| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: My Start Incredibar bei Google ChromeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.03.2013, 13:53
| #1 |
 |  My Start Incredibar bei Google Chrome Ich hab google durchforstet aber da ich die enddateien von OTL hier hinposten soll, tu ich das auch direkt mal. Ich muss dazu sagen ich bin was das angeht ein totaler Anfänger. Daher bitte ich direkt mal um eure Hilfe und hoffe ich krieg das durch euch schnell gebacken also einmal der OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.03.2013 13:40:15 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Günter\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 60,62% Memory free 6,19 Gb Paging File | 4,91 Gb Available in Paging File | 79,39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,44 Gb Total Space | 19,13 Gb Free Space | 17,16% Space Free | Partition Type: NTFS Drive D: | 111,44 Gb Total Space | 12,70 Gb Free Space | 11,40% Space Free | Partition Type: NTFS Computer Name: GÜNTER-LAPTOP | User Name: Günter | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Günter\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Günter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Windows\System32\dmwu.exe () PRC - C:\Programme\AVG Secure Search\vprot.exe () PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe () PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe () PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\GNTER~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\OO Software\Defrag\oodag.exe (O&O Software GmbH) PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe (Avira GmbH) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () ========== Modules (No Company Name) ========== MOD - C:\Programme\AVG Secure Search\vprot.exe () MOD - C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll () MOD - C:\Users\Günter\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Günter\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll () MOD - C:\Users\Günter\AppData\Local\Google\Chrome\Application\14.0.835.202\avutil-51.dll () MOD - C:\Users\Günter\AppData\Local\Google\Chrome\Application\14.0.835.202\avformat-53.dll () MOD - C:\Users\Günter\AppData\Local\Google\Chrome\Application\14.0.835.202\avcodec-53.dll () MOD - C:\Users\Günter\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll () MOD - C:\Users\GNTER~1\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll () ========== Services (SafeList) ========== SRV - (IBUpdaterService) -- C:\Windows\System32\dmwu.exe () SRV - (vToolbarUpdater14.2.0) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe () SRV - (Web Assistant) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe () SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AVG Security Toolbar Service) -- C:\Programme\AVG\AVG9\Toolbar\ToolbarBroker.exe () SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (avgfws9) -- C:\Programme\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.) SRV - (OODefragAgent) -- C:\Programme\OO Software\Defrag\oodag.exe (O&O Software GmbH) SRV - (avg9wd) -- C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg9emc) -- C:\Programme\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (AGCoreService) -- C:\Programme\AGI\core\4.2.0.10753\AGCoreService.exe (AG Interactive) SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (AntiVirFirewallService) -- C:\Programme\Avira\Avira Premium Security Suite\avfwsvc.exe (Avira GmbH) SRV - (antivirwebservice) -- C:\Programme\Avira\Avira Premium Security Suite\avwebgrd.exe (Avira GmbH) SRV - (AntiVirMailService) -- C:\Programme\Avira\Avira Premium Security Suite\avmailc.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Programme\Avira\Avira Premium Security Suite\avguard.exe (Avira GmbH) SRV - (AntiVirScheduler) -- C:\Programme\Avira\Avira Premium Security Suite\sched.exe (Avira GmbH) SRV - (AVEService) -- C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe (Avira GmbH) SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (eDataSecurity Service) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (MobilityService) -- C:\ACER\Mobility Center\MobilityService.exe () SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) ========== Driver Services (SafeList) ========== DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found DRV - (NwlnkFwd) -- File not found DRV - (NwlnkFlt) -- File not found DRV - (massfilter) -- system32\drivers\massfilter.sys File not found DRV - (IpInIp) -- File not found DRV - (DKbFltr) -- system32\DRIVERS\DKbFltr.sys File not found DRV - (avgntflt) -- C:\Program Files\Avira\Avira Premium Security Suite\avgntflt.sys File not found DRV - (avgio) -- C:\Program Files\Avira\Avira Premium Security Suite\avgio.sys File not found DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies) DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadserd) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation) DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (NETwNv32) -- C:\Windows\System32\drivers\NETwNv32.sys (Intel Corporation) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation) DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation) DRV - (AvgRkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH) DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1108&m=aspire_7730g IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://downloads.phpnuke.org/de/index.php?rvs=hompag IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyA0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = hxxp://search.imgag.com/?appid=kwtb&component=&c=GNKIW29197&sbs=2&sc=2&f=web&vernum=3.2&uid=&did=%7b192b99f8-1d2a-48eb-9325-c854dd12e530%7d&q={searchTerms} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms} IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1108&m=aspire_7730g IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = hxxp://search.imgag.com/?appid=kwtb&component=&c=GNKIW29197&sbs=2&sc=2&f=web&vernum=3.2&uid=&did=%7b192b99f8-1d2a-48eb-9325-c854dd12e530%7d&q={searchTerms} IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=5cb91d6700000000000000215d82da3a IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={F19740F4-7F5B-41F0-9062-FAC97039BA49}&mid=7cf9315d36f641d49b51ff45d9b47d75-be0d922b36032992389c396b29a85254d8cb69b8&lang=de&ds=AVG&pr=pa&d=2011-12-01 14:55:15&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\SearchScopes\{BAB617A1-BFC3-4F26-B170-22079220EE32}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_deDE308DE308 IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6PQCASogBE&i=26 IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms} IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Günter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Users\GNTER~1\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Günter\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013.02.19 00:31:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2013.03.10 01:00:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\Web Assistant\Firefox [2013.03.10 01:00:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.13.2\extensions\\Components: C:\Program Files\SeaMonkey\components [2012.11.20 23:45:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.13.2\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2012.11.04 23:00:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Günter\AppData\Roaming\mozilla\Extensions [2013.02.28 19:44:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Günter\AppData\Roaming\mozilla\SeaMonkey\Profiles\oferoeix.default\extensions [2013.02.28 19:44:13 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Günter\AppData\Roaming\mozilla\SeaMonkey\Profiles\oferoeix.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\G\u00FCnter\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\G\u00FCnter\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\G\u00FCnter\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll CHR - plugin: Perion plugin (Enabled) = C:\Users\G\u00FCnter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll CHR - plugin: Flatcast Viewer Plugin 5.3.0.784 (Enabled) = C:\Users\G\u00FCnter\AppData\Roaming\Mozilla\plugins\NpFv530.dll CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Unity Player (Enabled) = C:\Users\G\u00FCnter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: New tab for Chrome\u2122 = C:\Users\Günter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\ CHR - Extension: AVG Security Toolbar = C:\Users\Günter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll () O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyA0.dll (Conduit Ltd.) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyA0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com) O3 - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Programme\MyAshampoo\tbMyA0.dll (Conduit Ltd.) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_MX_Plus_Download-Version\Trayserver_DE.exe (MAGIX AG) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2047451371-61689433-22939536-1000..\Run: [Facebook Update] "C:\Users\Günter\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found O4 - HKU\S-1-5-21-2047451371-61689433-22939536-1000..\Run: [Spotify Web Helper] C:\Users\Günter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-21-2047451371-61689433-22939536-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-21-2047451371-61689433-22939536-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: CabBuilder hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01120D52-1D46-4A2F-84EE-0BE33A189691}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll () O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - File not found O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Günter\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Günter\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\eaudio.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\framework.launcher.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\iastorui.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\shell.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3193a71f-84d6-11df-bb0c-00238b43c858}\Shell\AutoRun\command - "" = lot.exe O33 - MountPoints2\{3193a71f-84d6-11df-bb0c-00238b43c858}\Shell\open\Command - "" = lot.exe O33 - MountPoints2\{6ff921de-be09-11dd-af64-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6ff921de-be09-11dd-af64-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.07 12:51:19 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\sel für max [2013.03.06 00:36:59 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\Neuer Ordner [2013.03.04 00:28:45 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\miley cyrus [2013.03.03 15:38:44 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\für elliot [2013.03.02 12:35:44 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\für sets [2013.02.23 12:12:00 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\christina [2013.02.22 19:31:35 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\ron und mine gifs [2013.02.18 16:50:17 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\katie holmes [2013.02.18 00:53:16 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\dieser moment [2013.02.17 23:33:59 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\victoria justice [2013.02.16 19:17:17 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\Backgrounds [2013.02.16 19:17:02 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\Camera [2013.02.16 02:31:28 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\disney [2013.02.15 19:54:16 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\Originals [2013.02.14 01:41:22 | 000,000,000 | ---D | C] -- C:\3e341421702493874daa524a4f0b32 [2013.02.13 14:36:46 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.02.13 14:36:43 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.02.13 14:36:43 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2013.02.13 14:36:43 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.02.13 14:36:43 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.02.13 14:36:43 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.02.13 14:36:43 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.02.13 14:36:43 