabriela\My Documents\Downloads\adwcleaner-3.010.exe
2013-11-01 21:25:42	669E624F7637F4B722FE27DF09D4DA75	36152	----a-w-	C:\WINDOWS\system32\TURegOpt.exe
2013-11-01 21:12:48	A5027445F15DBA980764D6F7909C0E94	5914640	----a-w-	C:\Program Files\AVG\AVG2014\avgmfapx.exe
2013-11-01 21:08:51	20F03B1B926F4EA65763E364ACAD7C59	4698984	----a-w-	C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\oi_{1E12F16D-2758-4948-8334-1E5347A15231}.exe
2013-11-01 20:35:29	84D280E42F3A337BF993023A9B3C0437	274944	----a-w-	C:\Program Files\Foxtab\1.8.12.0\uninstall.exe
2013-11-01 20:35:24	7C75731DBDBC400C41F20F9A28A2FD83	22404568	----a-w-	C:\Documents and Settings\Maria Gabriela\My Documents\Downloads\Firefox_Setup.exe
2013-11-01 20:34:59	7C75731DBDBC400C41F20F9A28A2FD83	22404568	----a-w-	C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\is1275519350\311669_stp.EXE
2013-11-01 16:59:58	24F3708CF5504C67F1CB2685C7BBAD78	85444160	----a-w-	C:\Documents and Settings\Maria Gabriela\My Documents\Downloads\avast_free_antivirus_setup.exe
2013-11-01 14:09:37	72434667CA630FD5C21812F47034AC83	1037744	----a-w-	C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\LiveSupport_setup.exe
2013-11-01 14:09:09	304FA96174AFE1DAEF8C308811C47E14	6526952	----a-w-	C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\{73DCB7B2-1966-470D-B68B-A234C8F94214}\setup.exe
2013-11-01 14:09:07	2D10A980CC1539C4CA29387E82267B4D	279752	----a-w-	C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\FLVPlayerSetup.exe
=== C: other files ==
2013-11-01 21:09:26	15ACA2AD17ACECA4814F249783E63AD3	37664	----a-w-	C:\WINDOWS\system32\drivers\avgtpx86.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IRW"="C:\WINDOWS\system32\IRW.exe"
"Apple_KbdMgr"="C:\Program Files\Boot Camp\KbdMgr.exe"
"Ad-Aware Browsing Protection"="C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -startup                                                                                                                                                                                          "
"AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe /TRAYONLY"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\docume~1\\alluse~1\\applic~1\\browse~1\\261095~1.52\\{c16c1~1\\browse~1.dll"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TeaTimer"
"hkey"="HKCU"
"command"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Maria Gabriela^Start Menu^Programs^Startup^HDDlife.lnk]
"path"="C:\\Documents and Settings\\Maria Gabriela\\Start Menu\\Programs\\Startup\\HDDlife.lnk"
"backup"="C:\\WINDOWS\\pss\\HDDlife.lnkStartup"
"command"="C:\\PROGRA~1\\BINARY~1\\HDDLIF~1\\HDDLIF~1.EXE "
"item"="HDDlife"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"2007 Microsoft Office component"="C:\\WINDOWS\\Installer\\{91120000-002F-0000-0000-0000000FF1CE}\\wordicon.exe"
"2007 Microsoft Office component877"="C:\\WINDOWS\\Installer\\{91120000-002F-0000-0000-0000000FF1CE}\\oisicon.exe"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"AppleSyncNotifier"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleSyncNotifier.exe                                                                                                                                                                                          "
"AdobeAAMUpdater-1.0"="\"C:\\Program Files\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\"                                                                                                                                                                                           "
"APSDaemon"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
"TkBellExe"="\"C:\\Program Files\\Real\\RealPlayer\\update\\realsched.exe\"  -osboot                                                                                                                                                                                                         "


==== Startup Folders ======================

2013-10-17 07:04:05	752	----a-w-	C:\Documents and Settings\Maria Gabriela\Start Menu\Programs\Startup\Netzmanager.lnk
2012-10-27 05:58:34	774	----a-w-	C:\Documents and Settings\Maria Gabriela\Start Menu\Programs\Startup\YoWindow.lnk

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09.10.2013 14:17]
C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MOONLIGHTSONATA-Maria Gabriela.job --a------ C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [20.09.2012 07:27]
C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ :C:\Program Files\Apple Software Update\SoftwareUpdate.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [08.11.2010 15:33]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [08.11.2010 15:33]
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1275210071-839522115-1003.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe [27.07.2012 13:27]
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1275210071-839522115-1003.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe [27.07.2012 13:27]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{0153E448-190B-4987-BDE1-F256CADA672F}"="C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [27.10.2012 07:01]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default
- RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
- a2zLyrics-16 - %ProfilePath%\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- AddThis - %ProfilePath%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Undetermined - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default
4BF70B35B943BD73BD6E13EB7C1BA4B3	- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll -	Shockwave Flash
CFAF7B67C78D09D79688AEDCA3D090E2	- C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll -	Google Update
69AA47F09AA281C7D3C7716CA7E283B4	- C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll -	Adobe Acrobat
380F9A643A149B9030142E7171EFA91B	- C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll -	Adobe Acrobat
7EF7E4C1325D533F5186E7118ABB0E7C	- C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll -	McAfee Security Scanner +
871C7A4B3466ED1B1D1D7588D14EC816	- C:\Program Files\QuickTime\Plugins\npqtplugin5.dll -	QuickTime Plug-in 7.7.4
53B55AB0CF4872F9C420D78D92C1033B	- C:\Program Files\QuickTime\Plugins\npqtplugin4.dll -	QuickTime Plug-in 7.7.4
3A6EBB668DB997B1874981F153403B46	- C:\Program Files\QuickTime\Plugins\npqtplugin3.dll -	QuickTime Plug-in 7.7.4
0805C33F24F45B11EE2CFCCD8F9C6693	- C:\Program Files\QuickTime\Plugins\npqtplugin2.dll -	QuickTime Plug-in 7.7.4
5F63DC3C36366FF4A90AEAA334509BE8	- C:\Program Files\QuickTime\Plugins\npqtplugin.dll -	QuickTime Plug-in 7.7.4
F234B77750D9E0C3AEA0432F55E1CD17	- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll -	Google Earth Plugin
05C4A7136F3012BB47107333B5D351D3	- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll -	Java(TM) Platform SE 7 U17
D4BD9F86123C87ECA570418B69326F99	- C:\WINDOWS\system32\npDeployJava1.dll -	Java Deployment Toolkit 7.0.170.2
F00A0EF5835E1B96F783D617F1948704	- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -	iTunes Application Detector
A5C14075B571AF1C9592595BE724D9D2	- c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll -	Silverlight Plug-In
F7B27774DAF8660ADD71EA29AE8C1B1A	- C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll -	Nokia Suite Enabler Plugin
256C847CD03160C9088FB440DB929448	- C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll -	RealJukebox NS Plugin
555E65306A5D3A5978BE74E1DD62CDD9	- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll -	RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)
E32771B0AE3F18CEFFC12D682025238A	- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll -	RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
2DC6257A367A6182E40F748D0396AAF9	- C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll -	RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
1E3AA02F2C91A2B25EFB4E355160CDCA	- C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll -	RealPlayer Download Plugin
C7794A997CEC29173A4401F3AE16C51F	- C:\Program Files\VideoLAN\VLC\npvlc.dll -	VLC Web Plugin
F00DA1A135FCA11D4426D9A5AB72CF0F	- C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll -	AdobeAAMDetect
3F60CEF38059440F3A82819684E10894	- C:\Program Files\Common Files\mpDRM\NPMPDRM.dll -	fluxDVD Browser Plugin
1C8124B6A03A620EB0CBCA615666D2AE	- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll -	Windows Live® Photo Gallery
0289477CB4D6543B49448CD54366B4B5	- C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll -	fluxDVD Placeholder Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67	- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -	Windows Presentation Foundation / Windows Presentation Foundation
509335C61594A73AB32E1B572AEE61A8	- C:\Program Files\Windows Media Player\npdrmv2.dll -	Microsoft® DRM
969983AB670681301F7A91DC4AD3D1F1	- C:\Program Files\Windows Media Player\npdsplay.dll -	Windows Media Player Plug-in Dynamic Link Library
6D8F27BEE96589722EE485324FDD88D9	- C:\Program Files\Windows Media Player\npwmsdrm.dll -	Microsoft® DRM
41561B8AE9E551BD08304D48DAA900FA	- C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll -	AdobeAAMDetect
2AA3703D87E1327A2290C9D416D89A28	- c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll -	Microsoft® Silverlight
28DB0CD8BCCEB5229052C835BFBA988A	- C:\WINDOWS\system32\npptools.dll -	Microsoft® Windows® Operating System


