PC Performer Virus

Leyanor · 03.04.2013, 20:34

Die ersten zwei Minuten schien es zu funktionieren, leider ist dann während dem Schreiben dieser Antwort wieder eins aufgetaucht...

ryder · 03.04.2013, 20:36

Installiere dir mal zum Spass Opera und schau ob es da auch passiert.

Leyanor · 03.04.2013, 20:41

Die Popups die seit zwei Wochen vorkommen scheinen da nicht aufzutauchen, dafür aber die, die davor da waren. - ist also nicht weg.
Scheint aber irgendwie von ILivid zu kommen. Problem ist nur, dass ich ILivid nicht auf meinem PC habe - oder zumindest nicht mehr.

ryder · 03.04.2013, 20:53

Das ist ja echt verzwickt bei dir. Ich möchte mir das gerne nochmal genauer ansehen.

Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)
Wir machen nochmal

AdwCleaner: Werbeprogramme suchen und löschen
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2:
Adware entfernen mit JRT

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 3:
Kontrollscan mit OTL

Starte bitte OTL.exe - falls noch nicht vorhanden: LINK

Stelle sicher, dass "Alle Benuzter Scannen" angehakt ist!

Drücke den Quick Scan Button.

Poste die OTL.txt hier in deinen Thread.

Leyanor · 04.04.2013, 13:47

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v2.200 - Logfile created 04/04/2013 at 13:42:49
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Nicolas - NICOLAS-TOSH
# Boot Mode : Normal
# Running from : C:\Users\Nicolas\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKLM\Software\PIP

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\yyj2h0a1.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.43

File : C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [892 octets] - [04/04/2013 13:42:49]

########## EOF - C:\AdwCleaner[S1].txt - [951 octets] ##########

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.1 (04.03.2013:1)
OS: Windows 7 Home Premium x64
Ran by Nicolas on 04.04.2013 at 13:49:57.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}"
Emptied folder: C:\Users\Nicolas\AppData\Roaming\mozilla\firefox\profiles\yyj2h0a1.default\minidumps [81 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.04.2013 at 14:20:03.41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL.txt

Code:

ATTFilter

OTL logfile created on: 4/4/2013 2:26:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nicolas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
 
3.84 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 50.92% Memory free
7.68 Gb Paging File | 5.67 Gb Available in Paging File | 73.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 3.57 Gb Free Space | 2.39% Space Free | Partition Type: NTFS
Drive D: | 148.65 Gb Total Space | 97.59 Gb Free Space | 65.65% Space Free | Partition Type: NTFS
 
