Tab Ads bei Google Chromme

P

Pop Up

Mitglied
Guten Abend
Ich habe eine Software installiert und mir auch die Lizenz durchgelesen und alle zusätzlichen Programme nicht installiert, das Programm war unnütz und ist jetzt auch deinstalliert aber was geblieben ist sind ständige Tab Werbungen von verschiedenen Seiten die sich (manchmal) im Chrome öffnen nachdem ich einen Tab schliesse oder nach einer gewissen Zeitspanne.
Ich probiere jetzt die Programme von Swisstreasure und frage mich aber trotzdem ob es nicht einen schnelleren Weg gibt keine Ads mehr zu bekommen? Das Problem scheint nicht so schwer deswegen frag ich aber ich bin bereit auch lange Wege zu machen hauptsache keine Tab-Ads mehr ...
LG
 
P

Pop Up

Mitglied
das Programm ist gut es hat mir schon 15 objekte gefunden darunter Lucky Tab im 86x Ordner ich denke das ist der Fiesling weil es ein .exe programm ist und ich es nicht installiert habe ..:confused:
 
P

Pop Up

Mitglied
ich weiss nicht wie aber das Problem besteht immer noch obwohl 2 programme mit Tab im Namen entfernt wurden :mad:
gerade ist z.B. dieser Tab aufgegangen: http://www.adcash.com/ad/disp....
kann mir jemand helfen? wo liegt die Ursache/ wo kann ich es abschalten bzw. löschen?

Edit: ein drittes XTab Programm hab ich auch aus den Programmen gelöscht
 
Zuletzt bearbeitet von einem Moderator:
Swisstreasure

Swisstreasure

Stammgast
Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

[size=+1]Vista[/size] und [size=+1]Win7 User[/size]
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.


Ich weiss leider nicht welche Programm die hier folgen Du schon ausgeführt hast. Wichtig wäre jeweils das Log zu posten hier im Thread damit ich mir das anschauen kann.

Vorallem welches hat dann diese Objekte gefunden? MBAM?

[size=+1]Schritt 1[/size]


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

[size=+1]Schritt 2[/size]

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    otlfix.jpg
    Textbox.
Code: 
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
 
P

Pop Up

Mitglied
ja es war mit MBAM und manuell hab ich noch XTabs entfernt was sich in meine Programme eingeschlichen hatte und ich glaube das war die ursache..
Trotzdem werde ich deine Tipps ausführen um sicher zu gehen dass keine Malware geblieben ist die unsichtbar ist dafür erheblicheren Schaden anrichtet :cool:

PS: In der Tat hat es noch viele Ordner gefunden manche sind 100% Malware aber was soll ich mit Systweak oder Ge Force tun? und es block sich immer wenn es den Internetbrowser überprüft! (keine Rückmeldung)! Was soll ich tun :?



HILFE!!!


hab noch eine Malware gefunden und den Ordner gelöscht obwohl er leer war im Temp Ordner: Cyti Web!

Cyti Web is an adware program developed by SuperWeb LLC for displaying ads and coupons in your web browsers. It infects Chrome, Firefox, and Internet Explorer when you install freeware.

Quelle: http[:]//malware-detective.com/cyti-web/
Link entschärft
 
Zuletzt bearbeitet von einem Moderator:
Swisstreasure

Swisstreasure

Stammgast
Bitte halte Dich strikt an die Anweisungen und lösche nicht einfach irgendwelche Ordner. Das kann die Säuberung behindern oder sogar das System unbootbar machen.

Hast Du Schritt 2 OTL-SCAN ausgeführt? Oder stützt dieses Tool auch ab?
 
P

Pop Up

Mitglied
Swisstreasure schrieb:
Bitte halte Dich strikt an die Anweisungen und lösche nicht einfach irgendwelche Ordner. Das kann die Säuberung behindern oder sogar das System unbootbar machen.
Zum Vergrößern anklicken....

ja sie haben mir gesagt ich soll zuerst auf löschen klicken und da das nicht möglich ist hab ich erst suchverlauf gedrückt und dann kann man ja erst löschen dachte ich aber habe jetzt noch nichts gelöscht also was sollte ich löschen falls das funktionieren würde?
 
P

Pop Up

Mitglied
OTL logfile created on: 04.03.2015 18:04:46 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lorenzo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17633)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

4.00 Gb Total Physical Memory | 2.69 Gb Available Physical Memory | 67.14% Memory free
8.00 Gb Paging File | 6.29 Gb Available in Paging File | 78.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 97.29 Gb Free Space | 65.27% Space Free | Partition Type: NTFS
Drive D: | 2794.39 Gb Total Space | 2005.98 Gb Free Space | 71.79% Space Free | Partition Type: NTFS

Computer Name: LORENZOS-PC | User Name: Lorenzo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015.03.04 18:02:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lorenzo\Desktop\OTL.exe
PRC - [2014.11.21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014.11.21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014.11.21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014.09.17 03:11:37 | 002,461,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014.08.30 17:48:46 | 000,234,520 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe
PRC - [2014.08.30 17:47:54 | 000,193,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avpui.exe
PRC - [2014.07.02 18:44:41 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.08.26 16:48:00 | 000,285,152 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2010.08.26 16:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe


========== Modules (No Company Name) ==========

MOD - [2010.08.26 16:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
MOD - [2010.02.03 10:31:02 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll


========== Services (SafeList) ==========

SRV:64bit: - [2015.01.12 03:34:30 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2015.02.07 15:46:16 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015.02.06 13:03:09 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015.01.02 19:45:12 | 000,315,488 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014.11.21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014.11.21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014.09.17 03:11:26 | 001,796,928 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014.09.17 03:11:26 | 001,149,760 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV - [2014.09.17 03:11:22 | 019,440,960 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV - [2014.08.30 17:48:46 | 000,234,520 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe -- (AVP15.0.1)
SRV - [2014.07.02 18:44:41 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014.03.20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013.09.11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.08.26 16:48:00 | 000,285,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2015.03.04 17:48:05 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2015.01.13 16:57:21 | 000,077,512 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klwtp.sys -- (Klwtp)
DRV:64bit: - [2015.01.13 16:57:18 | 000,818,888 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2015.01.13 16:57:17 | 000,150,536 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt)
DRV:64bit: - [2014.11.21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014.11.21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014.09.04 20:14:38 | 000,038,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014.08.12 18:33:02 | 000,246,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klhk.sys -- (klhk)
DRV:64bit: - [2014.07.09 16:23:54 | 000,179,776 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2014.07.02 16:10:38 | 000,046,144 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\kldisk.sys -- (kldisk)
DRV:64bit: - [2014.06.05 19:02:08 | 000,055,872 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2014.03.31 11:47:10 | 000,468,576 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2014.03.28 17:51:04 | 000,028,768 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2014.02.25 13:09:02 | 000,030,304 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2013.08.08 17:11:00 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013.04.12 15:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd)
DRV:64bit: - [2013.01.14 21:10:52 | 000,238,288 | ---- | M] (Kaspersky Lab UK Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cm_km_w.sys -- (cm_km_w)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.02.03 10:21:56 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009.11.06 07:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.01.19 17:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2014.09.17 03:11:21 | 000,020,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV - [2011.06.02 10:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
P

Pop Up

Mitglied
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ch.msn.com/default.aspx?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 D1 A3 26 EA 83 CF 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=pcs&utm_campaign=install_ie&utm_content=ds&from=pcs&uid=395049983_397234_1896F81C&ts=1421507142&type=default&q={searchTerms}
IE - HKCU\..\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}: "URL" = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=pcs&utm_campaign=install_ie&utm_content=ds&from=pcs&uid=395049983_397234_1896F81C&ts=1421507142&type=default&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=pcs&utm_campaign=install_ie&utm_content=ds&from=pcs&uid=395049983_397234_1896F81C&ts=1421507142&type=default&q={searchTerms}
IE - HKCU\..\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}: "URL" = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=pcs&utm_campaign=install_ie&utm_content=ds&from=pcs&uid=395049983_397234_1896F81C&ts=1421507142&type=default&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.searchengine.alias: "omiga-plus"
FF - prefs.js..browser.search.searchengine.desc: "this is my first firefox searchEngine"
FF - prefs.js..browser.search.searchengine.iconURL: "http://isearch.omiga-plus.com/favicon.ico"
FF - prefs.js..browser.search.searchengine.name: "omiga-plus"
FF - prefs.js..browser.search.searchengine.ptid: "pcs"
FF - prefs.js..browser.search.searchengine.uid: "SAMSUNGXHD161GJ_S14DJ90SB71227"
FF - prefs.js..browser.search.searchengine.url: "http://isearch.omiga-plus.com/web/?type=ds&ts=1421506949&from=pcs&uid=SAMSUNGXHD161GJ_S14DJ90SB71227&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "omiga-plus"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: content_blocker_6418E0D362104DADA084DC312DFA8ABC%40kaspersky.com:4.5.3.8
FF - prefs.js..extensions.enabledAddons: virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB%40kaspersky.com:4.5.3.8
FF - prefs.js..extensions.enabledAddons: online_banking_69A4E213815F42BD863D889007201D82%40kaspersky.com:4.5.3.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1
FF - prefs.js..keyword.URL: "http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQ6zvuZ2qcrXvuX0FvNkLR3HRCmfF1tnOQuVKRpOq6F03dieA0o-Tyi8wfCPFQLnUvl6n7ndOuIEuuZJXtA-Ur9DUfg1CPs_q2OTWXJ3ZAQn4VtToCo-TWyMTV19PP0sdo4xAHcIZjH-aOdjJg63ygTFRS9nl_Pb3q6KDEVknJaoLW6XQyCK3hEX6zQFJEdP&q="
FF - prefs.js..network.proxy.backup.ftp: "localhost"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "localhost"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "localhost"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "localhost"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015.01.15 13:37:31 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com [2015.01.15 13:37:32 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015.01.15 13:37:32 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Lorenzo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2014.11.15 12:51:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015.01.15 13:37:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015.01.15 13:37:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com [2015.01.15 13:37:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 31.3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 31.3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2014.06.13 23:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lorenzo\AppData\Roaming\mozilla\Extensions
[2015.03.03 17:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lorenzo\AppData\Roaming\mozilla\Firefox\Profiles\yurz1oyo.default\extensions
[2015.02.07 15:41:51 | 002,558,942 | ---- | M] () (No name found) -- C:\Users\Lorenzo\AppData\Roaming\mozilla\firefox\profiles\yurz1oyo.default\extensions\firebug@software.joehewitt.com.xpi
[2014.11.16 12:56:00 | 000,000,663 | ---- | M] () -- C:\Users\Lorenzo\AppData\Roaming\mozilla\firefox\profiles\yurz1oyo.default\searchplugins\google-images.xml
[2014.11.16 12:56:00 | 000,002,307 | ---- | M] () -- C:\Users\Lorenzo\AppData\Roaming\mozilla\firefox\profiles\yurz1oyo.default\searchplugins\google-maps.xml
[2015.02.07 15:46:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2015.02.07 15:46:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015.01.15 13:37:31 | 000,000,000 | ---D | M] (Модуль блокування небезпечних веб-сайтів) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY TOTAL SECURITY 15.0.1\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM
[2015.01.15 13:37:32 | 000,000,000 | ---D | M] (Безпечні платежі) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY TOTAL SECURITY 15.0.1\FFEXT\ONLINE_BANKING@KASPERSKY.COM
[2015.01.15 13:37:32 | 000,000,000 | ---D | M] (Віртуальна клавіатура) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY TOTAL SECURITY 15.0.1\FFEXT\VIRTUAL_KEYBOARD@KASPERSKY.COM
 
