| |
| |||||||
Log-Analyse und Auswertung: Browser (Google) leiten auf Spam-Seiten, keine Suche möglichWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
23.08.2012, 10:01
| #1 |
 |  Browser (Google) leiten auf Spam-Seiten, keine Suche möglich Hallo, ich bin zum ersten mal mit so etwas konfrontiert und etwas hilflos. Ich habe bereits gegoogelt, sobald ich aber eine Lösung gegunden habe, leitet mich der Browser wieder auf eine x-beliebige Spamseite weiter im Register steht kurz eine IP mit 91.....? Ich habe Panda Coud Antivirus Free und einen Systemcheck durchgeführt. Keine Verbesserung. CCleaner durchlaufen lassen, auch keine Verbesserung. Dann habe ich mit HijackThis ein Logfile erzeugt, die Auswertung hilft mir aber auch nicht weiter. Vielleicht kann mir ja einer von euch Profis weiterhelfen. hier das Logfile: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:28:17, on 23.08.2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16448) Boot mode: Normal Running processes: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files (x86)\CompeGPS\CompeGPSDev.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Rani\Downloads\HiJackThis204 (1).exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: Speckie - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\Rani\AppData\Roaming\Speckie\bin32\Speckie32.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll O2 - BHO: GMX Toolbar BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O3 - Toolbar: GMX Toolbar - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll O3 - Toolbar: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll O4 - HKLM\..\Run: [Panda Security URL Filtering] "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe" O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [BackupAndRecoveryMonitor.exe] C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe O4 - HKLM\..\Run: [TrayMonitor.exe] C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [CompeGPSDev] "C:\Program Files (x86)\CompeGPS\CompeGPSDev.exe" -cie "C:\Program Files (x86)\CompeGPS\CompeGPSDev.bat" O4 - HKLM\..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Premium_Sonderedition\TrayServer_de.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-837266586-758456707-2396322252-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Acronis Agent User') O4 - HKUS\S-1-5-21-837266586-758456707-2396322252-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Acronis Agent User') O4 - HKUS\S-1-5-18\..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f (User 'Default user') O4 - Startup: Samsung SSD Magician.lnk = C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe O4 - Global Startup: CineForm Status.lnk = C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Free YouTube Download - C:\Users\Rani\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Rani\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: (no name) - {E6846530-6088-4AA3-932F-C6245CE59A4C} - C:\Users\Rani\AppData\Roaming\Speckie\bin32\Speckie32.dll O9 - Extra 'Tools' menuitem: Einstellungen Speckie - {E6846530-6088-4AA3-932F-C6245CE59A4C} - C:\Users\Rani\AppData\Roaming\Speckie\bin32\Speckie32.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - hxxp://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: gmx - {8FAF0273-9CA8-4EFC-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Acronis Remote Agent Service (AcronisAgent) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Acronis Managed Machine Service (MMS) - Acronis - C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe O23 - Service: Qualcomm Gobi 2000 Download Service (HP) (QDLService2kHP) - QUALCOMM, Inc. - C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13509 bytes |
|
24.08.2012, 14:38
| #2 |
| /// Helfer-Team  | Browser (Google) leiten auf Spam-Seiten, keine Suche möglich 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. 2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
|
24.08.2012, 17:39
| #3 |
| | Browser (Google) leiten auf Spam-Seiten, keine Suche möglich Hallo, Danke für die Hilfe!
__________________Momentan scheint sich das Problem wieder von selbst erledigt zu haben. Ich schicke euch dennoch die beiden Log-Files, weil bestimmt nicht alles in Ordnung ist. Beim ersten Lauf von Malwarebytes wurden 1 gefunden und entfernt. Leider hab ich die Log nicht mehr.OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.08.2012 17:17:20 - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Rani\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,86 Gb Total Physical Memory | 5,03 Gb Available Physical Memory | 64,04% Memory free 15,72 Gb Paging File | 12,90 Gb Available in Paging File | 82,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 237,95 Gb Total Space | 168,73 Gb Free Space | 70,91% Space Free | Partition Type: NTFS Computer Name: RANI-HP | User Name: Rani | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Rani\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Digital Trends Club\HI-epanel-Reporting.exe () PRC - C:\Program Files (x86)\Digital Trends Club\HI-epanel-Updater.exe () PRC - C:\Program Files (x86)\Digital Trends Club\HI-epanel-Process-Connector.exe () PRC - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.) PRC - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Panda Security, S.L.) PRC - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.) PRC - C:\Program Files (x86)\CompeGPS\CompeGPSDev.exe (CompeGPS Team SL (https:\www.compegps.com)) PRC - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security) PRC - C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe (Acronis) PRC - C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe (Acronis) PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) PRC - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe (QUALCOMM, Inc.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Digital Trends Club\HI-epanel-Process-Connector.