| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: MyStart by IncrediBar entfernen/deinstallierenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.08.2012, 12:19
| #1 |
 |  MyStart by IncrediBar entfernen/deinstallieren Hallo! Ich habe mir bei irgendeinem Download wohl die MyStart by IncrediBar Toolbar mitinstalliert und ich bekomme sie einfach nicht wieder deinstalliert. Außerdem wurde davon auch meine Startseite bei Firefox geändert und jedes mal, wenn ich einen neuen Tab öffne, komme ich auf die MyStart by IncrediBar Seite. Die Startseite konnte ich selbst wieder dauerhaft ändern, nur das mit den Tabs bekomme ich nicht hin. Ich habe auch schon die Add-ons von IncrediBar gelöscht, aber da die Seite bei einem neuen Tab immer wieder angezeigt wird muss das Programm ja noch da sein? Ich habe auch schon einen anderen Thread zu diesem Thema gelesen (hier der Link: http://www.trojaner-board.de/118793-...entfernen.html), ich habe die dort erwähnten Scans durchgeführt. Mehr habe ich mich nicht getraut, da ich Angst hatte etwas evtl. wichtiges zu löschen und die Scans dort vielleicht etwas anderes ergeben haben als bei mir. Nachdem ich zuerst den defogger durchgeführt habe kam keine Fehlermeldung, er hat aber auch keinen Neustart gefordert. Danach habe ich OTL heruntergeladen und durchgeführt. Hier die Logs: OTL.txt: Code:
ATTFilter OTL logfile created on: 20.08.2012 12:19:07 - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Martina\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,97 Gb Total Physical Memory | 3,85 Gb Available Physical Memory | 64,50% Memory free 11,94 Gb Paging File | 9,21 Gb Available in Paging File | 77,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 681,25 Gb Total Space | 611,30 Gb Free Space | 89,73% Space Free | Partition Type: NTFS Computer Name: MARTINA-VAIO | User Name: Martina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.20 12:06:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Martina\Desktop\OTL.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.05.29 00:54:30 | 000,054,464 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe PRC - [2012.03.13 18:02:03 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.03.13 18:01:48 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.03.13 18:01:29 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.03.13 18:00:11 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.03.07 18:57:48 | 000,183,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe PRC - [2012.03.07 18:57:46 | 000,065,464 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe PRC - [2012.02.23 17:09:58 | 000,158,880 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2012.02.22 19:10:28 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.02.21 12:41:12 | 000,473,960 | ---- | M] (Sony Corporation) -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe PRC - [2012.02.21 12:37:16 | 000,693,608 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe PRC - [2012.02.20 06:03:21 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2012.01.06 16:44:30 | 000,123,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe PRC - [2012.01.06 16:44:26 | 000,138,392 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe PRC - [2011.12.29 16:10:08 | 000,960,160 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe PRC - [2011.12.21 13:55:14 | 000,382,720 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe PRC - [2011.12.21 13:15:06 | 000,550,128 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe PRC - [2011.11.30 18:49:50 | 000,082,592 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe PRC - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.11.29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.09.20 16:57:56 | 000,060,552 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe PRC - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe PRC - [2010.10.25 15:13:38 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe ========== Modules (No Company Name) ========== MOD - [2012.08.19 14:37:03 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012.08.19 14:36:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.08.19 14:36:57 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\acc563eb665e430df4375afb9697a5d9\IAStorCommon.ni.dll MOD - [2012.08.19 14:36:56 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.08.19 14:36:54 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll MOD - [2012.08.19 14:36:52 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.08.19 14:36:45 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.08.19 14:36:26 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.08.19 14:36:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.08.18 23:02:11 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.08.18 23:02:01 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.05.30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.05.30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.10.25 15:13:46 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.03.13 19:15:50 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.11.30 18:49:50 | 000,260,768 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV - [2012.08.19 21:55:38 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.05.29 00:54:30 | 000,054,464 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService) SRV - [2012.05.10 18:44:34 | 001,259,104 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent) SRV - [2012.03.26 09:24:10 | 000,978,056 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2012.03.21 17:08:20 | 000,112,256 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe -- (DCDhcpService) SRV - [2012.03.13 18:02:03 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.03.13 18:01:48 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.03.13 18:01:29 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.03.13 18:00:11 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.03.07 18:57:46 | 000,065,464 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe -- (VAIO Event Service) SRV - [2012.02.23 17:09:58 | 000,158,880 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent) SRV - [2012.02.23 16:51:40 | 000,106,144 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2012.02.21 12:41:12 | 000,473,960 | ---- | M] (Sony Corporation) [Auto | Running] -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2012.02.08 18:36:01 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.01.19 11:40:56 | 000,248,304 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124) SRV - [2012.01.10 13:45:32 | 000,535,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2012.01.06 16:44:28 | 000,074,904 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2012.01.06 16:44:26 | 000,138,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2011.12.29 16:10:08 | 000,960,160 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2011.12.21 13:55:14 | 000,382,720 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV - [2011.12.21 13:15:06 | 000,550,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2011.12.01 10:04:56 | 000,289,952 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService) SRV - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.08.26 18:47:26 | 000,101,600 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.08.16 14:17:53 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.05.17 00:27:58 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012.04.25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.03.13 19:19:06 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.03.13 19:16:05 | 010,732,032 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.03.13 19:16:05 | 000,328,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.13 19:03:03 | 000,425,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.03.13 18:00:42 