| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner seit gestern TR/Dropper.Gen + ADWARE/INstallCore.Gen7 wie entfernen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
28.08.2013, 08:59
| #1 | |||
 |  Trojaner seit gestern TR/Dropper.Gen + ADWARE/INstallCore.Gen7 wie entfernen? Huhu ihr lieben, gestern abend kam die Meldung von Avira dass sie die TR/Dropper gefunden hat und in Quarantäne gesteckt hat... Hab dann abends noch mal komplett prüfen lassen und da fand Avira noch dieses ADWARE und hat es in Quarantäne verschoben... nur wie werde ich es wieder los und wer weiss ob das wirklich alles war, denn dieses ADWARE dürfte schon ne ganze weile auf meinem lappi gewesen sein  und langsam und rum spinnen und hängen tut die Kiste auch ständig?!könnt ihr mir helfen? vlg ahso die Berichte falls die helfen... Zitat:
Zitat:
Zitat:
Geändert von Planschkuh (28.08.2013 um 09:05 Uhr) |
|
28.08.2013, 09:30
| #2 |
| /// the machine /// TB-Ausbilder    |  Trojaner seit gestern TR/Dropper.Gen + ADWARE/INstallCore.Gen7 wie entfernen? hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
28.08.2013, 10:55
| #3 |
| | Trojaner seit gestern TR/Dropper.Gen + ADWARE/INstallCore.Gen7 wie entfernen? So hab geladen und läuft jetzt, allerdings hab ich vorher dummerweise auf "download zip opener installer" geklickt und bekam direkt die nächsten Meldungen.
__________________Jetzt spinnt alles, google ist weg hab jetzt 2.delta-search.com mir jeder menge werbung ein "pc untilities pro" das mie anbietet 715 elemente zu säubern leutet mich auch an.. Könnt durchdrehen -- Berichte kommen jetzt wenn ich das hier noch irgendwie schaffe sollte  FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-08-2013
Ran by Martin (administrator) on 28-08-2013 11:19:48
Running from C:\Users\Martin\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
() C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
(ATK0100) C:\Program Files\ATK Hotkey\Hcontrol.exe
() C:\Program Files\ATK Hotkey\MsgTranAgt.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ASUS) C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\system32\inetsrv\inetinfo.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Windows\ASScrPro.exe
(Bandoo Media, inc) C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\system32\presentationsettings.exe
() C:\Users\Martin\Downloads\ZipOpenerSetup.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
() C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Google Inc.) C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\schtasks.exe
() C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Google Inc.) C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
(PC Utilities Pro) C:\Program Files\Optimizer Pro\OptimizerPro.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13543968 2008-06-26] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-06-26] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6265376 2008-08-13] (Realtek Semiconductor)
HKLM\...\Run: [ASUS Screen Saver Protector] - C:\Windows\ASScrPro.exe [33136 2008-11-26] ()
HKLM\...\Run: [DATAMNGR] - C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE [1890744 2012-09-02] (Bandoo Media, inc)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Runonce: [Del7481870] - cmd.exe /Q /D /c del "C:\Users\Martin\AppData\Local\Temp\0.del" [x]
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-27] (Google Inc.)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKCU\...\Run: [Optimizer Pro] - C:\Program Files\Optimizer Pro\OptProLauncher.exe [135672 2013-06-07] (PC Utilities Pro)
HKCU\...\Run: [NTRedirect] - C:\Users\Martin\AppData\Roaming\BabSolution\Shared\enhancedNT.dll [187888 2013-08-22] ()
HKCU\...\Runonce: [Del7481870] - cmd.exe /Q /D /c del "C:\Users\Martin\AppData\Local\Temp\0.del" [x]
MountPoints2: {90306881-3ba8-11e2-83a2-0023545c40a5} - F:\setuppro.exe /AUTORUN
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-21] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=DE&userid=99c2cf16-e8e8-4487-894d-fa34fda9fe4c&searchtype=ds&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=9A81002243623E7F&affID=119357&tsp=4988
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=DE&userid=99c2cf16-e8e8-4487-894d-fa34fda9fe4c&searchtype=ds&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=9A81002243623E7F&affID=119357&tsp=4988
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=DE&userid=99c2cf16-e8e8-4487-894d-fa34fda9fe4c&searchtype=ds&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=9A81002243623E7F&affID=119357&tsp=4988
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=DE&userid=99c2cf16-e8e8-4487-894d-fa34fda9fe4c&searchtype=ds&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=9A81002243623E7F&affID=119357&tsp=4988
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=B33674E62AB06214F0BD665064A35B2B&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
BHO: LyricXeeker - {097ecbf6-8ea7-4321-8b3f-33037c61b4f7} - C:\Program Files\LyriXeeker\130.dll (LyricXeeker)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WI9130~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com)
Handler: msdaipp - No CLSID Value -
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 31 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default
FF user.js: detected! => C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\user.js
FF SelectedSearchEngine: Search Results
FF Homepage: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=9A81002243623E7F&affID=119357&tsp=4988
FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=
FF NewTab: hxxp://www2.delta-search.com/?babsrc=NT_ss&mntrId=9A81002243623E7F&affID=119357&tsp=4988
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Martin\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Martin\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Martin\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
FF Extension: No Name - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\Extensions\ffxtlbr@babylon.com
FF Extension: Delta Toolbar - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\Extensions\ffxtlbr@delta.com
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\Extensions\ich@maltegoetz.de
FF Extension: No Name - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\Extensions\staged
FF Extension: Searchqu Toolbar - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\Extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
FF Extension: No Name - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF Extension: No Name - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
FF Extension: No Name - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKCU\...\Firefox\Extensions: [{60525b7e-56a2-4031-a4f4-35eb2c9dd4d8}] C:\Program Files\LyriXeeker\130.xpi
FF Extension: No Name - C:\Program Files\LyriXeeker\130.xpi
Chrome:
=======
CHR HomePage: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=9A81002243623E7F&affID=119357&tsp=4988
CHR RestoreOnStartup: "hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=9A81002243623E7F&affID=119357&tsp=4988"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Martin\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Martin\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Martin\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Google Update) - C:\Users\Martin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Anna Sui) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjohejgigkmiclpgnilojffhiohcglib\3_1
CHR Extension: (Google Search) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Delta Toolbar) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0
CHR Extension: (LyricXeeker) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\epojlgbehpaeekopencdagbdamnkppci\1.130_0
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Martin\AppData\Roaming\BabSolution\CR\Delta.crx
CHR HKLM\...\Chrome\Extension: [epojlgbehpaeekopencdagbdamnkppci] - C:\Program Files\LyriXeeker\130.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2838480 2013-08-13] ()
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2008-01-21] (Microsoft Corporation)
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
==================== Drivers (Whitelisted) ====================
R0 AsDsm; C:\Windows\System32\Drivers\AsDsm.sys [29752 2007-08-11] (Windows (R) Codename Longhorn DDK provider)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-08-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-08-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-08-07] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [247352 2008-01-21] (Microsoft Corporation)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15928 2008-06-03] ( )
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2008-05-29] (Windows (R) Codename Longhorn DDK provider)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-15] (ATK0100)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1772544 2008-05-13] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-07] (Avira GmbH)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-28 11:18 - 2013-08-28 11:18 - 01072975 _____ (Farbar) C:\Users\Martin\Downloads\FRST.exe
2013-08-28 11:14 - 2013-08-28 11:14 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Optimizer Pro
2013-08-28 11:11 - 2013-08-28 11:11 - 00000422 _____ C:\Windows\Tasks\At1.job
2013-08-28 11:11 - 2013-08-28 11:11 - 00000000 ____D C:\Users\Martin\AppData\Roaming\DSite
2013-08-28 11:10 - 2013-08-28 11:10 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-08-28 11:10 - 2013-08-28 11:10 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Delta
2013-08-28 11:10 - 2013-08-28 11:10 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-08-28 11:10 - 2013-08-28 11:10 - 00000000 ____D C:\Program Files\Delta
2013-08-28 11:09 - 2013-08-28 11:09 - 00000866 _____ C:\Users\Martin\Desktop\Optimizer Pro.lnk
2013-08-28 11:09 - 2013-08-28 11:09 - 00000000 ____D C:\Users\Martin\AppData\Roaming\BabSolution
2013-08-28 11:09 - 2013-08-28 11:09 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-08-28 11:08 - 2013-08-28 11:09 - 00000000 ____D C:\Program Files\LyriXeeker
2013-08-28 11:08 - 2013-08-28 11:08 - 00714816 _____ C:\Users\Martin\Downloads\ZipOpenerSetup.exe
2013-08-28 11:08 - 2013-08-28 11:08 - 00000910 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-08-28 11:08 - 2013-08-28 11:08 - 00000366 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-08-28 11:08 - 2013-08-28 11:08 - 00000000 ____D C:\Program Files\OpenIt