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.02.13 14:36:43 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.02.13 14:36:43 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.02.13 14:36:42 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2013.02.13 14:36:41 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.02.13 14:36:41 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.02.12 15:41:24 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\FTT [2013.02.10 20:47:07 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\babes [2013.02.10 19:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.10 19:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.02.10 19:37:03 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.09.14 23:15:55 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Günter\AppData\Roaming\pcouffin.sys [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.10 13:13:51 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.10 13:13:51 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.10 13:13:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.10 13:13:12 | 001,333,420 | ---- | M] () -- C:\Windows\System32\oodbs.lor [2013.03.10 04:31:15 | 000,028,402 | ---- | M] () -- C:\Users\Günter\Desktop\victoria.rtf [2013.03.10 04:09:40 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini [2013.03.10 03:45:47 | 000,207,008 | ---- | M] () -- C:\Users\Günter\.recently-used.xbel [2013.03.10 01:49:56 | 112,772,527 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2013.03.10 01:49:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2047451371-61689433-22939536-1000UA.job [2013.03.09 22:49:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2047451371-61689433-22939536-1000Core.job [2013.03.09 18:27:12 | 000,000,041 | ---- | M] () -- C:\Windows\System32\Filzip.ini [2013.03.09 03:13:11 | 000,000,213 | ---- | M] () -- C:\Users\Günter\Desktop\trivia.rtf [2013.03.09 01:27:37 | 000,033,792 | ---- | M] () -- C:\Users\Günter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.03.06 00:34:41 | 000,180,013 | ---- | M] () -- C:\Users\Günter\Desktop\tumblr_mfai8mBSDS1rb4y31o8_250.gif [2013.03.05 02:42:42 | 000,088,360 | ---- | M] () -- C:\Users\Günter\Desktop\avatar-3829bb77-12.png [2013.03.04 12:19:58 | 000,323,659 | ---- | M] () -- C:\Users\Günter\Desktop\anigif.gif [2013.03.04 10:00:56 | 001,052,976 | ---- | M] () -- C:\Windows\System32\dmwu.exe [2013.03.04 09:58:40 | 000,028,160 | ---- | M] () -- C:\Windows\System32\ImHttpComm.dll [2013.03.04 09:09:40 | 000,315,878 | ---- | M] () -- C:\Users\Günter\Desktop\Unbenannt1.jpg [2013.03.04 09:07:26 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll [2013.03.04 09:07:26 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll [2013.03.04 09:07:26 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcm80.dll [2013.03.04 09:07:24 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr100.dll [2013.03.04 09:07:24 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp100.dll [2013.03.04 08:54:38 | 000,043,226 | ---- | M] () -- C:\Users\Günter\Desktop\OEeGFwtk8tAnfiMuRp00QjaTwMb5NlnvlvY2xAnKdEpMXLCrCG3Tfb9YEhbtaDXe.jpg [2013.03.04 02:45:31 | 000,090,685 | ---- | M] () -- C:\Users\Günter\Desktop\Unbenannt-1.jpg [2013.03.04 02:21:14 | 000,056,201 | ---- | M] () -- C:\Users\Günter\Desktop\pg3.jpeg [2013.03.03 13:50:54 | 003,843,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.03.02 14:42:21 | 000,448,050 | ---- | M] () -- C:\Users\Günter\Desktop\Unbenannt-1.psd [2013.03.02 14:42:16 | 000,609,532 | ---- | M] () -- C:\Users\Günter\Desktop\Unbenannt-2.psd [2013.02.24 16:36:59 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.24 16:36:59 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.24 16:36:59 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.24 16:36:59 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.19 00:30:09 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2013.02.12 01:46:16 | 012,792,379 | ---- | M] () -- C:\Users\Günter\Desktop\tom-felton-001.psd [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.10 03:45:47 | 000,207,008 | ---- | C] () -- C:\Users\Günter\.recently-used.xbel [2013.03.09 03:13:11 | 000,000,213 | ---- | C] () -- C:\Users\Günter\Desktop\trivia.rtf [2013.03.06 00:34:44 | 000,180,013 | ---- | C] () -- C:\Users\Günter\Desktop\tumblr_mfai8mBSDS1rb4y31o8_250.gif [2013.03.05 02:35:19 | 000,088,360 | ---- | C] () -- C:\Users\Günter\Desktop\avatar-3829bb77-12.png [2013.03.04 12:19:58 | 000,323,659 | ---- | C] () -- C:\Users\Günter\Desktop\anigif.gif [2013.03.04 09:09:39 | 000,315,878 | ---- | C] () -- C:\Users\Günter\Desktop\Unbenannt1.jpg [2013.03.04 08:54:38 | 000,043,226 | ---- | C] () -- C:\Users\Günter\Desktop\OEeGFwtk8tAnfiMuRp00QjaTwMb5NlnvlvY2xAnKdEpMXLCrCG3Tfb9YEhbtaDXe.jpg [2013.03.04 02:48:55 | 000,028,402 | ---- | C] () -- C:\Users\Günter\Desktop\victoria.rtf [2013.03.04 02:45:30 | 000,090,685 | ---- | C] () -- C:\Users\Günter\Desktop\Unbenannt-1.jpg [2013.03.04 02:21:17 | 000,056,201 | ---- | C] () -- C:\Users\Günter\Desktop\pg3.jpeg [2013.03.02 14:14:37 | 000,609,532 | ---- | C] () -- C:\Users\Günter\Desktop\Unbenannt-2.psd [2013.03.02 14:14:33 | 000,448,050 | ---- | C] () -- C:\Users\Günter\Desktop\Unbenannt-1.psd [2013.02.12 01:46:12 | 012,792,379 | ---- | C] () -- C:\Users\Günter\Desktop\tom-felton-001.psd [2012.11.29 21:12:03 | 003,402,281 | ---- | C] () -- C:\Users\Günter\DSCI1730.JPG [2012.11.29 21:12:03 | 003,336,365 | ---- | C] () -- C:\Users\Günter\DSCI1731.JPG [2012.11.29 21:12:03 | 003,271,172 | ---- | C] () -- C:\Users\Günter\DSCI1729.JPG [2012.10.04 02:38:20 | 000,000,132 | ---- | C] () -- C:\Users\Günter\AppData\Roaming\Adobe GIF Format CS5 Prefs [2012.09.14 23:15:55 | 000,087,608 | ---- | C] () -- C:\Users\Günter\AppData\Roaming\inst.exe [2012.09.14 23:15:55 | 000,007,887 | ---- | C] () -- C:\Users\Günter\AppData\Roaming\pcouffin.cat [2012.09.14 23:15:55 | 000,001,144 | ---- | C] () -- C:\Users\Günter\AppData\Roaming\pcouffin.inf [2012.09.14 04:41:11 | 000,000,132 | ---- | C] () -- C:\Users\Günter\AppData\Roaming\Adobe AIFF Format CS5 Prefs [2012.09.10 01:13:31 | 000,030,008 | ---- | C] () -- C:\Windows\unvpeye.ini [2012.09.10 01:07:10 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe [2012.08.29 19:08:47 | 001,052,976 | ---- | C] () -- C:\Windows\System32\dmwu.exe [2012.08.29 19:08:47 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll [2012.07.29 22:52:14 | 000,715,038 | ---- | C] () -- C:\Windows\unins001.exe [2012.07.29 22:52:14 | 000,002,331 | ---- | C] () -- C:\Windows\unins001.dat [2012.07.29 22:47:45 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe [2012.07.29 22:47:45 | 000,000,861 | ---- | C] () -- C:\Windows\unins000.dat [2012.07.14 04:18:08 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll [2012.06.18 16:34:20 | 001,050,665 | ---- | C] () -- C:\Users\Günter\loveu46k0lajie9sqtnf86xi.png [2012.06.03 13:02:44 | 000,001,456 | ---- | C] () -- C:\Users\Günter\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2012.05.25 19:26:15 | 000,000,132 | ---- | C] () -- C:\Users\Günter\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.04.14 09:22:04 | 000,000,041 | ---- | C] () -- C:\Windows\System32\Filzip.ini [2012.03.21 21:37:37 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini [2011.12.15 00:33:07 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.06.07 10:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.06.07 10:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.06.07 10:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.06.07 10:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.06.07 10:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2010.12.09 17:11:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.09.26 17:48:20 | 000,001,057 | ---- | C] () -- C:\Users\Günter\AppData\Roaming\vso_ts_preview.xml [2010.09.17 19:26:38 | 000,008,592 | ---- | C] () -- C:\Users\Günter\AppData\Local\d3d9caps.dat [2010.06.09 00:28:20 | 000,033,792 | ---- | C] () -- C:\Users\Günter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.29 18:11:44 | 000,000,046 | ---- | C] () -- C:\Users\Günter\AppData\Roaming\AVSMediaPlayer.m3u [2010.05.27 18:30:51 | 000,000,000 | ---- | C] () -- C:\Users\Günter\AppData\Roaming\AVSDVDPlayer.m3u [2009.01.03 16:50:37 | 000,000,000 | ---- | C] () -- C:\Users\Günter\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2013.02.05 01:23:54 | 000,005,693 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2047451371-61689433-22939536-1000\$RI8UHG0\L.png [2013.02.05 01:24:50 | 000,007,753 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2047451371-61689433-22939536-1000\$RI8UHG0\N.png [2013.02.05 01:26:20 | 000,006,896 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2047451371-61689433-22939536-1000\$RI8UHG0\U.png [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.08.05 11:04:25 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Abra Academy2 [2008.10.31 22:43:28 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Acer GameZone Console [2010.11.03 08:30:39 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Alawar [2012.03.13 18:21:50 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Alawar Entertainment [2011.06.29 17:34:44 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Ambient Design [2012.11.02 06:03:16 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\AnvSoft [2010.09.15 19:48:14 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Artifex Mundi [2010.05.29 17:54:08 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Ashampoo [2011.12.23 04:16:54 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\avidemux [2010.09.20 21:24:38 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\BarbarianGames [2011.02.07 23:52:12 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Bluefishv1002 [2012.05.28 02:33:13 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.12.23 04:12:37 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2010.12.12 20:17:50 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\DarkParablesBriarRose_BFG_SE [2012.10.28 22:13:09 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\DVDVideoSoft [2010.09.24 19:32:32 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\EleFun Games [2010.07.29 00:00:23 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\ERS G-Studio [2009.01.03 16:48:23 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\eSobi [2013.02.12 21:07:23 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\FileZilla [2012.07.29 22:47:45 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Flatcast [2010.10.28 12:37:13 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Flood Light Games [2010.05.30 17:09:01 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\FloodLightGames [2010.06.14 20:22:03 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\FlyWheelGames [2010.12.17 07:03:18 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Freeze Tag [2012.03.14 03:05:03 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\freshgames [2010.07.28 22:40:33 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Fugazo [2010.09.08 19:00:29 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\FUJIFILM [2010.09.16 21:21:30 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Gaijin Ent [2010.06.04 16:41:01 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Game Mill Entertainment [2011.02.19 18:19:44 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Games [2011.02.17 06:51:51 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Green Clover Games [2013.03.10 03:45:47 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\gtk-2.0 [2011.02.27 20:32:45 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\HdO Adventure [2013.03.04 00:39:54 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\ICQ [2010.11.01 00:28:36 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\iMaxGen [2012.11.15 02:02:44 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\IMVU [2012.11.14 20:40:37 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\IMVUClient [2010.05.26 21:50:01 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\iWin [2012.03.13 15:56:24 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\JaiboGames [2011.02.11 00:49:40 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Jetsetter [2012.05.21 23:17:10 