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 17:01:04 | 000,550,560 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2012.02.23 17:00:34 | 000,421,664 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_vdp.sys -- (BTATH_VDP) DRV:64bit: - [2012.02.23 17:00:16 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2012.02.23 17:00:04 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2012.02.23 16:59:34 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2012.02.23 16:59:16 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2012.02.23 16:59:04 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2012.02.23 16:58:46 | 000,110,752 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2012.02.23 16:58:28 | 000,339,616 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2012.02.22 19:10:17 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.02.22 19:10:12 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.02.22 19:10:10 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.02.21 23:27:36 | 002,807,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2012.02.13 11:21:29 | 000,675,432 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2012.02.08 18:36:36 | 000,339,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2012.01.16 11:01:14 | 000,014,336 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb155?a=6OyLl4HLRG&i=26 IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{B392D790-DAF7-47DC-B081-6A4D7BB0ED84}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q212&_nkw={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb155/?search={searchTerms}&loc=IB_DS&a=6OyLl4HLRG&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com/" FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb155/?loc=IB_DS&a=6OyLl4HLRG&&i=26&search=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: c:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.08.08 14:39:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.08.16 15:04:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.08.16 15:04:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.08.16 15:04:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.17 21:03:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.15 14:17:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martina\AppData\Roaming\mozilla\Extensions [2012.08.19 14:29:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martina\AppData\Roaming\mozilla\Firefox\Profiles\qvq1dwsx.default\extensions [2012.08.15 20:47:18 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Martina\AppData\Roaming\mozilla\Firefox\Profiles\qvq1dwsx.default\extensions\ich@maltegoetz.de [2012.08.17 23:04:37 | 000,002,203 | ---- | M] () -- C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\qvq1dwsx.default\searchplugins\MyStart Search.xml [2012.08.17 21:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.08.15 21:02:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.08.16 17:08:32 | 000,006,796 | ---- | M] () (No name found) -- C:\USERS\MARTINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QVQ1DWSX.DEFAULT\EXTENSIONS\INFO@YOUTUBE-MP3.ORG.XPI [2012.08.17 21:03:57 | 000,330,316 | ---- | M] () (No name found) -- C:\USERS\MARTINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QVQ1DWSX.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI [2012.08.15 20:47:18 | 000,456,182 | ---- | M] () (No name found) -- C:\USERS\MARTINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QVQ1DWSX.DEFAULT\EXTENSIONS\STEFANVANDAMME@STEFANVD.NET.XPI [2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] c:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] c:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Append to Existing PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert to Adobe PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Append Link Target to Existing PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.145 217.0.43.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6246155D-5406-47B9-924A-FDA16228998B}: DhcpNameServer = 217.0.43.145 217.0.43.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C23B9126-B006-424E-B72C-C16D7C505C18}: DhcpNameServer = 62.25.0.55 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.20 12:06:06 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Martina\Desktop\OTL.exe [2012.08.19 22:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.08.19 22:03:09 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Martina\Desktop\esetsmartinstaller_enu.exe [2012.08.19 20:51:47 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Roaming\Malwarebytes [2012.08.19 20:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.19 20:51:40 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.19 20:51:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.19 20:51:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.19 20:37:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools [2012.08.19 20:04:30 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys [2012.08.19 20:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2012.08.19 20:03:16 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Roaming\TestApp [2012.08.19 20:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2012.08.19 19:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012.08.19 18:01:55 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Local\Atheros [2012.08.19 17:53:10 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Local\Diagnostics [2012.08.19 16:32:37 | 000,000,000 | ---D | C] -- C:\Users\Martina\Desktop\LOTRO Standard Res Install Files DE [2012.08.19 16:32:06 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Local\PMB Files [2012.08.19 16:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2012.08.19 16:30:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2012.08.19 14:59:50 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Roaming\Turbine [2012.08.19 14:59:41 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Local\Turbine [2012.08.19 14:49:19 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Local\ApplicationHistory [2012.08.19 14:47:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP [2012.08.19 14:24:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Codemasters [2012.08.19 13:11:13 | 000,360,448 | ---- | C] (FLV.com) -- C:\Windows\SysWow64\TubeFinder.exe [2012.08.19 13:11:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter [2012.08.19 13:11:12 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Roaming\FreeFLVConverter [2012.08.19 13:11:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FLV Converter [2012.08.18 22:41:26 | 000,000,000 | RH-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care [2012.08.18 22:21:48 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Roaming\iolo [2012.08.17 23:15:59 | 000,000,000 | ---D | C] -- C:\Users\Martina\Documents\LDW [2012.08.17 23:07:20 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Downloader [2012.08.17 23:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\vGrabber-software [2012.08.17 21:44:34 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Local\Microsoft Games [2012.08.17 21:03:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.08.16 20:25:11 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Local\Evernote [2012.08.16 20:18:20 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Local\CrashDumps [2012.08.16 19:49:38 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Roaming\WildTangent [2012.08.16 15:23:32 | 000,000,000 | ---D | C] -- C:\Users\Martina\Documents\My Digital Editions [2012.08.16 15:20:39 | 000,000,000 | ---D | C] -- C:\Users\Martina\Desktop\Slender v0.9.6 [2012.08.16 15:17:16 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Roaming\Apple Computer [2012.08.16 15:17:16 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Local\Apple Computer [2012.08.16 15:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.08.16 15:15:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.08.16 15:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.08.16 15:15:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.08.16 15:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.08.16 15:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2012.08.16 15:14:44 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Local\Apple [2012.08.16 15:14:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.08.16 15:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.08.16 15:14:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.08.16 15:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012.08.16 15:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.08.16 15:14:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012.08.16 15:11:53 | 000,000,000 | ---D | C] -- C:\Users\Martina\Desktop\Kaspersky Daily Activation Keys 11 August 2012 [2012.08.16 14:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012 [2012.08.16 14:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.08.16 14:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2012.08.16 14:17:53 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012.08.16 14:06:38 | 000,000,000 | ---D | C] -- C:\VAIO Entertainment [2012.08.15 21:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.08.15 21:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.08.15 20:57:06 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Local\ArcSoft [2012.08.15 20:56:57 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Roaming\ArcSoft [2012.08.15 20:41:53 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Roaming\Skype [2012.08.15 20:37:43 | 000,000,000 | R--D | C] -- C:\Users\Martina\Desktop\Martina [2012.08.15 20:36:41 | 000,000,000 | ---D | C] -- C:\Users\Martina\Documents\Sony PMB [2012.08.15 15:20:08 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Local\Macromedia [2012.08.15 14:54:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.08.15 14:53:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012.08.15 14:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.08.15 14:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2012.08.15 14:50:46 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Local\Microsoft Help [2012.08.15 14:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012.08.15 14:50:14 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012.08.15 14:32:31 | 000,000,000 | ---D | C] -- C:\Update [2012.08.15 14:15:53 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Roaming\Mozilla [2012.08.15 14:15:53 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Local\Mozilla [2012.08.15 14:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.08.15 14:15:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.08.15 14:04:11 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Roaming\ATI [2012.08.15 14:04:11 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Local\ATI [2012.08.15 14:03:30 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Local\Adobe [2012.08.15 14:03:27 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Roaming\Adobe [2012.08.15 14:03:22 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Roaming\Intel Corporation [2012.08.15 14:03:14 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Local\BMExplorer [2012.08.15 14:03:14 | 000,000,000 | ---D | C] -- C:\Users\Martina\Documents\Bluetooth Folder [2012.08.15 14:03:09 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Roaming\Atheros [2012.08.15 14:02:27 | 000,000,000 | R--D | C] -- C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.08.15 14:02:27 | 000,000,000 | R--D | C] -- C:\Users\Martina\Searches [2012.08.15 14:02:27 | 000,000,000 | R--D | C] -- C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.08.15 14:02:17 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Roaming\Identities [2012.08.15 14:02:13 | 000,000,000 | R--D | C] -- C:\Users\Martina\Contacts [2012.08.15 14:01:46 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Local\Sony Corporation [2012.08.15 14:00:07 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Local\VirtualStore [2012.08.15 13:57:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\VAIO Startup Setting Tool [2012.08.15 13:57:06 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.08.15 13:56:50 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Roaming\Sony Corporation [2012.08.15 13:56:44 | 000,000,000 | --SD | C] -- C:\Users\Martina\AppData\Roaming\Microsoft [2012.08.15 13:56:44 | 000,000,000 | R--D | C] -- C:\Users\Martina\Videos [2012.08.15 13:56:44 | 000,000,000 | R--D | C] -- C:\Users\Martina\Saved Games [2012.08.15 13:56:44 | 000,000,000 | R--D | C] -- C:\Users\Martina\Pictures [2012.08.15 13:56:44 | 000,000,000 | R--D | C] -- C:\Users\Martina\Music [2012.08.15 13:56:44 | 000,000,000 | R--D | C] -- C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.08.15 13:56:44 | 000,000,000 | R--D | C] -- C:\Users\Martina\Links [2012.08.15 13:56:44 | 000,000,000 | R--D | C] -- C:\Users\Martina\Favorites [2012.08.15 13:56:44 | 000,000,000 | R--D | C] -- C:\Users\Martina\Downloads [2012.08.15 13:56:44 | 000,000,000 | R--D | C] -- C:\Users\Martina\Documents [2012.08.15 13:56:44 | 000,000,000 | R--D | C] -- C:\Users\Martina\Desktop [2012.08.15 13:56:44 | 000,000,000 | R--D | C] -- C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.08.15 13:56:44 | 000,000,000 | -HSD | C] -- C:\Users\Martina\Vorlagen [2012.08.15 13:56:44 | 000,000,000 | -HSD | C] -- C:\Users\Martina\AppData\Local\Verlauf [2012.08.15 13:56:44 | 000,000,000 | -HSD | C] -- C:\Users\Martina\AppData\Local\Temporary Internet Files [2012.08.15 13:56:44 | 000,000,000 | -HSD | C] -- C:\Users\Martina\Startmenü [2012.08.15 13:56:44 | 000,000,000 | -HSD | C] -- C:\Users\Martina\SendTo [2012.08.15 13:56:44 | 000,000,000 | -HSD | C] -- C:\Users\Martina\Recent [2012.08.15 13:56:44 | 000,000,000 | -HSD | C] -- C:\Users\Martina\Netzwerkumgebung [2012.08.15 13:56:44 | 000,000,000 | -HSD | C] -- C:\Users\Martina\Lokale Einstellungen [2012.08.15 13:56:44 | 000,000,000 | -HSD | C] -- C:\Users\Martina\Documents\Eigene Videos [2012.08.15 13:56:44 | 000,000,000 | -HSD | C] -- C:\Users\Martina\Documents\Eigene Musik [2012.08.15 13:56:44 | 000,000,000 | -HSD | C] -- C:\Users\Martina\Eigene Dateien [2012.08.15 13:56:44 | 000,000,000 | -HSD | C] -- C:\Users\Martina\Documents\Eigene Bilder [2012.08.15 13:56:44 | 000,000,000 | -HSD | C] -- C:\Users\Martina\Druckumgebung [2012.08.15 13:56:44 | 000,000,000 | -HSD | C] -- C:\Users\Martina\Cookies [2012.08.15 13:56:44 | 000,000,000 | -HSD | C] -- C:\Users\Martina\AppData\Local\Anwendungsdaten [2012.08.15 13:56:44 | 000,000,000 | -HSD | C] -- C:\Users\Martina\Anwendungsdaten [2012.08.15 13:56:44 | 000,000,000 | -H-D | C] -- C:\Users\Martina\AppData [2012.08.15 13:56:44 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Local\Temp [2012.08.15 13:56:44 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Local\Microsoft [2012.08.15 13:56:44 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Roaming\Media Center Programs [2012.08.15 13:56:44 | 000,000,000 | ---D | C] -- C:\Users\Martina\AppData\Roaming\Macromedia [2012.08.15 13:56:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.08.15 13:56:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.08.15 13:56:32 | 000,000,000 | -HSD | C] -- C:\Programme [2012.08.15 13:56:32 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.08.15 13:56:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.08.15 13:56:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.08.15 13:56:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.08.15 13:56:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.08.15 13:56:32 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.08.15 