Computer Name: NICOLAS-TOSH | User Name: Nicolas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Nicolas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid, Inc. All rights reserved.)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (WTService) -- C:\Windows\SysNative\atwtusb.exe ()
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (CodeMeter.exe) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (DigiRefresh) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid, Inc. All rights reserved.)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (YMIDUSBW) -- C:\Windows\SysNative\drivers\ymidusbx64.sys (Yamaha Corporation)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (MBX2DFU) -- C:\Windows\SysNative\drivers\dgmbx2fu.sys (Avid Technology, Inc.)
DRV:64bit: - (DGUSBAP) -- C:\Windows\SysNative\drivers\dgmbx2.sys (Avid Technology, Inc.)
DRV:64bit: - (PRESONUS_AUDIOBOX_USB) -- C:\Windows\SysNative\drivers\psabusbu.sys (Ploytec GmbH)
DRV:64bit: - (PRESONUS_AUDIOBOX_WDM) -- C:\Windows\SysNative\drivers\psabusba.sys (Ploytec GmbH)
DRV:64bit: - (PRESONUS_AUDIOBOX_MIDI) -- C:\Windows\SysNative\drivers\psabusbm.sys (Ploytec GmbH)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (vhidmini) -- C:\Windows\SysNative\drivers\walvhid.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (moufiltr) -- C:\Windows\SysNative\drivers\moufiltr.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (ControlTransferDriver) -- C:\Windows\SysNative\drivers\PreSonusUSB_xfer.sys (PreSonus Audio Electronics)
DRV:64bit: - (Tpkd) -- C:\Windows\SysNative\drivers\Tpkd.sys (PACE Anti-Piracy, Inc.)
DRV:64bit: - (VaneFltr) -- C:\Windows\SysNative\drivers\Lachesis.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3180819497-3685930599-3810110381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3180819497-3685930599-3810110381-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3180819497-3685930599-3810110381-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3180819497-3685930599-3810110381-1000\..\SearchScopes\{35150E16-8780-450B-A9BD-D2A8B09462F8}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102876&src=kw&q={searchTerms}&locale=&apn_ptnrs=6G&apn_dtid=YYYYYYYYCH&apn_uid=81d0cd2b-6e84-477a-ad6f-254142e3bb23&apn_sauid=FB6F1533-49ED-4E42-9F36-79247A70312E
IE - HKU\S-1-5-21-3180819497-3685930599-3810110381-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEH_enCH368
IE - HKU\S-1-5-21-3180819497-3685930599-3810110381-1000\..\SearchScopes\{96527F6A-30FE-4CA3-9ABF-9059C4429721}: "URL" = hxxp://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-3180819497-3685930599-3810110381-1000\..\SearchScopes\{E4906BB9-7BD7-41C7-A684-4A40B3A87254}: "URL" = hxxp://rover.ebay.com/rover/1/710-44557-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-3180819497-3685930599-3810110381-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.13
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/19 18:11:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\yyj2h0a1.default\extensions\extension@preispilot.com
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/19 18:11:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/04/17 17:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicolas\AppData\Roaming\mozilla\Extensions
[2013/04/03 19:38:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicolas\AppData\Roaming\mozilla\Firefox\Profiles\yyj2h0a1.default\extensions
[2013/04/03 19:38:13 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Nicolas\AppData\Roaming\mozilla\Firefox\Profiles\yyj2h0a1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/12/23 15:06:05 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\Nicolas\AppData\Roaming\mozilla\firefox\profiles\yyj2h0a1.default\extensions\extension@preispilot.com.xpi
[2013/03/11 15:05:21 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\Nicolas\AppData\Roaming\mozilla\firefox\profiles\yyj2h0a1.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2013/03/24 15:43:23 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\Nicolas\AppData\Roaming\mozilla\firefox\profiles\yyj2h0a1.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/02/14 21:00:14 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Nicolas\AppData\Roaming\mozilla\firefox\profiles\yyj2h0a1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/04 14:22:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/19 18:11:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/03/19 18:11:18 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/14 23:21:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/19 17:59:43 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.ch/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Google Docs = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Princess Luna Theme = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgegimlgkachmbieeilacjkonkbaken\1_0\
CHR - Extension: Dropbox = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.4_1\
CHR - Extension: Gmail = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/08/07 13:01:48 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 78.46.61.26 www.google-analytics.com.
O1 - Hosts: 78.46.61.26 ad-emea.doubleclick.net.
O1 - Hosts: 78.46.61.26 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKU\S-1-5-21-3180819497-3685930599-3810110381-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [AtwtusbIcon] C:\Windows\SysNative\AtwtusbIcon.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3180819497-3685930599-3810110381-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3180819497-3685930599-3810110381-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nicolas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nicolas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{286A21A7-DC3C-45FD-BF73-D50549AB8351}: DhcpNameServer = 194.230.1.71 194.230.1.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD6D1BFD-E142-4B04-9FF0-B192D3D03EF1}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/04 14:23:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nicolas\Desktop\OTL.exe
[2013/04/04 13:49:06 | 000,000,000 | ---D | C] -- C:\JRT
[2013/04/04 13:48:19 | 000,551,246 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Nicolas\Desktop\JRT.exe
[2013/04/03 21:42:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/03 21:38:09 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Roaming\Opera
[2013/04/03 21:38:09 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Local\Opera
[2013/04/03 21:38:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera x64
[2013/04/03 21:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Opera x64
[2013/04/03 20:05:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/04/03 19:48:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/04/03 13:42:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/04/03 13:09:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/30 17:16:53 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Local\Programs
[2013/03/30 07:08:53 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\Documents\Egosoft
[2013/03/26 15:55:24 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Roaming\SoftColor
[2013/03/26 15:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftColor
[2013/03/26 15:55:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftColor PhotoEQ
[2013/03/26 15:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftColorPhotoEQ
[2013/03/26 15:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp
[2013/03/26 15:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\hps
[2013/03/26 15:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Müller Foto
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/04 14:23:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nicolas\Desktop\OTL.exe
[2013/04/04 13:52:27 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/04 13:52:27 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/04 13:51:50 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/04 13:51:50 | 000,652,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/04 13:51:50 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/04 13:48:27 | 000,551,246 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Nicolas\Desktop\JRT.exe
[2013/04/04 13:47:21 | 000,001,020 | ---- | M] () -- C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/04 13:46:59 | 000,000,992 | ---- | M] () -- C:\Users\Nicolas\Desktop\Dropbox.lnk
[2013/04/04 13:45:03 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/04 13:44:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/04 13:44:01 | 3092,938,752 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/04 13:42:02 | 000,010,754 | ---- | M] () -- C:\Users\Nicolas\Documents\Meine Bestellungen.odt
[2013/04/04 13:41:17 | 000,613,083 | ---- | M] () -- C:\Users\Nicolas\Desktop\adwcleaner.exe
[2013/04/04 13:41:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/04 13:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/04 13:28:49 | 000,026,115 | ---- | M] () -- C:\Users\Nicolas\Documents\Playpony doc.odt
[2013/04/03 21:38:05 | 000,001,826 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2013/04/03 20:08:10 | 001,266,704 | ---- | M] () -- C:\Users\Nicolas\Desktop\zoek.exe
[2013/04/03 18:50:49 | 000,063,465 | ---- | M] () -- C:\Users\Nicolas\.recently-used.xbel
[2013/04/03 16:00:48 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/04/02 22:58:22 | 001,572,916 | ---- | M] () -- C:\Users\Nicolas\Documents\Zymbiont - another hardstyle song.reason
[2013/04/02 21:26:39 | 001,048,628 | ---- | M] () -- C:\Users\Nicolas\Documents\rev bass sounddesg.reason
[2013/04/02 21:18:40 | 001,310,772 | ---- | M] () -- C:\Users\Nicolas\Documents\Zymbiont - A Hardstyle Song.reason
[2013/04/02 21:02:35 | 033,816,628 | ---- | M] () -- C:\Users\Nicolas\Documents\test.reason
[2013/04/02 21:01:24 | 001,572,916 | ---- | M] () -- C:\Users\Nicolas\Documents\frecnhcore... once again2.reason
[2013/03/30 19:00:26 | 000,037,365 | ---- | M] () -- C:\Users\Nicolas\Documents\Anti malware forums post.odt
[2013/03/30 04:45:58 | 000,000,041 | ---- | M] () -- C:\Users\Nicolas\.gtk-bookmarks
[2013/03/27 12:45:10 | 000,016,831 | ---- | M] () -- C:\Users\Nicolas\Documents\EU-M 13.odt
[2013/03/26 22:34:08 | 000,786,484 | ---- | M] () -- C:\Users\Nicolas\Documents\IP Needs more Terrorcore.reason
[2013/03/26 15:12:53 | 000,000,715 | ---- | M] () -- C:\Users\Public\Desktop\Müller Foto.lnk
[2013/03/24 22:15:57 | 000,786,484 | ---- | M] () -- C:\Users\Nicolas\Documents\IP Ang.reason
[2013/03/24 22:15:21 | 001,048,628 | ---- | M] () -- C:\Users\Nicolas\Documents\dubstäääähp.reason
[2013/03/23 00:35:29 | 001,572,916 | ---- | M] () -- C:\Users\Nicolas\Documents\InfectedPonyz YOU MOTHERFUCKING RANDOM SHIT.reason
[2013/03/20 19:54:44 | 001,048,628 | ---- | M] () -- C:\Users\Nicolas\Documents\Jonas Mix.reason
[2013/03/20 13:40:29 | 000,009,412 | ---- | M] () -- C:\Users\Nicolas\Documents\aaall the links to print you own label on stuff.odt
[2013/03/19 18:21:22 | 000,020,128 | ---- | M] () -- C:\Users\Nicolas\Documents\plpny.odt
[2013/03/07 19:32:41 | 000,048,917 | ---- | M] () -- C:\Users\Nicolas\Documents\Schule Black Rider text.pdf
[2013/03/07 18:14:13 | 000,021,033 | ---- | M] () -- C:\Users\Nicolas\Documents\Schule Black Rider text.odt
[2013/03/06 17:55:25 | 000,127,945 | ---- | M] () -- C:\Users\Nicolas\Documents\adress Achim.pdf
 