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\kiosk__ [2010.07.29 21:57:19 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Magic3 [2012.10.14 03:51:37 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\MAGIX [2012.03.11 22:25:14 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Meridian93 [2010.12.20 06:54:54 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Mutant Arcade [2010.09.21 20:24:27 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\My Games [2011.08.05 11:04:27 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\MysteriousCaseOfJekyllAndHyde [2010.09.18 02:39:58 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Nevosoft Games [2013.01.20 22:07:52 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Notepad++ [2011.06.24 20:16:18 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\ooVoo Details [2012.10.30 14:36:13 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\OpenCandy [2012.04.07 14:46:31 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Opera [2010.09.15 23:27:30 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\PeaceCraft2 [2011.01.13 01:21:35 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\PhotoFiltre [2012.09.30 14:27:01 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\PhotoScape [2012.03.11 17:25:51 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\PlayFirst [2012.03.16 23:35:57 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\PlayPond [2010.08.27 22:02:14 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Playrix Entertainment [2011.02.25 16:15:37 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\PoBros [2010.08.09 22:18:54 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Purple Patch Games [2010.08.09 14:04:04 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Registry Mechanic [2011.07.06 16:51:36 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Samsung [2010.09.24 20:32:20 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\ShinyTales [2011.02.18 17:44:37 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Silverback Productions [2011.03.04 04:44:28 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Spooky Runes [2013.03.10 13:33:28 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Spotify [2012.05.30 17:19:59 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.03.13 20:35:36 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Stand O'Food 3 [2011.04.16 21:21:47 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\TeamViewer [2009.01.03 16:50:59 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Template [2011.06.24 21:49:36 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\TIPP10 [2012.07.14 06:55:13 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\TrojanHunter [2011.10.30 12:41:20 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\TuneUp Software [2012.07.04 15:35:06 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Unity [2010.07.20 07:23:53 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\URSE Games [2010.05.26 19:37:31 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\URSoft [2012.02.23 23:02:06 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\UseNeXT [2011.02.24 16:04:57 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\V-Games [2010.09.16 00:46:53 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\VeniceMysteryData [2012.10.18 02:17:45 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Vso [2011.02.18 06:46:26 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\World-Loom ========== Purity Check ========== ========== Files - Unicode (All) ========== [2012.09.03 18:12:27 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?G) -- C:\Windows\System32\쐈Ĝ [2012.09.03 18:12:27 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?G) -- C:\Windows\System32\쐈Ĝ ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:FC420CE6 @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:193426B4 @Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:1CE11B51 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:D1B5B4F1 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:B2CB0E61 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:C36B1175 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D8D58038 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:CA0CE093 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:8AB6C1D7 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:370E4EFB @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9F683177 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:48977386 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9E22BBE8 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:237E4B91 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:1ECED34B @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:00F78F7C @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:22313216 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:8247A199 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:793F316E @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:880F0FEF @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:471AD3D0 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:3B812EE0 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:D507B5A8 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:131C0EE9 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:E54FC174 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4F636E25 @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:B1381B34 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:580E04D8 < End of report > und einmal der extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.03.2013 13:40:15 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Günter\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 60,62% Memory free
6,19 Gb Paging File | 4,91 Gb Available in Paging File | 79,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 19,13 Gb Free Space | 17,16% Space Free | Partition Type: NTFS
Drive D: | 111,44 Gb Total Space | 12,70 Gb Free Space | 11,40% Space Free | Partition Type: NTFS