13:56:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.08.15 13:56:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.08.08 15:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.08.08 15:57:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros [2012.08.08 15:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote for VAIO [2012.08.08 15:55:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote [2012.08.08 15:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Evernote [2012.08.08 15:51:13 | 000,021,176 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysNative\iolorgdf64.exe [2012.08.08 15:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo [2012.08.08 15:48:49 | 000,000,000 | ---D | C] -- C:\Windows\en [2012.08.08 15:47:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2012.08.08 15:47:15 | 000,000,000 | ---D | C] -- C:\Windows\uk [2012.08.08 15:47:02 | 000,000,000 | ---D | C] -- C:\Windows\tr [2012.08.08 15:46:58 | 000,000,000 | ---D | C] -- C:\Windows\sl [2012.08.08 15:46:54 | 000,000,000 | ---D | C] -- C:\Windows\sv [2012.08.08 15:46:50 | 000,000,000 | ---D | C] -- C:\Windows\sk [2012.08.08 15:46:46 | 000,000,000 | ---D | C] -- C:\Windows\ru [2012.08.08 15:46:42 | 000,000,000 | ---D | C] -- C:\Windows\ro [2012.08.08 15:46:39 | 000,000,000 | ---D | C] -- C:\Windows\pt-pt [2012.08.08 15:46:36 | 000,000,000 | ---D | C] -- C:\Windows\pl [2012.08.08 15:46:31 | 000,000,000 | ---D | C] -- C:\Windows\no [2012.08.08 15:46:27 | 000,000,000 | ---D | C] -- C:\Windows\it [2012.08.08 15:46:24 | 000,000,000 | ---D | C] -- C:\Windows\hu [2012.08.08 15:46:20 | 000,000,000 | ---D | C] -- C:\Windows\el [2012.08.08 15:46:16 | 000,000,000 | ---D | C] -- C:\Windows\de [2012.08.08 15:46:12 | 000,000,000 | ---D | C] -- C:\Windows\fr [2012.08.08 15:46:08 | 000,000,000 | ---D | C] -- C:\Windows\fi [2012.08.08 15:46:04 | 000,000,000 | ---D | C] -- C:\Windows\nl [2012.08.08 15:46:01 | 000,000,000 | ---D | C] -- C:\Windows\da [2012.08.08 15:45:58 | 000,000,000 | ---D | C] -- C:\Windows\cs [2012.08.08 15:45:53 | 000,000,000 | ---D | C] -- C:\Windows\bg [2012.08.08 15:45:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2012.08.08 15:41:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2012.08.08 15:40:41 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.08.08 15:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2012.08.08 15:38:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.08.08 15:38:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012.08.08 15:37:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2012.08.08 15:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WildGames [2012.08.08 15:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WildTangent Games [2012.08.08 15:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\WildTangent [2012.08.08 15:09:00 | 000,000,000 | ---D | C] -- C:\VAIO Sample Contents [2012.08.08 15:02:10 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.08.08 15:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.08.08 15:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home [2012.08.08 14:55:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2012.08.08 14:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony [2012.08.08 14:49:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Media Go Install [2012.08.08 14:48:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TriDef 3D [2012.08.08 14:48:52 | 000,000,000 | ---D | C] -- C:\ProgramData\DDD [2012.08.08 14:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TriDef 3D [2012.08.08 14:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2012.08.08 14:48:30 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD BD [2012.08.08 14:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2012.08.08 14:47:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink [2012.08.08 14:47:01 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\SysWow64\PCDLIB32.DLL [2012.08.08 14:46:58 | 000,055,808 | ---- | C] (ArcSoft, Inc.) -- C:\Windows\System\ArcSoftKsUFilter.dll [2012.08.08 14:46:58 | 000,019,968 | ---- | C] (ArcSoft, Inc.) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys [2012.08.08 14:44:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Webcam Suite [2012.08.08 14:44:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft [2012.08.08 14:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft [2012.08.08 14:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft [2012.08.08 14:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\Sony [2012.08.08 14:41:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2012.08.08 14:41:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.08.08 14:40:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2012.08.08 14:39:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\winrm [2012.08.08 14:39:51 | 000,000,000 | ---D | C] -- C:\Windows\de-DE [2012.08.08 14:39:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer [2012.08.08 14:39:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WCN [2012.08.08 14:39:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\UMDF [2012.08.08 14:39:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sysprep [2012.08.08 14:39:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\slmgr [2012.08.08 14:39:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Printing_Admin_Scripts [2012.08.08 14:39:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\UMDF\de-DE [2012.08.08 14:39:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE [2012.08.08 14:39:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de [2012.08.08 14:39:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407 [2012.08.08 14:39:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\winrm [2012.08.08 14:39:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\slmgr [2012.08.08 14:39:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407 [2012.08.08 14:39:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WCN [2012.08.08 14:39:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE [2012.08.08 14:39:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Printing_Admin_Scripts [2012.08.08 14:39:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de [2012.08.08 14:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.08.08 14:38:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.08.08 14:38:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.08.08 14:38:23 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui [2012.08.08 14:38:23 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui [2012.08.08 14:38:13 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui [2012.08.08 14:38:12 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui [2012.08.08 14:36:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2012.08.08 14:36:36 | 000,000,000 | ---D | C] -- C:\temp [2012.08.08 14:32:18 | 000,000,000 | ---D | C] -- C:\Documentation [2012.08.08 14:30:07 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Main [2012.08.08 14:25:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012.08.08 14:21:08 | 000,000,000 | ---D | C] -- C:\Windows\Sonysys [2012.08.08 14:18:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee [2012.08.08 14:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2012.08.08 14:17:06 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012.08.08 14:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.08.08 14:16:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.08.08 14:16:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation [2012.08.08 14:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.08.08 14:15:21 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.08.08 14:14:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared [2012.08.08 14:14:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared [2012.08.08 