========== Files Created - No Company Name ==========
 
[2013/04/04 13:41:11 | 000,613,083 | ---- | C] () -- C:\Users\Nicolas\Desktop\adwcleaner.exe
[2013/04/04 13:30:43 | 000,010,754 | ---- | C] () -- C:\Users\Nicolas\Documents\Meine Bestellungen.odt
[2013/04/03 21:38:05 | 000,001,838 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2013/04/03 21:38:05 | 000,001,826 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2013/04/03 20:08:02 | 001,266,704 | ---- | C] () -- C:\Users\Nicolas\Desktop\zoek.exe
[2013/04/03 18:50:49 | 000,063,465 | ---- | C] () -- C:\Users\Nicolas\.recently-used.xbel
[2013/04/02 21:18:38 | 001,572,916 | ---- | C] () -- C:\Users\Nicolas\Documents\Zymbiont - another hardstyle song.reason
[2013/03/30 19:00:24 | 000,037,365 | ---- | C] () -- C:\Users\Nicolas\Documents\Anti malware forums post.odt
[2013/03/30 04:45:58 | 000,000,041 | ---- | C] () -- C:\Users\Nicolas\.gtk-bookmarks
[2013/03/29 00:21:46 | 033,816,628 | ---- | C] () -- C:\Users\Nicolas\Documents\test.reason
[2013/03/26 15:12:53 | 000,000,715 | ---- | C] () -- C:\Users\Public\Desktop\Müller Foto.lnk
[2013/03/23 01:05:41 | 001,048,628 | ---- | C] () -- C:\Users\Nicolas\Documents\rev bass sounddesg.reason
[2013/03/20 19:23:22 | 001,048,628 | ---- | C] () -- C:\Users\Nicolas\Documents\Jonas Mix.reason
[2013/03/19 20:50:00 | 000,009,412 | ---- | C] () -- C:\Users\Nicolas\Documents\aaall the links to print you own label on stuff.odt
[2013/03/19 18:21:19 | 000,020,128 | ---- | C] () -- C:\Users\Nicolas\Documents\plpny.odt
[2013/03/07 18:17:59 | 001,310,772 | ---- | C] () -- C:\Users\Nicolas\Documents\Zymbiont - A Hardstyle Song.reason
[2013/03/06 17:55:21 | 000,127,945 | ---- | C] () -- C:\Users\Nicolas\Documents\adress Achim.pdf
[2012/12/31 20:37:48 | 000,004,305 | ---- | C] () -- C:\Windows\jpvxmbb64.ini
[2012/12/31 20:37:48 | 000,001,442 | ---- | C] () -- C:\Windows\crcvq.ini
[2012/12/19 19:01:44 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012/10/07 00:21:05 | 000,019,752 | ---- | C] () -- C:\Users\Nicolas\AppData\Local\Local.rar
[2012/06/12 22:07:50 | 006,518,312 | ---- | C] () -- C:\Users\Nicolas\DSCN0218.JPG
[2012/06/12 22:07:50 | 006,489,988 | ---- | C] () -- C:\Users\Nicolas\DSCN0216.JPG
[2012/03/21 19:47:20 | 000,765,218 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/08 22:44:45 | 000,896,104 | ---- | C] () -- C:\Users\Nicolas\2012-02-08_18.32.39.png
[2012/02/08 22:44:45 | 000,886,843 | ---- | C] () -- C:\Users\Nicolas\2012-02-08_18.32.36.png
[2011/11/30 19:36:25 | 000,000,000 | ---- | C] () -- C:\Users\Nicolas\AppData\Local\{B642EC8E-7E2E-4957-B599-F8460982D199}
[2011/11/27 19:20:12 | 000,000,000 | ---- | C] () -- C:\Users\Nicolas\AppData\Local\{A8063AD1-FFB6-4922-AF23-C4BAC29A607E}
[2011/09/03 15:05:53 | 000,000,132 | ---- | C] () -- C:\Users\Nicolas\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/08/04 15:14:50 | 000,008,263 | ---- | C] () -- C:\Windows\aiptbl.ini
[2010/10/27 16:34:47 | 000,007,597 | ---- | C] () -- C:\Users\Nicolas\AppData\Local\Resmon.ResmonCfg
[2010/09/11 16:32:26 | 000,000,238 | ---- | C] () -- C:\Users\Nicolas\AppData\Roaming\wklnhst.dat
[2010/06/20 19:05:01 | 000,012,800 | ---- | C] () -- C:\Users\Nicolas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/03/17 15:42:56 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\.minecraft
[2013/02/02 20:29:49 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\.techniclauncher
[2013/04/01 17:03:12 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Audacity
[2011/07/16 12:14:39 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Blender Foundation
[2011/06/29 12:04:23 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Celemony Software GmbH
[2011/12/27 17:31:39 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/09 14:40:51 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/04/04 13:47:30 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Dropbox
[2012/10/06 19:44:02 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\DVDVideoSoft
[2012/02/09 15:56:21 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\EarMaster
[2012/10/29 21:46:39 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\FreeHideIP
[2013/04/03 18:50:49 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\gtk-2.0
[2011/10/15 14:29:29 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Line 6
[2012/07/19 16:43:06 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\MAGIX
[2011/12/15 21:14:20 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\OpenOffice.org
[2013/04/03 21:38:09 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Opera
[2010/02/23 19:12:25 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\PACE Anti-Piracy
[2012/06/19 17:25:12 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Propellerhead Software
[2011/12/08 15:59:56 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Publish Providers
[2013/03/26 15:55:24 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\SoftColor
[2013/04/03 20:03:34 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Solveig Multimedia
[2011/12/08 15:59:49 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Sony
[2012/08/04 16:27:32 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\SYSTEMAX Software Development
[2010/09/11 16:34:07 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Template
[2010/03/22 16:27:58 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Toshiba
[2012/08/08 14:03:13 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\TS3Client
[2011/09/30 18:23:29 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:24051EFF

< End of report >

ryder · 04.04.2013, 17:13

Zwischenfrage:

Zitat:

O1 - Hosts: 78.46.61.26 Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics.
O1 - Hosts: 78.46.61.26 ad-emea.doubleclick.net.
O1 - Hosts: 78.46.61.26 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats.
O1 - Hosts: 108.163.215.51 Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats.