2013-08-28 09:10 - 2013-08-28 09:10 - 100771046 _____ C:\Windows\system32\ᑠ氘ᰴ¦
2013-08-27 20:20 - 2013-08-27 20:20 - 00001649 _____ C:\Users\Martin\Desktop\UseNeXT by Tangysoft.lnk
2013-08-26 21:13 - 2013-08-26 21:14 - 07255714 _____ C:\Users\Martin\Desktop\-24.08.13-.mp4
2013-08-26 21:10 - 2013-08-26 21:26 - 00000000 ____D C:\Users\Martin\AppData\Roaming\FreeVideoConverter
2013-08-26 21:10 - 2013-08-26 21:10 - 00000945 _____ C:\Users\Martin\Desktop\Free Video Converter.lnk
2013-08-26 21:10 - 2013-08-26 21:10 - 00000000 ____D C:\Program Files\Free Video Converter
2013-08-26 21:09 - 2013-08-26 21:09 - 03818372 _____ (Koyote Soft ) C:\Users\Martin\Downloads\FreeVideoConverter.exe
2013-08-19 12:01 - 2013-08-19 12:01 - 00370800 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-19 12:01 - 2013-08-19 12:01 - 00100432 _____ C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-19 12:00 - 2013-08-19 12:00 - 00000300 _____ C:\Windows\PFRO.log
2013-08-18 23:16 - 2013-08-18 23:16 - 00002722 _____ C:\Users\Martin\Documents\startup.txt
2013-08-18 23:06 - 2013-08-18 23:07 - 00056068 _____ C:\Users\Martin\Documents\cc_20130818_230652.reg
2013-08-18 23:02 - 2013-08-18 23:03 - 00000000 ____D C:\Users\Martin\AppData\Roaming\FreeCDRipper
2013-08-18 23:01 - 2013-08-18 23:01 - 00000839 _____ C:\Users\Martin\AppData\Local\recently-used.xbel
2013-08-18 20:02 - 2013-08-18 20:02 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-08-18 20:01 - 2013-08-18 20:01 - 00000000 ____D C:\Users\Martin\Documents\samsung
2013-08-15 11:28 - 2013-08-15 11:30 - 00000000 ____D C:\Users\Martin\AppData\Local\DownloadGuide
2013-08-15 11:28 - 2013-08-15 11:28 - 00444400 _____ C:\Users\Martin\Downloads\DLG_free-pdf-perfect_chip_de-DE10.exe
2013-08-15 10:29 - 2013-08-15 10:33 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 09:32 - 2013-08-14 09:32 - 00002937 _____ C:\Users\Martin\Downloads\20130814-1210228-umsatz.csv
2013-08-07 14:09 - 2013-08-07 14:09 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Avira
2013-08-07 14:03 - 2013-08-07 14:03 - 00001854 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-07 14:02 - 2013-08-20 10:39 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-07 14:02 - 2013-08-20 10:39 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-07 14:02 - 2013-08-07 14:02 - 00000000 ____D C:\ProgramData\Avira
2013-08-07 14:02 - 2013-08-07 14:02 - 00000000 ____D C:\Program Files\Avira
2013-08-07 14:02 - 2013-08-07 10:02 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-07 14:02 - 2013-08-07 10:02 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
==================== One Month Modified Files and Folders =======
2013-08-28 11:19 - 2013-08-28 11:19 - 00000000 ____D C:\FRST
2013-08-28 11:18 - 2013-08-28 11:18 - 01072975 _____ (Farbar) C:\Users\Martin\Downloads\FRST.exe
2013-08-28 11:14 - 2013-08-28 11:14 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Optimizer Pro
2013-08-28 11:11 - 2013-08-28 11:11 - 00000422 _____ C:\Windows\Tasks\At1.job
2013-08-28 11:11 - 2013-08-28 11:11 - 00000000 ____D C:\Users\Martin\AppData\Roaming\DSite
2013-08-28 11:10 - 2013-08-28 11:10 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-08-28 11:10 - 2013-08-28 11:10 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Delta
2013-08-28 11:10 - 2013-08-28 11:10 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-08-28 11:10 - 2013-08-28 11:10 - 00000000 ____D C:\Program Files\Delta
2013-08-28 11:09 - 2013-08-28 11:09 - 00000866 _____ C:\Users\Martin\Desktop\Optimizer Pro.lnk
2013-08-28 11:09 - 2013-08-28 11:09 - 00000000 ____D C:\Users\Martin\AppData\Roaming\BabSolution
2013-08-28 11:09 - 2013-08-28 11:09 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-08-28 11:09 - 2013-08-28 11:08 - 00000000 ____D C:\Program Files\LyriXeeker
2013-08-28 11:08 - 2013-08-28 11:08 - 00714816 _____ C:\Users\Martin\Downloads\ZipOpenerSetup.exe
2013-08-28 11:08 - 2013-08-28 11:08 - 00000910 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-08-28 11:08 - 2013-08-28 11:08 - 00000366 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-08-28 11:08 - 2013-08-28 11:08 - 00000000 ____D C:\Program Files\OpenIt
2013-08-28 11:05 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-28 11:05 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-28 11:03 - 2008-11-26 14:25 - 01366331 _____ C:\Windows\WindowsUpdate.log
2013-08-28 10:49 - 2012-09-27 22:23 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3686157349-1102587466-923897211-1000UA.job
2013-08-28 09:49 - 2012-09-27 22:23 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3686157349-1102587466-923897211-1000Core.job
2013-08-28 09:18 - 2006-11-02 12:33 - 01725988 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-28 09:10 - 2013-08-28 09:10 - 100771046 _____ C:\Windows\system32\ᑠ氘ᰴ¦
2013-08-28 09:09 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\inetsrv
2013-08-28 09:08 - 2009-01-12 21:59 - 00027934 _____ C:\ProgramData\nvModes.001
2013-08-28 09:07 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-28 02:18 - 2006-11-02 15:01 - 00032536 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-27 21:15 - 2012-04-09 10:19 - 00000000 ____D C:\Users\Martin\AppData\Roaming\UseNeXT
2013-08-27 21:05 - 2012-04-09 10:19 - 00000000 ____D C:\Users\Martin\Documents\UseNeXT
2013-08-27 20:38 - 2009-01-12 21:54 - 00029696 _____ C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-27 20:20 - 2013-08-27 20:20 - 00001649 _____ C:\Users\Martin\Desktop\UseNeXT by Tangysoft.lnk
2013-08-27 20:20 - 2012-04-09 10:19 - 00000000 ____D C:\Program Files\UseNeXT
2013-08-26 21:56 - 2012-03-14 00:10 - 00000000 ____D C:\Users\Martin\AppData\Roaming\vlc
2013-08-26 21:26 - 2013-08-26 21:10 - 00000000 ____D C:\Users\Martin\AppData\Roaming\FreeVideoConverter
2013-08-26 21:14 - 2013-08-26 21:13 - 07255714 _____ C:\Users\Martin\Desktop\-24.08.13-.mp4
2013-08-26 21:10 - 2013-08-26 21:10 - 00000945 _____ C:\Users\Martin\Desktop\Free Video Converter.lnk
2013-08-26 21:10 - 2013-08-26 21:10 - 00000000 ____D C:\Program Files\Free Video Converter
2013-08-26 21:09 - 2013-08-26 21:09 - 03818372 _____ (Koyote Soft ) C:\Users\Martin\Downloads\FreeVideoConverter.exe
2013-08-20 10:39 - 2013-08-07 14:02 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-20 10:39 - 2013-08-07 14:02 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-19 12:01 - 2013-08-19 12:01 - 00370800 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-19 12:01 - 2013-08-19 12:01 - 00100432 _____ C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-19 12:00 - 2013-08-19 12:00 - 00000300 _____ C:\Windows\PFRO.log
2013-08-18 23:16 - 2013-08-18 23:16 - 00002722 _____ C:\Users\Martin\Documents\startup.txt
2013-08-18 23:09 - 2012-10-11 12:26 - 00000000 ____D C:\Program Files\Free mp3 Wma Converter
2013-08-18 23:07 - 2013-08-18 23:06 - 00056068 _____ C:\Users\Martin\Documents\cc_20130818_230652.reg
2013-08-18 23:04 - 2012-12-01 22:40 - 00000000 ____D C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite
2013-08-18 23:03 - 2013-08-18 23:02 - 00000000 ____D C:\Users\Martin\AppData\Roaming\FreeCDRipper
2013-08-18 23:01 - 2013-08-18 23:01 - 00000839 _____ C:\Users\Martin\AppData\Local\recently-used.xbel
2013-08-18 23:01 - 2012-10-29 22:33 - 00000000 ____D C:\Users\Martin\.gimp-2.8
2013-08-18 20:02 - 2013-08-18 20:02 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-08-18 20:01 - 2013-08-18 20:01 - 00000000 ____D C:\Users\Martin\Documents\samsung
2013-08-15 17:55 - 2009-01-12 21:59 - 00027934 _____ C:\ProgramData\nvModes.dat
2013-08-15 12:51 - 2012-04-23 21:43 - 00000000 ____D C:\Users\Martin\Documents\Briefwechsel
2013-08-15 11:30 - 2013-08-15 11:28 - 00000000 ____D C:\Users\Martin\AppData\Local\DownloadGuide
2013-08-15 11:28 - 2013-08-15 11:28 - 00444400 _____ C:\Users\Martin\Downloads\DLG_free-pdf-perfect_chip_de-DE10.exe
2013-08-15 10:33 - 2013-08-15 10:29 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 10:29 - 2008-11-26 14:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-15 10:29 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-14 09:32 - 2013-08-14 09:32 - 00002937 _____ C:\Users\Martin\Downloads\20130814-1210228-umsatz.csv
2013-08-07 14:09 - 2013-08-07 14:09 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Avira
2013-08-07 14:03 - 2013-08-07 14:03 - 00001854 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-07 14:02 - 2013-08-07 14:02 - 00000000 ____D C:\ProgramData\Avira
2013-08-07 14:02 - 2013-08-07 14:02 - 00000000 ____D C:\Program Files\Avira
2013-08-07 10:02 - 2013-08-07 14:02 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-07 10:02 - 2013-08-07 14:02 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-08-01 21:56 - 2012-09-27 22:24 - 00002054 _____ C:\Users\Martin\Desktop\Google Chrome.lnk
Files to move or delete:
====================
C:\ProgramData\nvModes.dat
C:\Users\Martin\AppData\Local\Temp\scoped_dir_3824_16394\CRX_INSTALL\np_dvs_plugin.dll
C:\Users\Martin\AppData\Local\Temp\nsqADBF.tmp\Time.dll
C:\Users\Martin\AppData\Local\Temp\nskAFC1.tmp\Time.dll
C:\Users\Martin\AppData\Local\Temp\nsk85B5.tmp\Time.dll
C:\Users\Martin\AppData\Local\Temp\is357113909\7279102_Setup.EXE
C:\Users\Martin\AppData\Local\Temp\is357113909\7279254_Setup.EXE
C:\Users\Martin\AppData\Local\Temp\is357113909\DeltaTB.exe
C:\Users\Martin\AppData\Local\Temp\is357113909\OpenItSetup.exe
C:\Users\Martin\AppData\Local\Temp\is357113909\OptimizerPro.exe
C:\Users\Martin\AppData\Local\Temp\is357113909\uninstaller.exe
C:\Users\Martin\AppData\Local\Temp\is357113909\wajam_validate.exe
C:\Users\Martin\AppData\Local\Temp\F2C762B0-BAB0-7891-AC38-43F05DEDA32C\IECookieLow.dll
C:\Users\Martin\AppData\Local\Temp\F2C762B0-BAB0-7891-AC38-43F05DEDA32C\Latest\BabMaint.exe
C:\Users\Martin\AppData\Local\Temp\F2C762B0-BAB0-7891-AC38-43F05DEDA32C\Latest\BExternal.dll
C:\Users\Martin\AppData\Local\Temp\F2C762B0-BAB0-7891-AC38-43F05DEDA32C\Latest\BUSolForMontiera.dll
C:\Users\Martin\AppData\Local\Temp\F2C762B0-BAB0-7891-AC38-43F05DEDA32C\Latest\BUSolution.dll
C:\Users\Martin\AppData\Local\Temp\F2C762B0-BAB0-7891-AC38-43F05DEDA32C\Latest\ccp.exe
C:\Users\Martin\AppData\Local\Temp\F2C762B0-BAB0-7891-AC38-43F05DEDA32C\Latest\ChromeToolbarSetup.dll
C:\Users\Martin\AppData\Local\Temp\F2C762B0-BAB0-7891-AC38-43F05DEDA32C\Latest\CrxInstaller.dll