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[27.10.2012 07:01]
kdneagjiboclldmglpjofpeipkbollcf - C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[09.10.2013 09:59]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
kdneagjiboclldmglpjofpeipkbollcf - C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx[]

Koji NISHIDA - Maria Gabriela - Default\Extensions\acganlmcjehnfmehkmlimgkaloifodlf
Google Docs - Maria Gabriela - Default\Extensions\aohghmighlieiainnegkcijnfilokake
YouTube - Maria Gabriela - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Maria Gabriela - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
RealPlayer HTML5Video Downloader Extension - Maria Gabriela - Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
Gmail - Maria Gabriela - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_bday.conduitapps.com_0.localstorage deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_bday.conduitapps.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdneagjiboclldmglpjofpeipkbollcf deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kdneagjiboclldmglpjofpeipkbollcf_0.localstorage deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kdneagjiboclldmglpjofpeipkbollcf_0.localstorage-journal deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_kdneagjiboclldmglpjofpeipkbollcf_0 deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://downloads.phpnuke.org/de/index.php?rvs=google"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kdneagjiboclldmglpjofpeipkbollcf deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\kdneagjiboclldmglpjofpeipkbollcf deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Maria Gabriela.MOONLIGHTSONATA\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\Maria Gabriela\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\Cache emptied successfully
C:\Documents and Settings\Maria Gabriela.MOONLIGHTSONATA\Local Settings\Application Data\Mozilla\Firefox\Profiles\c323yhnk.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully
Code:
ATTFilter
Zoek.exe Version 4.0.0.5 Updated 26-October-2013
Tool run by Maria Gabriela on 03.11.2013 at 20:03:09,98.
Microsoft Windows XP Professional 5.1.2600 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\DOCUME~1\MARIAG~1\LOCALS~1\Temp\Rar$EXa0.763\zoek.exe [Script inserted] 

==== System Restore Info ======================

03.11.2013 20:06:47 Zoek.exe System Restore Point Created Succesfully.

==== Possible Rootkit Infection ======================

C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\L
C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\U
C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\@

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{30A741AB-839D-4E72-A2A1-4A1D76493F67} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{36683662-D727-4AD9-8794-1F5B902999CB} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{581A8400-3854-4532-901A-91BC91655A73} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6469811C-FFC9-493A-8AFC-82E43F2B9999} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{91E3CAF0-5F77-4DAE-A72A-B70F5FC2C8B8} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9EACB0BE-EDB1-4D60-9266-354A0CC6E2AD} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AA5E1114-9742-4A64-8CB6-DA405CB24949} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{B75492BF-CF43-4F46-A7AA-E49EE9FF740A} deleted successfully
HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{E4B2A159-30F8-49D3-AC1E-EF854DD92BB7} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Installed Programs ======================