Hast du diese Hosts mit Absicht gesetzt?

Ausserdem: Entferne bitte mal den Preispilot, der hat eine schlechte Bewertung.

Wenn es dann immer noch nicht weg ist, schauen wir nochmal ob wir so etwas finden:

Scan mit Farbar's Recovery Scan Tool

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick:
Farbar Recovery Scan Tool 32-Bit-Version
Farbar Recovery Scan Tool 64-Bit-Version

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Über den Boot Manager
Starte den Rechner neu auf.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu auf und starte von der CD

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !!

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen Eingabeaufforderung
Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Yes und klicke Scan

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Leyanor · 05.04.2013, 17:37

Diese Hosts habe ich ziemlich sicher ohne Absicht gesetzt, da ich noch nie überhaupt einen Host gesetzt habe (Was davon herrühren könnte, dass ich Host nur als "Hostserver" kenne... Und ich damit kaum eine Ahnung habe was es ist.)

Zitat:

Über den Boot Manager

Starte den Rechner neu auf.
Während dem Hochfahren drücke mehrmals die F8 Taste
Wähle nun Computer reparieren.
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD

Lege die Windows CD in dein Laufwerk.
Starte den Rechner neu auf und starte von der CD
Wähle die Spracheinstellungen und klicke "Weiter".
Klicke auf Computerreparaturoptionen !!
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Hier habe ich kurz eine Frage, bevor ich das durchführe:
Ist das ein "entweder oder"?
Also kann ich das per F8 machen, oder brauche ich zwingend die Windows CD?

Was noch wichtig sein könnte:
Ich bin dieses Wochenende wieder sehr beschäftigt und kaum zuhause, weshalb die Zeit vielleicht nicht reicht den Scan durchzuführen. Es könnte also sein, dass ich erst Dienstags die Resultate posten kann.

Wenns mir reicht werde ich die Logdatei aber Samstag oder Sonntag Nachmittag posten!

ryder · 05.04.2013, 17:39

entweder oder ... und dann werden wir die hosts entfernen bei zeiten.

ryder · 07.04.2013, 12:52

Hallo, benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

ryder · 09.04.2013, 12:52

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst. Keine Logfiles einsenden, nur kurzer Hinweis, nachdem du deine Logfiles hier eingestellt hast.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

Leyanor · 09.04.2013, 18:17

So, wie angekündigt, Dienstag und wieder da

Tut mir Leid, dass es so lang gedauert hat, werd gleich ne PM an dich senden.

Hier die Logdatei von frst:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 27 days old)
Ran by SYSTEM at 09-04-2013 19:06:48
Running from G:\Zymbiont
Windows 7 Home Premium   (X64) OS Language: English(US) 
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [AtwtusbIcon] AtwtusbIcon.exe [x]
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1481568 2009-08-26] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKU\Default\...\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
HKU\Default User\...\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
HKU\Nicolas\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-04] (Google Inc.)
HKU\Nicolas\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

==================== Services (Whitelisted) ===================

2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
2 TemproMonitoringService; "C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe" [116104 2009-08-06] (Toshiba Europe GmbH)
2 WTService; C:\Windows\system32\atwtusb.exe -s [581120 2012-10-19] ()
3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [x]