C:\Users\Martin\AppData\Local\Temp\F2C762B0-BAB0-7891-AC38-43F05DEDA32C\Latest\enhancedNT.dll
C:\Users\Martin\AppData\Local\Temp\F2C762B0-BAB0-7891-AC38-43F05DEDA32C\Latest\GUninstaller.exe
C:\Users\Martin\AppData\Local\Temp\F2C762B0-BAB0-7891-AC38-43F05DEDA32C\Latest\IECookieLow.dll
C:\Users\Martin\AppData\Local\Temp\F2C762B0-BAB0-7891-AC38-43F05DEDA32C\Latest\IEHelper.dll
C:\Users\Martin\AppData\Local\Temp\F2C762B0-BAB0-7891-AC38-43F05DEDA32C\Latest\MntrDLLInstall.dll
C:\Users\Martin\AppData\Local\Temp\F2C762B0-BAB0-7891-AC38-43F05DEDA32C\Latest\MyDeltaTB.exe
C:\Users\Martin\AppData\Local\Temp\F2C762B0-BAB0-7891-AC38-43F05DEDA32C\Latest\Setup.exe
C:\Users\Martin\AppData\Local\Temp\F2C762B0-BAB0-7891-AC38-43F05DEDA32C\Latest\sqlite3.dll
C:\Users\Martin\AppData\Local\Temp\ca375fc7-d737-4df1-8fbc-54d014282d8d\CliSecureRT.dll
C:\Windows\Tasks\At1.job
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-28 09:14
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- Speichert der die berixhte, wenn ja Wo finde ich denn den zweiten Bericht? ! Musste die kiste neustarten da nix mehr ging Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-08-2013
Ran by Martin at 2013-08-28 11:29:19
Running from C:\Users\Martin\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system (Version: 12.0.6612.1000)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.278)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Reader X (10.1.6) - Deutsch (Version: 10.1.6)
Agere Systems HDA Modem
ASUS CopyProtect (Version: 1.0.0007)
ASUS Data Security Manager (Version: 1.00.0006)
ASUS LifeFrame3 (Version: 3.0.8)
ASUS Live Update (Version: 2.5.6)
ASUS Power4Gear eXtreme (Version: 1.0.18)
ASUS SmartLogon (Version: 1.0.0005)
ASUS Splendid Video Enhancement Technology (Version: 1.02.0021)
Asus_Camera_ScreenSaver (Version: 2.0.0007)
Atheros Client Installation Program (Version: 7.0)
ATK Generic Function Service (Version: 1.00.0008)
ATK Hotkey (Version: 1.00.0034)
ATK Media (Version: 2.0.0000)
ATKOSD2 (Version: 6.64.1.8)
Avira Free Antivirus (Version: 13.0.0.4045)
BrowserDefender
CCleaner (Version: 3.16)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
CyberLink LabelPrint (Version: 2.0.2908)
CyberLink Power2Go (Version: 6.0.1924)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Delta Chrome Toolbar
Delta toolbar (Version: 1.8.24.6)
Dropbox (HKCU Version: 2.0.22)
Express Gate (Version: 0.8.3.0)
Free MP4 Video Converter version 5.0.21.1212 (Version: 5.0.21.1212)
Free Video Converter V 3.1 (Version: 3.1.0.0)
Free Video Dub version 2.0.16.1212 (Version: 2.0.16.1212)
Free YouTube to MP3 Converter version 3.11.34.1015 (Version: 3.11.34.1015)
GIMP 2.8.2 (Version: 2.8.2)
Google Chrome (HKCU Version: 28.0.1500.95)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 31 (Version: 6.0.310)
K-Lite Codec Pack 8.4.0 (Basic) (Version: 8.4.0)
LightScribe System Software 1.14.17.1 (Version: 1.14.17.1)
LyricXeeker
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel 2007 Help - Aggiornamento (KB963678)
Microsoft Office Excel MUI (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook 2007 Help - Aggiornamento (KB963677)
Microsoft Office Outlook MUI (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669)
Microsoft Office PowerPoint MUI (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Arabic) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (Dutch) 2007 (Version: 12.0.4518.1017)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word 2007 Help - Aggiornamento (KB963665)
Microsoft Office Word MUI (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mise à jour Microsoft Office Excel 2007 Help (KB963678)
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
Mise à jour Microsoft Office Word 2007 Help (KB963665)
Mozilla Firefox 18.0.1 (x86 de) (Version: 18.0.1)
Mozilla Maintenance Service (Version: 18.0.1)
MyFreeCodec
NB Probe
NVIDIA Drivers
Open It! (Version: 1.1.1)
Optimizer Pro v3.1 (Version: 3.1)
Paint.NET v3.5.10 (Version: 3.60.0)
PDFCreator (Version: 1.6.2)
Picasa 3 (Version: 3.8)
Realtek High Definition Audio Driver (Version: 6.0.1.5683)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (Version: 3.52.02)
Samsung Kies (Version: 2.5.1.12123_2)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 10.1.8.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Zip Opener
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
USB2.0 UVC 1.3M WebCam
UseNeXT by Tangysoft
VLC classic (Version: 1.14)
VLC media player 2.0.1 (Version: 2.0.1)
Windows Searchqu Toolbar (Version: 4.1.0.3114)
WinFlash
Wireless Console 2 (Version: 2.0.10)
==================== Restore Points =========================
21-07-2013 07:54:31 Windows Update
25-07-2013 07:27:04 Windows Update
25-07-2013 07:35:16 Windows Update
26-07-2013 10:25:14 Windows Update
28-07-2013 19:38:24 Windows Update
29-07-2013 22:06:23 Geplanter Prüfpunkt
30-07-2013 17:21:53 Windows Update
02-08-2013 17:27:53 Windows Update
06-08-2013 11:26:44 Windows Update
15-08-2013 08:19:59 Windows Update
18-08-2013 15:57:42 Geplanter Prüfpunkt
20-08-2013 12:18:27 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1810BAD1-4D05-4521-9C1B-F67766B86E1D} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {22913B5C-CF63-4C26-BEFB-2EF3ECAF68E6} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2008-01-21] (Microsoft Corporation)
Task: {2CCE19A9-F2EC-4ADC-BB58-7811C627528F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3686157349-1102587466-923897211-1000UA => C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-27] (Google Inc.)
Task: {2D4774CF-1D45-45B5-BBB6-6D8F032A84C2} - System32\Tasks\ASUS Live Update => C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {2FDBDC47-7148-49DB-9D32-32E6A003C996} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => C:\Windows\System32\ndfapi.dll [2008-01-21] (Microsoft Corporation)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3B101957-6350-425A-981D-F1B30A2E5703} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3686157349-1102587466-923897211-1000Core => C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-27] (Google Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {59686E1F-0EF0-4932-88CD-F1E6AAF4C2A4} - System32\Tasks\LyricXeeker Update => C:\Program Files\LyriXeeker\LyriXupdate.exe [2013-08-27] ()
Task: {6EBB761D-AEAD-4C16-B138-F2E8CF1534CA} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Martin => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-21] (Microsoft Corporation)
Task: {838562BD-CE2A-42F3-BD90-420A67D4A2E3} - System32\Tasks\BrowserDefendert => C:\Windows\system32\sc.exe [2006-11-02] (Microsoft Corporation)
Task: {8D7573A5-7380-4A1B-879A-FC331DFBBCC4} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files\ASUS\SmartLogon\sensorsrv.exe [2008-06-18] (ASUS)
Task: {983E98FE-F12B-4F0D-8970-98D836D6CFE5} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.)
Task: {A1868F64-ED08-49A9-9F86-F62ED855AFFD} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\System32\srrstr.dll [2008-01-21] (Microsoft Corporation)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\pla.dll [2008-01-21] (Microsoft Corporation)
Task: {D99D992E-6017-48EE-8D35-D38B70BD682C} - System32\Tasks\At1 => C:\Users\Martin\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE [2013-08-28] ()
Task: {E4CCA03B-0621-48FF-BC50-4BDE9459C0F7} - System32\Tasks\EPUpdater => C:\Users\Martin\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-08-04] ()
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F8D6E476-24FE-4649-A4D7-985706B29128} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => C:\Windows\System32\ndfapi.dll [2008-01-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\At1.job => C:\Users\Martin\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3686157349-1102587466-923897211-1000Core.job => C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3686157349-1102587466-923897211-1000UA.job => C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\LyricXeeker Update.job => C:\Program Files\LyriXeeker\LyriXupdate.exe
==================== Alternate Data Streams (whitelisted) ==========
AlternateDataStreams: C:\Users\Martin\Desktop\pia tanzt ganjam style.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Martin\Desktop\pia tanzt ganjam style_cut.mp4:TOC.WMV
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/28/2013 09:09:11 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/28/2013 09:07:46 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel 0x4549b0e1, fehlerhaftes Modul NVSVC.DLL, Version 7.15.11.7605, Zeitstempel 0x4862977c, Ausnahmecode 0xc0000005, Fehleroffset 0x00002c3b,
Prozess-ID 0x58c, Anwendungsstartzeit rundll32.exe0.
Error: (08/27/2013 07:54:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/26/2013 09:56:01 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung vlc.exe, Version 2.0.1.0, Zeitstempel 0x4f63d546, fehlerhaftes Modul vlc.exe, Version 2.0.1.0, Zeitstempel 0x4f63d546, Ausnahmecode 0xc0000005, Fehleroffset 0x000016d5,
Prozess-ID 0xee4, Anwendungsstartzeit vlc.exe0.
Error: (08/26/2013 09:33:31 PM) (Source: Application Hang) (User: )
Description: Programm FreeVideoConverter.exe, Version 3.1.0.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 1104
Anfangszeit: 01cea292160079b6
Zeitpunkt der Beendigung: 51
Error: (08/26/2013 08:18:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/25/2013 09:11:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/25/2013 09:09:39 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel 0x4549b0e1, fehlerhaftes Modul NVSVC.DLL, Version 7.15.11.7605, Zeitstempel 0x4862977c, Ausnahmecode 0xc0000005, Fehleroffset 0x00002c3b,
Prozess-ID 0x590, Anwendungsstartzeit rundll32.exe0.
Error: (08/21/2013 08:57:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/21/2013 09:13:35 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (08/28/2013 09:10:47 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (08/28/2013 09:07:42 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos
Error: (08/28/2013 09:07:27 AM) (Source: volmgr) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.
Error: (08/28/2013 09:07:14 AM) (Source: volmgr) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.
Error: (08/27/2013 07:57:20 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (08/27/2013 07:53:13 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos
Error: (08/27/2013 07:52:59 PM) (Source: volmgr) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.
