Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   TR/HideExec.A auf Win7 Laptop. Bitte um Hilfe (https://www.trojaner-board.de/136256-tr-hideexec-a-win7-laptop-bitte-um-hilfe.html)

markusg 12.06.2013 11:08
seit wann geht das Gerät nich mehr online?
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
versuch mal die internet verbindung zu reparieren.

browni85 23.06.2013 23:17
Hi,
Internetverbindung steht wieder. Wie solls weitergehen? Hoffe es gibt noch Hoffnung

markusg 04.07.2013 13:31
hi neues otl log bitte

browni85 05.07.2013 21:33
Hi, hier das neue OTL Log
Code:
OTL logfile created on: 05.07.2013 18:30:44 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Sven\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 61,13% Memory free
3,98 Gb Paging File | 2,90 Gb Available in Paging File | 72,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 18,73 Gb Free Space | 18,73% Space Free | Partition Type: NTFS
Drive D: | 117,87 Gb Total Space | 61,53 Gb Free Space | 52,21% Space Free | Partition Type: NTFS
 
Computer Name: SVENR-PC | User Name: Sven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.09 01:32:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sven\Desktop\OTL.exe
PRC - [2013.06.05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Sven\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.08.01 09:13:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.09.27 10:37:24 | 004,180,576 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe
PRC - [2010.09.16 02:18:38 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010.08.10 00:04:58 | 001,244,592 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2010.06.12 06:56:42 | 000,976,872 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
PRC - [2010.05.29 01:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe
PRC - [2010.05.21 22:42:48 | 000,828,704 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010.05.21 22:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010.05.05 15:18:46 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
PRC - [2010.05.05 15:18:43 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
PRC - [2010.04.14 22:45:21 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeacoms.exe
PRC - [2009.11.19 15:44:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
PRC - [2009.09.11 20:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009.08.19 02:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009.08.12 13:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.01.20 08:45:48 | 000,245,760 | ---- | M] (3S-Smart Software Solutions GmbH) -- C:\Program Files\3S Software\CoDeSys ENI Server\ENISysTray.exe
PRC - [2009.01.20 08:45:46 | 000,651,264 | ---- | M] (3S-Smart Software Solutions GmbH) -- C:\Program Files\3S Software\CoDeSys ENI Server\ENI.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.24 05:05:35 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.24 05:04:20 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.02.14 09:18:05 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll
MOD - [2013.01.10 12:47:00 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 12:46:04 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 12:45:50 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 12:45:34 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011.08.19 04:25:36 | 000,471,040 | ---- | M] () -- C:\Program Files\Lexmark Toolbar\resource.dll
MOD - [2011.08.19 04:09:40 | 000,528,384 | ---- | M] () -- C:\Program Files\Lexmark Toolbar\toolband.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.09.02 13:08:00 | 000,118,784 | ---- | M] () -- C:\PROGRA~1\ASUS\ASUSWE~1\30108~1.222\ASUSWS~1.DLL
MOD - [2010.05.21 22:42:58 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
MOD - [2010.05.05 15:18:46 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
MOD - [2010.05.05 15:18:43 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
MOD - [2010.04.05 12:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\Epwizard.DLL
MOD - [2010.04.05 12:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\customui.dll
MOD - [2010.04.05 12:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\Epfunct.DLL
MOD - [2010.04.05 12:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\Eputil.DLL
MOD - [2010.04.05 12:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\Imagutil.DLL
MOD - [2010.04.01 19:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeaDRS.dll
MOD - [2010.04.01 19:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeascw.dll
MOD - [2009.06.23 13:11:04 | 000,102,400 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\EPOEMDll.dll
MOD - [2009.06.23 13:10:29 | 000,045,056 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epstring.dll
MOD - [2009.06.23 13:09:11 | 002,203,648 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\EPWizRes.dll
MOD - [2009.05.27 14:16:50 | 000,192,512 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeadatr.dll