==================== Drivers (Whitelisted) =====================

2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [312480 2011-07-19] ()
3 ControlTransferDriver; C:\Windows\System32\Drivers\PreSonusUsb_xfer.sys [41664 2008-02-18] (PreSonus Audio Electronics)
3 DGUSBAP; C:\Windows\System32\DRIVERS\dgmbx2.sys [214544 2009-12-15] (Avid Technology, Inc.)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43168 2011-07-19] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
3 MBX2DFU; C:\Windows\System32\DRIVERS\dgmbx2fu.sys [31120 2009-12-15] (Avid Technology, Inc.)
3 moufiltr; C:\Windows\System32\Drivers\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider)
3 PRESONUS_AUDIOBOX_MIDI; C:\Windows\System32\drivers\psabusbm.sys [37496 2009-12-04] (Ploytec GmbH)
3 PRESONUS_AUDIOBOX_USB; C:\Windows\System32\Drivers\psabusbu.sys [462968 2009-12-04] (Ploytec GmbH)
3 PRESONUS_AUDIOBOX_WDM; C:\Windows\System32\drivers\psabusba.sys [50808 2009-12-04] (Ploytec GmbH)
3 VaneFltr; C:\Windows\System32\drivers\Lachesis.sys [30336 2007-08-16] (Razer (Asia-Pacific) Pte Ltd)
3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider)
3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [49256 2011-05-10] (Yamaha Corporation)
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 swmidi;  [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-04-09 08:52 - 2013-04-09 08:53 - 01466241 ____A (Farbar) C:\Users\Nicolas\Downloads\FRST64.exe
2013-04-08 12:07 - 2013-04-08 12:07 - 00062896 ____A C:\Users\Nicolas\.recently-used.xbel
2013-04-04 04:39 - 2013-04-04 04:39 - 00090976 ____A C:\Users\Nicolas\Desktop\OTL.Txt
2013-04-04 04:39 - 2013-04-04 04:39 - 00076110 ____A C:\Users\Nicolas\Desktop\Extras.Txt
2013-04-04 04:23 - 2013-04-04 04:23 - 00602112 ____A (OldTimer Tools) C:\Users\Nicolas\Desktop\OTL.exe
2013-04-04 04:20 - 2013-04-04 04:20 - 00000880 ____A C:\Users\Nicolas\Desktop\JRT.txt
2013-04-04 03:49 - 2013-04-04 03:49 - 00000000 ____D C:\JRT
2013-04-04 03:48 - 2013-04-04 03:48 - 00551246 ____A (Oleg N. Scherbakov) C:\Users\Nicolas\Desktop\JRT.exe
2013-04-04 03:47 - 2013-04-04 03:47 - 00001019 ____A C:\Users\Nicolas\Documents\AdwCleaner[S1].txt
2013-04-04 03:42 - 2013-04-04 03:43 - 00001019 ____A C:\AdwCleaner[S1].txt
2013-04-04 03:41 - 2013-04-04 03:41 - 00613083 ____A C:\Users\Nicolas\Desktop\adwcleaner.exe
2013-04-04 03:30 - 2013-04-04 03:42 - 00010754 ____A C:\Users\Nicolas\Documents\Meine Bestellungen.odt
2013-04-03 11:38 - 2013-04-03 11:38 - 00001826 ____A C:\Users\Public\Desktop\Opera.lnk
2013-04-03 11:38 - 2013-04-03 11:38 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\Opera
2013-04-03 11:38 - 2013-04-03 11:38 - 00000000 ____D C:\Users\Nicolas\AppData\Local\Opera
2013-04-03 11:38 - 2013-04-03 11:38 - 00000000 ____D C:\Program Files\Opera x64
2013-04-03 11:38 - 2013-04-03 11:38 - 00000000 ____D C:\Program Files (x86)\Opera x64
2013-04-03 11:37 - 2013-04-03 11:37 - 14515560 ____A (Opera Software ASA) C:\Users\Nicolas\Downloads\Opera_1214_int_Setup_x64.exe
2013-04-03 10:09 - 2013-04-03 10:11 - 00050988 ____A C:\zoek-results.log
2013-04-03 10:08 - 2013-04-03 10:08 - 01266704 ____A C:\Users\Nicolas\Desktop\zoek.exe
2013-04-03 10:03 - 2013-04-03 10:03 - 00001252 ____A C:\Users\Nicolas\Documents\DelFix.txt
2013-04-03 09:52 - 2013-04-03 09:52 - 16461048 ____A (Foxit Corporation                                           ) C:\Users\Nicolas\Downloads\FoxitReader545.0124_enu_Setup.exe
2013-04-03 09:48 - 2013-04-04 03:49 - 00000000 ____D C:\Windows\ERUNT
2013-04-03 09:48 - 2013-04-03 09:48 - 00001252 ____A C:\DelFix.txt
2013-04-03 09:34 - 2013-04-03 09:34 - 00000248 ____A C:\Windows\SysWOW64\defogger_enable.log
2013-04-03 06:00 - 2013-04-03 06:00 - 10156344 ____A (Malwarebytes Corporation                                    ) C:\Users\Nicolas\Downloads\mbam-setup-1.70.0.1100(1).exe
2013-04-03 03:09 - 2013-04-03 09:37 - 00000000 ____D C:\Windows\erdnt
2013-04-02 11:18 - 2013-04-02 12:58 - 01572916 ____A C:\Users\Nicolas\Documents\Zymbiont - another hardstyle song.reason
2013-04-02 11:04 - 2013-04-02 11:04 - 00009321 ____A C:\Users\Nicolas\Downloads\Hardwell_-_Encoded__0_0_20111020120035.mid
2013-04-02 03:39 - 2013-04-02 03:50 - 00008121 ____A C:\Windows\IE10_main.log
2013-03-31 06:55 - 2013-03-31 06:55 - 00012701 ____A C:\Users\Nicolas\Desktop\attach.txt
2013-03-30 10:34 - 2013-03-30 10:34 - 00006337 ____A C:\Users\Nicolas\Desktop\Gmer.txt
2013-03-30 09:01 - 2013-03-30 09:01 - 00377856 ____A C:\Users\Nicolas\Downloads\gmer_2.1.19155.exe
2013-03-30 09:00 - 2013-03-30 09:00 - 00037365 ____A C:\Users\Nicolas\Documents\Anti malware forums post.odt
2013-03-30 08:50 - 2013-03-30 08:50 - 00101370 ____A C:\Users\Nicolas\Documents\OTL.Txt
2013-03-30 07:16 - 2013-03-30 07:16 - 10156344 ____A (Malwarebytes Corporation                                    ) C:\Users\Nicolas\Downloads\mbam-setup-1.70.0.1100.exe
2013-03-29 21:08 - 2013-03-29 21:08 - 00000000 ____D C:\Users\Nicolas\Documents\Egosoft
2013-03-29 18:45 - 2013-03-29 18:45 - 00000041 ____A C:\Users\Nicolas\.gtk-bookmarks
2013-03-28 14:21 - 2013-04-02 11:02 - 33816628 ____A C:\Users\Nicolas\Documents\test.reason
2013-03-27 02:59 - 2013-03-27 02:59 - 00027445 ____A C:\Users\Nicolas\Downloads\rainbow-dash-and-the-infinite-party-favors-of-pinkie-pie.epub
2013-03-26 05:55 - 2013-03-26 05:55 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\SoftColor
2013-03-26 05:55 - 2013-03-26 05:55 - 00000000 ____D C:\ProgramData\SoftColor
2013-03-26 05:55 - 2013-03-26 05:55 - 00000000 ____D C:\Program Files (x86)\SoftColorPhotoEQ
2013-03-26 05:53 - 2013-03-26 05:53 - 13077576 ____A (SoftColor Oy                                                ) C:\Users\Nicolas\Downloads\PhotoEQSetup.exe
2013-03-26 05:12 - 2013-03-27 07:06 - 00000000 ____D C:\ProgramData\hps
2013-03-26 05:12 - 2013-03-27 04:55 - 00000000 ____D C:\ProgramData\tmp
2013-03-26 05:12 - 2013-03-26 05:12 - 00000715 ____A C:\Users\Public\Desktop\Müller Foto.lnk
2013-03-26 05:09 - 2013-03-26 05:09 - 01567824 ____A C:\Users\Nicolas\Downloads\setup_Mueller_Fotowelt.exe
2013-03-22 15:05 - 2013-04-02 11:26 - 01048628 ____A C:\Users\Nicolas\Documents\rev bass sounddesg.reason
2013-03-20 09:23 - 2013-03-20 09:54 - 01048628 ____A C:\Users\Nicolas\Documents\Jonas Mix.reason
2013-03-19 10:50 - 2013-03-20 03:40 - 00009412 ____A C:\Users\Nicolas\Documents\aaall the links to print you own label on stuff.odt
2013-03-19 08:21 - 2013-03-19 08:21 - 00020128 ____A C:\Users\Nicolas\Documents\plpny.odt
2013-03-16 15:33 - 2013-02-11 20:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-03-15 05:55 - 2013-02-01 23:31 - 17815040 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-03-15 05:55 - 2013-02-01 22:58 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-03-15 05:55 - 2013-02-01 22:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-03-15 05:55 - 2013-02-01 22:48 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-03-15 05:55 - 2013-02-01 22:47 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-03-15 05:55 - 2013-02-01 22:47 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-03-15 05:55 - 2013-02-01 22:46 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-03-15 05:55 - 2013-02-01 22:43 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-03-15 05:55 - 2013-02-01 22:42 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-03-15 05:55 - 2013-02-01 22:42 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-03-15 05:55 - 2013-02-01 22:41 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-03-15 05:55 - 2013-02-01 22:40 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-03-15 05:55 - 2013-02-01 22:39 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-03-15 05:55 - 2013-02-01 22:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-03-15 05:55 - 2013-02-01 22:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-03-15 05:55 - 2013-02-01 22:34 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-03-15 05:55 - 2013-02-01 20:09 - 12321792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-03-15 05:55 - 2013-02-01 19:42 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-03-15 05:55 - 2013-02-01 19:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-03-15 05:55 - 2013-02-01 19:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-03-15 05:55 - 2013-02-01 19:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-03-15 05:55 - 2013-02-01 19:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-03-15 05:55 - 2013-02-01 19:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-03-15 05:55 - 2013-02-01 19:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-03-15 05:55 - 2013-02-01 19:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-03-15 05:55 - 2013-02-01 19:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-03-15 05:55 - 2013-02-01 19:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-03-15 05:55 - 2013-02-01 19:25 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-03-15 05:55 - 2013-02-01 19:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-03-15 05:55 - 2013-02-01 19:23 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-03-15 05:55 - 2013-02-01 19:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-03-15 05:55 - 2013-02-01 19:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-03-12 11:37 - 2013-03-12 11:37 - 00016323 ____A C:\Users\Nicolas\Downloads\hs_err_pid4656.log