14:12:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2012.08.08 14:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Corporation [2012.08.08 14:10:38 | 002,807,808 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys [2012.08.08 14:10:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation [2012.08.08 14:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Qualcomm Atheros [2012.08.08 14:08:57 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [2012.08.08 14:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2012.08.08 14:05:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sda [2012.08.08 14:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2012.08.08 14:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2012.08.08 14:04:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2012.08.08 14:03:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.08.08 14:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.08.08 14:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2012.08.08 14:03:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2012.08.08 13:59:13 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program [2012.08.08 13:59:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Atheros [2012.08.08 13:59:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bluetooth Suite [2012.08.08 13:58:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2012.08.08 13:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2012.08.08 13:58:05 | 005,996,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2012.08.08 13:58:05 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2012.08.08 13:58:05 | 002,603,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2012.08.08 13:58:05 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2012.08.08 13:58:05 | 001,247,576 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll [2012.08.08 13:58:05 | 000,958,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2012.08.08 13:58:05 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2012.08.08 13:58:05 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2012.08.08 13:58:05 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2012.08.08 13:58:05 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2012.08.08 13:58:05 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2012.08.08 13:58:05 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2012.08.08 13:58:05 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2012.08.08 13:58:05 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2012.08.08 13:58:05 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll [2012.08.08 13:58:05 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2012.08.08 13:58:05 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2012.08.08 13:58:05 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2012.08.08 13:58:05 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2012.08.08 13:58:05 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2012.08.08 13:58:05 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2012.08.08 13:58:05 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2012.08.08 13:58:05 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll [2012.08.08 13:58:05 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll [2012.08.08 13:58:05 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2012.08.08 13:58:05 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2012.08.08 13:58:05 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2012.08.08 13:58:04 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll [2012.08.08 13:58:03 | 002,528,832 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2012.08.08 13:58:03 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2012.08.08 13:58:03 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2012.08.08 13:58:03 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2012.08.08 13:58:03 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2012.08.08 13:58:03 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2012.08.08 13:58:03 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2012.08.08 13:58:03 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll [2012.08.08 13:58:03 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll [2012.08.08 13:58:03 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2012.08.08 13:58:03 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll [2012.08.08 13:58:03 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2012.08.08 13:58:03 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2012.08.08 13:58:03 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2012.08.08 13:58:03 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2012.08.08 13:58:03 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2012.08.08 13:58:03 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2012.08.08 13:58:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2012.08.08 13:58:02 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2012.08.08 13:57:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2012.08.08 13:56:12 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2012.08.08 13:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2012.08.08 13:56:08 | 000,000,000 | ---D | C] -- C:\Intel [2012.08.08 13:48:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation [2012.08.08 13:45:37 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.08.08 10:09:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.20 12:15:42 | 000,000,000 | ---- | M] () -- C:\Users\Martina\defogger_reenable [2012.08.20 12:15:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.20 12:06:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Martina\Desktop\OTL.exe [2012.08.20 09:39:37 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.20 09:39:37 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.20 09:31:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.20 09:31:30 | 513,560,575 | -HS- | M] () -- C:\hiberfil.sys [2012.08.19 22:03:26 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Martina\Desktop\esetsmartinstaller_enu.exe [2012.08.19 20:51:41 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.19 20:04:53 | 001,641,027 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB [2012.08.19 17:56:27 | 000,000,400 | ---- | M] () -- C:\Users\Martina\Desktop\Fortsetzen Download Der Herr der Ringe Online.url [2012.08.19 14:49:20 | 000,000,095 | ---- | M] () -- C:\Users\Martina\AppData\Local\fusioncache.dat [2012.08.19 14:48:57 | 001,670,026 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.08.19 14:48:57 | 000,707,694 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.19 14:48:57 | 000,661,272 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.19 14:48:57 | 000,153,254 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.19 14:48:57 | 000,125,462 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.19 13:11:13 | 000,001,121 | ---- | M] () -- C:\Users\Martina\Desktop\Free FLV Converter.lnk [2012.08.19 12:44:35 | 000,586,034 | ---- | M] () -- C:\Users\Martina\Desktop\Youtube.png [2012.08.18 22:58:38 | 001,591,222 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.18 20:13:23 | 000,445,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.17 23:05:10 | 000,000,447 | ---- | M] () -- C:\user.js [2012.08.17 21:03:49 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.08.16 15:04:25 | 000,153,053 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2012.08.16 15:04:25 | 000,107,384 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2012.08.16 14:20:44 | 000,017,408 | ---- | M] () -- C:\Users\Martina\AppData\Local\WebpageIcons.db [2012.08.16 14:17:53 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012.08.15 21:34:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.08.15 14:02:06 | 000,000,000 | RH-- | M] () -- C:\Windows\SysWow64\drivers\104D_Sony_SVE1511C5E.mrk [2012.08.15 14:02:06 | 000,000,000 | RH-- | M] () -- C:\Windows\SysNative\drivers\104D_Sony_SVE1511C5E.mrk [2012.08.15 12:53:04 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012.08.15 12:53:04 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012.08.09 02:08:16 | 000,002,655 | ---- | M] () -- C:\Windows\SysNative\snyinst.oem [2012.08.08 15:51:13 | 000,074,703 | ---- | M] () -- C:\Windows\SysWow64\mfc45.dll [2012.08.08 15:45:35 | 000,000,020 | ---- | M] () -- C:\Windows\¤ôÉ [2012.08.08 15:09:38 | 000,262,144 | ---- | M] () -- C:\Windows\ocsetup_install_OEMHelpCustomization.etl [2012.08.08 14:39:10 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat [2012.08.08 14:39:10 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat [2012.08.08 14:38:23 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui [2012.08.08 14:38:23 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui [2012.08.08 14:38:13 | 000,004,096 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui [2012.08.08 14:38:12 | 000,002,560 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui [2012.08.08 14:12:39 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2012.08.08 14:09:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2012.08.08 14:05:59 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2012.08.08 14:01:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf [2012.08.08 14:00:04 | 000,246,804 | ---- | M] () -- C:\Windows\SysNative\drivers\AtherosBt.bin [2012.08.08 14:00:04 | 000,001,796 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x11020000_40.dfu [2012.08.08 14:00:04 | 000,001,434 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x31010000_40.dfu [2012.08.08 14:00:04 | 000,001,242 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40_0x01.dfu [2012.08.08 14:00:04 | 000,001,228 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40_0x04.dfu [2012.08.08 14:00:04 | 000,001,214 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40_0x03.dfu [2012.08.08 14:00:04 | 000,001,204 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40_0x02.dfu [2012.08.08 14:00:04 | 000,001,204 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40.dfu [2012.08.08 14:00:04 | 000,001,198 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_26.dfu [2012.08.08 14:00:04 | 000,001,192 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_26_0x01.dfu [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.20 12:15:42 | 000,000,000 | ---- | C] () -- C:\Users\Martina\defogger_reenable [2012.08.19 20:51:41 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.19 20:04:34 | 001,641,027 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB [2012.08.19 17:56:27 | 000,000,400 | ---- | C] () -- C:\Users\Martina\Desktop\Fortsetzen Download Der Herr der Ringe Online.url [2012.08.19 14:49:20 | 000,000,095 | ---- | C] () -- C:\Users\Martina\AppData\Local\fusioncache.dat [2012.08.19 13:11:13 | 000,001,121 | ---- | C] () -- C:\Users\Martina\Desktop\Free FLV Converter.lnk [2012.08.19 13:11:12 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\PropertyGrid.ocx [2012.08.19 13:11:12 | 000,208,500 | ---- | C] () -- C:\Windows\SysWow64\ReyXpBasics.tlb [2012.08.19 13:11:12 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ControlSubX.ocx [2012.08.18 22:41:26 | 000,002,017 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk [2012.08.17 23:05:10 | 000,000,447 | ---- | C] () -- C:\user.js [2012.08.17 21:03:49 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.08.17 21:03:49 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.08.16 20:17:47 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk [2012.08.16 18:37:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.08.16 15:14:40 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.08.16 14:20:44 | 000,017,408 | ---- | C] () -- C:\Users\Martina\AppData\Local\WebpageIcons.db [2012.08.16 14:19:33 | 000,153,053 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2012.08.16 14:19:33 | 000,107,384 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2012.08.15 21:34:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.08.15 21:07:41 | 000,586,034 | ---- | C] () -- C:\Users\Martina\Desktop\Youtube.png [2012.08.15 14:02:45 | 000,001,409 | ---- | C] () -- C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.08.15 14:02:28 | 000,001,443 | ---- | C] () -- C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.08.15 14:02:06 | 000,000,000 | RH-- | C] () -- C:\Windows\SysWow64\drivers\104D_Sony_SVE1511C5E.mrk [2012.08.15 14:02:06 | 000,000,000 | RH-- | C] () -- C:\Windows\SysNative\drivers\104D_Sony_SVE1511C5E.mrk [2012.08.15 14:01:28 | 000,002,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music Unlimited.lnk [2012.08.15 12:47:10 | 513,560,575 | -HS- | C] () -- C:\hiberfil.sys [2012.08.08 15:51:13 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll [2012.08.08 15:45:45 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk [2012.08.08 15:45:38 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk [2012.08.08 15:45:35 | 000,000,020 | ---- | C] () -- C:\Windows\¤ôÉ [2012.08.08 15:43:58 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk [2012.08.08 15:41:40 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2012.08.08 15:09:19 | 000,262,144 | ---- | C] () -- C:\Windows\ocsetup_install_OEMHelpCustomization.etl [2012.08.08 15:09:13 | 000,001,275 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Transfer.lnk [2012.08.08 15:08:35 | 000,002,072 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Gate.lnk [2012.08.08 15:05:17 | 000,002,679 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Easy Connect.lnk [2012.08.08 15:00:30 | 000,001,315 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home.lnk [2012.08.08 14:41:31 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.08 14:40:32 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat [2012.08.08 14:40:31 | 000,707,694 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat [2012.08.08 14:40:31 | 000,153,254 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat [2012.08.08 14:40:31 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat [2012.08.08 14:39:38 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Standard.lnk [2012.08.08 14:39:38 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk [2012.08.08 14:35:50 | 000,002,197 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Smart Network.lnk [2012.08.08 14:32:21 | 000,001,995 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk [2012.08.08 14:31:47 | 000,002,269 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Data Restore Tool.lnk [2012.08.08 14:31:29 | 000,001,531 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Control Center.lnk [2012.08.08 14:31:16 | 000,002,390 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Gesture Control.lnk [2012.08.08 14:31:01 | 000,001,396 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO3DPortal.lnk [2012.08.08 14:22:30 | 000,002,241 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Gallery.lnk [2012.08.08 14:20:57 | 000,001,383 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Register Your VAIO.lnk [2012.08.08 14:12:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.08.08 14:09:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2012.08.08 14:05:59 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2012.08.08 14:05:05 | 000,015,128 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll [2012.08.08 14:01:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf [2012.08.08 13:58:05 | 000,227,876 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2012.08.08 13:46:37 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012.08.08 13:46:27 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012.03.14 06:53:13 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.14 06:53:13 