MOD - [2009.05.27 14:13:36 | 000,081,920 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeacats.dll
MOD - [2009.04.28 09:56:29 | 000,024,064 | ---- | M] () -- C:\Windows\System32\LXEAsmr.dll
MOD - [2009.04.07 21:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\iptk.dll
MOD - [2009.03.10 07:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeacaps.dll
MOD - [2009.03.02 16:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeaptp.dll
MOD - [2009.02.20 10:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\System32\LXEAsm.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.06.27 13:12:33 | 000,234,096 | ---- | M] (soft Xpansion) [On_Demand | Stopped] -- C:\Program Files\Common Files\soft Xpansion\sxds10.exe -- (SXDS10)
SRV - [2013.06.18 16:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.09.27 10:37:24 | 004,180,576 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2010.05.21 22:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.04.14 22:45:21 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeacoms.exe -- (lxea_device)
SRV - [2010.04.14 22:45:14 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\windows\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV - [2009.08.19 02:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009.01.20 08:45:46 | 000,651,264 | ---- | M] (3S-Smart Software Solutions GmbH) [Auto | Running] -- C:\Program Files\3S Software\CoDeSys ENI Server\ENI.exe -- (ENI Server)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Sven\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.10.01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.09.27 15:24:50 | 000,356,864 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2010.08.04 04:54:36 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.08.04 04:54:27 | 000,019,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt)
DRV - [2010.08.04 04:54:25 | 010,913,864 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.07.29 07:25:03 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.31 03:40:20 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009.12.09 23:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009.08.18 13:06:44 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.08.18 13:06:44 | 000,009,216 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.07.20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.2&ts=1372331311378&tguid=46364-3869-1372331311378-F34F996BBA65222AF36F65470360D025&st=chrome&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.2&ts=1372331311378&tguid=46364-3869-1372331311378-F34F996BBA65222AF36F65470360D025&st=chrome&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.2&ts=1372331311378&tguid=46364-3869-1372331311378-F34F996BBA65222AF36F65470360D025&st=chrome&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.2&ts=1372331311378&tguid=46364-3869-1372331311378-F34F996BBA65222AF36F65470360D025&st=chrome&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.2&ts=1372331311378&tguid=46364-3869-1372331311378-F34F996BBA65222AF36F65470360D025&st=chrome&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.2&ts=1372331311378&tguid=46364-3869-1372331311378-F34F996BBA65222AF36F65470360D025&st=chrome&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/my_homepage/0022/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.2&ts=1372331311378&tguid=46364-3869-1372331311378-F34F996BBA65222AF36F65470360D025&st=chrome&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.2&ts=1372331311378&tguid=46364-3869-1372331311378-F34F996BBA65222AF36F65470360D025&st=chrome&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.2&ts=1372331311378&tguid=46364-3869-1372331311378-F34F996BBA65222AF36F65470360D025&st=chrome&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8F1BF7D7-889E-4DF9-8F9A-31CDD2257326}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=5DE843DB-F9D8-49E9-8490-FC40EA83AE15&apn_sauid=A9823F38-E594-4DA2-B4B9-F03E3D4DB1F1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/|hxxp://www.giga.de/my_homepage/0022/"
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7BB45418F9-6406-4828-9D1A-35313FB1E2D6%7D:1.0
FF - prefs.js..extensions.enabledAddons: ad80235d-5e5a-4a1d-a891-51b66a3e70f8%408f877d80-6977-415f-ac14-b52043838c19.com:0.91.16
FF - prefs.js..extensions.enabledAddons: amazon-icon%40winload.de:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..keyword.URL: "hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.2&ts=1372331311378&tguid=46364-3869-1372331311378-F34F996BBA65222AF36F65470360D025&st=chrome&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soft-xpansion/npsxpdf: C:\Program Files\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.23 23:50:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B45418F9-6406-4828-9D1A-35313FB1E2D6}: C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013.06.27 13:59:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{B45418F9-6406-4828-9D1A-35313FB1E2D6}: C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013.06.27 13:59:55 | 000,000,000 | ---D | M]
 