7-Zip 9.20  
Ad-Aware Browsing Protection  
Adobe AIR  
Adobe Bridge 1.0  
Adobe Common File Installer  
Adobe Community Help  
Adobe Digital Editions  
Adobe Download Assistant  
Adobe Flash Player 11 ActiveX  
Adobe Flash Player 11 Plugin  
Adobe Help Center 1.0  
Adobe Media Player  
Adobe Photoshop CS2  
Adobe Reader XI (11.0.05) - Deutsch  
Adobe Stock Photos 1.0  
AIDA64 Extreme Edition v1.80  
Apple Application Support  
Apple Mobile Device Support  
Apple Software Update  
ATI - Software Uninstall Utility  
ATI Display Driver  
AVG 2014  
AVG Nation toolbar  
AVG PC TuneUp 2014  
AVG PC TuneUp 2014 (de-DE)  
Bewerbungsfoto-/Passbild-Generator v3.2c  
Bildschutz Pro  
Bonjour  
Boot Camp-Dienste  
Bubble Hit Bundle by GamePacks  
Bubble Hit by GamePacks  
calibre  
Canon iP5200  
Canon MX360 series MP Drivers  
Canon PhotoRecord  
Canon RAW Codec  
Canon Setup Utility 2.0  
Canon Utilities Easy-PhotoPrint  
Canon Utilities Easy-PrintToolBox  
CCleaner  
CorelDRAW Graphics Suite X3  
DE  
Dup Detector  
Easy-WebPrint  
Easy Poster Printer  
EPSON-Drucker-Software  
Extended Update  
ffdshow v1.2.4422 [2012-04-09]  
FontNav  
Foxtab  
GIMP 2.6.6  
Google Chrome  
Google Earth  
Google Update Helper  
GTK+ 2.4.3 runtime environment  
HDDlife Pro 4.0  
HiJackThis  
HomepageFIX 2012  
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)  
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)  
ImageBlizzard 1.0  
IrfanView (remove only)  
iTunes  
Java 7 Update 17  
Java Auto Updater  
Java(TM) 6 Update 22  
Java(TM) 6 Update 26  
Junk Mail filter update  
Malwarebytes Anti-Malware Version 1.75.0.1300  
McAfee Security Scan Plus  
Microsoft .NET Framework 1.1  
Microsoft .NET Framework 1.1 German Language Pack  
Microsoft .NET Framework 1.1 Security Update (KB979906)  
Microsoft .NET Framework 2.0 Service Pack 2  
Microsoft .NET Framework 3.0 Service Pack 2  
Microsoft .NET Framework 3.5 SP1  
Microsoft Application Error Reporting  
Microsoft Choice Guard  
Microsoft IntelliPoint 8.2  
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9  
Microsoft Office 2007 Service Pack 3 (SP3)  
Microsoft Office Excel MUI (German) 2007  
Microsoft Office File Validation Add-In  
Microsoft Office Home and Student 2007  
Microsoft Office OneNote MUI (German) 2007  
Microsoft Office PowerPoint MUI (German) 2007  
Microsoft Office Proof (English) 2007  
Microsoft Office Proof (French) 2007  
Microsoft Office Proof (German) 2007  
Microsoft Office Proof (Italian) 2007  
Microsoft Office Proofing (German) 2007  
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)  
Microsoft Office Shared MUI (German) 2007  
Microsoft Office Word MUI (German) 2007  
Microsoft Silverlight  
Microsoft Software Update for Web Folders  (German) 12  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft SQL Server Compact 3.5 SP2 ENU  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft WSE 3.0 Runtime  
Microsoft_VC100_CRT_SP1_x86  
Microsoft_VC80_ATL_x86  
Microsoft_VC80_CRT_x86  
Microsoft_VC80_MFC_x86  
Microsoft_VC80_MFCLOC_x86  
Microsoft_VC90_ATL_x86  
Microsoft_VC90_CRT_x86  
Microsoft_VC90_MFC_x86  
Microsoft_VC90_MFCLOC_x86  
MobileMe Control Panel  
Mozilla Firefox 25.0 (x86 en-US)  
Mozilla Maintenance Service  
MSVC80_x86_v2  
MSVC90_x86  
MSVCRT  
MSXML 4.0 SP2 (KB954430)  
MSXML 4.0 SP2 (KB973688)  
MSXML 6 Service Pack 2 (KB973686)  
Netzmanager  
Nokia Connectivity Cable Driver  
Nokia Suite  
Nuance OmniPage 17  
Panorama Maker  
PC Connectivity Solution  
PhotoScape  
QuickTime  
RealNetworks - Microsoft Visual C++ 2008 Runtime  
RealPlayer  
Realtek High Definition Audio Driver  
RealUpgrade 1.1  
RonyaSoft Poster Printer (ProPoster) 3.01  
Security Update for CAPICOM (KB931906)  
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition  
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition   
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition  
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition  
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition   
Segoe UI  
SF Briefkopf 7.14  
SigmaTel Audio  
Skype Click to Call  
SkypeT 6.7  
Spybot - Search & Destroy  
TuneUp Utilities Language Pack (de-DE)  
Update for 2007 Microsoft Office System (KB967642)  
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)  
Update for Windows XP (KB911164)  
Update Manager  
VBA  
Videoload Manager 2.0.2220  
Visual Studio 2012 x86 Redistributables  
VLC media player 2.0.4  
WebFldrs XP  
Windows Driver Package - Apple Inc. (applebt) Bluetooth  (06/27/2007 2.0.0.1)  
Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)  
Windows Driver Package - Apple Inc. Apple Built-in iSight (04/09/2007 1.3.0.0)  
Windows Driver Package - Apple Inc. Apple IR Receiver (07/16/2007 2.0.0.1)  
Windows Driver Package - Apple Inc. Apple Keyboard (08/30/2007 2.0.1.4)  
Windows Driver Package - Apple Inc. Apple Trackpad (08/28/2007 2.0.1.4)  
Windows Driver Package - Apple Inc. Apple Trackpad Enabler (08/28/2007 2.0.1.4)  
Windows Driver Package - Apple Inc. Apple Wireless Mouse (09/17/2009 3.0.0.5)  
Windows Driver Package - Apple Inc. System  (06/21/2007 2.0.0.0)  
Windows Driver Package - Atheros (AR5211) Net  (04/05/2007 5.3.0.35)  
Windows Driver Package - Atheros (AR5416) Net  (06/26/2007 6.0.3.94)  
Windows Driver Package - Broadcom (BCM43XX) Net  (01/08/2007 4.80.75.0)  
Windows Driver Package - Intel (E1000) Net  (01/06/2006 8.6.17.0)  
Windows Driver Package - Intel (e1express) Net  (04/03/2006 9.3.39.0)  
Windows Driver Package - Marvell (yukonwxp) Net  (03/23/2007 10.12.7.3)  
Windows Driver Package - Nokia pccsmcfd "LegacyDriver"  (05/31/2012 7.1.2.0)  
Windows Installer 3.1 (KB893803)  
Windows Live-Uploadtool  
Windows Live Anmelde-Assistent  
Windows Live Call  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live Fotogalerie  
Windows Live Mail  
Windows Live Sync  
Windows Live Writer  
Windows Media Format 11 runtime  
Windows Media Player 11  
WinRAR 4.11 (32-Bit)  
Yahoo Messenger  
Yahoo Software Update  
YoWindow  
Zula Games  

==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default

user.js not found
---- Lines Lyric removed from prefs.js ----
user_pref("extensions.a2f86d47111224c15901ad7fd67316cd9ca42b8d20eb647be84a26d95abe186e8com44168.44168.description", "A2ZLyrics will find any lyrics on
user_pref("extensions.a2f86d47111224c15901ad7fd67316cd9ca42b8d20eb647be84a26d95abe186e8com44168.44168.name", "a2zLyrics-16");
---- Lines defaulttab removed from prefs.js ----
user_pref("extensions.defaulttab.installdate", 1377412178);
user_pref("extensions.defaulttab.lastUsed", 1379757223);
---- FireFox user.js and prefs.js backups ---- 

prefs__2014_.backup

ProfilePath: C:\Documents and Settings\Maria Gabriela.MOONLIGHTSONATA\Application Data\Mozilla\Firefox\Profiles\c323yhnk.default

---- FireFox user.js and prefs.js backups ---- 

user__2014_.backup
prefs__2014_.backup

==== Deleting Files \ Folders ======================

C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted
C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} deleted
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} deleted
C:\Documents and Settings\All Users\Application Data\{87B61FE8-334F-4066-B7AA-68DC81782D4D} deleted
C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted
C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} deleted
C:\Program Files\Zula Games deleted
C:\Program Files\Amazon deleted
C:\found.000 deleted
C:\Documents and Settings\Maria Gabriela\Application Data\FoxTab deleted
C:\Documents and Settings\All Users\Application Data\Wincert deleted
C:\Documents and Settings\All Users\Application Data\InstallMate deleted
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\CRE deleted
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\NativeMessaging deleted
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\adawarebp deleted
C:\WINDOWS\tasks\At1.job deleted
C:\WINDOWS\tasks\At2.job deleted
C:\WINDOWS\System32\cnm1D3.tmp deleted
C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\searchplugins\nation-secure-search.xml deleted
C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\CT2102572 deleted
C:\Documents and Settings\Maria Gabriela.MOONLIGHTSONATA\Application Data\Mozilla\Firefox\Profiles\c323yhnk.default\extensions\staged deleted
"C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\@" deleted
"C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}" deleted
"C:\Documents and Settings\Maria Gabriela\Application Data\Amazon" deleted
"C:\Documents and Settings\Maria Gabriela\Application Data\mresreg" deleted
"C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\L" deleted
"C:\WINDOWS\installer\{eb3cff83-d5a6-217a-70c7-1ed2c89a0249}\U" deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
====== C:\DOCUME~1\MARIAG~1\LOCALS~1\Temp ====
2013-11-01 21:08:51	20F03B1B926F4EA65763E364ACAD7C59	4698984	----a-w-	C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\oi_{1E12F16D-2758-4948-8334-1E5347A15231}.exe
2013-11-01 20:34:59	7C75731DBDBC400C41F20F9A28A2FD83	22404568	----a-w-	C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\is1275519350\311669_stp.EXE
2013-11-01 14:15:32	8DE9D8FDA8DF6DD2E1B99A1F297FAA8A	5134624	----a-w-	C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\tbappb.dll
2013-11-01 14:09:37	72434667CA630FD5C21812F47034AC83	1037744	----a-w-	C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\LiveSupport_setup.exe
2013-11-01 14:09:09	304FA96174AFE1DAEF8C308811C47E14	6526952	----a-w-	C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\{73DCB7B2-1966-470D-B68B-A234C8F94214}\setup.exe
2013-11-01 14:09:07	2D10A980CC1539C4CA29387E82267B4D	279752	----a-w-	C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\FLVPlayerSetup.exe
====== Java Cache =====
====== C:\WINDOWS\system32 =====
2013-11-01 21:25:42	669E624F7637F4B722FE27DF09D4DA75	36152	----a-w-	C:\WINDOWS\System32\TURegOpt.exe
====== C:\WINDOWS\system32\drivers =====
2013-11-01 21:09:26	15ACA2AD17ACECA4814F249783E63AD3	37664	----a-w-	C:\WINDOWS\System32\drivers\avgtpx86.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2013-11-01 21:06:51	--------	d-----w-	C:\Program Files\AVG
2013-11-01 20:35:26	--------	d-----w-	C:\Program Files\Foxtab
2013-11-01 17:49:15	--------	d-----w-	C:\Program Files\ffdshow
2013-10-17 07:03:56	--------	d-----w-	C:\Program Files\Microsoft WSE
2013-10-17 07:03:29	--------	d-----w-	C:\Program Files\Netzmanager
======= C: =====
====== C:\Documents and Settings\Maria Gabriela\Application Data ======
2013-11-02 21:51:53	--------	d-----w-	C:\Documents and Settings\LocalService\Application Data\AVG
2013-11-01 21:25:24	--------	d-----w-	C:\Documents and Settings\Maria Gabriela\Application Data\AVG
2013-11-01 21:11:01	--------	d-----w-	C:\WINDOWS\system32\config\systemprofile\Application Data\AVG2014
2013-11-01 21:06:53	--------	d-----w-	C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg2014
====== C:\Documents and Settings\Maria Gabriela ======