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company) SRV:64bit: - (DpHost) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.) SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (HI-epanel-Reporting-Service) -- C:\Program Files (x86)\Digital Trends Club\HI-epanel-Reporting.exe () SRV - (HI-epanel-Update-Service) -- C:\Program Files (x86)\Digital Trends Club\HI-epanel-Updater.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (PSUAService) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Panda Security, S.L.) SRV - (NanoServiceMain) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (AcronisAgent) -- C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe (Acronis) SRV - (MMS) -- C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe (Acronis) SRV - (HP ProtectTools Service) -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (HPFSService) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (QDLService2kHP) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe (QUALCOMM, Inc.) SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (PSINProt) -- C:\Windows\SysNative\drivers\PSINProt.sys (Panda Security, S.L.) DRV:64bit: - (PSINKNC) -- C:\Windows\SysNative\drivers\PSINKNC.sys (Panda Security, S.L.) DRV:64bit: - (PSINProc) -- C:\Windows\SysNative\drivers\PSINProc.sys (Panda Security, S.L.) DRV:64bit: - (PSINAflt) -- C:\Windows\SysNative\drivers\PSINAflt.sys (Panda Security, S.L.) DRV:64bit: - (PSINFile) -- C:\Windows\SysNative\drivers\PSINFile.sys (Panda Security, S.L.) DRV:64bit: - (NNSSTRM) -- C:\Windows\SysNative\drivers\NNSStrm.sys (Panda Security, S.L.) DRV:64bit: - (NNSTLSC) -- C:\Windows\SysNative\drivers\NNStlsc.sys (Panda Security, S.L.) DRV:64bit: - (NNSSMTP) -- C:\Windows\SysNative\drivers\NNSSmtp.sys (Panda Security, S.L.) DRV:64bit: - (NNSPRV) -- C:\Windows\SysNative\drivers\NNSPrv.sys (Panda Security, S.L.) DRV:64bit: - (NNSPROT) -- C:\Windows\SysNative\drivers\NNSProt.sys (Panda Security, S.L.) DRV:64bit: - (NNSPOP3) -- C:\Windows\SysNative\drivers\NNSPop3.sys (Panda Security, S.L.) DRV:64bit: - (NNSPIHSW) -- C:\Windows\SysNative\drivers\NNSPihsw.sys (Panda Security, S.L.) DRV:64bit: - (NNSPICC) -- C:\Windows\SysNative\drivers\NNSpicc.sys (Panda Security, S.L.) DRV:64bit: - (NNSNAHSL) -- C:\Windows\SysNative\drivers\NNSNAHSL.sys (Panda Security, S.L.) DRV:64bit: - (NNSIDS) -- C:\Windows\SysNative\drivers\NNSIds.sys (Panda Security, S.L.) DRV:64bit: - (NNSHTTP) -- C:\Windows\SysNative\drivers\NNSHttp.sys (Panda Security, S.L.) DRV:64bit: - (NNSALPC) -- C:\Windows\SysNative\drivers\NNSAlpc.sys (Panda Security, S.L.) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (PSKMAD) -- C:\Windows\SysNative\drivers\PSKMAD.sys (Panda Security) DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (qcusbnethp2k) -- C:\Windows\SysNative\drivers\qcusbnethp2k.sys (QUALCOMM Incorporated) DRV:64bit: - (qcusbserhp2k) -- C:\Windows\SysNative\drivers\qcusbserhp2k.sys (QUALCOMM Incorporated) DRV:64bit: - (qcfilterhp2k) -- C:\Windows\SysNative\drivers\qcfilterhp2k.sys (QUALCOMM Incorporated) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (rismcx64) -- C:\Windows\SysNative\drivers\rismcx64.sys (RICOH Company, Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC F1 AD 87 9F 40 CD 01 [binary data] IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\..\SearchScopes,DefaultScope = {11F9290F-4B49-4A9C-94F1-924E4096A039} IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\..\SearchScopes\{03A7AE23-BBF7-4D40-A4F3-32D1F8A147BB}: "URL" = hxxp://rover.ebay.com/rover/1/707-53477-19255-0/1?icep_ff3=9&pub=5574640706&toolid=10001&campid=5336449492&customid=&icep_uq={searchTerms}&icep_sellerId=&icep_ex_kw=&icep_sortBy=12&icep_catId=&icep_minPrice=&icep_maxPrice=&ipn=psmain&icep_vectorid=229487&kwid=902099&mtid=824&kw=lg IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\..\SearchScopes\{11F9290F-4B49-4A9C-94F1-924E4096A039}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\..\SearchScopes\{221DF1AD-A385-4C45-8938-C210F6361545}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=amznsearch.de.ms-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://www.google.com/search?ie=utf-8&oe=utf-8&rlz=1V4IPYX&q={searchTerms} IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\..\SearchScopes\{4BE31FE1-BCB3-4292-B403-0E14F166D56E}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\..\SearchScopes\{5318F2C1-EC98-438E-AC2B-0D59B1F0CF46}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=8D7C55C0-ED01-4B67-A87B-28F8FA9C4BD2&apn_sauid=0862ABBA-862A-4C62-B32D-6B26A083E33D IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\..\SearchScopes\{5DC67E4C-49E9-40E6-A441-0D795D5092A6}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\..\SearchScopes\{8FD91AF1-F7DF-473C-B4B3-8CBE6545C82D}: "URL" = hxxp://www.youtube.de/results?search_query={searchTerms} IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\..\SearchScopes\{BFF4156A-4A94-4DE1-BCF6-D16E2C92BE1B}: "URL" = hxxp://www.wetter.com/suche/?search={searchTerms}&search_type_weather=1&search_type_site=1 IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\..\SearchScopes\{C61BC75C-0D9A-496D-B68D-D430EB878723}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "hxxp://www.startfenster.com" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012.06.02 12:39:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\gacela2@nurago.com: C:\Program Files (x86)\Digital Trends Club [2012.08.24 17:12:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.02 13:46:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.02 13:46:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rani\AppData\Roaming\mozilla\Extensions [2012.08.16 12:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rani\AppData\Roaming\mozilla\Firefox\Profiles\odp3yr2v.default\extensions [2012.07.04 19:27:38 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Rani\AppData\Roaming\mozilla\Firefox\Profiles\odp3yr2v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.11 11:30:43 | 000,002,299 | ---- | M] () -- C:\Users\Rani\AppData\Roaming\Mozilla\Firefox\Profiles\odp3yr2v.default\searchplugins\askcom.xml [2012.06.02 13:46:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2:64bit: - BHO: (Digital Trends Club) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\Digital Trends Club\x64\Gacela2.dll (HI-epanel) O2:64bit: - BHO: (Speckie) - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\Rani\AppData\Roaming\Speckie\bin64\Speckie64.dll (Versoworks Pty Ltd) O2:64bit: - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX Toolbar\IE\uitb.dll File not found O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (Digital Trends Club) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\Digital Trends Club\Gacela2.dll (HI-epanel) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Speckie) - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\Rani\AppData\Roaming\Speckie\bin32\Speckie32.dll (Versoworks Pty Ltd) O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll File not found O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll () O3:64bit: - HKU\S-1-5-21-837266586-758456707-2396322252-1001\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll File not found O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe () O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [BackupAndRecoveryMonitor.exe] C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe (Acronis) O4 - HKLM..\Run: [CompeGPSDev] C:\Program Files (x86)\CompeGPS\CompeGPSDev.exe (CompeGPS Team SL (https:\www.compegps.com)) O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security) O4 - HKLM..\Run: [PSUAMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.) O4 - HKLM..\Run: [TrayMonitor.exe] C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe (Acronis) O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Premium_Sonderedition\TrayServer_de.exe (MAGIX AG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-837266586-758456707-2396322252-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - HKU\.DEFAULT..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f File not found O4 - HKU\.DEFAULT..\RunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f File not found O4 - HKU\S-1-5-18..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f File not found O4 - HKU\S-1-5-18..\RunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-837266586-758456707-2396322252-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Rani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Rani\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Rani\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Rani\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Rani\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9:64bit: - Extra 'Tools' menuitem : Ãœber Digital Trends Club - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\Digital Trends Club\x64\Gacela2.dll (HI-epanel) O9:64bit: - Extra 'Tools' menuitem : Einstellungen Speckie - {E6846530-6088-4AA3-932F-C6245CE59A4C} - C:\Users\Rani\AppData\Roaming\Speckie\bin64\Speckie64.dll (Versoworks Pty Ltd) O9 - Extra 'Tools' menuitem : Über Digital Trends Club - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\Digital Trends Club\Gacela2.dll (HI-epanel) O9 - Extra 'Tools' menuitem : Einstellungen Speckie - {E6846530-6088-4AA3-932F-C6245CE59A4C} - C:\Users\Rani\AppData\Roaming\Speckie\bin32\Speckie32.dll (Versoworks Pty Ltd) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D35BA20E-959C-4BC3-A38D-A2586B78A019}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FADDEA44-B0E6-474E-A8A9-3AB4918B6D27}: DhcpNameServer = 140.0.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF1BD632-F5CC-42A6-A04A-F7C865EA950B}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.24 16:17:25 | 000,000,000 | ---D | C] -- C:\Users\Rani\AppData\Roaming\Malwarebytes [2012.08.24 16:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.24 16:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.24 16:17:10 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.24 16:17:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.24 16:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital Trends Club [2012.08.24 16:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digital Trends Club [2012.08.24 09:51:18 | 000,057,928 | ---- | C] (Panda Security) -- C:\Windows\SysNative\drivers\PSKMAD.sys [2012.08.23 20:50:43 | 000,000,000 | ---D | C] -- C:\Users\Rani\Documents\USB_Stick [2012.08.23 17:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.08.23 17:04:11 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX [2012.08.23 17:04:11 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX [2012.08.23 17:04:11 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX [2012.08.23 17:04:11 | 000,095,744 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.08.23 17:04:10 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL [2012.08.23 17:04:10 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL [2012.08.23 17:04:10 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL [2012.08.23 17:04:10 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL [2012.08.23 17:04:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012.08.23 16:51:40 | 000,000,000 | ---D | C] -- C:\Users\Rani\Documents\Bank [2012.08.23 09:48:45 | 000,000,000 | ---D | C] -- C:\Users\Rani\AppData\Roaming\QuickScan [2012.08.23 09:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.08.23 06:45:39 | 000,000,000 | ---D | C] -- C:\Users\Rani\AppData\Roaming\proDAD [2012.08.23 06:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\proDAD [2012.08.23 06:45:38 | 000,506,824 | ---- | C] (proDAD GmbH) -- C:\Windows\SysWow64\prodad-codec.dll [2012.08.23 06:23:46 | 000,329,728 | ---- | C] (proDAD GmbH) -- C:\Windows\SysWow64\proDAD-PA-Support.dll [2012.08.23 06:23:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\proDAD [2012.08.23 06:23:07 | 000,000,000 | ---D | C] -- C:\ProgramData\proDAD [2012.08.22 18:13:20 | 000,000,000 | ---D | C] -- C:\Users\Rani\AppData\Local\MAGIX [2012.08.22 14:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geopainting.com [2012.08.22 14:37:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Geopainting.com [2012.08.22 12:59:26 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Program Files [2012.08.22 12:10:25 | 000,000,000 | ---D | C] -- C:\Users\Rani\Documents\MAGIX [2012.08.22 11:40:34 | 000,000,000 | ---D | C] -- C:\Users\Rani\AppData\Local\Xara [2012.08.22 11:40:34 | 000,000,000 | ---D | C] -- C:\Users\Rani\Documents\MAGIX_MusicEditor [2012.08.22 11:40:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Shared [2012.08.22 11:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX [2012.08.22 11:39:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX [2012.08.22 11:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX [2012.08.22 11:39:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services [2012.08.22 11:22:13 | 000,000,000 | ---D | C] -- C:\Users\Rani\Documents\MAGIX Downloads [2012.08.22 11:22:13 | 000,000,000 | ---D | C] -- C:\Users\Rani\AppData\Roaming\MAGIX [2012.08.21 21:10:40 | 000,000,000 | ---D | C] -- C:\Users\Rani\Documents\GPS [2012.08.21 16:05:34 | 000,000,000 | ---D | C] -- C:\Users\Rani\AppData\Local\GoPro [2012.08.21 15:04:11 | 000,000,000 | ---D | C] -- C:\Users\Rani\AppData\Roaming\GoPro [2012.08.21 14:40:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CineForm [2012.08.21 14:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro [2012.08.21 14:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012.08.21 14:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.08.21 14:39:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoPro [2012.08.16 12:04:15 | 000,000,000 | ---D | C] -- C:\Users\Rani\.swt [2012.08.16 12:03:25 | 000,000,000 | ---D | C] -- C:\Users\Rani\Eigene Routen [2012.08.16 12:02:52 | 000,000,000 | ---D | C] -- C:\Users\Rani\.hgt [2012.08.16 10:43:00 | 000,000,000 | ---D | C] -- C:\Users\Rani\AppData\Roaming\NVIDIA [2012.08.16 10:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CompeGPSDownloader [2012.08.16 10:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\CompeGPSDownloader [2012.08.16 10:42:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CompeGPSDownloader [2012.08.16 10:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CompeGPS [2012.08.16 10:41:49 | 000,000,000 | ---D | C] -- C:\Users\Rani\Documents\CompeGPS [2012.08.16 10:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\CompeGPS [2012.08.16 10:41:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CompeGPS [2012.08.15 21:15:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.15 21:15:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.15 21:15:13 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.15 21:15:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.15 21:15:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.08.15 21:15:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.15 21:15:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.15 21:15:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.08.15 21:15:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.08.15 21:15:11 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.08.15 21:15:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.08.15 21:15:10 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.15 21:15:10 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.15 10:46:12 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012.08.15 10:46:12 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012.08.15 10:46:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012.08.15 10:46:10 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012.08.15 10:46:09 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.15 10:46:09 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.15 10:46:09 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.15 10:46:07 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012.08.15 01:20:55 | 000,000,000 | ---D | C] -- C:\Users\Rani\Documents\Urlaub [2012.08.14 17:45:20 | 001,919,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wdfcoinstaller01005.dll [2012.08.14 17:45:20 | 000,018,432 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys [2012.08.14 17:45:18 | 001,885,488 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysWow64\BttnCmns.dll [2012.08.14 17:45:18 | 001,863,680 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysWow64\BttnCmn.dll [2012.08.14 17:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\swsetup [2012.08.11 01:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2012.08.11 01:43:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012.08.11 01:42:32 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.07.26 08:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus ========== Files - Modified Within 30 Days ========== [2012.08.24 17:21:27 | 009,481,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.24 17:21:27 | 000,694,430 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2012.08.24 17:21:27 | 000,693,454 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat [2012.08.24 17:21:27 | 000,691,192 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2012.08.24 17:21:27 | 000,689,726 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012.08.24 17:21:27 | 000,689,108 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2012.08.24 17:21:27 | 000,679,342 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat [2012.08.24 17:21:27 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.24 17:21:27 | 000,623,144 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat [2012.08.24 17:21:27 | 000,617,568 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat [2012.08.24 17:21:27 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.24 17:21:27 | 000,462,172 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat [2012.08.24 17:21:27 | 000,448,586 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat [2012.08.24 17:21:27 | 000,433,388 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat [2012.08.24 17:21:27 | 000,137,062 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat [2012.08.24 17:21:27 | 000,134,840 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012.08.24 17:21:27 | 000,133,752 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat [2012.08.24 17:21:27 | 000,132,940 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2012.08.24 17:21:27 | 000,130,140 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2012.08.24 17:21:27 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.24 17:21:27 | 000,127,144 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2012.08.24 17:21:27 | 000,123,740 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat [2012.08.24 17:21:27 | 000,121,788 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat [2012.08.24 17:21:27 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.24 17:21:27 | 000,082,148 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat [2012.08.24 17:21:27 | 000,079,804 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat [2012.08.24 17:21:27 | 000,077,096 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat [2012.08.24 17:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.24 16:17:12 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.24 09:58:26 | 000,009,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.24 09:58:26 | 000,009,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.24 09:51:15 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Muanxizx.job [2012.08.24 09:51:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.24 09:51:06 | 2033,745,919 | -HS- | M] () -- C:\hiberfil.sys [2012.08.23 17:04:27 | 000,096,599 | ---- | M] () -- C:\Users\Rani\Documents\krankenkosten1.ods [2012.08.22 22:11:14 | 000,014,193 | ---- | M] () -- C:\Users\Rani\Documents\Akutklinik.ods [2012.08.22 20:33:25 | 000,659,329 | ---- | M] () -- C:\Users\Rani\Documents\Akutklinik.xml [2012.08.22 20:07:04 | 000,012,166 | ---- | M] () -- C:\Users\Rani\Documents\Nitsch Zahlungen.ods [2012.08.22 14:54:30 | 000,118,784 | RHS- | M] () -- C:\Windows\SysWow64\MFPlays.dll [2012.08.22 13:13:01 | 000,453,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.21 14:40:50 | 000,001,210 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2012.08.16 16:48:01 | 004,983,155 | ---- | M] () -- C:\Users\Rani\Documents\Manual_TwoNav_Sportiva_22_de.pdf [2012.08.15 20:15:57 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.15 20:15:57 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.13 16:58:17 | 000,010,958 | ---- | M] () -- C:\Users\Rani\Documents\Kreditkartenabrechnung_4998xxxxxxxx0504_per_2012_07_20.pdf [2012.08.13 16:58:12 | 000,021,889 | ---- | M] () -- C:\Users\Rani\Documents\Kontoauszug_12127643_Nr_2012_008_per_2012_08_03.pdf ========== Files Created - No Company Name ========== [2012.08.24 16:17:12 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.22 22:11:12 | 000,014,193 | ---- | C] () -- C:\Users\Rani\Documents\Akutklinik.ods [2012.08.22 20:07:02 | 000,012,166 | ---- | C] () -- C:\Users\Rani\Documents\Nitsch Zahlungen.ods [2012.08.22 19:42:11 | 000,659,329 | ---- | C] () -- C:\Users\Rani\Documents\Akutklinik.xml [2012.08.22 14:54:31 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\Muanxizx.job [2012.08.22 14:54:30 | 000,118,784 | RHS- | C] () -- C:\Windows\SysWow64\MFPlays.dll [2012.08.21 14:40:50 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2012.08.16 17:21:16 | 004,983,155 | ---- | C] () -- C:\Users\Rani\Documents\Manual_TwoNav_Sportiva_22_de.pdf [2012.08.13 17:51:37 | 000,021,889 | ---- | C] () -- C:\Users\Rani\Documents\Kontoauszug_12127643_Nr_2012_008_per_2012_08_03.pdf [2012.08.13 17:51:28 | 000,010,958 | ---- | C] () -- C:\Users\Rani\Documents\Kreditkartenabrechnung_4998xxxxxxxx0504_per_2012_07_20.pdf [2012.07.09 18:17:39 | 000,003,584 | ---- | C] () -- C:\Users\Rani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.03 14:34:24 | 000,002,706 | ---- | C] () -- C:\Users\Rani\AppData\Local\recently-used.xbel [2011.05.19 08:50:58 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPPassFilter.dll.hpsign [2011.05.19 08:50:58 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPCrProv.dll.hpsign [2011.01.02 22:10:27 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011.01.02 22:10:16 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011.01.02 22:10:05 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011.01.02 21:02:28 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.01.02 21:02:23 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.01.02 21:02:17 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.01.02 21:02:13 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.01.02 21:02:06 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll ========== LOP Check ========== [2012.06.03 20:11:11 | 000,000,000 | ---D | M] -- C:\Users\Rani\AppData\Roaming\1&1 Mail & Media GmbH [2012.06.19 19:24:53 | 000,000,000 | ---D | M] -- C:\Users\Rani\AppData\Roaming\Acronis [2012.07.04 19:41:33 | 000,000,000 | ---D | M] -- C:\Users\Rani\AppData\Roaming\Audacity [2012.06.02 11:28:30 | 000,000,000 | ---D | M] -- C:\Users\Rani\AppData\Roaming\Buhl Data Service [2012.06.02 11:28:23 | 000,000,000 | ---D | M] -- C:\Users\Rani\AppData\Roaming\Buhl Data Service GmbH [2012.06.11 17:17:26 | 000,000,000 | ---D | M] -- C:\Users\Rani\AppData\Roaming\Canon [2012.06.02 12:43:02 | 000,000,000 | ---D | M] -- C:\Users\Rani\AppData\Roaming\DigitalPersona [2012.07.11 23:00:14 | 000,000,000 | ---D | M] -- C:\Users\Rani\AppData\Roaming\DVDVideoSoft [2012.07.04 19:27:38 | 000,000,000 | ---D | M] -- C:\Users\Rani\AppData\Roaming\DVDVideoSoftIEHelpers [2012.08.23 09:32:31 | 000,000,000 | ---D | M] -- C:\Users\Rani\AppData\Roaming\FileZilla [2012.08.23 16:18:06 | 000,000,000 | ---D | M] -- C:\Users\Rani\AppData\Roaming\Foxit Software [2012.08.21 15:04:11 | 000,000,000 | ---D | M] -- C:\Users\Rani\AppData\Roaming\GoPro [2012.08.22 18:17:33 | 000,000,000 | ---D | M] -- C:\Users\Rani\AppData\Roaming\MAGIX [2012.07.09 17:56:10 | 000,000,000 | ---D | M] -- C:\Users\Rani\AppData\Roaming\OpenCandy [2012.06.04 11:02:12 | 000,000,000 | ---D | M] -- C:\Users\Rani\AppData\Roaming\OpenOffice.org [2012.06.02 13:43:52 | 000,000,000 | ---D | M] -- C:\Users\Rani\AppData\Roaming\Opera [2012.06.02 13:24:06 | 000,000,000 | ---D | M] -- C:\Users\Rani\AppData\Roaming\Panda Security [2012.08.23 17:04:13 | 000,000,000 | ---D | M] -- C:\Users\Rani\AppData\Roaming\pdfforge [2012.08.23 08:56:48 | 000,000,000 | ---D | M] -- C:\Users\Rani\AppData\Roaming\proDAD [2012.08.23 09:48:51 | 000,000,000 | ---D | M] -- C:\Users\Rani\AppData\Roaming\QuickScan [2012.06.27 10:13:48 | 000,000,000 | ---D | M] -- C:\Users\Rani\AppData\Roaming\Speckie [2012.08.24 09:51:15 | 000,000,312 | ---- | M] () -- C:\Windows\Tasks\Muanxizx.job [2012.08.22 09:31:07 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.24.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Rani :: RANI-HP [Administrator] 24.08.2012 17:31:14 mbam-log-2012-08-24 (17-31-14).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 574890 Laufzeit: 50 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Vielen Dank für die Hilfe |
|
24.08.2012, 17:48
| #4 |
| /// Helfer-Team | Browser (Google) leiten auf Spam-Seiten, keine Suche möglich Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\..\SearchScopes,DefaultScope = {11F9290F-4B49-4A9C-94F1-924E4096A039}
IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\..\SearchScopes\{03A7AE23-BBF7-4D40-A4F3-32D1F8A147BB}: "URL" = http://rover.ebay.com/rover/1/707-53477-19255-0/1?icep_ff3=9&pub=5574640706&toolid=10001&campid=5336449492&customid=&icep_uq={searchTerms}&icep_sellerId=&icep_ex_kw=&icep_sortBy=12&icep_catId=&icep_minPrice=&icep_maxPrice=&ipn=psmain&icep_vectorid=229487&kwid=902099&mtid=824&kw=lg
IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\..\SearchScopes\{11F9290F-4B49-4A9C-94F1-924E4096A039}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\..\SearchScopes\{221DF1AD-A385-4C45-8938-C210F6361545}: "URL" = http://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=amznsearch.de.ms-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.com/search?ie=utf-8&oe=utf-8&rlz=1V4IPYX&q={searchTerms}
IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\..\SearchScopes\{4BE31FE1-BCB3-4292-B403-0E14F166D56E}: "URL" = http://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\..\SearchScopes\{5318F2C1-EC98-438E-AC2B-0D59B1F0CF46}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=8D7C55C0-ED01-4B67-A87B-28F8FA9C4BD2&apn_sauid=0862ABBA-862A-4C62-B32D-6B26A083E33D
IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\..\SearchScopes\{5DC67E4C-49E9-40E6-A441-0D795D5092A6}: "URL" = http://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\..\SearchScopes\{8FD91AF1-F7DF-473C-B4B3-8CBE6545C82D}: "URL" = http://www.youtube.de/results?search_query={searchTerms}
IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\..\SearchScopes\{BFF4156A-4A94-4DE1-BCF6-D16E2C92BE1B}: "URL" = http://www.wetter.com/suche/?search={searchTerms}&search_type_weather=1&search_type_site=1
IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\..\SearchScopes\{C61BC75C-0D9A-496D-B68D-D430EB878723}: "URL" = http://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
IE - HKU\S-1-5-21-837266586-758456707-2396322252-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://www.startfenster.com"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O2:64bit: - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX Toolbar\IE\uitb.dll File not found
O3:64bit: - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll File not found
O3:64bit: - HKU\S-1-5-21-837266586-758456707-2396322252-1001\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll File not found
O4 - HKU\.DEFAULT..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-837266586-758456707-2396322252-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
[2012.08.11 01:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012.08.21 14:40:50 | 000,001,210 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
[2012.08.24 09:51:15 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Muanxizx.job
:Files
C:\Users\Rani\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Rani\AppData\Local\Temp\*.exe
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
24.08.2012, 23:03
| #5 |
| | Browser (Google) leiten auf Spam-Seiten, keine Suche möglich Hallo, super die Anleitung, ich hoffe, ich habe dieses Mal alles richtig gemacht. Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-837266586-758456707-2396322252-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_USERS\S-1-5-21-837266586-758456707-2396322252-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-837266586-758456707-2396322252-1001\Software\Microsoft\Internet Explorer\SearchScopes\{03A7AE23-BBF7-4D40-A4F3-32D1F8A147BB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03A7AE23-BBF7-4D40-A4F3-32D1F8A147BB}\ not found.
Registry key HKEY_USERS\S-1-5-21-837266586-758456707-2396322252-1001\Software\Microsoft\Internet Explorer\SearchScopes\{11F9290F-4B49-4A9C-94F1-924E4096A039}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F9290F-4B49-4A9C-94F1-924E4096A039}\ not found.
Registry key HKEY_USERS\S-1-5-21-837266586-758456707-2396322252-1001\Software\Microsoft\Internet Explorer\SearchScopes\{221DF1AD-A385-4C45-8938-C210F6361545}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{221DF1AD-A385-4C45-8938-C210F6361545}\ not found.
Registry key HKEY_USERS\S-1-5-21-837266586-758456707-2396322252-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_USERS\S-1-5-21-837266586-758456707-2396322252-1001\Software\Microsoft\Internet Explorer\SearchScopes\{4BE31FE1-BCB3-4292-B403-0E14F166D56E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4BE31FE1-BCB3-4292-B403-0E14F166D56E}\ not found.