[2011.02.25 15:45:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sven\AppData\Roaming\mozilla\Extensions
[2013.06.28 18:06:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sven\AppData\Roaming\mozilla\Firefox\Profiles\b8l0ror2.default\extensions
[2013.06.27 13:55:55 | 000,000,000 | ---D | M] (FoxyDeal) -- C:\Users\Sven\AppData\Roaming\mozilla\Firefox\Profiles\b8l0ror2.default\extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D}
[2013.06.28 18:06:59 | 000,000,000 | ---D | M] ("Plus-HD-2.4") -- C:\Users\Sven\AppData\Roaming\mozilla\Firefox\Profiles\b8l0ror2.default\extensions\ad80235d-5e5a-4a1d-a891-51b66a3e70f8@8f877d80-6977-415f-ac14-b52043838c19.com
[2013.06.27 04:12:47 | 000,000,000 | ---D | M] (Amazon-Icon) -- C:\Users\Sven\AppData\Roaming\mozilla\Firefox\Profiles\b8l0ror2.default\extensions\amazon-icon@winload.de
[2013.06.27 04:12:50 | 000,000,000 | ---D | M] (Spartipps von SparPilot.com) -- C:\Users\Sven\AppData\Roaming\mozilla\Firefox\Profiles\b8l0ror2.default\extensions\sparpilot@sparpilot.com
[2013.06.28 18:06:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sven\AppData\Roaming\mozilla\Firefox\Profiles\b8l0ror2.default\extensions\ad80235d-5e5a-4a1d-a891-51b66a3e70f8@8f877d80-6977-415f-ac14-b52043838c19.com\chrome\content\extensionCode
[2013.06.27 13:09:23 | 000,003,307 | ---- | M] () -- C:\Users\Sven\AppData\Roaming\mozilla\firefox\profiles\b8l0ror2.default\searchplugins\Web Search.xml
[2013.06.11 18:00:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.07.02 10:13:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.06.27 02:56:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions
[2013.06.27 02:56:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.11.23 23:50:21 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013.06.27 13:59:55 | 000,000,000 | ---D | M] (Free PDF Perfect) -- C:\PROGRAMDATA\FREEMIUM\FREE PDF PERFECT\DATA\FFTB
[2013.06.27 13:09:23 | 000,003,307 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Web Search.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - homepage: chrome://newtab
CHR - plugin: Erster Nutzer (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Docs = C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Plus-HD-2.4 = C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmbfiljpkaijkdifoaacbpallpfkkf\1.23.9_0\crossrider
CHR - Extension: Plus-HD-2.4 = C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmbfiljpkaijkdifoaacbpallpfkkf\1.23.9_0\
CHR - Extension: Mehr Leistung und Videoformate fr dein HTML5 video = C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2013.06.09 18:52:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Plus-HD-2.4) - {11111111-1111-1111-1111-110311341134} - C:\Program Files\Plus-HD-2.4\Plus-HD-2.4-bho.dll (Plus HD)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Free PDF Perfect) - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files\Freemium\Free PDF Perfect\ieagent32.dll (soft Xpansion)
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [ENISysTray] C:\Program Files\3S Software\CoDeSys ENI Server\ENISysTray.exe (3S-Smart Software Solutions GmbH)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark S300-S400 Series\ezprint.exe ()
O4 - HKLM..\Run: [GraphicsSwitch] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [lxeamon.exe] C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe ()
O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Sven\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Syncables] C:\Program Files\syncables\syncables desktop\Syncables.exe (syncables, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E67E7CF-8EB2-4DD0-AA83-5A2AC84F85E4}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Aibelive\Voice Command\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\System32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2030.01.02 00:57:39 | 000,000,000 | ---D | C] -- C:\Boot
[2013.06.27 15:48:24 | 000,000,000 | ---D | C] -- C:\windows\System32\hdined32.nls.{00021401-0000-0000-C000-000000000046}
[2013.06.27 15:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\burnatonce
[2013.06.27 15:45:14 | 000,000,000 | ---D | C] -- C:\Program Files\burnatonce
[2013.06.27 15:10:14 | 000,000,000 | ---D | C] -- C:\Users\Sven\Desktop\Kaspersky Rescue2Usb
[2013.06.27 15:08:59 | 000,000,000 | ---D | C] -- C:\Users\Sven\AppData\Local\Temp6b047a3b5851db94350fd655feb56c56_
[2013.06.27 15:08:55 | 000,000,000 | ---D | C] -- C:\Users\Sven\AppData\Local\Tempdce68784fe4c9a7fab075b784b61a6c3_
[2013.06.27 14:00:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemium
[2013.06.27 13:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\Freemium
[2013.06.27 13:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\Covus Freemium
[2013.06.27 13:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013.06.27 13:55:55 | 000,000,000 | ---D | C] -- C:\Program Files\FoxyDeal