Error: (08/27/2013 07:52:46 PM) (Source: volmgr) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.
Error: (08/26/2013 08:26:19 PM) (Source: WPDMTPDriver) (User: )
Description: MTP WPD Driver0x8007001f
Error: (08/26/2013 08:19:34 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-08-28 11:24:57.975
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-28 11:24:57.592
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-28 11:24:57.212
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-28 11:24:56.832
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-28 11:24:50.691
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-28 11:24:50.322
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-28 11:24:49.950
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-28 11:24:49.578
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-01 22:37:11.558
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-01 22:37:11.356
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
|
|
28.08.2013, 16:42
| #4 | |
| /// the machine /// TB-Ausbilder | Trojaner seit gestern TR/Dropper.Gen + ADWARE/INstallCore.Gen7 wie entfernen?Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.08.2013, 18:03
| #5 |
| | Trojaner seit gestern TR/Dropper.Gen + ADWARE/INstallCore.Gen7 wie entfernen? hatte zwar Avira aus, jedoch kam zu Beginn als Combofix anfing dass Avira irgendwas in der Registry geblockt hat. Ich hoffe das trotzdem alles geklappt hat. ansonsten müsste mir vlt jamand erklären wie man AVira komplett aus bekommt Code:
ATTFilter ComboFix 13-08-28.02 - Martin 28.08.2013 18:14:35.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3070.1920 [GMT 2:00]
ausgeführt von:: c:\users\Martin\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\ASPG_icon.ico
c:\program files\Delta\delta\1.8.24.6\bh\delta.dll
c:\program files\Delta\delta\1.8.24.6\deltaApp.dll
c:\program files\Delta\delta\1.8.24.6\deltaEng.dll
c:\program files\Delta\delta\1.8.24.6\deltasrv.exe
c:\program files\Delta\delta\1.8.24.6\deltaTlbr.dll
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\program files\Windows Searchqu Toolbar
c:\program files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\css\new-tab.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_amazon.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_ebay.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_facebook.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_fantastigames.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_ftalk.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_youtube.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\IDR_WEBSTORE_ICON.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\imesh_logo_128.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\imesh_logo_128.png__
c:\program files\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\new-tab.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\analytics.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\constant.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\default-config - Copy.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\default-config.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\jquery.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\localStorage.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\new-tab.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\preferences.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ChromeExtension\manifest.json
c:\program files\Windows Searchqu Toolbar\Datamngr\ChromeExtension\OurLocalPage.html
c:\program files\Windows Searchqu Toolbar\Datamngr\datamngr.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
c:\program files\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest.alt
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF12.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF13.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF14.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF15.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\DnsBHO.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Error404BHO.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\NewTabBHO.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\RelatedSearch.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\RequestPreserver.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\SearchBHO.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\SettingManager.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf
c:\program files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\installhelper.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_amazon.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_games.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\manifest.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe
c:\program files\Windows Searchqu Toolbar\sysid.ini
c:\program files\Windows Searchqu Toolbar\uninstall.exe
c:\programdata\BrowserDefender
c:\programdata\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl
c:\programdata\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll
c:\programdata\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
c:\programdata\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings
c:\programdata\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\dm
c:\programdata\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\00
c:\programdata\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\01
c:\programdata\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\02
c:\programdata\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\03
c:\programdata\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\10
c:\programdata\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\11
c:\programdata\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\12
c:\programdata\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\13
c:\programdata\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\20
c:\programdata\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\21
c:\programdata\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\22
c:\programdata\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\23
c:\programdata\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BrowserDefendert
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-28 bis 2013-08-28 ))))))))))))))))))))))))))))))
.
.
2013-08-28 09:28 . 2013-08-28 09:28 -------- d-----w- c:\users\Martin\AppData\Local\avgchrome
2013-08-28 09:19 . 2013-08-28 09:19 -------- d-----w- C:\FRST
2013-08-28 09:14 . 2013-08-28 09:14 -------- d-----w- c:\users\Martin\AppData\Roaming\Optimizer Pro
2013-08-28 09:11 . 2013-08-28 09:11 -------- d-----w- c:\users\Martin\AppData\Roaming\DSite
2013-08-28 09:10 . 2013-08-28 09:10 -------- d-----w- c:\program files\Delta
2013-08-28 09:10 . 2013-08-28 09:10 -------- d-----w- c:\users\Martin\AppData\Roaming\Delta
2013-08-28 09:09 . 2013-08-28 09:09 -------- d-----w- c:\users\Martin\AppData\Roaming\BabSolution
2013-08-28 09:09 . 2013-08-28 09:09 -------- d-----w- c:\program files\Optimizer Pro
2013-08-28 09:08 . 2013-08-28 09:09 -------- d-----w- c:\program files\LyriXeeker
2013-08-28 09:08 . 2013-08-28 09:08 -------- d-----w- c:\program files\OpenIt
2013-08-26 19:10 . 2013-08-26 19:26 -------- d-----w- c:\users\Martin\AppData\Roaming\FreeVideoConverter
2013-08-26 19:10 . 2013-08-26 19:10 -------- d-----w- c:\program files\Free Video Converter
2013-08-18 21:02 . 2013-08-18 21:03 -------- d-----w- c:\users\Martin\AppData\Roaming\FreeCDRipper
2013-08-15 09:28 . 2013-08-15 09:30 -------- d-----w- c:\users\Martin\AppData\Local\DownloadGuide
2013-08-15 08:29 . 2013-08-15 08:33 -------- d-----w- c:\windows\system32\MRT
2013-08-07 12:09 . 2013-08-07 12:09 -------- d-----w- c:\users\Martin\AppData\Roaming\Avira
2013-08-07 12:02 . 2013-08-20 08:39 88840 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-08-07 12:02 . 2013-08-20 08:39 136672 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-08-07 12:02 . 2013-08-07 08:02 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-08-07 12:02 . 2013-08-07 12:02 -------- d-----w- c:\programdata\Avira
2013-08-07 12:02 . 2013-08-07 12:02 -------- d-----w- c:\program files\Avira
2013-08-06 11:27 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CCDBB0A8-9892-4C4A-9962-0D9EBE470D49}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-28 16:45 . 2008-11-26 14:59 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-07-01 08:49 . 2013-07-01 08:49 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-01 08:49 . 2013-06-02 08:55 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-01 08:49 . 2012-02-12 20:10 789416 ----a-w- c:\windows\system32\deployJava1.dll
2008-07-02 03:28 . 2008-07-02 03:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2013-05-17 04:53 . 2012-03-01 21:10 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{097ecbf6-8ea7-4321-8b3f-33037c61b4f7}]
2013-08-27 13:04 145408 ----a-w- c:\program files\LyriXeeker\130.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-26 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-26 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-11-26 33136]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-08-20 347192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2008-06-25 03:01 159744 ----a-w- c:\program files\ASUS\ATK Media\DMedia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2008-01-23 23:34 7766016 ----a-w- c:\program files\ATKOSD2\ATKOSD2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
2008-01-12 06:40 98304 ----a-w- c:\program files\ATK Hotkey\HControlUser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-06 10:12 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3686157349-1102587466-923897211-1000Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-27 20:23]
.
2013-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3686157349-1102587466-923897211-1000UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-27 20:23]
.
2013-08-28 c:\windows\Tasks\LyricXeeker Update.job
- c:\program files\LyriXeeker\LyriXupdate.exe [2013-08-27 13:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=9A81002243623E7F&affID=119357&tsp=4988
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uSearchAssistant = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=DE&userid=99c2cf16-e8e8-4487-894d-fa34fda9fe4c&searchtype=ds&q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=9A81002243623E7F&affID=119357&tsp=4988
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=
FF - ExtSQL: 2013-08-28 11:08; {60525b7e-56a2-4031-a4f4-35eb2c9dd4d8}; c:\program files\LyriXeeker\130.xpi
FF - ExtSQL: 2013-08-28 11:11; ffxtlbr@delta.com; c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\extensions\ffxtlbr@delta.com
FF - ExtSQL: !HIDDEN! 2012-10-11 12:26; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 9a81a2b1000000000000002243623e7f
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15945
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.611:10
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119357&tsp=4988
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
HKLM-Run-DATAMNGR - c:\progra~1\WI9130~1\Datamngr\DATAMN~1.EXE
MSConfigStartUp-ChkMail - c:\program files\ChkMail\ChkMail\ChkMail.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
AddRemove-Searchqu Toolbar - c:\program files\Windows Searchqu Toolbar\uninstall.exe
AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\programdata\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-08-28 18:47
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
C:\ADSM_PData_0150
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1160)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\windows\system32\rundll32.exe
c:\program files\ASUS\SmartLogon\smartlogon.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\system32\presentationsettings.exe
c:\windows\System32\ACEngSvr.exe
c:\windows\system32\presentationsettings.exe
c:\windows\system32\presentationsettings.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-08-28 18:54:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-08-28 16:54
.
Vor Suchlauf: 7 Verzeichnis(se), 42.769.793.024 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 42.434.240.512 Bytes frei
.