Registry key HKEY_USERS\S-1-5-21-837266586-758456707-2396322252-1001\Software\Microsoft\Internet Explorer\SearchScopes\{5318F2C1-EC98-438E-AC2B-0D59B1F0CF46}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5318F2C1-EC98-438E-AC2B-0D59B1F0CF46}\ not found.
Registry key HKEY_USERS\S-1-5-21-837266586-758456707-2396322252-1001\Software\Microsoft\Internet Explorer\SearchScopes\{5DC67E4C-49E9-40E6-A441-0D795D5092A6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5DC67E4C-49E9-40E6-A441-0D795D5092A6}\ not found.
Registry key HKEY_USERS\S-1-5-21-837266586-758456707-2396322252-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8FD91AF1-F7DF-473C-B4B3-8CBE6545C82D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FD91AF1-F7DF-473C-B4B3-8CBE6545C82D}\ not found.
Registry key HKEY_USERS\S-1-5-21-837266586-758456707-2396322252-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BFF4156A-4A94-4DE1-BCF6-D16E2C92BE1B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFF4156A-4A94-4DE1-BCF6-D16E2C92BE1B}\ not found.
Registry key HKEY_USERS\S-1-5-21-837266586-758456707-2396322252-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C61BC75C-0D9A-496D-B68D-D430EB878723}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C61BC75C-0D9A-496D-B68D-D430EB878723}\ not found.
HKU\S-1-5-21-837266586-758456707-2396322252-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Google" removed from browser.search.defaultengine
Prefs.js: "Google" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.startfenster.com" removed from browser.startup.homepage
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C424171E-592A-415a-9EB1-DFD6D95D3530} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415a-9EB1-DFD6D95D3530}\ deleted successfully.
64bit-Registry value HKEY_USERS\S-1-5-21-837266586-758456707-2396322252-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda2_0dn deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda2_0dn_XP deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda2_0dn not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda2_0dn_XP not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-837266586-758456707-2396322252-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\ProgramData\Ask\APN-Stub folder moved successfully.
C:\ProgramData\Ask folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk moved successfully.
C:\Windows\Tasks\Muanxizx.job moved successfully.
========== FILES ==========
C:\Users\Rani\AppData\Local\{4F538531-4A1C-40E2-8F16-A8F6619D9152} folder moved successfully.
C:\Users\Rani\AppData\Local\{7544AE0F-BA86-4024-A58F-DD1C5128FB62} folder moved successfully.
C:\Users\Rani\AppData\Local\{78C30857-CD0C-4A73-9EA1-65224BEEE81A} folder moved successfully.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
C:\Users\Rani\AppData\Local\Temp\Foxit Updater.exe moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Rani\Desktop\cmd.bat deleted successfully.
C:\Users\Rani\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Acronis Agent User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Rani
->Temp folder emptied: 746445567 bytes
->Temporary Internet Files folder emptied: 210709414 bytes
->FireFox cache emptied: 60036518 bytes
->Flash cache emptied: 2000 bytes
User: user
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 66340 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 607 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 45753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50568 bytes
RecycleBin emptied: 1404444 bytes
Total Files Cleaned = 972,00 mb
OTL by OldTimer - Version 3.2.58.1 log created on 08242012_233824
Files\Folders moved on Reboot...
C:\Users\Rani\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Rani\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Rani\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SGIBM1OM\122649-browser-google-leiten-spam-seiten-keine-suche-moeglich[1].htm moved successfully.
C:\Users\Rani\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SGIBM1OM\pconnect[1].htm moved successfully.
C:\Users\Rani\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FFNQ8TFQ\wmsmd[2].htm moved successfully.
C:\Users\Rani\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5MD3C2SX\home[1].htm moved successfully.
C:\Windows\temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\FXSTIFFDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
24.08.2012, 23:19
| #6 |
| /// Helfer-Team | Browser (Google) leiten auf Spam-Seiten, keine Suche möglich Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> Browser (Google) leiten auf Spam-Seiten, keine Suche möglich |
|
25.08.2012, 09:01
| #7 |
| | Browser (Google) leiten auf Spam-Seiten, keine Suche möglich Hallo, schade, zu früh gefreut. Das Mistding ist wieder da! Sobald ich einen Link aus der Suche öffnen möchte, komme ich auf eine andere Seite. Oft erscheint zuerst ihavenet.de (com?) in der Suchleiste. Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.25.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Rani :: RANI-HP [Administrator] 25.08.2012 09:07:11 mbam-log-2012-08-25 (09-07-11).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 565747 Laufzeit: 50 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/25/2012 at 10:03:04
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Rani - RANI-HP
# Boot Mode : Normal
# Running from : C:\Users\Rani\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\Rani\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Rani\AppData\Roaming\pdfforge
File Found : C:\Users\Rani\AppData\Roaming\Mozilla\Firefox\Profiles\odp3yr2v.default\searchplugins\Askcom.xml
***** [Registry] *****
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Softonic
[x64] Key Found : HKCU\Software\ilivid
[x64] Key Found : HKCU\Software\Softonic