[2013.06.27 13:54:40 | 000,000,000 | ---D | C] -- C:\Users\Sven\AppData\Local\DownloadGuide
[2013.06.27 13:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\soft Xpansion
[2013.06.27 13:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Freemium
[2013.06.27 13:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemium
[2013.06.27 13:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\Plus-HD-2.4
[2013.06.27 04:12:48 | 000,000,000 | ---D | C] -- C:\Users\Sven\AppData\Local\Tempf47793602db20deaa9dcdd2c57d352c2
[2013.06.27 04:12:47 | 000,000,000 | ---D | C] -- C:\Users\Sven\AppData\Local\Temp6b047a3b5851db94350fd655feb56c56
[2013.06.27 04:12:43 | 000,000,000 | ---D | C] -- C:\Users\Sven\ChromeExtensions
[2013.06.27 04:12:42 | 000,000,000 | ---D | C] -- C:\Users\Sven\AppData\Local\Tempdce68784fe4c9a7fab075b784b61a6c3
[2013.06.27 02:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.06.27 02:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013.06.09 23:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.06.09 23:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.06.09 23:50:07 | 004,378,864 | ---- | C] (Piriform Ltd) -- C:\Users\Sven\Desktop\ccsetup402.exe
[2013.06.09 20:33:00 | 000,000,000 | ---D | C] -- C:\Users\Sven\AppData\Roaming\Malwarebytes
[2013.06.09 20:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.09 20:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.09 20:31:51 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013.06.09 20:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.06.09 20:28:45 | 000,000,000 | ---D | C] -- C:\Users\Sven\AppData\Local\Programs
[2013.06.09 20:27:37 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Sven\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.09 18:57:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.09 18:52:44 | 000,000,000 | ---D | C] -- C:\Users\Sven\AppData\Local\temp
[2013.06.09 18:36:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013.06.09 18:36:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013.06.09 18:36:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013.06.09 18:36:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.09 18:36:15 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013.06.09 18:35:27 | 005,078,680 | R--- | C] (Swearware) -- C:\Users\Sven\Desktop\ComboFix.exe
[2013.06.09 17:37:18 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sven\Desktop\tdsskiller.exe
[2013.06.09 16:40:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.06.09 01:31:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sven\Desktop\OTL.exe
[1 C:\Users\Sven\Desktop\*.tmp files -> C:\Users\Sven\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.05 17:29:28 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.05 17:29:28 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.05 17:21:58 | 000,001,180 | ---- | M] () -- C:\windows\tasks\Plus-HD-2.4-updater.job
[2013.07.05 17:21:57 | 000,001,878 | ---- | M] () -- C:\windows\tasks\Plus-HD-2.4-chromeinstaller.job
[2013.07.05 17:21:57 | 000,001,804 | ---- | M] () -- C:\windows\tasks\Plus-HD-2.4-firefoxinstaller.job
[2013.07.05 17:21:56 | 000,001,184 | ---- | M] () -- C:\windows\tasks\Plus-HD-2.4-codedownloader.job
[2013.07.05 17:21:56 | 000,001,084 | ---- | M] () -- C:\windows\tasks\Plus-HD-2.4-enabler.job
[2013.07.05 17:21:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.07.05 17:21:36 | 1602,740,224 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.28 12:26:54 | 000,269,096 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013.06.27 15:09:00 | 000,000,186 | ---- | M] () -- C:\Users\Sven\Desktop\Amazon.de.url
[2013.06.27 14:00:27 | 000,002,108 | ---- | M] () -- C:\Users\Sven\Desktop\Free PDF Perfect.lnk
[2013.06.27 13:59:59 | 000,010,464 | ---- | M] () -- C:\windows\System32\sx_p2d.tlb
[2013.06.27 13:54:48 | 000,000,207 | ---- | M] () -- C:\Users\Sven\Desktop\Amazon.url
[2013.06.27 13:34:48 | 000,000,862 | ---- | M] () -- C:\windows\System32\InstallUtil.InstallLog
[2013.06.27 13:08:23 | 000,697,314 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013.06.27 13:08:23 | 000,652,592 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013.06.27 13:08:23 | 000,148,320 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013.06.27 13:08:23 | 000,121,266 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013.06.27 04:11:43 | 000,576,768 | ---- | M] () -- C:\Users\Sven\Desktop\Kaspersky-USB-Rescue-Disk-Maker-Setup.exe
[2013.06.27 04:00:18 | 327,749,632 | ---- | M] () -- C:\Users\Sven\Desktop\kav_rescue_10.iso
[2013.06.27 02:56:09 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.06.11 17:48:48 | 000,648,201 | ---- | M] () -- C:\Users\Sven\Desktop\adwcleaner.exe
[2013.06.09 23:40:18 | 004,378,864 | ---- | M] (Piriform Ltd) -- C:\Users\Sven\Desktop\ccsetup402.exe