- - End Of File - - 82228D681B738E5C6B8D3E089E138E4C
64B1E91C5C6C2157642651010728F90F
"LogonUI.exe - Ungültiges Bild" "smartlogon.exe - Ungültiges Bild" und einige andere. Hab Fotos davon gemacht, braucht ihr die? Dann lade ich sie hoch. |
|
28.08.2013, 18:25
| #6 |
| | Trojaner seit gestern TR/Dropper.Gen + ADWARE/INstallCore.Gen7 wie entfernen? nach einem weiteren Neustart bekomme ich jetzt immer diese Meldung von Avira (siehe Anhang). Ich hab nichts weiter gemacht außer Neustart und Firefox gestartet und auf diese Seite hier. was ist das alles und woher kommt es auf einmal?!  |
|
29.08.2013, 04:15
| #7 |
| /// the machine /// TB-Ausbilder | Trojaner seit gestern TR/Dropper.Gen + ADWARE/INstallCore.Gen7 wie entfernen? Avira findet was was Combofix schon lange in Quarantäne gesteckt hat  Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.08.2013, 10:21
| #8 |
| | Trojaner seit gestern TR/Dropper.Gen + ADWARE/INstallCore.Gen7 wie entfernen?Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.29.03 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 Martin :: MANDYRINKAEFER [Administrator] Schutz: Aktiviert 29.08.2013 09:04:46 mbam-log-2013-08-29 (09-04-46).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 213087 Laufzeit: 11 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 19 HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7} (PUP.Optional.SearchQu) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{097ecbf6-8ea7-4321-8b3f-33037c61b4f7} (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{097ECBF6-8EA7-4321-8B3F-33037C61B4F7} (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{dc838290-68de-4339-910f-550a4480feaf} (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{bd54a493-a329-4f12-9e7d-13aa27699fb3} (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92bbb980-50f0-4b30-acfc-3c7567703447} (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\SearchQUIEHelper.DNSGuard (PUP.Optional.SearchQu) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\SearchQUIEHelper.DNSGuard.1 (PUP.Optional.SearchQu) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 4 HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Daten: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=9A81002243623E7F&affID=119357&tsp=4988 -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Daten: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0L1N1H2O1S -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 3 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=9A81002243623E7F&affID=119357&tsp=4988) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=DE&userid=99c2cf16-e8e8-4487-894d-fa34fda9fe4c&searchtype=ds&q={searchTerms}) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=DE&userid=99c2cf16-e8e8-4487-894d-fa34fda9fe4c&searchtype=ds&q={searchTerms}) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 14 C:\Users\Martin\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Optimizer Pro (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\LyriXeeker (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Martin\AppData\Roaming\Delta (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Cache (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Martin\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Martin\AppData\Roaming\BabSolution\CR (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Martin\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Delta\delta\1.8.24.6 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Delta\delta\1.8.24.6\bh (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Martin\AppData\Local\Smartbar (PUP.Optional.SmartBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Martin\AppData\Local\Smartbar\Application (PUP.Optional.SmartBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 57 C:\Users\Martin\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Martin\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Martin\Downloads\CodecPack.exe (PUP.Optional.Installcore) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Martin\Downloads\ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Martin\Downloads\7ZipSetup.exe (PUP.Optional.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Martin\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Optimizer Pro\OptimizerPro.chm (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Optimizer Pro\file_id.diz (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Optimizer Pro\German.ini (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Optimizer Pro\HomePage.url (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Optimizer Pro\OptimizerPro.exe (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Optimizer Pro\OptProGuard.exe (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Optimizer Pro\OptProLauncher.exe (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Optimizer Pro\OptProReminder.exe (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Optimizer Pro\OptProSchedule.exe (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Optimizer Pro\OptProSmartScan.exe (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Optimizer Pro\OptProStart.exe (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Optimizer Pro\OptProUninstaller.exe (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Optimizer Pro\scan.gif (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Optimizer Pro\sqlite3.dll (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Optimizer Pro\unins000.dat (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Optimizer Pro\unins000.exe (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Optimizer Pro\unins000.msg (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\LyriXeeker\chrome.manifest (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\LyriXeeker\00.crx (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\LyriXeeker\00.xpi (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\LyriXeeker\01.crx (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\LyriXeeker\01.xpi (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\LyriXeeker\02.crx (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\LyriXeeker\02.xpi (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\LyriXeeker\130.crx (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\LyriXeeker\130.dat (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\LyriXeeker\130.dll (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\LyriXeeker\130.xpi (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\LyriXeeker\crx.dat (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\LyriXeeker\crx.db (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\LyriXeeker\LyriXupdate.exe (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\LyriXeeker\sqlite3.dll (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\LyriXeeker\Uninstall.exe (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\LyriXeeker\xpi.dat (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\LyriXeeker\xpi.db (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Tasks\LyricXeeker Update.job (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Martin\AppData\Roaming\Delta\sqlite3.dll (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Martin\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} (PUP.Optional.Searchqu.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.dat (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.ico (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setup.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Martin\AppData\Roaming\BabSolution\CR\Delta.crx (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Martin\AppData\Roaming\BabSolution\Shared\chu.js (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Martin\AppData\Roaming\BabSolution\Shared\Delta.ico (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Martin\AppData\Roaming\BabSolution\Shared\enhancedNT.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Martin\AppData\Roaming\BabSolution\Shared\GUninstaller.exe (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Martin\AppData\Roaming\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Martin\AppData\Roaming\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Delta\delta\1.8.24.6\uninstall.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende)  werd jetzt die nächsten laufen lassen. wenn der Schirm bei AVira zu ist, ist es dann komplett aus?! also reicht das, oder muss ich da noch ne ander einstellung vornehmen ? Code:
ATTFilter # AdwCleaner v3.001 - Report created 29/08/2013 at 09:59:18
# Updated 24/08/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Username : Martin - MANDYRINKAEFER
# Running from : C:\Users\Martin\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro
Folder Deleted : C:\Program Files\delta
Folder Deleted : C:\Program Files\openit
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Users\Martin\AppData\Local\DownloadGuide
Folder Deleted : C:\Users\Martin\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Martin\AppData\Roaming\DSite
Folder Deleted : C:\Users\Martin\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Martin\AppData\Roaming\optimizer pro
Folder Deleted : C:\Users\Martin\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Folder Deleted : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\Searchqutoolbar
Folder Deleted : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\Extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Folder Deleted : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Folder Deleted : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\Extensions\ffxtlbr@delta.com
Folder Deleted : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
File Deleted : C:\Program Files\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\Users\Public\Desktop\Babylon.lnk
File Deleted : C:\Users\Public\Desktop\Open It!.lnk
File Deleted : C:\Users\Martin\Desktop\Optimizer Pro.lnk
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml
File Deleted : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\searchplugins\Web Search.xml
File Deleted : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\bprotector_prefs.js
File Deleted : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\foxydeal.sqlite
File Deleted : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\user.js
File Deleted : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Windows\System32\Tasks\BrowserDefendert
File Deleted : C:\Windows\System32\Tasks\EPUpdater
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BBF4F97-3DCD-483C-921A-9A10D9ACFD4D}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BBF4F97-3DCD-483C-921A-9A10D9ACFD4D}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4CCA03B-0621-48FF-BC50-4BDE9459C0F7}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4CCA03B-0621-48FF-BC50-4BDE9459C0F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\5257d6d8e53ebe40
Key Deleted : HKLM\SOFTWARE\5257d6d8e53ebe40
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\Software\lyrixeeker
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
***** [ Browsers ] *****
-\\ Internet Explorer v7.0.6001.18639
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Mozilla Firefox v22.0 (de)
[ File : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\prefs.js ]
Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Deleted : user_pref("browser.newtab.url", "hxxp://www2.delta-search.com/?babsrc=NT_ss&mntrId=9A81002243623E7F&affID=119357&tsp=4988");
Line Deleted : user_pref("browser.search.defaultenginename", "Search Results");
Line Deleted : user_pref("browser.search.order.1", "Search Results");
Line Deleted : user_pref("browser.search.selectedEngine", "Search Results");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=9A81002243623E7F&affID=119357&tsp=4988");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=17350&babsrc=NT_ss&mntrId=9a81a2b1000000000000002243623e7f");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.bbDpng", "29");
Line Deleted : user_pref("extensions.delta.cntry", "DE");
Line Deleted : user_pref("extensions.delta.dfltLng", "de");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.hdrMd5", "AAA396F4B0A4EA320BE22B8B322E082C");
Line Deleted : user_pref("extensions.delta.id", "9a81a2b1000000000000002243623e7f");
Line Deleted : user_pref("extensions.delta.instlDay", "15945");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.lastVrsnTs", "1.8.24.611:10:27");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.sg", "azb");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.611:10:27");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4988");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("extensions.enabledAddons", "ffxtlbr%40delta.com:1.5.0,ich%40maltegoetz.de:1.5.2,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0");
Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\W[...]
Line Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=");
-\\ Google Chrome v
[ File : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : keyword
Deleted : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [14110 octets] - [29/08/2013 09:55:39]
AdwCleaner[S0].txt - [14158 octets] - [29/08/2013 09:59:18]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14219 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.5 (08.28.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Martin on 29.08.2013 at 10:20:41,11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully deleted [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\bProtectTabs
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Martin\appdata\local\blekkotb_031"
Successfully deleted: [Folder] "C:\Program Files\free video converter"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!"