====== C: exe-files ==
2013-11-02 22:14:14	3E33EF44834B9A17FE6392FD331887D7	1089445	----a-w-	C:\Documents and Settings\Maria Gabriela\My Documents\Downloads\FRST.exe
2013-11-02 21:47:14	8C27D71B2F6719136407C525ECF18D51	1060070	----a-w-	C:\Documents and Settings\Maria Gabriela\My Documents\Downloads\adwcleaner-3.010.exe
2013-11-01 21:25:42	669E624F7637F4B722FE27DF09D4DA75	36152	----a-w-	C:\WINDOWS\system32\TURegOpt.exe
2013-11-01 21:12:48	A5027445F15DBA980764D6F7909C0E94	5914640	----a-w-	C:\Program Files\AVG\AVG2014\avgmfapx.exe
2013-11-01 21:08:51	20F03B1B926F4EA65763E364ACAD7C59	4698984	----a-w-	C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\oi_{1E12F16D-2758-4948-8334-1E5347A15231}.exe
2013-11-01 20:35:29	84D280E42F3A337BF993023A9B3C0437	274944	----a-w-	C:\Program Files\Foxtab\1.8.12.0\uninstall.exe
2013-11-01 20:35:24	7C75731DBDBC400C41F20F9A28A2FD83	22404568	----a-w-	C:\Documents and Settings\Maria Gabriela\My Documents\Downloads\Firefox_Setup.exe
2013-11-01 20:34:59	7C75731DBDBC400C41F20F9A28A2FD83	22404568	----a-w-	C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\is1275519350\311669_stp.EXE
2013-11-01 16:59:58	24F3708CF5504C67F1CB2685C7BBAD78	85444160	----a-w-	C:\Documents and Settings\Maria Gabriela\My Documents\Downloads\avast_free_antivirus_setup.exe
2013-11-01 14:09:37	72434667CA630FD5C21812F47034AC83	1037744	----a-w-	C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\LiveSupport_setup.exe
2013-11-01 14:09:09	304FA96174AFE1DAEF8C308811C47E14	6526952	----a-w-	C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\{73DCB7B2-1966-470D-B68B-A234C8F94214}\setup.exe
2013-11-01 14:09:07	2D10A980CC1539C4CA29387E82267B4D	279752	----a-w-	C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\FLVPlayerSetup.exe
=== C: other files ==
2013-11-01 21:09:26	15ACA2AD17ACECA4814F249783E63AD3	37664	----a-w-	C:\WINDOWS\system32\drivers\avgtpx86.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IRW"="C:\WINDOWS\system32\IRW.exe"
"Apple_KbdMgr"="C:\Program Files\Boot Camp\KbdMgr.exe"
"Ad-Aware Browsing Protection"="C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -startup                                                                                                                                                                                          "
"AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe /TRAYONLY"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\docume~1\\alluse~1\\applic~1\\browse~1\\261095~1.52\\{c16c1~1\\browse~1.dll"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TeaTimer"
"hkey"="HKCU"
"command"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Maria Gabriela^Start Menu^Programs^Startup^HDDlife.lnk]
"path"="C:\\Documents and Settings\\Maria Gabriela\\Start Menu\\Programs\\Startup\\HDDlife.lnk"
"backup"="C:\\WINDOWS\\pss\\HDDlife.lnkStartup"
"command"="C:\\PROGRA~1\\BINARY~1\\HDDLIF~1\\HDDLIF~1.EXE "
"item"="HDDlife"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"2007 Microsoft Office component"="C:\\WINDOWS\\Installer\\{91120000-002F-0000-0000-0000000FF1CE}\\wordicon.exe"
"2007 Microsoft Office component877"="C:\\WINDOWS\\Installer\\{91120000-002F-0000-0000-0000000FF1CE}\\oisicon.exe"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"AppleSyncNotifier"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleSyncNotifier.exe                                                                                                                                                                                          "
"AdobeAAMUpdater-1.0"="\"C:\\Program Files\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\"                                                                                                                                                                                           "
"APSDaemon"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
"TkBellExe"="\"C:\\Program Files\\Real\\RealPlayer\\update\\realsched.exe\"  -osboot                                                                                                                                                                                                         "


==== Startup Folders ======================

2013-10-17 07:04:05	752	----a-w-	C:\Documents and Settings\Maria Gabriela\Start Menu\Programs\Startup\Netzmanager.lnk
2012-10-27 05:58:34	774	----a-w-	C:\Documents and Settings\Maria Gabriela\Start Menu\Programs\Startup\YoWindow.lnk