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.14 06:53:13 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.02.09 23:00:18 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2012.02.09 23:00:06 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.02.11 01:03:27 | 001,670,026 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== LOP Check ========== [2012.08.19 13:13:51 | 000,000,000 | ---D | M] -- C:\Users\Martina\AppData\Roaming\FreeFLVConverter [2012.08.18 22:21:48 | 000,000,000 | ---D | M] -- C:\Users\Martina\AppData\Roaming\iolo [2012.08.19 20:03:16 | 000,000,000 | ---D | M] -- C:\Users\Martina\AppData\Roaming\TestApp [2012.08.19 14:59:50 | 000,000,000 | ---D | M] -- C:\Users\Martina\AppData\Roaming\Turbine [2012.08.17 23:02:55 | 000,000,000 | ---D | M] -- C:\Users\Martina\AppData\Roaming\WildTangent [2009.07.14 07:08:49 | 000,008,434 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84 @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2 < End of report > Den Malwarebytes Vollscan habe ich auch gemacht, die Logdatei davon ist ebenfalls im Anhang. Die in Quarantäne gestellten Dateien habe ich dort gelassen und nicht gelöscht. Außerdem habe ich noch den ESET Online Scanner herungergelanden und durchgeführt. Ich füge die Logdatei davon ebenfalls mal im Anhang ein. Wie soll ich jetzt weiter vorgehen? Ich hoffe ich habe soweit alles richtig gemacht und ihr könnt mir helfen. Danke schonmal! Lg, Martina |
|
20.08.2012, 14:55
| #2 |
| /// Helfer-Team  | MyStart by IncrediBar entfernen/deinstallieren Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ |
|
20.08.2012, 18:38
| #3 |
| | MyStart by IncrediBar entfernen/deinstallieren Danke
__________________ Hier die Textdatei von AdwCleaner: Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/20/2012 at 19:31:46
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Martina - MARTINA-VAIO
# Boot Mode : Normal
# Running from : C:\Users\Martina\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\qvq1dwsx.default\searchplugins\MyStart Search.xml
File Found : C:\user.js
***** [Registry] *****
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Web Assistant
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
[x64] Key Found : HKCU\Software\IM
[x64] Key Found : HKCU\Software\ImInstaller
[x64] Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Found : HKLM\SOFTWARE\Web Assistant
[x64] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb155?a=6OyLl4HLRG&i=26
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\qvq1dwsx.default\prefs.js
Found : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb155?a=6OyLl4HLRG&loc=FF_NT");
Found : user_pref("browser.search.defaultenginename", "MyStart Search");
Found : user_pref("extensions.incredibar.actvtyRptTime", "1345318713017");
Found : user_pref("extensions.incredibar.admin", false);
Found : user_pref("extensions.incredibar.aflt", "orgnl");
Found : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Found : user_pref("extensions.incredibar.cntry", "DE");
Found : user_pref("extensions.incredibar.dfltLng", "EN");
Found : user_pref("extensions.incredibar.dfltSrch", false);
Found : user_pref("extensions.incredibar.dfltlng", "en");
Found : user_pref("extensions.incredibar.dfltsrch", "false");
Found : user_pref("extensions.incredibar.did", "10657");
Found : user_pref("extensions.incredibar.envrmnt", "production");
Found : user_pref("extensions.incredibar.excTlbr", false);
Found : user_pref("extensions.incredibar.hdrMd5", "60D136D0B1613F62B858FF2B4AE9DD9D");
Found : user_pref("extensions.incredibar.hmpg", false);
Found : user_pref("extensions.incredibar.hrdid", "2e875dae000000000000844bf5db8d67");
Found : user_pref("extensions.incredibar.id", "2e875dae000000000000844bf5db8d67");
Found : user_pref("extensions.incredibar.installerproductid", "26");
Found : user_pref("extensions.incredibar.instlDay", "15569");
Found : user_pref("extensions.incredibar.instlRef", "");
Found : user_pref("extensions.incredibar.instlday", "15569");
Found : user_pref("extensions.incredibar.instlref", "");
Found : user_pref("extensions.incredibar.isDcmntCmplt", false);
Found : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Found : user_pref("extensions.incredibar.keywordurl", "");
Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1423:05:10");
Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Found : user_pref("extensions.incredibar.newTab", false);
Found : user_pref("extensions.incredibar.newtab", "false");
Found : user_pref("extensions.incredibar.newtaburl", "");
Found : user_pref("extensions.incredibar.noFFXTlbr", false);
Found : user_pref("extensions.incredibar.ppd", "");
Found : user_pref("extensions.incredibar.prdct", "incredibar");
Found : user_pref("extensions.incredibar.productid", "26");
Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Found : user_pref("extensions.incredibar.sg", "none");
Found : user_pref("extensions.incredibar.smplGrp", "none");
Found : user_pref("extensions.incredibar.smplgrp", "none");
Found : user_pref("extensions.incredibar.srch", "");
Found : user_pref("extensions.incredibar.srchprvdr", "");
Found : user_pref("extensions.incredibar.tlbrId", "base");
Found : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyLl4HLRG&loc=IB_T[...]
Found : user_pref("extensions.incredibar.tlbrid", "base");
Found : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6OyLl4HLRG&loc=IB_T[...]
Found : user_pref("extensions.incredibar.upn2", "6OyLl4HLRG");
Found : user_pref("extensions.incredibar.upn2n", "92261948372836548");
Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1423:05:10");
Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnts", "1.5.11.1423:05:10");
Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10657");
Found : user_pref("extensions.incredibar_i.excTlbr", false);
Found : user_pref("extensions.incredibar_i.id", "2e875dae000000000000844bf5db8d67");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15569");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyLl4HLRG&loc=IB[...]
Found : user_pref("extensions.incredibar_i.upn2", "6OyLl4HLRG");
Found : user_pref("extensions.incredibar_i.upn2n", "92261948372836548");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1423:05:10");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Found : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb155/?loc=IB_DS&a=6OyLl4HLRG&&i=26&search="[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
*************************
AdwCleaner[R1].txt - [8917 octets] - [19/08/2012 23:33:20]
AdwCleaner[S1].txt - [300 octets] - [19/08/2012 23:33:40]
AdwCleaner[R2].txt - [8931 octets] - [20/08/2012 19:31:46]
########## EOF - C:\AdwCleaner[R2].txt - [9059 octets] ##########
Danke auch für die schnelle Antwort und Hilfe! Lg, Martina |
|
20.08.2012, 22:27
| #4 |
| /// Helfer-Team | MyStart by IncrediBar entfernen/deinstallieren Sehr gut! 
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
21.08.2012, 13:43
| #5 |
| | MyStart by IncrediBar entfernen/deinstallieren Okay, hier der Bericht von AdwCleaner: Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/21/2012 at 13:26:02
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Martina - MARTINA-VAIO
# Boot Mode : Normal
# Running from : C:\Users\Martina\Desktop\Alles für TrojanerBoard\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\qvq1dwsx.default\searchplugins\MyStart Search.xml
File Deleted : C:\user.js
***** [Registry] *****
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
[x64] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Deleted : HKLM\SOFTWARE\Web Assistant
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb155?a=6OyLl4HLRG&i=26 --> hxxp://www.google.com
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\qvq1dwsx.default\prefs.js
C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\qvq1dwsx.default\user.js ... Deleted !
Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb155?a=6OyLl4HLRG&loc=FF_NT");
Deleted : user_pref("browser.search.defaultenginename", "MyStart Search");
Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1345318713017");
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Deleted : user_pref("extensions.incredibar.cntry", "DE");
Deleted : user_pref("extensions.incredibar.dfltLng", "EN");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.dfltlng", "en");
Deleted : user_pref("extensions.incredibar.dfltsrch", "false");
Deleted : user_pref("extensions.incredibar.did", "10657");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "60D136D0B1613F62B858FF2B4AE9DD9D");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.hrdid", "2e875dae000000000000844bf5db8d67");
Deleted : user_pref("extensions.incredibar.id", "2e875dae000000000000844bf5db8d67");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15569");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.instlday", "15569");
Deleted : user_pref("extensions.incredibar.instlref", "");
Deleted : user_pref("extensions.incredibar.isDcmntCmplt", false);
Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Deleted : user_pref("extensions.incredibar.keywordurl", "");
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1423:05:10");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.newtab", "false");
Deleted : user_pref("extensions.incredibar.newtaburl", "");
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.smplgrp", "none");
Deleted : user_pref("extensions.incredibar.srch", "");
Deleted : user_pref("extensions.incredibar.srchprvdr", "");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyLl4HLRG&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.tlbrid", "base");
Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6OyLl4HLRG&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6OyLl4HLRG");
Deleted : user_pref("extensions.incredibar.upn2n", "92261948372836548");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1423:05:10");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.1423:05:10");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10657");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "2e875dae000000000000844bf5db8d67");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15569");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyLl4HLRG&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6OyLl4HLRG");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92261948372836548");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1423:05:10");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb155/?loc=IB_DS&a=6OyLl4HLRG&&i=26&search="[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
*************************
AdwCleaner[R1].txt - [8917 octets] - [19/08/2012 23:33:20]
AdwCleaner[S1].txt - [300 octets] - [19/08/2012 23:33:40]
AdwCleaner[R2].txt - [9034 octets] - [20/08/2012 19:31:46]
AdwCleaner[S2].txt - [8242 octets] - [21/08/2012 13:26:02]
########## EOF - C:\AdwCleaner[S2].txt - [8370 octets] ##########
Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 21.08.2012 13:53:12
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 21.08.2012 13:54:51
Gescannt 601986
Gefunden 0
Scan Ende: 21.08.2012 14:26:46
Scan Zeit: 0:31:55
|
|
21.08.2012, 14:56
| #6 |
| /// Helfer-Team | MyStart by IncrediBar entfernen/deinstallieren Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
__________________ --> MyStart by IncrediBar entfernen/deinstallieren |
|
21.08.2012, 16:58
| #7 |
| | MyStart by IncrediBar entfernen/deinstallieren Ich mag deine "sehr gut"s, die ermutigen einen so schön  Hier ist die Logdatei: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=017e6b9425e2ea47ae60d91f5645c62e
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-19 09:29:49
# local_time=2012-08-19 11:29:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 287727 287727 0 0
# compatibility_mode=5893 16776573 100 94 5644 97037068 0 0
# compatibility_mode=8192 67108863 100 0 548 548 0 0
# scanned=147263
# found=1
# cleaned=0
# scan_time=4571
C:\Users\Martina\Downloads\Setup74_FreeFlvConverter.exe Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=017e6b9425e2ea47ae60d91f5645c62e
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-20 08:20:26
# local_time=2012-08-20 10:20:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 329025 329025 0 0
# compatibility_mode=5893 16776573 100 94 36621 97078366 0 0
# compatibility_mode=8192 67108863 100 0 41846 41846 0 0
# scanned=53339
# found=0
# cleaned=0
# scan_time=2310
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=017e6b9425e2ea47ae60d91f5645c62e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-20 09:42:58
# local_time=2012-08-20 11:42:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 331433 331433 0 0
# compatibility_mode=5893 16776573 100 94 2230 97080774 0 0
# compatibility_mode=8192 67108863 100 0 44254 44254 0 0
# scanned=161010
# found=1
# cleaned=0
# scan_time=4853
C:\Users\Martina\Downloads\Setup74_FreeFlvConverter.exe Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=017e6b9425e2ea47ae60d91f5645c62e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-21 03:47:35
# local_time=2012-08-21 05:47:35 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 439739 439739 0 0
# compatibility_mode=5893 16776573 100 94 9540 97189080 0 0
# compatibility_mode=8192 67108863 100 0 152560 152560 0 0
# scanned=169181
# found=0
# cleaned=0
# scan_time=4825
|
|
21.08.2012, 17:41
| #8 |
| /// Helfer-Team | MyStart by IncrediBar entfernen/deinstallieren Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck |
|
21.08.2012, 19:06
| #9 |
| | MyStart by IncrediBar entfernen/deinstallieren Okay, hab jetzt alles so gemacht und eingestellt wie du gesagt hast. Hier der PluginCheck: PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 14.0.1 ist aktuell Flash (11,3,300,271) ist aktuell. Java (1,7,0,6) ist aktuell. Adobe Reader 10,1,4,38 ist aktuell. |
|
22.08.2012, 00:26
| #10 |
| /// Helfer-Team | MyStart by IncrediBar entfernen/deinstallieren Sehr gut! damit bist Du sauber und entlassen! adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html PC wird immer langsamer - was tun? |
|
22.08.2012, 10:10
| #11 |
| | MyStart by IncrediBar entfernen/deinstallieren Okay, super, hab jetzt alles so gemacht. Aber wenn ich einen neuen Tab öffne werde ich immer noch auf die MyStart by Incredibar Seite umgeleitet... sollte das jetzt nicht weg sein? |
|
22.08.2012, 19:23
| #12 |
| /// Helfer-Team | MyStart by IncrediBar entfernen/deinstallieren Gehe das mal durch: http://www.trojaner-board.de/122287-...entfernen.html |
|
24.08.2012, 18:28
| #13 |
| | MyStart by IncrediBar entfernen/deinstallieren Bin die Anleitung durchgegangen, Malwarebytes findet nichts und die Programme die man deinstallieren soll sind nicht mehr vorhanden, also schon deinstalliert. Und das mit dem about:config funktioniert nur so lange, wie ich den Browser offen habe. Wenn ich ihn schließe und später wieder öffne kommt beim Öffnen eines neuen Tabs wieder diese MyStart Incredibar Seite... Ich versteh das nicht, die Programme sind doch alle gelöscht, wieso kommt diese Umleitung dann trotzdem immer wieder? |
|
24.08.2012, 18:44
| #14 |
| /// Helfer-Team | MyStart by IncrediBar entfernen/deinstallieren Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
24.08.2012, 19:34
| #15 |
| | MyStart by IncrediBar entfernen/deinstallieren Alles klar, hier die Textdatei: Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/24/2012 at 20:33:11
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Martina - MARTINA-VAIO
# Boot Mode : Normal
# Running from : C:\Users\Martina\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
[x64] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
***** [Registre - GUID] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\qvq1dwsx.default\prefs.js
Found : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb155?a=6OyLl4HLRG&loc=FF_NT");
*************************
AdwCleaner[R1].txt - [924 octets] - [24/08/2012 20:33:11]
########## EOF - C:\AdwCleaner[R1].txt - [1051 octets] ##########
|
|
| Themen zu MyStart by IncrediBar entfernen/deinstallieren |
| autorun, bonjour, document, explorer, fehlermeldung, flash player, focus, format, google, incredibar toolbar, kaspersky, mozilla, mystart incredibar entfernen, mystart.incredibar trojaner toolbar, plug-in, programm, realtek, registry, security, senden, tastatur, usb, usb 3.0, wildtangent games, windows, windows xp, wlan, ändern, {336d0c35-8a85-403a-b9d2-65c292c39087} |