Successfully deleted: [Empty Folder] C:\Users\Martin\appdata\local\{A37D03E0-A91C-4D70-8330-6F89DA312628}
~~~ FireFox
Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\abud8oh4.default\minidumps [7 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Martin\appdata\local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Successfully deleted: [Folder] C:\Users\Martin\appdata\local\Google\Chrome\User Data\Default\Extensions\epojlgbehpaeekopencdagbdamnkppci
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\epojlgbehpaeekopencdagbdamnkppci
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.08.2013 at 10:29:28,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-08-2013
Ran by Martin (administrator) on 29-08-2013 10:53:28
Running from C:\Users\Martin\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\smartlogon.exe
() C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files\ATK Hotkey\ASLDRSrv.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
() C:\Program Files\ASUS\ASUS Live Update\ALU.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
(ATK0100) C:\Program Files\ATK Hotkey\Hcontrol.exe
() C:\Program Files\ATK Hotkey\MsgTranAgt.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ASUS) C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Windows\system32\presentationsettings.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Windows\ASScrPro.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\system32\inetsrv\inetinfo.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Thisisu) C:\Users\Martin\Downloads\JRT(1).exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Martin\Downloads\FRST(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13543968 2008-06-26] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-06-26] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6265376 2008-08-13] (Realtek Semiconductor)
HKLM\...\Run: [ASUS Screen Saver Protector] - C:\Windows\ASScrPro.exe [33136 2008-11-26] ()
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-20] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-21] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-21] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: msdaipp - No CLSID Value -
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 31 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Martin\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Martin\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\Extensions\ich@maltegoetz.de
FF Extension: Adblock Plus - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF Extension: No Name - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKCU\...\Firefox\Extensions: [{60525b7e-56a2-4031-a4f4-35eb2c9dd4d8}] C:\Program Files\LyriXeeker\130.xpi
Chrome:
=======
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Anna Sui) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjohejgigkmiclpgnilojffhiohcglib\3_1
CHR Extension: (Google Search) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR StartMenuInternet: Google Chrome - C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2008-01-21] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
==================== Drivers (Whitelisted) ====================
R0 AsDsm; C:\Windows\System32\Drivers\AsDsm.sys [29752 2007-08-11] (Windows (R) Codename Longhorn DDK provider)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-08-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-08-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-08-07] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [247352 2008-01-21] (Microsoft Corporation)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15928 2008-06-03] ( )
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2008-05-29] (Windows (R) Codename Longhorn DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-15] (ATK0100)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1772544 2008-05-13] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-07] (Avira GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-29 10:29 - 2013-08-29 10:29 - 00002017 _____ C:\Users\Martin\Desktop\JRT.txt
2013-08-29 10:20 - 2013-08-29 10:20 - 00000000 ____D C:\Windows\ERUNT
2013-08-29 10:17 - 2013-08-29 10:17 - 01023533 _____ (Thisisu) C:\Users\Martin\Downloads\JRT(1).exe
2013-08-29 10:13 - 2013-08-29 10:13 - 01023533 _____ (Thisisu) C:\Users\Martin\Downloads\JRT.exe
2013-08-29 09:54 - 2013-08-29 09:59 - 00000000 ____D C:\AdwCleaner
2013-08-29 09:54 - 2013-08-29 09:54 - 00994642 _____ C:\Users\Martin\Downloads\adwcleaner.exe
2013-08-29 08:58 - 2013-08-29 08:58 - 00000913 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-29 08:58 - 2013-08-29 08:58 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Malwarebytes
2013-08-29 08:58 - 2013-08-29 08:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 08:58 - 2013-08-29 08:58 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-29 08:58 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-29 08:56 - 2013-08-29 08:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-28 19:20 - 2013-08-29 10:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-28 18:54 - 2013-08-28 18:54 - 00070189 _____ C:\ComboFix.txt
2013-08-28 18:10 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-28 18:10 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-28 18:10 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-28 18:10 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-28 18:10 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-28 18:10 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-28 18:10 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-28 18:10 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-28 18:09 - 2013-08-28 18:55 - 00000000 ____D C:\Qoobox
2013-08-28 18:08 - 2013-08-28 18:50 - 00000000 ____D C:\Windows\erdnt
2013-08-28 18:06 - 2013-08-28 18:06 - 05114728 ____R (Swearware) C:\Users\Martin\Downloads\ComboFix.exe
2013-08-28 11:29 - 2013-08-28 11:30 - 00025801 _____ C:\Users\Martin\Downloads\Addition.txt
2013-08-28 11:28 - 2013-08-28 11:28 - 00000000 ____D C:\Users\Martin\AppData\Local\avgchrome
2013-08-28 11:19 - 2013-08-28 11:19 - 00000000 ____D C:\FRST
2013-08-28 11:18 - 2013-08-28 11:18 - 01072975 _____ (Farbar) C:\Users\Martin\Downloads\FRST.exe
2013-08-27 20:20 - 2013-08-27 20:20 - 00001649 _____ C:\Users\Martin\Desktop\UseNeXT by Tangysoft.lnk
2013-08-26 21:13 - 2013-08-26 21:14 - 07255714 _____ C:\Users\Martin\Desktop\-24.08.13-.mp4
2013-08-26 21:10 - 2013-08-26 21:26 - 00000000 ____D C:\Users\Martin\AppData\Roaming\FreeVideoConverter
2013-08-26 21:10 - 2013-08-26 21:10 - 00000945 _____ C:\Users\Martin\Desktop\Free Video Converter.lnk
2013-08-26 21:09 - 2013-08-26 21:09 - 03818372 _____ (Koyote Soft ) C:\Users\Martin\Downloads\FreeVideoConverter.exe
2013-08-19 12:01 - 2013-08-19 12:01 - 00370800 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-19 12:01 - 2013-08-19 12:01 - 00100432 _____ C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-19 12:00 - 2013-08-29 09:42 - 00017678 _____ C:\Windows\PFRO.log
2013-08-18 23:16 - 2013-08-18 23:16 - 00002722 _____ C:\Users\Martin\Documents\startup.txt
2013-08-18 23:06 - 2013-08-18 23:07 - 00056068 _____ C:\Users\Martin\Documents\cc_20130818_230652.reg
2013-08-18 23:02 - 2013-08-18 23:03 - 00000000 ____D C:\Users\Martin\AppData\Roaming\FreeCDRipper
2013-08-18 23:01 - 2013-08-18 23:01 - 00000839 _____ C:\Users\Martin\AppData\Local\recently-used.xbel
2013-08-18 20:02 - 2013-08-18 20:02 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-08-18 20:01 - 2013-08-18 20:01 - 00000000 ____D C:\Users\Martin\Documents\samsung
2013-08-15 11:28 - 2013-08-15 11:28 - 00444400 _____ C:\Users\Martin\Downloads\DLG_free-pdf-perfect_chip_de-DE10.exe
2013-08-15 10:29 - 2013-08-15 10:33 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 09:32 - 2013-08-14 09:32 - 00002937 _____ C:\Users\Martin\Downloads\20130814-1210228-umsatz.csv
2013-08-07 14:09 - 2013-08-07 14:09 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Avira
2013-08-07 14:03 - 2013-08-07 14:03 - 00001854 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-07 14:02 - 2013-08-20 10:39 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-07 14:02 - 2013-08-20 10:39 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-07 14:02 - 2013-08-07 14:02 - 00000000 ____D C:\ProgramData\Avira
2013-08-07 14:02 - 2013-08-07 14:02 - 00000000 ____D C:\Program Files\Avira
2013-08-07 14:02 - 2013-08-07 10:02 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-07 14:02 - 2013-08-07 10:02 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
==================== One Month Modified Files and Folders =======
2013-08-29 10:52 - 2013-08-29 10:52 - 01072975 _____ (Farbar) C:\Users\Martin\Downloads\FRST(1).exe
2013-08-29 10:49 - 2012-09-27 22:23 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3686157349-1102587466-923897211-1000UA.job
2013-08-29 10:43 - 2013-08-28 19:20 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-29 10:29 - 2013-08-29 10:29 - 00002017 _____ C:\Users\Martin\Desktop\JRT.txt
2013-08-29 10:20 - 2013-08-29 10:20 - 00000000 ____D C:\Windows\ERUNT
2013-08-29 10:17 - 2013-08-29 10:17 - 01023533 _____ (Thisisu) C:\Users\Martin\Downloads\JRT(1).exe
2013-08-29 10:13 - 2013-08-29 10:13 - 01023533 _____ (Thisisu) C:\Users\Martin\Downloads\JRT.exe
2013-08-29 10:10 - 2008-11-26 14:25 - 01485212 _____ C:\Windows\WindowsUpdate.log
2013-08-29 10:03 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\inetsrv
2013-08-29 10:01 - 2009-01-12 21:59 - 00027934 _____ C:\ProgramData\nvModes.001
2013-08-29 10:01 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-29 10:01 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-29 10:01 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 10:00 - 2006-11-02 15:01 - 00032536 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-29 09:59 - 2013-08-29 09:54 - 00000000 ____D C:\AdwCleaner
2013-08-29 09:54 - 2013-08-29 09:54 - 00994642 _____ C:\Users\Martin\Downloads\adwcleaner.exe
2013-08-29 09:49 - 2012-09-27 22:23 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3686157349-1102587466-923897211-1000Core.job
2013-08-29 09:43 - 2008-11-26 16:59 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-08-29 09:42 - 2013-08-19 12:00 - 00017678 _____ C:\Windows\PFRO.log
2013-08-29 09:42 - 2013-05-17 06:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-29 08:58 - 2013-08-29 08:58 - 00000913 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-29 08:58 - 2013-08-29 08:58 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Malwarebytes
2013-08-29 08:58 - 2013-08-29 08:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 08:58 - 2013-08-29 08:58 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-29 08:56 - 2013-08-29 08:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-28 18:55 - 2013-08-28 18:09 - 00000000 ____D C:\Qoobox
2013-08-28 18:55 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-08-28 18:55 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-08-28 18:54 - 2013-08-28 18:54 - 00070189 _____ C:\ComboFix.txt
2013-08-28 18:50 - 2013-08-28 18:08 - 00000000 ____D C:\Windows\erdnt
2013-08-28 18:46 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-08-28 18:43 - 2006-11-02 12:22 - 44564480 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-08-28 18:43 - 2006-11-02 12:22 - 40370176 _____ C:\Windows\system32\config\COMPON~1.bak
2013-08-28 18:43 - 2006-11-02 12:22 - 18612224 _____ C:\Windows\system32\config\SYSTEM.bak