==================== One Month Modified Files and Folders =======

2013-04-09 19:06 - 2013-04-09 19:06 - 00000000 ____D C:\FRST
2013-04-09 08:58 - 2010-02-23 08:51 - 01790406 ____A C:\Windows\WindowsUpdate.log
2013-04-09 08:56 - 2009-07-13 21:13 - 00779306 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-09 08:54 - 2011-11-13 09:00 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\Skype
2013-04-09 08:53 - 2013-04-09 08:52 - 01466241 ____A (Farbar) C:\Users\Nicolas\Downloads\FRST64.exe
2013-04-09 08:52 - 2011-08-04 04:39 - 00000000 ____D C:\Users\Nicolas\.gimp-2.6
2013-04-09 08:50 - 2013-01-10 14:00 - 00026196 ____A C:\Users\Nicolas\Documents\Playpony doc.odt
2013-04-09 08:41 - 2010-02-23 08:20 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-09 08:35 - 2012-04-15 03:36 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-09 08:19 - 2011-12-13 13:47 - 00011973 ____A C:\Windows\IE9_main.log
2013-04-08 12:07 - 2013-04-08 12:07 - 00062896 ____A C:\Users\Nicolas\.recently-used.xbel
2013-04-08 12:07 - 2010-02-23 08:09 - 00000000 ____D C:\users\Nicolas
2013-04-08 12:03 - 2011-08-04 04:48 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\gtk-2.0
2013-04-08 11:55 - 2009-07-13 20:51 - 00267386 ____A C:\Windows\setupact.log
2013-04-08 11:55 - 2009-07-13 18:34 - 00000550 ____A C:\Windows\win.ini
2013-04-08 10:41 - 2010-02-23 08:20 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-08 03:15 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-08 03:15 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-07 09:46 - 2012-12-31 10:37 - 00004311 ____A C:\Windows\jpvxmbb64.ini
2013-04-04 04:39 - 2013-04-04 04:39 - 00090976 ____A C:\Users\Nicolas\Desktop\OTL.Txt
2013-04-04 04:39 - 2013-04-04 04:39 - 00076110 ____A C:\Users\Nicolas\Desktop\Extras.Txt
2013-04-04 04:23 - 2013-04-04 04:23 - 00602112 ____A (OldTimer Tools) C:\Users\Nicolas\Desktop\OTL.exe
2013-04-04 04:20 - 2013-04-04 04:20 - 00000880 ____A C:\Users\Nicolas\Desktop\JRT.txt
2013-04-04 03:49 - 2013-04-04 03:49 - 00000000 ____D C:\JRT
2013-04-04 03:49 - 2013-04-03 09:48 - 00000000 ____D C:\Windows\ERUNT
2013-04-04 03:48 - 2013-04-04 03:48 - 00551246 ____A (Oleg N. Scherbakov) C:\Users\Nicolas\Desktop\JRT.exe
2013-04-04 03:47 - 2013-04-04 03:47 - 00001019 ____A C:\Users\Nicolas\Documents\AdwCleaner[S1].txt
2013-04-04 03:47 - 2012-03-16 06:41 - 00000000 ___RD C:\Users\Nicolas\Dropbox
2013-04-04 03:47 - 2012-03-16 06:39 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\Dropbox
2013-04-04 03:46 - 2012-03-16 06:41 - 00000992 ____A C:\Users\Nicolas\Desktop\Dropbox.lnk
2013-04-04 03:44 - 2009-09-04 06:38 - 00577092 ____A C:\Windows\PFRO.log
2013-04-04 03:44 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-04 03:43 - 2013-04-04 03:42 - 00001019 ____A C:\AdwCleaner[S1].txt
2013-04-04 03:42 - 2013-04-04 03:30 - 00010754 ____A C:\Users\Nicolas\Documents\Meine Bestellungen.odt
2013-04-04 03:41 - 2013-04-04 03:41 - 00613083 ____A C:\Users\Nicolas\Desktop\adwcleaner.exe
2013-04-03 11:38 - 2013-04-03 11:38 - 00001826 ____A C:\Users\Public\Desktop\Opera.lnk
2013-04-03 11:38 - 2013-04-03 11:38 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\Opera
2013-04-03 11:38 - 2013-04-03 11:38 - 00000000 ____D C:\Users\Nicolas\AppData\Local\Opera
2013-04-03 11:38 - 2013-04-03 11:38 - 00000000 ____D C:\Program Files\Opera x64
2013-04-03 11:38 - 2013-04-03 11:38 - 00000000 ____D C:\Program Files (x86)\Opera x64
2013-04-03 11:37 - 2013-04-03 11:37 - 14515560 ____A (Opera Software ASA) C:\Users\Nicolas\Downloads\Opera_1214_int_Setup_x64.exe
2013-04-03 10:11 - 2013-04-03 10:09 - 00050988 ____A C:\zoek-results.log
2013-04-03 10:08 - 2013-04-03 10:08 - 01266704 ____A C:\Users\Nicolas\Desktop\zoek.exe
2013-04-03 10:04 - 2012-07-19 06:35 - 00000000 ____D C:\ProgramData\MAGIX
2013-04-03 10:03 - 2013-04-03 10:03 - 00001252 ____A C:\Users\Nicolas\Documents\DelFix.txt
2013-04-03 10:03 - 2011-08-25 06:00 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\Solveig Multimedia
2013-04-03 09:52 - 2013-04-03 09:52 - 16461048 ____A (Foxit Corporation                                           ) C:\Users\Nicolas\Downloads\FoxitReader545.0124_enu_Setup.exe
2013-04-03 09:48 - 2013-04-03 09:48 - 00001252 ____A C:\DelFix.txt
2013-04-03 09:37 - 2013-04-03 03:09 - 00000000 ____D C:\Windows\erdnt
2013-04-03 09:34 - 2013-04-03 09:34 - 00000248 ____A C:\Windows\SysWOW64\defogger_enable.log
2013-04-03 06:00 - 2013-04-03 06:00 - 10156344 ____A (Malwarebytes Corporation                                    ) C:\Users\Nicolas\Downloads\mbam-setup-1.70.0.1100(1).exe
2013-04-03 06:00 - 2012-10-06 12:09 - 00001120 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-04-03 06:00 - 2012-10-06 12:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-03 03:42 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2013-04-03 03:28 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2013-04-02 12:58 - 2013-04-02 11:18 - 01572916 ____A C:\Users\Nicolas\Documents\Zymbiont - another hardstyle song.reason