Computer Name: GÜNTER-LAPTOP | User Name: Günter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2047451371-61689433-22939536-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{36CCB4A3-40CF-4634-AD8B-D55189C32775}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{818CCB94-0D15-4030-8028-3A4BA0780747}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A10E9278-5A8A-4C63-98E9-D6EFAD0DE59E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CF9DE8AC-CA70-4AD5-AA1C-2CB77AC61E61}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0733F101-C962-40F1-9BBE-5F3F5128A37C}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"{0D8AEE10-96C2-498F-AEB7-7902F449EFB9}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{10437D36-35DE-4A86-B6DE-9352D775BB86}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{108321D7-3947-446D-BFAC-2BBF8065AB33}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{174A65DF-7D01-4F73-A290-D5F0CC637A8D}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"{18AADF8E-F7E3-4E4D-8DA4-EC6E85CD2D99}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{194D9E78-D10D-4C8D-A171-D48CBE43EF07}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{204BB525-027C-44C4-B6FC-9BB59DF775CF}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"{2C4BDA9E-1363-48BE-B1BC-A8306B62FF43}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{36BE8D3B-84C9-43EE-9F89-AADE1DFFA481}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"{410E5F48-924B-416B-9A96-0F70F76FA965}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{41F02926-51A5-432F-AAA6-FD467BC3631E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{42E91586-7AA7-4EC4-85E7-2A590B91CB38}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{45442FB8-E642-4AF9-9CE9-F0C4EFFA0066}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{4766B1A4-ED58-4D64-9C93-FBA6619BECFA}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{5B019B3C-45CB-4A74-BD12-608FE374CDB6}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{5BDF34A1-E198-49C5-932B-BB16B8AC3AD0}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{5D000235-4036-425E-9F37-5759E5E48319}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{5E497CCD-B043-49E6-B442-B18F5BEBA680}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"{657C286D-07D4-4594-844A-1DE59C1CE584}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{6D2AD79B-A713-4C19-AE8F-B3A9F922F89F}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{6D41BBC8-3313-46DE-AE4A-8441CFF5CF1E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{71C466A5-3F28-4C6B-8FE3-F41AA9F5BD18}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{7E9309F2-9442-4C5D-9A67-506E8CE8D6AE}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{7F40A20A-ECCF-4B08-AAE4-34BB517B06C5}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{86AB5221-F056-4E52-9DC5-F94A59240ECC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{8E021C0A-7D58-4FCC-AC55-2F9A1A3C2521}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{95D9C668-E86E-49CE-A073-D46DE976CD15}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{999A10A1-859C-488D-A12E-056C08BBEA04}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"{AACAD7E7-4107-4CDF-89F8-344FCF345033}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{BCF0C634-BACC-424A-9A65-D88148DBF9CD}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{C1406FE9-9EA8-4C2D-A079-8E0672AE1CB3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{D0699951-BE88-49F6-8611-FC8F47C514C3}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{D16BE595-3874-447A-8280-A56BDB9E64C6}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{D803DF9D-805F-4730-AD9E-B058E98F7FAC}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{D8428B6B-E8F2-45DF-8D77-AA10181D3F15}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E7BC0F42-8139-48E4-A226-EE254FD3E9F0}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{F09D74FE-1D02-4500-8A0B-146401C0526E}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{F627B85B-D91B-4F56-8332-0536570C6223}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"{F85A475D-AA77-4C6F-B954-28B8370D6943}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0710A0C4-05D9-412D-AC50-5136B11A95B7}" = ArtRage 2 Starter Edition
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09EEB39E-9CDC-4376-917A-E9AF098C40DC}" = O&O Defrag Professional
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}" = MAGIX Foto Designer 7
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.573
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}" = Conceptronic CLLCHATCAM webcam
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6635B372-E2C5-4C2F-97FB-D1766E017CEE}" = MAGIX Screenshare
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85E00941-FDFF-4796-A3B8-3ACC766FFCA5}" = Topaz Clean 3
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8aade841-03c5-486a-b048-bb112cc0cac5}" = Kiwee Toolbar for Internet Explorer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E82D1DB-3AFB-4D18-A221-081F1B4B4789}" = Topaz DeNoise 5
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C960FB07-BBAA-4D26-BE81-D119A15A6E84}" = MAGIX Video deluxe MX Plus Download-Version
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10.0.4
"AVG Secure Search" = AVG Security Toolbar
"AVG9Uninstall" = AVG 9.0
"AVS Media Player_is1" = AVS Media Player 4.1.9.95
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Escape Whisper Valley_is1" = Escape Whisper Valley
"facemoods" = Facemoods Toolbar
"Filzip 3.0.6.93_is1" = Filzip 3.06
"Firestorm" = Firestorm
"Flatcast Viewer 5.3_is1" = Flatcast Viewer Plugin 5.3.0.784
"Flatcast_is1" = Flatcast Viewer Plugin 5.2.2.454
"FormatFactory" = FormatFactory 3.0.1
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.26.903
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.1.2
"GridVista" = Acer GridVista
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Jewel Charm_is1" = Jewel Charm
"MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Fotos auf CD & DVD 8 D" = MAGIX Fotos auf CD & DVD 8 8.0.1.11 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX_MSI_FotoDesigner7_silver" = MAGIX Foto Designer 7
"MAGIX_MSI_Videodeluxe18_plus" = MAGIX Video deluxe MX Plus Download-Version