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09.10.2013 14:17]
C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MOONLIGHTSONATA-Maria Gabriela.job --a------ C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [20.09.2012 07:27]
C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ :C:\Program Files\Apple Software Update\SoftwareUpdate.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [08.11.2010 15:33]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [08.11.2010 15:33]
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1275210071-839522115-1003.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe [27.07.2012 13:27]
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1275210071-839522115-1003.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe [27.07.2012 13:27]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{0153E448-190B-4987-BDE1-F256CADA672F}"="C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [27.10.2012 07:01]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default
- RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
- a2zLyrics-16 - %ProfilePath%\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- AddThis - %ProfilePath%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Undetermined - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default
4BF70B35B943BD73BD6E13EB7C1BA4B3	- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll -	Shockwave Flash
CFAF7B67C78D09D79688AEDCA3D090E2	- C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll -	Google Update
69AA47F09AA281C7D3C7716CA7E283B4	- C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll -	Adobe Acrobat
380F9A643A149B9030142E7171EFA91B	- C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll -	Adobe Acrobat
7EF7E4C1325D533F5186E7118ABB0E7C	- C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll -	McAfee Security Scanner +
871C7A4B3466ED1B1D1D7588D14EC816	- C:\Program Files\QuickTime\Plugins\npqtplugin5.dll -	QuickTime Plug-in 7.7.4
53B55AB0CF4872F9C420D78D92C1033B	- C:\Program Files\QuickTime\Plugins\npqtplugin4.dll -	QuickTime Plug-in 7.7.4
3A6EBB668DB997B1874981F153403B46	- C:\Program Files\QuickTime\Plugins\npqtplugin3.dll -	QuickTime Plug-in 7.7.4
0805C33F24F45B11EE2CFCCD8F9C6693	- C:\Program Files\QuickTime\Plugins\npqtplugin2.dll -	QuickTime Plug-in 7.7.4
5F63DC3C36366FF4A90AEAA334509BE8	- C:\Program Files\QuickTime\Plugins\npqtplugin.dll -	QuickTime Plug-in 7.7.4
F234B77750D9E0C3AEA0432F55E1CD17	- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll -	Google Earth Plugin
05C4A7136F3012BB47107333B5D351D3	- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll -	Java(TM) Platform SE 7 U17
D4BD9F86123C87ECA570418B69326F99	- C:\WINDOWS\system32\npDeployJava1.dll -	Java Deployment Toolkit 7.0.170.2
F00A0EF5835E1B96F783D617F1948704	- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -	iTunes Application Detector
A5C14075B571AF1C9592595BE724D9D2	- c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll -	Silverlight Plug-In
F7B27774DAF8660ADD71EA29AE8C1B1A	- C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll -	Nokia Suite Enabler Plugin
256C847CD03160C9088FB440DB929448	- C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll -	RealJukebox NS Plugin
555E65306A5D3A5978BE74E1DD62CDD9	- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll -	RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)
E32771B0AE3F18CEFFC12D682025238A	- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll -	RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
2DC6257A367A6182E40F748D0396AAF9	- C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll -	RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
1E3AA02F2C91A2B25EFB4E355160CDCA	- C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll -	RealPlayer Download Plugin
C7794A997CEC29173A4401F3AE16C51F	- C:\Program Files\VideoLAN\VLC\npvlc.dll -	VLC Web Plugin
F00DA1A135FCA11D4426D9A5AB72CF0F	- C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll -	AdobeAAMDetect
3F60CEF38059440F3A82819684E10894	- C:\Program Files\Common Files\mpDRM\NPMPDRM.dll -	fluxDVD Browser Plugin
1C8124B6A03A620EB0CBCA615666D2AE	- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll -	Windows Live® Photo Gallery
0289477CB4D6543B49448CD54366B4B5	- C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll -	fluxDVD Placeholder Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67	- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -	Windows Presentation Foundation / Windows Presentation Foundation
509335C61594A73AB32E1B572AEE61A8	- C:\Program Files\Windows Media Player\npdrmv2.dll -	Microsoft® DRM
969983AB670681301F7A91DC4AD3D1F1	- C:\Program Files\Windows Media Player\npdsplay.dll -	Windows Media Player Plug-in Dynamic Link Library
6D8F27BEE96589722EE485324FDD88D9	- C:\Program Files\Windows Media Player\npwmsdrm.dll -	Microsoft® DRM
41561B8AE9E551BD08304D48DAA900FA	- C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll -	AdobeAAMDetect
2AA3703D87E1327A2290C9D416D89A28	- c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll -	Microsoft® Silverlight
28DB0CD8BCCEB5229052C835BFBA988A	- C:\WINDOWS\system32\npptools.dll -	Microsoft® Windows® Operating System


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[27.10.2012 07:01]
kdneagjiboclldmglpjofpeipkbollcf - C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[09.10.2013 09:59]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
kdneagjiboclldmglpjofpeipkbollcf - C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx[]

Koji NISHIDA - Maria Gabriela - Default\Extensions\acganlmcjehnfmehkmlimgkaloifodlf
Google Docs - Maria Gabriela - Default\Extensions\aohghmighlieiainnegkcijnfilokake
YouTube - Maria Gabriela - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Maria Gabriela - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
RealPlayer HTML5Video Downloader Extension - Maria Gabriela - Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
Gmail - Maria Gabriela - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_bday.conduitapps.com_0.localstorage deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_bday.conduitapps.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdneagjiboclldmglpjofpeipkbollcf deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kdneagjiboclldmglpjofpeipkbollcf_0.localstorage deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kdneagjiboclldmglpjofpeipkbollcf_0.localstorage-journal deleted successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_kdneagjiboclldmglpjofpeipkbollcf_0 deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://downloads.phpnuke.org/de/index.php?rvs=google"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kdneagjiboclldmglpjofpeipkbollcf deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\kdneagjiboclldmglpjofpeipkbollcf deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Maria Gabriela.MOONLIGHTSONATA\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\Maria Gabriela\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\Cache emptied successfully
C:\Documents and Settings\Maria Gabriela.MOONLIGHTSONATA\Local Settings\Application Data\Mozilla\Firefox\Profiles\c323yhnk.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully
__________________
Alt 03.11.2013, 23:18   #4
smeenk
/// Malwareteam / Visitor
 
a2ZLyrics - ich verzweifele - Standard

a2ZLyrics - ich verzweifele


Offenbar sind nicht alle Adware gelöscht worden
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:
    Code:
    ATTFilter
    Zula Games;u
a2zLyrics-16;firefoxlook;
AVG Nation toolbar;u
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
  • Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Alt 04.11.2013, 06:46   #5
IchweißNix
 
a2ZLyrics - ich verzweifele - Standard

a2ZLyrics - ich verzweifele


Code:
ATTFilter
Zoek.exe Version 4.0.0.5 Updated 26-October-2013
Tool run by Maria Gabriela on 04.11.2013 at  6:26:52,71.
Microsoft Windows XP Professional 5.1.2600 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\DOCUME~1\MARIAG~1\LOCALS~1\Temp\Rar$EXa0.296\zoek.exe [Script inserted] 