2013-04-02 11:26 - 2013-03-22 15:05 - 01048628 ____A C:\Users\Nicolas\Documents\rev bass sounddesg.reason
2013-04-02 11:18 - 2013-03-07 08:17 - 01310772 ____A C:\Users\Nicolas\Documents\Zymbiont - A Hardstyle Song.reason
2013-04-02 11:04 - 2013-04-02 11:04 - 00009321 ____A C:\Users\Nicolas\Downloads\Hardwell_-_Encoded__0_0_20111020120035.mid
2013-04-02 11:02 - 2013-03-28 14:21 - 33816628 ____A C:\Users\Nicolas\Documents\test.reason
2013-04-02 11:01 - 2013-01-13 14:22 - 01572916 ____A C:\Users\Nicolas\Documents\frecnhcore... once again2.reason
2013-04-02 03:50 - 2013-04-02 03:39 - 00008121 ____A C:\Windows\IE10_main.log
2013-04-01 07:03 - 2011-09-02 05:33 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\Audacity
2013-03-31 06:55 - 2013-03-31 06:55 - 00012701 ____A C:\Users\Nicolas\Desktop\attach.txt
2013-03-30 13:56 - 2012-05-13 02:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-03-30 11:08 - 2011-08-06 11:37 - 00000000 ____D C:\Users\Nicolas\AppData\Local\Procaster
2013-03-30 10:34 - 2013-03-30 10:34 - 00006337 ____A C:\Users\Nicolas\Desktop\Gmer.txt
2013-03-30 09:01 - 2013-03-30 09:01 - 00377856 ____A C:\Users\Nicolas\Downloads\gmer_2.1.19155.exe
2013-03-30 09:00 - 2013-03-30 09:00 - 00037365 ____A C:\Users\Nicolas\Documents\Anti malware forums post.odt
2013-03-30 08:50 - 2013-03-30 08:50 - 00101370 ____A C:\Users\Nicolas\Documents\OTL.Txt
2013-03-30 07:16 - 2013-03-30 07:16 - 10156344 ____A (Malwarebytes Corporation                                    ) C:\Users\Nicolas\Downloads\mbam-setup-1.70.0.1100.exe
2013-03-29 21:08 - 2013-03-29 21:08 - 00000000 ____D C:\Users\Nicolas\Documents\Egosoft
2013-03-29 18:45 - 2013-03-29 18:45 - 00000041 ____A C:\Users\Nicolas\.gtk-bookmarks
2013-03-27 07:06 - 2013-03-26 05:12 - 00000000 ____D C:\ProgramData\hps
2013-03-27 04:55 - 2013-03-26 05:12 - 00000000 ____D C:\ProgramData\tmp
2013-03-27 02:59 - 2013-03-27 02:59 - 00027445 ____A C:\Users\Nicolas\Downloads\rainbow-dash-and-the-infinite-party-favors-of-pinkie-pie.epub
2013-03-27 02:45 - 2013-01-08 12:56 - 00016831 ____A C:\Users\Nicolas\Documents\EU-M 13.odt
2013-03-26 12:34 - 2012-12-26 05:41 - 00786484 ____A C:\Users\Nicolas\Documents\IP Needs more Terrorcore.reason
2013-03-26 05:55 - 2013-03-26 05:55 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\SoftColor
2013-03-26 05:55 - 2013-03-26 05:55 - 00000000 ____D C:\ProgramData\SoftColor
2013-03-26 05:55 - 2013-03-26 05:55 - 00000000 ____D C:\Program Files (x86)\SoftColorPhotoEQ
2013-03-26 05:53 - 2013-03-26 05:53 - 13077576 ____A (SoftColor Oy                                                ) C:\Users\Nicolas\Downloads\PhotoEQSetup.exe
2013-03-26 05:12 - 2013-03-26 05:12 - 00000715 ____A C:\Users\Public\Desktop\Müller Foto.lnk
2013-03-26 05:09 - 2013-03-26 05:09 - 01567824 ____A C:\Users\Nicolas\Downloads\setup_Mueller_Fotowelt.exe
2013-03-24 12:15 - 2013-02-09 08:09 - 01048628 ____A C:\Users\Nicolas\Documents\dubstäääähp.reason
2013-03-24 12:15 - 2013-01-07 03:05 - 00786484 ____A C:\Users\Nicolas\Documents\IP Ang.reason
2013-03-22 14:35 - 2012-12-20 08:33 - 01572916 ____A C:\Users\Nicolas\Documents\InfectedPonyz YOU MOTHERFUCKING RANDOM SHIT.reason
2013-03-20 09:54 - 2013-03-20 09:23 - 01048628 ____A C:\Users\Nicolas\Documents\Jonas Mix.reason
2013-03-20 03:40 - 2013-03-19 10:50 - 00009412 ____A C:\Users\Nicolas\Documents\aaall the links to print you own label on stuff.odt
2013-03-19 08:21 - 2013-03-19 08:21 - 00020128 ____A C:\Users\Nicolas\Documents\plpny.odt
2013-03-19 08:11 - 2013-02-27 09:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-03-19 07:55 - 2012-05-14 03:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-19 07:55 - 2012-05-14 03:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-03-19 07:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-03-19 07:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-03-19 07:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-03-19 07:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-03-18 07:45 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-03-17 05:42 - 2012-04-17 07:15 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\.minecraft
2013-03-15 06:00 - 2010-02-24 08:13 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-03-15 05:59 - 2009-09-04 06:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-03-12 12:35 - 2012-04-15 03:35 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-03-12 12:35 - 2011-08-09 03:23 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-03-12 11:37 - 2013-03-12 11:37 - 00016323 ____A C:\Users\Nicolas\Downloads\hs_err_pid4656.log