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"Mysteries of Horus_is1" = Mysteries of Horus
"OpenAL" = OpenAL
"Opera 11.52.1100" = Opera 11.52
"PhotoScape" = PhotoScape
"SeaMonkey 2.13.2 (x86 de)" = SeaMonkey 2.13.2 (x86 de)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 7" = TeamViewer 7
"Topaz Adjust 5" = Topaz Adjust 5
"Topaz Clean 3" = Topaz Clean 3
"Topaz DeNoise 5" = Topaz DeNoise 5
"Topaz Detail 3" = Topaz Detail 3
"Topaz ReMask 3" = Topaz ReMask 3
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"UseNeXT_is1" = UseNeXT
"Utherverse VWW Client" = Utherverse VWW Client
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WNLT" = IB Updater Service
"YU2010_is1" = Your Uninstaller! 2010
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2047451371-61689433-22939536-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.5.3
"Google Chrome" = Google Chrome
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"PhotoFiltre" = PhotoFiltre
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.03.2012 16:13:05 | Computer Name = Günter-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 14.03.2012 21:39:30 | Computer Name = Günter-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 14.03.2012 23:44:40 | Computer Name = Günter-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 15.03.2012 14:57:05 | Computer Name = Günter-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 16.03.2012 07:38:15 | Computer Name = Günter-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 16.03.2012 07:49:37 | Computer Name = Günter-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 16.03.2012 08:10:31 | Computer Name = Günter-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 16.03.2012 10:36:31 | Computer Name = Günter-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 17.03.2012 09:11:08 | Computer Name = Günter-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 17.03.2012 19:04:08 | Computer Name = Günter-Laptop | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 10.03.2013 06:34:49 | Computer Name = Günter-Laptop | Source = Service Control Manager | ID = 7009
Description =
Error - 10.03.2013 06:34:49 | Computer Name = Günter-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 10.03.2013 06:34:49 | Computer Name = Günter-Laptop | Source = Service Control Manager | ID = 7024
Description =
Error - 10.03.2013 06:34:49 | Computer Name = Günter-Laptop | Source = Service Control Manager | ID = 7026
Description =
Error - 10.03.2013 06:34:49 | Computer Name = Günter-Laptop | Source = Service Control Manager | ID = 7001
Description =
Error - 10.03.2013 08:13:59 | Computer Name = Günter-Laptop | Source = Service Control Manager | ID = 7009
Description =
Error - 10.03.2013 08:13:59 | Computer Name = Günter-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 10.03.2013 08:13:59 | Computer Name = Günter-Laptop | Source = Service Control Manager | ID = 7024
Description =
Error - 10.03.2013 08:13:59 | Computer Name = Günter-Laptop | Source = Service Control Manager | ID = 7026
Description =
Error - 10.03.2013 08:13:59 | Computer Name = Günter-Laptop | Source = Service Control Manager | ID = 7001
Description =
< End of report >
|
|
11.03.2013, 11:22
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | My Start Incredibar bei Google Chrome Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
11.03.2013, 18:14
| #3 |
| | My Start Incredibar bei Google Chrome danke fürs Willkommen heißen.
__________________also eigentlich nein. also keine Logs. Ich hab einen Virentest mal mit AVG Anti-Virus gemacht. was anderes hab ich hier auch nicht. Und Logs habe ich davon jetzt nicht hier. |
|
11.03.2013, 21:08
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | My Start Incredibar bei Google Chrome Hatte AVG denn jemals etwas gefunden? Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.03.2013, 21:08
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | My Start Incredibar bei Google Chrome Hatte AVG denn jemals etwas gefunden? Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Rootkitscan mit GMER Bitte lade dir GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.03.2013, 03:56
| #6 |
| | My Start Incredibar bei Google Chrome also ich hab das mal eben vorzeitig gestoppt denn ich hab das bekommen ich habe die mbar.exe gestartet und da wusste ich jetzt nicht was ich da machen soll daher hab ich erstmal aufgehört  |
|
12.03.2013, 16:51
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | My Start Incredibar bei Google Chrome Da bitte auf nein klicken und normal weitermachen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.03.2013, 23:02
| #8 |
| | My Start Incredibar bei Google Chrome also der Scan von GMER: Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-12 03:46:59
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.11.0 232,89GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\GNTER~1\AppData\Local\Temp\awriykow.sys
---- System - GMER 2.1 ----
SSDT 8CBF4774 ZwCreateThread
SSDT 8CBF4760 ZwOpenProcess
SSDT 8CBF4765 ZwOpenThread
SSDT 8CBF476F ZwTerminateProcess
SSDT 8CBF476A ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 221 82CB28E4 4 Bytes [74, 47, BF, 8C]
.text ntkrnlpa.exe!KeSetEvent + 3F1 82CB2AB4 4 Bytes [60, 47, BF, 8C]
.text ntkrnlpa.exe!KeSetEvent + 40D 82CB2AD0 4 Bytes [65, 47, BF, 8C]
.text ntkrnlpa.exe!KeSetEvent + 621 82CB2CE4 4 Bytes [6F, 47, BF, 8C]
.text ntkrnlpa.exe!KeSetEvent + 681 82CB2D44 4 Bytes [6A, 47, BF, 8C]
C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in "" section [0xAAD3941C]
.clc C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl unknown last code section [0xAAD3A000, 0x1000, 0xE0000020]
---- User code sections - GMER 2.1 ----
.text C:\Windows\Explorer.EXE[2516] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 7696B37C 4 Bytes [50, 26, 00, 10] {PUSH EAX; ADD [ES:EAX], DL}
.text C:\Program Files\OO Software\Defrag\oodag.exe[2616] kernel32.dll!SetUnhandledExceptionFilter 7620A8B5 5 Bytes JMP 00402FB0 C:\Program Files\OO Software\Defrag\oodag.exe
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \Driver\tdx \Device\Tcp avfwot.sys
AttachedDevice \Driver\tdx \Device\Udp avfwot.sys