[2013.06.09 20:31:54 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.06.09 20:23:08 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Sven\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.09 18:52:46 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2013.06.09 18:26:42 | 005,078,680 | R--- | M] (Swearware) -- C:\Users\Sven\Desktop\ComboFix.exe
[2013.06.09 17:20:24 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sven\Desktop\tdsskiller.exe
[2013.06.09 16:50:12 | 000,719,025 | ---- | M] () -- C:\Users\Sven\Desktop\MovedFiles.zip
[2013.06.09 01:33:00 | 000,377,856 | ---- | M] () -- C:\Users\Sven\Desktop\gmer_2.1.19163.exe
[2013.06.09 01:32:38 | 000,000,000 | ---- | M] () -- C:\Users\Sven\defogger_reenable
[2013.06.09 01:32:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sven\Desktop\OTL.exe
[2013.06.09 01:31:54 | 000,050,477 | ---- | M] () -- C:\Users\Sven\Desktop\Defogger.exe
[1 C:\Users\Sven\Desktop\*.tmp files -> C:\Users\Sven\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2030.01.02 00:57:40 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2013.06.27 14:00:27 | 000,002,108 | ---- | C] () -- C:\Users\Sven\Desktop\Free PDF Perfect.lnk
[2013.06.27 13:12:39 | 000,010,464 | ---- | C] () -- C:\windows\System32\sx_p2d.tlb
[2013.06.27 13:10:40 | 000,000,862 | ---- | C] () -- C:\windows\System32\InstallUtil.InstallLog
[2013.06.27 13:10:03 | 000,001,180 | ---- | C] () -- C:\windows\tasks\Plus-HD-2.4-updater.job
[2013.06.27 13:10:00 | 000,001,084 | ---- | C] () -- C:\windows\tasks\Plus-HD-2.4-enabler.job
[2013.06.27 13:09:56 | 000,001,184 | ---- | C] () -- C:\windows\tasks\Plus-HD-2.4-codedownloader.job
[2013.06.27 13:09:48 | 000,001,804 | ---- | C] () -- C:\windows\tasks\Plus-HD-2.4-firefoxinstaller.job
[2013.06.27 13:09:45 | 000,001,878 | ---- | C] () -- C:\windows\tasks\Plus-HD-2.4-chromeinstaller.job
[2013.06.27 13:09:24 | 000,023,624 | ---- | C] () -- C:\windows\Launcher.exe
[2013.06.27 13:08:26 | 000,000,207 | ---- | C] () -- C:\Users\Sven\Desktop\Amazon.url
[2013.06.27 04:12:47 | 000,000,186 | ---- | C] () -- C:\Users\Sven\Desktop\Amazon.de.url
[2013.06.27 04:12:04 | 000,576,768 | ---- | C] () -- C:\Users\Sven\Desktop\Kaspersky-USB-Rescue-Disk-Maker-Setup.exe
[2013.06.27 04:10:31 | 327,749,632 | ---- | C] () -- C:\Users\Sven\Desktop\kav_rescue_10.iso
[2013.06.27 02:56:09 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.06.27 02:56:09 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.06.11 18:06:20 | 000,648,201 | ---- | C] () -- C:\Users\Sven\Desktop\adwcleaner.exe
[2013.06.09 20:31:54 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.06.09 18:36:56 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013.06.09 18:36:56 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013.06.09 18:36:56 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013.06.09 18:36:56 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013.06.09 18:36:56 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013.06.09 16:50:11 | 000,719,025 | ---- | C] () -- C:\Users\Sven\Desktop\MovedFiles.zip
[2013.06.09 01:32:38 | 000,000,000 | ---- | C] () -- C:\Users\Sven\defogger_reenable
[2013.06.09 01:31:22 | 000,050,477 | ---- | C] () -- C:\Users\Sven\Desktop\Defogger.exe
[2013.06.09 01:31:20 | 000,377,856 | ---- | C] () -- C:\Users\Sven\Desktop\gmer_2.1.19163.exe
[2012.01.03 13:44:40 | 000,003,843 | ---- | C] () -- C:\windows\scad3.INI
[2011.10.17 10:22:15 | 000,060,416 | ---- | C] () -- C:\windows\System32\OPCENUM.EXE
[2011.10.17 10:22:14 | 000,075,264 | ---- | C] () -- C:\windows\System32\callrproxy.dll
[2011.07.16 10:43:19 | 000,000,000 | ---- | C] () -- C:\Users\Sven\AppData\Local\{752E86BD-94FD-4368-95D6-4646DDA49DFC}
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.02.25 14:35:24 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\ASUS WebStorage
[2011.03.02 17:38:36 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.02.25 15:39:58 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2012.05.23 11:28:53 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\Downloaded Installations
[2011.09.26 16:27:06 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\PDF Software
[2013.06.09 16:44:14 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\SoftGrid Client
[2011.02.25 17:53:04 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\TP
[2011.10.24 23:23:32 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\Vodafone
[2011.02.25 14:00:48 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\VoiceCommand
[2013.02.23 15:37:11 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\WEB.DE
 
========== Purity Check ==========
 
 

< End of report >

markusg 05.07.2013 23:45
Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:OTL
:files
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


bitte teste, ob es im Firefox, internet explorer, und sonstigen
evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt.
Teste wie pc und programme allgemein laufen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:22 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55