2013-08-28 18:43 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-08-28 18:43 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-08-28 18:43 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2013-08-28 18:06 - 2013-08-28 18:06 - 05114728 ____R (Swearware) C:\Users\Martin\Downloads\ComboFix.exe
2013-08-28 11:30 - 2013-08-28 11:29 - 00025801 _____ C:\Users\Martin\Downloads\Addition.txt
2013-08-28 11:28 - 2013-08-28 11:28 - 00000000 ____D C:\Users\Martin\AppData\Local\avgchrome
2013-08-28 11:19 - 2013-08-28 11:19 - 00000000 ____D C:\FRST
2013-08-28 11:18 - 2013-08-28 11:18 - 01072975 _____ (Farbar) C:\Users\Martin\Downloads\FRST.exe
2013-08-28 09:18 - 2006-11-02 12:33 - 01725988 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-27 21:15 - 2012-04-09 10:19 - 00000000 ____D C:\Users\Martin\AppData\Roaming\UseNeXT
2013-08-27 21:05 - 2012-04-09 10:19 - 00000000 ____D C:\Users\Martin\Documents\UseNeXT
2013-08-27 20:38 - 2009-01-12 21:54 - 00029696 _____ C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-27 20:20 - 2013-08-27 20:20 - 00001649 _____ C:\Users\Martin\Desktop\UseNeXT by Tangysoft.lnk
2013-08-27 20:20 - 2012-04-09 10:19 - 00000000 ____D C:\Program Files\UseNeXT
2013-08-26 21:56 - 2012-03-14 00:10 - 00000000 ____D C:\Users\Martin\AppData\Roaming\vlc
2013-08-26 21:26 - 2013-08-26 21:10 - 00000000 ____D C:\Users\Martin\AppData\Roaming\FreeVideoConverter
2013-08-26 21:14 - 2013-08-26 21:13 - 07255714 _____ C:\Users\Martin\Desktop\-24.08.13-.mp4
2013-08-26 21:10 - 2013-08-26 21:10 - 00000945 _____ C:\Users\Martin\Desktop\Free Video Converter.lnk
2013-08-26 21:09 - 2013-08-26 21:09 - 03818372 _____ (Koyote Soft ) C:\Users\Martin\Downloads\FreeVideoConverter.exe
2013-08-20 10:39 - 2013-08-07 14:02 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-20 10:39 - 2013-08-07 14:02 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-19 12:01 - 2013-08-19 12:01 - 00370800 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-19 12:01 - 2013-08-19 12:01 - 00100432 _____ C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-18 23:16 - 2013-08-18 23:16 - 00002722 _____ C:\Users\Martin\Documents\startup.txt
2013-08-18 23:09 - 2012-10-11 12:26 - 00000000 ____D C:\Program Files\Free mp3 Wma Converter
2013-08-18 23:07 - 2013-08-18 23:06 - 00056068 _____ C:\Users\Martin\Documents\cc_20130818_230652.reg
2013-08-18 23:04 - 2012-12-01 22:40 - 00000000 ____D C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite
2013-08-18 23:03 - 2013-08-18 23:02 - 00000000 ____D C:\Users\Martin\AppData\Roaming\FreeCDRipper
2013-08-18 23:01 - 2013-08-18 23:01 - 00000839 _____ C:\Users\Martin\AppData\Local\recently-used.xbel
2013-08-18 23:01 - 2012-10-29 22:33 - 00000000 ____D C:\Users\Martin\.gimp-2.8
2013-08-18 20:02 - 2013-08-18 20:02 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-08-18 20:01 - 2013-08-18 20:01 - 00000000 ____D C:\Users\Martin\Documents\samsung
2013-08-15 17:55 - 2009-01-12 21:59 - 00027934 _____ C:\ProgramData\nvModes.dat
2013-08-15 12:51 - 2012-04-23 21:43 - 00000000 ____D C:\Users\Martin\Documents\Briefwechsel
2013-08-15 11:28 - 2013-08-15 11:28 - 00444400 _____ C:\Users\Martin\Downloads\DLG_free-pdf-perfect_chip_de-DE10.exe
2013-08-15 10:33 - 2013-08-15 10:29 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 10:29 - 2008-11-26 14:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-15 10:29 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-14 09:32 - 2013-08-14 09:32 - 00002937 _____ C:\Users\Martin\Downloads\20130814-1210228-umsatz.csv
2013-08-07 14:09 - 2013-08-07 14:09 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Avira
2013-08-07 14:03 - 2013-08-07 14:03 - 00001854 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-07 14:02 - 2013-08-07 14:02 - 00000000 ____D C:\ProgramData\Avira
2013-08-07 14:02 - 2013-08-07 14:02 - 00000000 ____D C:\Program Files\Avira
2013-08-07 10:02 - 2013-08-07 14:02 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-07 10:02 - 2013-08-07 14:02 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-08-01 21:56 - 2012-09-27 22:24 - 00002054 _____ C:\Users\Martin\Desktop\Google Chrome.lnk
Files to move or delete:
====================
C:\ProgramData\nvModes.dat
C:\Users\Martin\AppData\Local\Temp\Quarantine.exe
C:\Users\Martin\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-29 10:13
==================== End Of Log ============================
--- --- --- Fertig  Geändert von Planschkuh (29.08.2013 um 09:12 Uhr) |
|
29.08.2013, 11:06
| #9 |
| /// the machine /// TB-Ausbilder | Trojaner seit gestern TR/Dropper.Gen + ADWARE/INstallCore.Gen7 wie entfernen?ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.08.2013, 18:48
| #10 |
| | Trojaner seit gestern TR/Dropper.Gen + ADWARE/INstallCore.Gen7 wie entfernen?Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=05e722c4ba77e34ebd212c98f25883c5
# engine=14944
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-29 05:08:27
# local_time=2013-08-29 07:08:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1799 16775165 100 95 8295 148467412 1043 0
# compatibility_mode=5892 16776574 100 100 2007634 215328835 0 0
# scanned=126205
# found=0
# cleaned=0
# scan_time=7138
Code:
ATTFilter Results of screen317's Security Check version 0.99.72 Windows Vista Service Pack 1 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 7 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 CCleaner Java(TM) 6 Update 31 Java 7 Update 25 Adobe Flash Player 11.5.502.146 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox (23.0.1) Google Chrome 28.0.1500.72 Google Chrome 28.0.1500.95 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-08-2013
Ran by Martin (administrator) on 29-08-2013 19:59:00
Running from C:\Users\Martin\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\smartlogon.exe
() C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\ASUS\ASUS Live Update\ALU.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(ATK0100) C:\Program Files\ATK Hotkey\Hcontrol.exe
() C:\Program Files\ATK Hotkey\MsgTranAgt.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ASUS) C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
(Microsoft Corporation) C:\Windows\system32\inetsrv\inetinfo.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\system32\presentationsettings.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Windows\ASScrPro.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Farbar) C:\Users\Martin\Downloads\FRST(2).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13543968 2008-06-26] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-06-26] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6265376 2008-08-13] (Realtek Semiconductor)
HKLM\...\Run: [ASUS Screen Saver Protector] - C:\Windows\ASScrPro.exe [33136 2008-11-26] ()
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-20] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-21] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: msdaipp - No CLSID Value -
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 31 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Martin\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Martin\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\Extensions\ich@maltegoetz.de
FF Extension: Adblock Plus - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF Extension: No Name - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\abud8oh4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKCU\...\Firefox\Extensions: [{60525b7e-56a2-4031-a4f4-35eb2c9dd4d8}] C:\Program Files\LyriXeeker\130.xpi
Chrome:
=======
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Anna Sui) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjohejgigkmiclpgnilojffhiohcglib\3_1
CHR Extension: (Google Search) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR StartMenuInternet: Google Chrome - C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2008-01-21] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
==================== Drivers (Whitelisted) ====================
R0 AsDsm; C:\Windows\System32\Drivers\AsDsm.sys [29752 2007-08-11] (Windows (R) Codename Longhorn DDK provider)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-08-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-08-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-08-07] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [247352 2008-01-21] (Microsoft Corporation)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15928 2008-06-03] ( )
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2008-05-29] (Windows (R) Codename Longhorn DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-15] (ATK0100)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1772544 2008-05-13] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-07] (Avira GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-29 19:50 - 2013-08-29 19:50 - 00891115 _____ C:\Users\Martin\Downloads\SecurityCheck.exe
2013-08-29 17:06 - 2013-08-29 17:06 - 00000000 ____D C:\Program Files\ESET
2013-08-29 17:05 - 2013-08-29 17:05 - 02347384 _____ (ESET) C:\Users\Martin\Downloads\esetsmartinstaller_enu.exe
2013-08-29 16:50 - 2013-08-29 16:50 - 94605346 _____ C:\Windows\system32\萼ᰔ”
2013-08-29 11:10 - 2013-08-29 11:10 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-29 10:52 - 2013-08-29 10:52 - 01072975 _____ (Farbar) C:\Users\Martin\Downloads\FRST(1).exe
2013-08-29 10:29 - 2013-08-29 10:29 - 00002017 _____ C:\Users\Martin\Desktop\JRT.txt
2013-08-29 10:20 - 2013-08-29 10:20 - 00000000 ____D C:\Windows\ERUNT
2013-08-29 10:17 - 2013-08-29 10:17 - 01023533 _____ (Thisisu) C:\Users\Martin\Downloads\JRT(1).exe
2013-08-29 10:13 - 2013-08-29 10:13 - 01023533 _____ (Thisisu) C:\Users\Martin\Downloads\JRT.exe
2013-08-29 09:54 - 2013-08-29 09:59 - 00000000 ____D C:\AdwCleaner
2013-08-29 09:54 - 2013-08-29 09:54 - 00994642 _____ C:\Users\Martin\Downloads\adwcleaner.exe
2013-08-29 08:58 - 2013-08-29 08:58 - 00000913 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-29 08:58 - 2013-08-29 08:58 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Malwarebytes
2013-08-29 08:58 - 2013-08-29 08:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 08:58 - 2013-08-29 08:58 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-29 08:58 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-29 08:56 - 2013-08-29 08:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-28 18:54 - 2013-08-28 18:54 - 00070189 _____ C:\ComboFix.txt
2013-08-28 18:10 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-28 18:10 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-28 18:10 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-28 18:10 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-28 18:10 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-28 18:10 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-28 18:10 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-28 18:10 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-28 18:09 - 2013-08-28 18:55 - 00000000 ____D C:\Qoobox
2013-08-28 18:08 - 2013-08-28 18:50 - 00000000 ____D C:\Windows\erdnt
2013-08-28 18:06 - 2013-08-28 18:06 - 05114728 ____R (Swearware) C:\Users\Martin\Downloads\ComboFix.exe
2013-08-28 11:29 - 2013-08-28 11:30 - 00025801 _____ C:\Users\Martin\Downloads\Addition.txt
2013-08-28 11:28 - 2013-08-28 11:28 - 00000000 ____D C:\Users\Martin\AppData\Local\avgchrome
2013-08-28 11:19 - 2013-08-28 11:19 - 00000000 ____D C:\FRST
2013-08-28 11:18 - 2013-08-28 11:18 - 01072975 _____ (Farbar) C:\Users\Martin\Downloads\FRST.exe