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 3932.88 MB
Available physical RAM: 3317.27 MB
Total Pagefile: 3931.02 MB
Available Pagefile: 3317.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (WINDOWS) (Fixed) (Total:149.04 GB) (Free:2.92 GB) NTFS
2 Drive e: (Data) (Fixed) (Total:148.65 GB) (Free:97.59 GB) NTFS
4 Drive g: (USB-HDD) (Fixed) (Total:931.51 GB) (Free:796.43 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          298 GB      0 B         
  Disk 1    Online          931 GB      0 B         

Partitions of Disk 0:
===============

Disk ID: C541C82A

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            400 MB  1024 KB
  Partition 2    Primary            149 GB   401 MB
  Partition 3    Primary            148 GB   149 GB

==================================================================================

Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     Y   SYSTEM       NTFS   Partition    400 MB  Healthy            

=========================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   WINDOWS      NTFS   Partition    149 GB  Healthy            

=========================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     E   Data         NTFS   Partition    148 GB  Healthy            

=========================================================

Partitions of Disk 1:
===============

Disk ID: 715D6887

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            931 GB    31 KB

==================================================================================

Disk: 1
Partition 1
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     G   USB-HDD      NTFS   Partition    931 GB  Healthy            

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: C541C82A

Partition 1:
=========
Hex: 80202100071E2B330008000000800C00
Active: YES
Type: 07 (NTFS)
Size: 400 MB

Partition 2:
=========
Hex: 001E2C3307FEFFFF00880C000070A112
Active: NO
Type: 07 (NTFS)
Size: 149 GB

Partition 3:
=========
Hex: 00FEFFFF07FEFFFF00F8AD1200F09412
Active: NO
Type: 07 (NTFS)
Size: 149 GB

==============================
Partitions of Disk 1:
===============
Disk ID: 715D6887

Partition 1:
=========
Hex: 0001010007FEFFFE3F00000082597074
Active: NO
Type: 07 (NTFS)
Size: 932 GB


Last Boot: 2013-02-15 03:54

==================== End Of Log =============================

ryder · 09.04.2013, 18:45

Okay andere Idee

Scan mit ZOEK

Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/

Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
Starte Zoek.exe mit einem Doppelklick.
Klicke auch auf "Options" und wähle die folgenden Optionen aus:
- Reset Hosts
Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)

Hat es das schon beseitigt?

ryder · 11.04.2013, 08:44

Hallo, benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

Leyanor · 11.04.2013, 17:05

Hmm, immernoch da...

Code:

ATTFilter

Zoek.exe Version 4.0.0.2 Updated 08-April-2013
Tool run by Nicolas on 11.04.2013 at 17:48:20.49.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results03.04.2013-2011.log	50988 bytes

After Reboot

==== Reset Hosts File ======================

Failed to Reset Hosts File

ryder · 11.04.2013, 17:24

Immer noch? Das ist echt seltsam.

Mal ganz was anderes. Prüfe doch mal ob es im abgesicherten Modus auch auftritt.

03.04.2013, 20:36	#17
ryder /// TB-Ausbilder	PC Performer Virus Installiere dir mal zum Spass Opera und schau ob es da auch passiert. __________________ __________________

05.04.2013, 17:39	#23
ryder /// TB-Ausbilder	PC Performer Virus entweder oder ... und dann werden wir die hosts entfernen bei zeiten. __________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM!

11.04.2013, 17:24	#30
ryder /// TB-Ausbilder	PC Performer Virus Immer noch? Das ist echt seltsam. Mal ganz was anderes. Prüfe doch mal ob es im abgesicherten Modus auch auftritt. __________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM!

PC Performer Virus

Plagegeister aller Art und deren Bekämpfung: PC Performer Virus