***** [Registre - GUID] *****
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v12.0 (de)
Profile name : default
File : C:\Users\Rani\AppData\Roaming\Mozilla\Firefox\Profiles\odp3yr2v.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1340 octets] - [25/08/2012 10:03:04]
########## EOF - C:\AdwCleaner[R1].txt - [1468 octets] ##########
|
|
25.08.2012, 15:57
| #8 |
| /// Helfer-Team | Browser (Google) leiten auf Spam-Seiten, keine Suche möglich Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
25.08.2012, 19:29
| #9 |
| | Browser (Google) leiten auf Spam-Seiten, keine Suche möglich Es geht vpran! Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/25/2012 at 20:23:05
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Rani - RANI-HP
# Boot Mode : Normal
# Running from : C:\Users\Rani\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\Rani\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Rani\AppData\Roaming\pdfforge
File Deleted : C:\Users\Rani\AppData\Roaming\Mozilla\Firefox\Profiles\odp3yr2v.default\searchplugins\Askcom.xml
***** [Registry] *****
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Softonic
***** [Registre - GUID] *****
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v12.0 (de)
Profile name : default
File : C:\Users\Rani\AppData\Roaming\Mozilla\Firefox\Profiles\odp3yr2v.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1463 octets] - [25/08/2012 10:03:04]
AdwCleaner[R2].txt - [1523 octets] - [25/08/2012 10:04:14]
AdwCleaner[S1].txt - [1261 octets] - [25/08/2012 20:23:05]
########## EOF - C:\AdwCleaner[S1].txt - [1389 octets] ##########
Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 25.08.2012 20:45:17
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 25.08.2012 20:45:51
C:\_OTL\MovedFiles\08242012_233824\C_Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\134f6e3a-3d7b24f0 -> kuca\kucc.class gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\08242012_233824\C_Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\134f6e3a-3d7b24f0 -> kuca\kuca.class gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\08242012_233824\C_Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\134f6e3a-3d7b24f0 -> kuca\kucb.class gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\08242012_233824\C_Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\5199d3ea-400a0c35 -> rt0a\rt0a.class gefunden: Exploit.Java.CVE-2012-1723!E2
C:\_OTL\MovedFiles\08242012_233824\C_Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\5199d3ea-400a0c35 -> rt0a\rt0c.class gefunden: Exploit.Java.Blacole!E2
C:\_OTL\MovedFiles\08242012_233824\C_Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\5199d3ea-400a0c35 -> rt0a\rt0d.class gefunden: Java.CVE!E2
C:\Users\Rani\Downloads\goog1e_gpsmapedit_tool_key.zip -> goog1e_gpsmapedit_tool_key.com gefunden: Trojan.Win32.Pirminay!E2
Gescannt 824679
Gefunden 7
Scan Ende: 25.08.2012 21:01:59
Scan Zeit: 0:16:08
|
|
26.08.2012, 01:07
| #10 |
| /// Helfer-Team | Browser (Google) leiten auf Spam-Seiten, keine Suche möglich Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
26.08.2012, 22:31
| #11 |
| | Browser (Google) leiten auf Spam-Seiten, keine Suche möglichCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=30e95270bfe17e49bb5e955773ff1ae0
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-26 09:22:13
# local_time=2012-08-26 11:22:13 (+0100, Mitteleuropäische Sommerzeit )
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1538 16774142 20 0 2726073 2726073 0 0
# compatibility_mode=5893 16776574 100 94 368439 97639428 0 0
# compatibility_mode=8192 67108863 100 0 361 361 0 0
# scanned=378445
# found=6
# cleaned=6
# scan_time=6554
C:\Users\Rani\Downloads\iLividSetupV1 (1).exe Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Rani\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08242012_233824\C_Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\5199d3ea-400a0c35 Java/Exploit.CVE-2012-1723.AL trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08242012_233824\C_Users\Rani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\134f6e3a-3d7b24f0 Java/Exploit.CVE-2012-0507.CL trojan (deleted - quarantined) 00000000000000000000000000000000 C
E:\Spiele\GAMEBOOSTER\gamebooster.exe a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\System_Programme\SoftonicDownloader_fuer_pdfcreator.exe Win32/SoftonicDownloader.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
|
|
27.08.2012, 00:53
| #12 |
| /// Helfer-Team | Browser (Google) leiten auf Spam-Seiten, keine Suche möglich Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck |
|
27.08.2012, 08:07
| #13 |
| | Browser (Google) leiten auf Spam-Seiten, keine Suche möglichCode:
ATTFilter Internet Explorer 9.0 ist aktuell
Flash 11,3,300,271 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version!
Java (1,7,0,6) ist aktuell.
Adobe Reader ist nicht installiert oder aktiviert.
|
|
27.08.2012, 17:45
| #14 |
| /// Helfer-Team | Browser (Google) leiten auf Spam-Seiten, keine Suche möglich Noch Probleme? |
|
27.08.2012, 19:00
| #15 |
| |  Browser (Google) leiten auf Spam-Seiten, keine Suche möglich Hallo t,john, im Moment läufts und ich bin ganz schön froh, dass Du das hinbekommen hast. Vielen vielen Dank! Künftig werde ich mich vorsichtiger im Netz bewegen und einen großen Bogen um Keygeneratoren und die angeblich ach so geprüften Dateien machen. Großartig, dass es solche Foren gibt. Gruß Bischy  |
|
| Themen zu Browser (Google) leiten auf Spam-Seiten, keine Suche möglich |
| adobe, adobe flash player, antivirus, appdatalow, bho, browser, cloud, converter, defender, einstellungen, explorer, flash player, google, helper, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, launch, leitet, logfile, mozilla, mp3, nvidia, object, plug-in, security, software, windows |
Linear-Darstellung