==== Older Logs ======================

C:\zoek-results2013-11-03-192103.log	36536 bytes

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{0153E448-190B-4987-BDE1-F256CADA672F}"="C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [27.10.2012 07:01]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default
- RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
- a2zLyrics-16 - %ProfilePath%\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- AddThis - %ProfilePath%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Undetermined - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default
4BF70B35B943BD73BD6E13EB7C1BA4B3	- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll -	Shockwave Flash
CFAF7B67C78D09D79688AEDCA3D090E2	- C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll -	Google Update
69AA47F09AA281C7D3C7716CA7E283B4	- C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll -	Adobe Acrobat
380F9A643A149B9030142E7171EFA91B	- C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll -	Adobe Acrobat
7EF7E4C1325D533F5186E7118ABB0E7C	- C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll -	McAfee Security Scanner +
871C7A4B3466ED1B1D1D7588D14EC816	- C:\Program Files\QuickTime\Plugins\npqtplugin5.dll -	QuickTime Plug-in 7.7.4
53B55AB0CF4872F9C420D78D92C1033B	- C:\Program Files\QuickTime\Plugins\npqtplugin4.dll -	QuickTime Plug-in 7.7.4
3A6EBB668DB997B1874981F153403B46	- C:\Program Files\QuickTime\Plugins\npqtplugin3.dll -	QuickTime Plug-in 7.7.4
0805C33F24F45B11EE2CFCCD8F9C6693	- C:\Program Files\QuickTime\Plugins\npqtplugin2.dll -	QuickTime Plug-in 7.7.4
5F63DC3C36366FF4A90AEAA334509BE8	- C:\Program Files\QuickTime\Plugins\npqtplugin.dll -	QuickTime Plug-in 7.7.4
F234B77750D9E0C3AEA0432F55E1CD17	- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll -	Google Earth Plugin
05C4A7136F3012BB47107333B5D351D3	- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll -	Java(TM) Platform SE 7 U17
D4BD9F86123C87ECA570418B69326F99	- C:\WINDOWS\system32\npDeployJava1.dll -	Java Deployment Toolkit 7.0.170.2
F00A0EF5835E1B96F783D617F1948704	- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -	iTunes Application Detector
A5C14075B571AF1C9592595BE724D9D2	- c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll -	Silverlight Plug-In
F7B27774DAF8660ADD71EA29AE8C1B1A	- C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll -	Nokia Suite Enabler Plugin
256C847CD03160C9088FB440DB929448	- C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll -	RealJukebox NS Plugin
555E65306A5D3A5978BE74E1DD62CDD9	- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll -	RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)
E32771B0AE3F18CEFFC12D682025238A	- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll -	RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
2DC6257A367A6182E40F748D0396AAF9	- C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll -	RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
1E3AA02F2C91A2B25EFB4E355160CDCA	- C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll -	RealPlayer Download Plugin
C7794A997CEC29173A4401F3AE16C51F	- C:\Program Files\VideoLAN\VLC\npvlc.dll -	VLC Web Plugin
F00DA1A135FCA11D4426D9A5AB72CF0F	- C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll -	AdobeAAMDetect
3F60CEF38059440F3A82819684E10894	- C:\Program Files\Common Files\mpDRM\NPMPDRM.dll -	fluxDVD Browser Plugin
1C8124B6A03A620EB0CBCA615666D2AE	- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll -	Windows Live® Photo Gallery
0289477CB4D6543B49448CD54366B4B5	- C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll -	fluxDVD Placeholder Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67	- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -	Windows Presentation Foundation / Windows Presentation Foundation
509335C61594A73AB32E1B572AEE61A8	- C:\Program Files\Windows Media Player\npdrmv2.dll -	Microsoft® DRM
969983AB670681301F7A91DC4AD3D1F1	- C:\Program Files\Windows Media Player\npdsplay.dll -	Windows Media Player Plug-in Dynamic Link Library
6D8F27BEE96589722EE485324FDD88D9	- C:\Program Files\Windows Media Player\npwmsdrm.dll -	Microsoft® DRM
41561B8AE9E551BD08304D48DAA900FA	- C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll -	AdobeAAMDetect
2AA3703D87E1327A2290C9D416D89A28	- c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll -	Microsoft® Silverlight
28DB0CD8BCCEB5229052C835BFBA988A	- C:\WINDOWS\system32\npptools.dll -	Microsoft® Windows® Operating System


==== Deleted Firefox Extensions ======================

C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com deleted

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zula Games deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AVG Nation toolbar deleted successfully

==== After Reboot ======================

==== Deleting Files / Folders ======================

"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" deleted
"C:\Documents and Settings\Maria Gabriela\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on 04.11.2013 at  6:33:07,20 ======================





==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{0153E448-190B-4987-BDE1-F256CADA672F}"="C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [27.10.2012 07:01]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default
- RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- AddThis - %ProfilePath%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Undetermined - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default
4BF70B35B943BD73BD6E13EB7C1BA4B3	- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll -	Shockwave Flash
CFAF7B67C78D09D79688AEDCA3D090E2	- C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll -	Google Update
69AA47F09AA281C7D3C7716CA7E283B4	- C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll -	Adobe Acrobat
380F9A643A149B9030142E7171EFA91B	- C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll -	Adobe Acrobat
7EF7E4C1325D533F5186E7118ABB0E7C	- C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll -	McAfee Security Scanner +
871C7A4B3466ED1B1D1D7588D14EC816	- C:\Program Files\QuickTime\Plugins\npqtplugin5.dll -	QuickTime Plug-in 7.7.4
53B55AB0CF4872F9C420D78D92C1033B	- C:\Program Files\QuickTime\Plugins\npqtplugin4.dll -	QuickTime Plug-in 7.7.4
3A6EBB668DB997B1874981F153403B46	- C:\Program Files\QuickTime\Plugins\npqtplugin3.dll -	QuickTime Plug-in 7.7.4
0805C33F24F45B11EE2CFCCD8F9C6693	- C:\Program Files\QuickTime\Plugins\npqtplugin2.dll -	QuickTime Plug-in 7.7.4
5F63DC3C36366FF4A90AEAA334509BE8	- C:\Program Files\QuickTime\Plugins\npqtplugin.dll -	QuickTime Plug-in 7.7.4
F234B77750D9E0C3AEA0432F55E1CD17	- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll -	Google Earth Plugin
05C4A7136F3012BB47107333B5D351D3	- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll -	Java(TM) Platform SE 7 U17
D4BD9F86123C87ECA570418B69326F99	- C:\WINDOWS\system32\npDeployJava1.dll -	Java Deployment Toolkit 7.0.170.2
F00A0EF5835E1B96F783D617F1948704	- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -	iTunes Application Detector
A5C14075B571AF1C9592595BE724D9D2	- c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll -	Silverlight Plug-In
F7B27774DAF8660ADD71EA29AE8C1B1A	- C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll -	Nokia Suite Enabler Plugin
256C847CD03160C9088FB440DB929448	- C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll -	RealJukebox NS Plugin
555E65306A5D3A5978BE74E1DD62CDD9	- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll -	RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)
E32771B0AE3F18CEFFC12D682025238A	- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll -	RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
2DC6257A367A6182E40F748D0396AAF9	- C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll -	RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
1E3AA02F2C91A2B25EFB4E355160CDCA	- C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll -	RealPlayer Download Plugin
C7794A997CEC29173A4401F3AE16C51F	- C:\Program Files\VideoLAN\VLC\npvlc.dll -	VLC Web Plugin
F00DA1A135FCA11D4426D9A5AB72CF0F	- C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll -	AdobeAAMDetect
3F60CEF38059440F3A82819684E10894	- C:\Program Files\Common Files\mpDRM\NPMPDRM.dll -	fluxDVD Browser Plugin
1C8124B6A03A620EB0CBCA615666D2AE	- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll -	Windows Live® Photo Gallery
0289477CB4D6543B49448CD54366B4B5	- C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll -	fluxDVD Placeholder Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67	- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -	Windows Presentation Foundation / Windows Presentation Foundation
509335C61594A73AB32E1B572AEE61A8	- C:\Program Files\Windows Media Player\npdrmv2.dll -	Microsoft® DRM
969983AB670681301F7A91DC4AD3D1F1	- C:\Program Files\Windows Media Player\npdsplay.dll -	Windows Media Player Plug-in Dynamic Link Library
6D8F27BEE96589722EE485324FDD88D9	- C:\Program Files\Windows Media Player\npwmsdrm.dll -	Microsoft® DRM
41561B8AE9E551BD08304D48DAA900FA	- C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll -	AdobeAAMDetect
2AA3703D87E1327A2290C9D416D89A28	- c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll -	Microsoft® Silverlight
28DB0CD8BCCEB5229052C835BFBA988A	- C:\WINDOWS\system32\npptools.dll -	Microsoft® Windows® Operating System


==== EOF on 04.11.2013 at  6:39:18,78 ======================

guten Morgen,
ich hatte es zweimal laufen lassen, weil ich beim ersten Mal vergessen hatte, AVG abzuschalten.