AttachedDevice \Driver\tdx \Device\RawIp avfwot.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG14.00.00.01PROFESSIONAL A9BCE75049BCA8A9CED073DC8FBCE9EF7C61177E4E41AB1C1A573E97ECD66C3BD3A04508F4815B202114EB577DD9EE91A6561274F9475093E053CC8946398F409DCF445110022FABCDFB638B89357C599D205DFBEB18394663DB757551AB107A5CE9A87954B65FB6367E17E986ECD3A3EEB14A42B59ECD9C00F73F6A7D819A06D9AECD12ADF97EAEB237D4A201848ACF201CBBBA1EA5C80A8754C2BD6D6D3081558523F03C88F0050E64812E35E30BBD2999AC1D205DB77E3F43AD86790BA294007829AD5507EEAE8768134415D691577605FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B5555D575E7D6A3B9808A6171C11EC38DE3DA895364ED0FB687EF98F336EA6DD788D79E2559DA9C13AEB2476B6119C2945871C98552FC45FDF0F59E9BFEEC3711D97A6DC204D3A35C8DB74C38CCB48DCA684F874B087CC9EFB811E6E3BD888EDECF7C89E27047D3D28B860ACCF042CD7E6CC38DAD55119C8B39237EFCECCAB4F8CE0613DD1304CE54B4C2025440FE6D8E465E8BE046AAEEEF21EA98459D4B59994AB0B8D3A9F56C596880263E0A56F2671F9AD5BB116E5A518A88A85EAD905D39054F0AC2E889EF26204E56651668A0854D5BCAC85F9EC0876D98691C9ADCA880079527931037B097CF5C06C7451554
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.02.15.09
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Günter :: GÜNTER-LAPTOP [administrator]
12.03.2013 22:35:25
mbar-log-2013-03-12 (22-35-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31258
Time elapsed: 18 minute(s), 5 second(s)
Memory Processes Detected: 1
c:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> 2232 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 20
HKLM\SOFTWARE\CLASSES\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Yontoo) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Yontoo) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} (Adware.Yontoo) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{D372567D-67C1-4B29-B3F0-159B52B3E967} (Adware.Yontoo) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{1AD27395-1659-4DFF-A319-2CFA243861A5} (Adware.Yontoo) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\YontooIEClient.Api.1 (Adware.Yontoo) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\YontooIEClient.Api (Adware.Yontoo) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} (Adware.Yontoo) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Yontoo) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers.1 (Adware.Yontoo) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers (Adware.Yontoo) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Yontoo) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Yontoo) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\INPROCSERVER32 (Adware.Yontoo) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Delete on reboot.
HKCU\SOFTWARE\Bifrost (Bifrose.Trace) -> Delete on reboot.
HKLM\SOFTWARE\Bifrost (Bifrose.Trace) -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IBUpdaterService (PUP.InstallBrain) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
c:\Program Files\yontoo layers runtime\yontooieclient.dll (Adware.Yontoo) -> Delete on reboot.
c:\Users\Günter\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Delete on reboot.
c:\Users\Günter\AppData\Roaming\Adobe\plugs\mmc30.exe (Trojan.Agent.Gen) -> Delete on reboot.
c:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> Delete on reboot.
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.02.15.09
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Günter :: GÜNTER-LAPTOP [administrator]
12.03.2013 22:57:22
mbar-log-2013-03-12 (22-57-22).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31188
Time elapsed: 16 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
13.03.2013, 00:11
| #9 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | My Start Incredibar bei Google ChromeZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.03.2013, 00:14
| #10 |
| | My Start Incredibar bei Google Chrome hatte ich doch  zumindest dachte ich ich hatte das. soll ich nen update machen und nochmal scannen? |
|
13.03.2013, 08:35
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | My Start Incredibar bei Google Chrome Ja sicher sollst du das - ein Scan mit vier Wochen alten Sigs ist ziemlich sinnfrei Außerdem hast du meine bzgl. AVG Antivirus gestellte Frage nicht beantwortet
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.03.2013, 17:57
| #12 | |
| | My Start Incredibar bei Google ChromeZitat:
sprich ich habe keine ahnung wo und ob AVG logs macht und bisher hatte ich keinen Grund mir sowas zu speichern von mir aus weil ich vorher nicht auf diesem Board hier war und wie gesagt ANFÄNGERIN bin. und ich dachte bei dem download ist das die neuste version ich hab doch davon keine ahnung |
|
13.03.2013, 21:37
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | My Start Incredibar bei Google Chrome Meine Frage zu Avast ob es jemals was gefunden hat, dann erst stellt sich die Frage nach Logs Und bitte den Scan mit MBAR machen, mit aktuellen Sigs bitte
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.03.2013, 04:33
| #14 |
| | My Start Incredibar bei Google Chrome Ja gefunden hatte er was, aber zu den Zeitpunkten wurden die auch direkt gelöscht. und nun nach dem update: MBAR: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.16.03
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Günter :: GÜNTER-LAPTOP [administrator]
16.03.2013 04:27:26
mbar-log-2013-03-16 (04-27-26).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31040
Time elapsed: 16 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
16.03.2013, 18:47
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | My Start Incredibar bei Google ChromeZitat:
Ich hab dich doch schon in meiner ersten Antwort gebeten alle Logs zu posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu My Start Incredibar bei Google Chrome |
| avg, avg secure search, avg security toolbar, avira, bho, browser, cid, converter, defender, error, firefox, flash player, format, freeze, google, home, install.exe, logfile, my start incredibar loswerden, object, plug-in, presentationhost.exe, realtek, recycle.bin, registry, rundll, scan, secure search, security, software, spotify web helper, svchost.exe, vista, vtoolbarupdater |
Linear-Darstellung