2013-08-27 20:20 - 2013-08-27 20:20 - 00001649 _____ C:\Users\Martin\Desktop\UseNeXT by Tangysoft.lnk
2013-08-26 21:13 - 2013-08-26 21:14 - 07255714 _____ C:\Users\Martin\Desktop\-24.08.13-.mp4
2013-08-26 21:10 - 2013-08-26 21:26 - 00000000 ____D C:\Users\Martin\AppData\Roaming\FreeVideoConverter
2013-08-26 21:10 - 2013-08-26 21:10 - 00000945 _____ C:\Users\Martin\Desktop\Free Video Converter.lnk
2013-08-26 21:09 - 2013-08-26 21:09 - 03818372 _____ (Koyote Soft ) C:\Users\Martin\Downloads\FreeVideoConverter.exe
2013-08-19 12:01 - 2013-08-19 12:01 - 00370800 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-19 12:01 - 2013-08-19 12:01 - 00100432 _____ C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-19 12:00 - 2013-08-29 09:42 - 00017678 _____ C:\Windows\PFRO.log
2013-08-18 23:16 - 2013-08-18 23:16 - 00002722 _____ C:\Users\Martin\Documents\startup.txt
2013-08-18 23:06 - 2013-08-18 23:07 - 00056068 _____ C:\Users\Martin\Documents\cc_20130818_230652.reg
2013-08-18 23:02 - 2013-08-18 23:03 - 00000000 ____D C:\Users\Martin\AppData\Roaming\FreeCDRipper
2013-08-18 23:01 - 2013-08-18 23:01 - 00000839 _____ C:\Users\Martin\AppData\Local\recently-used.xbel
2013-08-18 20:02 - 2013-08-18 20:02 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-08-18 20:01 - 2013-08-18 20:01 - 00000000 ____D C:\Users\Martin\Documents\samsung
2013-08-15 11:28 - 2013-08-15 11:28 - 00444400 _____ C:\Users\Martin\Downloads\DLG_free-pdf-perfect_chip_de-DE10.exe
2013-08-15 10:29 - 2013-08-15 10:33 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 09:32 - 2013-08-14 09:32 - 00002937 _____ C:\Users\Martin\Downloads\20130814-1210228-umsatz.csv
2013-08-07 14:09 - 2013-08-07 14:09 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Avira
2013-08-07 14:03 - 2013-08-07 14:03 - 00001854 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-07 14:02 - 2013-08-20 10:39 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-07 14:02 - 2013-08-20 10:39 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-07 14:02 - 2013-08-07 14:02 - 00000000 ____D C:\ProgramData\Avira
2013-08-07 14:02 - 2013-08-07 14:02 - 00000000 ____D C:\Program Files\Avira
2013-08-07 14:02 - 2013-08-07 10:02 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-07 14:02 - 2013-08-07 10:02 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
==================== One Month Modified Files and Folders =======
2013-08-29 19:58 - 2013-08-29 19:58 - 01072975 _____ (Farbar) C:\Users\Martin\Downloads\FRST(2).exe
2013-08-29 19:56 - 2008-11-26 14:25 - 01526769 _____ C:\Windows\WindowsUpdate.log
2013-08-29 19:50 - 2013-08-29 19:50 - 00891115 _____ C:\Users\Martin\Downloads\SecurityCheck.exe
2013-08-29 19:49 - 2012-09-27 22:23 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3686157349-1102587466-923897211-1000UA.job
2013-08-29 18:47 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-29 18:47 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 17:26 - 2006-11-02 12:33 - 01725988 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-29 17:06 - 2013-08-29 17:06 - 00000000 ____D C:\Program Files\ESET
2013-08-29 17:05 - 2013-08-29 17:05 - 02347384 _____ (ESET) C:\Users\Martin\Downloads\esetsmartinstaller_enu.exe
2013-08-29 16:55 - 2013-05-17 06:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-29 16:50 - 2013-08-29 16:50 - 94605346 _____ C:\Windows\system32\萼ᰔ”
2013-08-29 16:49 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\inetsrv
2013-08-29 16:47 - 2009-01-12 21:59 - 00027934 _____ C:\ProgramData\nvModes.001
2013-08-29 16:47 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-29 12:29 - 2006-11-02 15:01 - 00032536 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-29 11:10 - 2013-08-29 11:10 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-29 10:52 - 2013-08-29 10:52 - 01072975 _____ (Farbar) C:\Users\Martin\Downloads\FRST(1).exe
2013-08-29 10:29 - 2013-08-29 10:29 - 00002017 _____ C:\Users\Martin\Desktop\JRT.txt
2013-08-29 10:20 - 2013-08-29 10:20 - 00000000 ____D C:\Windows\ERUNT
2013-08-29 10:17 - 2013-08-29 10:17 - 01023533 _____ (Thisisu) C:\Users\Martin\Downloads\JRT(1).exe
2013-08-29 10:13 - 2013-08-29 10:13 - 01023533 _____ (Thisisu) C:\Users\Martin\Downloads\JRT.exe
2013-08-29 09:59 - 2013-08-29 09:54 - 00000000 ____D C:\AdwCleaner
2013-08-29 09:54 - 2013-08-29 09:54 - 00994642 _____ C:\Users\Martin\Downloads\adwcleaner.exe
2013-08-29 09:49 - 2012-09-27 22:23 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3686157349-1102587466-923897211-1000Core.job
2013-08-29 09:43 - 2008-11-26 16:59 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-08-29 09:42 - 2013-08-19 12:00 - 00017678 _____ C:\Windows\PFRO.log
2013-08-29 08:58 - 2013-08-29 08:58 - 00000913 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-29 08:58 - 2013-08-29 08:58 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Malwarebytes
2013-08-29 08:58 - 2013-08-29 08:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 08:58 - 2013-08-29 08:58 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-29 08:56 - 2013-08-29 08:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-28 18:55 - 2013-08-28 18:09 - 00000000 ____D C:\Qoobox
2013-08-28 18:55 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-08-28 18:55 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-08-28 18:54 - 2013-08-28 18:54 - 00070189 _____ C:\ComboFix.txt
2013-08-28 18:50 - 2013-08-28 18:08 - 00000000 ____D C:\Windows\erdnt
2013-08-28 18:46 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-08-28 18:43 - 2006-11-02 12:22 - 44564480 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-08-28 18:43 - 2006-11-02 12:22 - 40370176 _____ C:\Windows\system32\config\COMPON~1.bak
2013-08-28 18:43 - 2006-11-02 12:22 - 18612224 _____ C:\Windows\system32\config\SYSTEM.bak
2013-08-28 18:43 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-08-28 18:43 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-08-28 18:43 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2013-08-28 18:06 - 2013-08-28 18:06 - 05114728 ____R (Swearware) C:\Users\Martin\Downloads\ComboFix.exe
2013-08-28 11:30 - 2013-08-28 11:29 - 00025801 _____ C:\Users\Martin\Downloads\Addition.txt
2013-08-28 11:28 - 2013-08-28 11:28 - 00000000 ____D C:\Users\Martin\AppData\Local\avgchrome
2013-08-28 11:19 - 2013-08-28 11:19 - 00000000 ____D C:\FRST
2013-08-28 11:18 - 2013-08-28 11:18 - 01072975 _____ (Farbar) C:\Users\Martin\Downloads\FRST.exe
2013-08-27 21:15 - 2012-04-09 10:19 - 00000000 ____D C:\Users\Martin\AppData\Roaming\UseNeXT
2013-08-27 21:05 - 2012-04-09 10:19 - 00000000 ____D C:\Users\Martin\Documents\UseNeXT
2013-08-27 20:38 - 2009-01-12 21:54 - 00029696 _____ C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-27 20:20 - 2013-08-27 20:20 - 00001649 _____ C:\Users\Martin\Desktop\UseNeXT by Tangysoft.lnk
2013-08-27 20:20 - 2012-04-09 10:19 - 00000000 ____D C:\Program Files\UseNeXT
2013-08-26 21:56 - 2012-03-14 00:10 - 00000000 ____D C:\Users\Martin\AppData\Roaming\vlc
2013-08-26 21:26 - 2013-08-26 21:10 - 00000000 ____D C:\Users\Martin\AppData\Roaming\FreeVideoConverter
2013-08-26 21:14 - 2013-08-26 21:13 - 07255714 _____ C:\Users\Martin\Desktop\-24.08.13-.mp4
2013-08-26 21:10 - 2013-08-26 21:10 - 00000945 _____ C:\Users\Martin\Desktop\Free Video Converter.lnk
2013-08-26 21:09 - 2013-08-26 21:09 - 03818372 _____ (Koyote Soft ) C:\Users\Martin\Downloads\FreeVideoConverter.exe
2013-08-20 10:39 - 2013-08-07 14:02 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-20 10:39 - 2013-08-07 14:02 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-19 12:01 - 2013-08-19 12:01 - 00370800 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-19 12:01 - 2013-08-19 12:01 - 00100432 _____ C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-18 23:16 - 2013-08-18 23:16 - 00002722 _____ C:\Users\Martin\Documents\startup.txt
2013-08-18 23:09 - 2012-10-11 12:26 - 00000000 ____D C:\Program Files\Free mp3 Wma Converter
2013-08-18 23:07 - 2013-08-18 23:06 - 00056068 _____ C:\Users\Martin\Documents\cc_20130818_230652.reg
2013-08-18 23:04 - 2012-12-01 22:40 - 00000000 ____D C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite
2013-08-18 23:03 - 2013-08-18 23:02 - 00000000 ____D C:\Users\Martin\AppData\Roaming\FreeCDRipper
2013-08-18 23:01 - 2013-08-18 23:01 - 00000839 _____ C:\Users\Martin\AppData\Local\recently-used.xbel
2013-08-18 23:01 - 2012-10-29 22:33 - 00000000 ____D C:\Users\Martin\.gimp-2.8
2013-08-18 20:02 - 2013-08-18 20:02 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-08-18 20:01 - 2013-08-18 20:01 - 00000000 ____D C:\Users\Martin\Documents\samsung
2013-08-15 17:55 - 2009-01-12 21:59 - 00027934 _____ C:\ProgramData\nvModes.dat
2013-08-15 12:51 - 2012-04-23 21:43 - 00000000 ____D C:\Users\Martin\Documents\Briefwechsel
2013-08-15 11:28 - 2013-08-15 11:28 - 00444400 _____ C:\Users\Martin\Downloads\DLG_free-pdf-perfect_chip_de-DE10.exe
2013-08-15 10:33 - 2013-08-15 10:29 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 10:29 - 2008-11-26 14:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-15 10:29 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-14 09:32 - 2013-08-14 09:32 - 00002937 _____ C:\Users\Martin\Downloads\20130814-1210228-umsatz.csv
2013-08-07 14:09 - 2013-08-07 14:09 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Avira
2013-08-07 14:03 - 2013-08-07 14:03 - 00001854 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-07 14:02 - 2013-08-07 14:02 - 00000000 ____D C:\ProgramData\Avira
2013-08-07 14:02 - 2013-08-07 14:02 - 00000000 ____D C:\Program Files\Avira
2013-08-07 10:02 - 2013-08-07 14:02 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-07 10:02 - 2013-08-07 14:02 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-08-01 21:56 - 2012-09-27 22:24 - 00002054 _____ C:\Users\Martin\Desktop\Google Chrome.lnk
Files to move or delete:
====================
C:\ProgramData\nvModes.dat
C:\Users\Martin\AppData\Local\Temp\Quarantine.exe
C:\Users\Martin\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-29 16:56
==================== End Of Log ============================
--- --- --- alles wieder ok mit meinem baby ?!  laufen tut er zumindest wieder wie neu ^^kannst du mir vlt noch sagen woran das liegt, dass mein Desktop mal angezeigt wird und manchmal nach dem hochfahren nur der leere Hintergrund zu sehen ist?! ahso und welche programme ich mir besorgen kann/sollte (am besten umsonst?!.. -.- ) um meinem laptop n ordentlichen schutz zu bieten, auf den mach sich auch verlassen kann, avira hat hier ja nicht wirklich viel ferngehalten.  lg Geändert von Planschkuh (29.08.2013 um 19:08 Uhr) |
|
30.08.2013, 07:19
| #11 | |
| /// the machine /// TB-Ausbilder | Trojaner seit gestern TR/Dropper.Gen + ADWARE/INstallCore.Gen7 wie entfernen? Avira runter, Avast drauf. Zitat:
Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Trojaner seit gestern TR/Dropper.Gen + ADWARE/INstallCore.Gen7 wie entfernen? |
| adware/installcore.gen7, entfernen, pup.bprotector, pup.optional.babsolution.a, pup.optional.babylon.a, pup.optional.datamngr, pup.optional.delta, pup.optional.delta.a, pup.optional.installcore, pup.optional.installcore.a, pup.optional.lyrixeeker, pup.optional.optimizerpro, pup.optional.searchqu, pup.optional.searchqu.a, pup.optional.smartbar.a, pup.optional.snapdo, pup.optional.somoto, pup.optional.startpage, pup.optional.tarma.a, quarantäne, tr/dropper, tr/dropper.gen, trojaner, wie entfernen, wie entfernen? |
Hybrid-Darstellung