Ich sehe im Log keine Löschung von: "a2zlyrics-16;"
ist er noch da und hat sich vesteckt? Oder sehe ich ihn einfach vor lauter Zeichen nicht?
Oder war er versteckt und ist im Versteck verreckt? <- eindeutig die Antwort, die mir am besten gefallen würde. :-)

Kann man an den Logs ablesen, ob sich da noch irgendein Schädling breitgefressen hat? Ich hatte eine ganze Zeit immer wieder so ein seltsames "Search... irgendwas"-Ding im Browser. Ich lasse schon jede Wohe adAware und Spybot laufen, aber in der heutigen Zeit scheint das nicht mehr auszureichen.

Auf jeden Fall möchte ich hier mal stellvertretend für alle anderen, die auch hier Hilfe bekommen haben, ganz laut

DANKE

sagen.
Herzliche Grüße aus der nassen und kalten Eifel!

Geändert von IchweißNix (04.11.2013 um 07:43 Uhr)

Alt 04.11.2013, 17:50   #6
smeenk
/// Malwareteam / Visitor
 
a2ZLyrics - ich verzweifele - Standard

a2ZLyrics - ich verzweifele


Hier is es auch kalt und nass
Zitat:
Ich sehe im Log keine Löschung von: "a2zlyrics-16
Sieht gelöscht aus:
Zitat:
ProfilePath: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default
- a2zLyrics-16 - %ProfilePath%\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com

==== Deleted Firefox Extensions ======================

C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com deleted
Macht bitte den Schritt mit Adwcleaner und poste mir das Log

Alt 04.11.2013, 19:58   #7
IchweißNix
 
a2ZLyrics - ich verzweifele - Standard

a2ZLyrics - ich verzweifele


aber gerne doch - und vielen Dank noch einmal

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.011 - Report created 04/11/2013 at 19:54:18
# Updated 03/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : Maria Gabriela - MOONLIGHTSONATA
# Running from : C:\Documents and Settings\Maria Gabriela\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Program Files\FoxTab

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022502260}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zulagames

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.2180


-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default\prefs.js ]


-\\ Google Chrome v30.0.1599.101

[ File : C:\Documents and Settings\Maria Gabriela\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [24361 octets] - [02/11/2013 22:48:16]
AdwCleaner[R1].txt - [1422 octets] - [04/11/2013 07:45:20]
AdwCleaner[R2].txt - [1266 octets] - [04/11/2013 19:54:18]
AdwCleaner[S0].txt - [24785 octets] - [02/11/2013 22:53:33]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1387 octets] ##########
--- --- ---
Alt 04.11.2013, 22:28   #8
smeenk
/// Malwareteam / Visitor
 
a2ZLyrics - ich verzweifele - Standard

a2ZLyrics - ich verzweifele


Sieht gut aus

Wir spüren die letzten Reste auf, damit wir sie später entfernen können:
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:
    Code:
    ATTFilter
    Zula Games;a
zulagames;a
a2f86d47111224c15901ad7fd67316cd9ca42b8d20eb647;ff
Lyrics;a
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
  • Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)
Alt 05.11.2013, 09:10   #9
IchweißNix
 
a2ZLyrics - ich verzweifele - Standard

a2ZLyrics - ich verzweifele


Code:
ATTFilter
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\lyrics-finden.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\nellyslyrics.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\hitlistlyrics.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lyrics-finden.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lyrics-finden.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\nellyslyrics.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hitlistlyrics.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lyrics-finden.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lyrics-finden.com\www]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nellyslyrics.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\hitlistlyrics.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lyrics-finden.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lyrics-finden.com\www]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\nellyslyrics.com]

"Item 3"="[F00000000][T01CED88DE9261AE0]*C:\\Documents and Settings\\Maria Gabriela\\My Documents\\az2lyrics trojaner.docx"

[HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\hitlistlyrics.com]

[HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\lyrics-finden.com]

[HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\lyrics-finden.com\www]

[HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\nellyslyrics.com]

[HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\hitlistlyrics.com]

[HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lyrics-finden.com]

[HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lyrics-finden.com\www]

[HKEY_USERS\S-1-5-21-220523388-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\nellyslyrics.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hitlistlyrics.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lyrics-finden.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lyrics-finden.com\www]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nellyslyrics.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\hitlistlyrics.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lyrics-finden.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lyrics-finden.com\www]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\nellyslyrics.com]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{0153E448-190B-4987-BDE1-F256CADA672F}"="C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [27.10.2012 07:01]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default
- RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- AddThis - %ProfilePath%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Undetermined - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\Maria Gabriela\Application Data\Mozilla\Firefox\Profiles\rok8adw3.default
4BF70B35B943BD73BD6E13EB7C1BA4B3	- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll -	Shockwave Flash
CFAF7B67C78D09D79688AEDCA3D090E2	- C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll -	Google Update
69AA47F09AA281C7D3C7716CA7E283B4	- C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll -	Adobe Acrobat
380F9A643A149B9030142E7171EFA91B	- C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll -	Adobe Acrobat
7EF7E4C1325D533F5186E7118ABB0E7C	- C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll -	McAfee Security Scanner +
871C7A4B3466ED1B1D1D7588D14EC816	- C:\Program Files\QuickTime\Plugins\npqtplugin5.dll -	QuickTime Plug-in 7.7.4
53B55AB0CF4872F9C420D78D92C1033B	- C:\Program Files\QuickTime\Plugins\npqtplugin4.dll -	QuickTime Plug-in 7.7.4
3A6EBB668DB997B1874981F153403B46	- C:\Program Files\QuickTime\Plugins\npqtplugin3.dll -	QuickTime Plug-in 7.7.4
0805C33F24F45B11EE2CFCCD8F9C6693	- C:\Program Files\QuickTime\Plugins\npqtplugin2.dll -	QuickTime Plug-in 7.7.4
5F63DC3C36366FF4A90AEAA334509BE8	- C:\Program Files\QuickTime\Plugins\npqtplugin.dll -	QuickTime Plug-in 7.7.4
F234B77750D9E0C3AEA0432F55E1CD17	- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll -	Google Earth Plugin
05C4A7136F3012BB47107333B5D351D3	- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll -	Java(TM) Platform SE 7 U17
D4BD9F86123C87ECA570418B69326F99	- C:\WINDOWS\system32\npDeployJava1.dll -	Java Deployment Toolkit 7.0.170.2
F00A0EF5835E1B96F783D617F1948704	- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -	iTunes Application Detector
A5C14075B571AF1C9592595BE724D9D2	- c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll -	Silverlight Plug-In
F7B27774DAF8660ADD71EA29AE8C1B1A	- C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll -	Nokia Suite Enabler Plugin
256C847CD03160C9088FB440DB929448	- C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll -	RealJukebox NS Plugin
555E65306A5D3A5978BE74E1DD62CDD9	- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll -	RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)
E32771B0AE3F18CEFFC12D682025238A	- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll -	RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
2DC6257A367A6182E40F748D0396AAF9	- C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll -	RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
1E3AA02F2C91A2B25EFB4E355160CDCA	- C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll -	RealPlayer Download Plugin
C7794A997CEC29173A4401F3AE16C51F	- C:\Program Files\VideoLAN\VLC\npvlc.dll -	VLC Web Plugin
F00DA1A135FCA11D4426D9A5AB72CF0F	- C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll -	AdobeAAMDetect
3F60CEF38059440F3A82819684E10894	- C:\Program Files\Common Files\mpDRM\NPMPDRM.dll -	fluxDVD Browser Plugin
1C8124B6A03A620EB0CBCA615666D2AE	- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll -	Windows Live® Photo Gallery
0289477CB4D6543B49448CD54366B4B5	- C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll -	fluxDVD Placeholder Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67	- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -	Windows Presentation Foundation / Windows Presentation Foundation
509335C61594A73AB32E1B572AEE61A8	- C:\Program Files\Windows Media Player\npdrmv2.dll -	Microsoft® DRM
969983AB670681301F7A91DC4AD3D1F1	- C:\Program Files\Windows Media Player\npdsplay.dll -	Windows Media Player Plug-in Dynamic Link Library
6D8F27BEE96589722EE485324FDD88D9	- C:\Program Files\Windows Media Player\npwmsdrm.dll -	Microsoft® DRM
41561B8AE9E551BD08304D48DAA900FA	- C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll -	AdobeAAMDetect
2AA3703D87E1327A2290C9D416D89A28	- c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll -	Microsoft® Silverlight
28DB0CD8BCCEB5229052C835BFBA988A	- C:\WINDOWS\system32\npptools.dll -	Microsoft® Windows® Operating System


==== EOF on 05.11.2013 at  9:07:15,73 ======================

Alt 05.11.2013, 10:49   #10
smeenk
/// Malwareteam / Visitor
 
a2ZLyrics - ich verzweifele - Standard

a2ZLyrics - ich verzweifele


Es sieht sauber aus

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
Alt 05.11.2013, 13:01   #11
IchweißNix
 
a2ZLyrics - ich verzweifele - Standard

a2ZLyrics - ich verzweifele


Wirklich ganz herzlichen dank für die wunderbare hilfe !!! :-)

Code:
ATTFilter
  Results of screen317's Security Check version 0.99.74  
 Windows XP Service Pack 2 x86   
 Out of date service pack!! 
 Internet Explorer 6 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
Bitdefender Antivirus Free Edition   
AVG update module                    
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Ad-Aware 
 MVPS Hosts File  
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 TuneUp Utilities Language Pack (de-DE) 
 AVG PC TuneUp 2014 (de-DE) 
 TuneUp Utilities Language Pack (de-DE) 
 CCleaner     
 Java(TM) 6 Update 26  
 Java(TM) 6 Update 22  
 Java 7 Update 17  
 Java version out of Date! 
 Adobe Flash Player 	11.9.900.117  
 Adobe Reader XI  
 Mozilla Firefox (25.0) 
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
 Ad-Aware AAWService.exe is disabled! 
 Ad-Aware AAWTray.exe is disabled! 
 AVG avgwdsvc.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 1% 
````````````````````End of Log``````````````````````

Alt 05.11.2013, 13:24   #12
smeenk
/// Malwareteam / Visitor
 
a2ZLyrics - ich verzweifele - Standard

a2ZLyrics - ich verzweifele


Hier ist noch einiges zu tun

Es fehlt XP Service Pack 3:
http://www.microsoft.com/de-de/downl...ils.aspx?id=24

Java ist veraltet:
http://filepony.de/download-jre_32/

Alt 06.11.2013, 16:01   #13
IchweißNix
 
a2ZLyrics - ich verzweifele - Standard

a2ZLyrics - ich verzweifele


also - Java habe ich aktualisiert...
aber bei dem SP 3 zeigen sich ein Paar Herausforderungen:
"There is not enough disk space on C:\WINDOWS\$NtServicePackUninstall$ to install Service Pack 3" <- die Meldung sagt, ich hätte nicht genügend Platz

also, nach einigem Suchen in den Weiten des Inets bin ich auf Folgendes gestoßen:
HKEY_LOCAL_MACHINE
\Software
\Microsoft
\Windows
\CurrentVersion
\Setup

3. In the right pane, Right-click and select New – String value

4. Name it as “BootDir” and set its value to “C:\”

leider bin ich mal wieder zu dämlich dafür, weil ich nämlich nur bis zu "BootDir" komme - und dann geht nix mehr, weil kein Tab, kein Leer, kein was-auch-immer...
Hab dann vorsorglich den neuen String sofort wieder entfernt...

ich brauche Erleuchtung :-D bitte :-D

Alt 06.11.2013, 21:56   #14
smeenk
/// Malwareteam / Visitor
 
a2ZLyrics - ich verzweifele - Standard

a2ZLyrics - ich verzweifele


Sind da Sachen auf deine Festplatte(Fotos/Filme) die auf eine andere Festplatte kopieert werden können um mehr Platz auf deine Festplatte zu bekommen?

Vielleicht auch Programme deinstallieren die nicht gebraucht werden?

Alt 07.11.2013, 07:52   #15
IchweißNix
 
a2ZLyrics - ich verzweifele - Standard

a2ZLyrics - ich verzweifele


C: hat 105 GB - davon sind 51,4 GB belegt....

und dann war da noch:
the instruction at !0x6240d0a2" referenced memory at "0x6240d0a2". The memory could not be "read"

und weil es sonst nicht genug wäre:
The system could not log you on, make sure your username and domain are correct....

verstehe ich absolut nicht, habe nämlich gar nichts verändert, aaaaaaaaaahhh warum mir=!=

Ich bin mir ganz sicher, dass Du schon längst gesehen hast, dass es sich hierbei um einen iMac handlet, auf welchem ich in zweiter Partition Windows installiert habe - ich erwähne es nur der Form halber noch einmal. Wenn Du mir Deine Adresse schickst, schicke ich Dir ... eine Kiste Bier oder so, sag mir einfach, was... Danke

Antwort
Seite 1 von 2 1 2

Themen zu a2ZLyrics - ich verzweifele
4d36e972-e325-11ce-bfc1-08002be10318, a2zlyrics, adblock, brauche, chromium, dringend, einzige, erwischt, farbar, farbar recovery scan tool, herzlichen, herzlichen dank, leben, msiinstaller, msn deutschland, ntdll.dll, plug-in, safer networking, verzweifel, verzweifele


« Win 8: SCAN Ergebnisse nach Iminent, Tarma und Happy Lyrics | Unerwünschte Links und Pop-Up-Fenster »


Ähnliche Themen: a2ZLyrics - ich verzweifele


  1. a2zLyrics-1 - Werbung im Browser
    Log-Analyse und Auswertung - 17.11.2013 (16)
  2. Windows Vista: Werbung von a2ZLyrics in allen Browsern
    Log-Analyse und Auswertung - 09.11.2013 (11)
  3. Softonic "a2zLyrics-16"
    Plagegeister aller Art und deren Bekämpfung - 27.10.2013 (5)
  4. a2zlyrics - was tun?
    Log-Analyse und Auswertung - 23.10.2013 (10)
  5. Ich verzweifele an dem Trojaner Rootkit.Agent
    Plagegeister aller Art und deren Bekämpfung - 09.08.2010 (21)
  6. Langsam Verzweifele ich..
    Mülltonne - 02.01.2009 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema a2ZLyrics - ich verzweifele - Tja, ich bin ja wohl die die Einzige, die es erwischt hat: A2Zlyrics macht mir das Leben schwer. Ich brauche dringend Hilfe. Ganz herzlichen Dank schon mal! FRST Logfile: FRST - a2ZLyrics - ich verzweifele...
Archiv
Du betrachtest: a2ZLyrics - ich verzweifele auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54