P

Pop Up

Mitglied
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {E3D96E85-529D-4269-AC6A-97CF9E2221E3} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Virtual Keyboard Plugin) - {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {E3D96E85-529D-4269-AC6A-97CF9E2221E3} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [Tesseract-OCR] C:\Users\Lorenzo\Downloads\Forum Bot\ForumBot\Tesseract-OCR\tesseract.exe File not found
O4 - Startup: C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2014.12.06 11:07:43 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Virtuelle Tastatur - {09A10376-994C-4BBF-9121-F50CF7BA237E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Sun Java-Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Virtuelle Tastatur - {09A10376-994C-4BBF-9121-F50CF7BA237E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22B36273-E666-4053-99F4-0BFCA3FF4730}: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46529022-1795-4C51-ABE1-0AE7B273AAE1}: DhcpNameServer = 192.168.192.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2011.11.21 18:03:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2b52852a-6912-11e4-bf2b-001fe2067c58}\Shell - "" = AutoRun
O33 - MountPoints2\{2b52852a-6912-11e4-bf2b-001fe2067c58}\Shell\AutoRun\command - "" = J:\Startme.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: AutorunsDisabled -
 
P

Pop Up

Mitglied
CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2015.03.04 18:02:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lorenzo\Desktop\OTL.exe
[2015.03.03 17:32:39 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015.03.02 21:52:23 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015.03.02 21:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015.03.02 21:51:11 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015.03.02 21:51:11 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015.03.02 21:51:11 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015.03.02 21:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015.03.02 21:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015.02.23 18:05:09 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Local\Microsoft Games
[2015.02.20 21:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghost Control
[2015.02.20 21:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ghost Control
[2015.02.20 21:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\{573eb690-c901-2363-573e-eb690c90da43}
[2015.02.07 15:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Users\Lorenzo\AppData\Local\*.tmp files -> C:\Users\Lorenzo\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015.03.04 18:08:23 | 000,092,049 | ---- | M] () -- C:\Users\Lorenzo\Desktop\blockierung.png
[2015.03.04 18:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015.03.04 18:02:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lorenzo\Desktop\OTL.exe
[2015.03.04 17:55:06 | 000,028,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015.03.04 17:55:06 | 000,028,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.03.04 17:48:05 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015.03.04 17:46:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.03.04 17:46:06 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2015.03.02 22:07:42 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015.03.02 22:07:42 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015.03.02 21:51:14 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015.02.28 16:11:26 | 001,673,860 | ---- | M] (TeamExtreme) -- C:\Users\Lorenzo\Desktop\Minecraft Launcher.exe
[2015.02.23 17:43:44 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015.02.23 17:43:44 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015.02.21 21:02:30 | 000,000,996 | ---- | M] () -- C:\Users\Lorenzo\Desktop\mnmnmn.lnk
[2015.02.21 16:37:40 | 000,000,980 | ---- | M] () -- C:\Users\Lorenzo\Desktop\1234.lnk
[2015.02.21 14:58:21 | 000,001,075 | ---- | M] () -- C:\Users\Lorenzo\Desktop\4446 alles usbaue.lnk
[2015.02.21 13:00:45 | 000,001,068 | ---- | M] () -- C:\Users\Lorenzo\Desktop\15er c rop usbau.lnk
[2015.02.21 11:47:57 | 000,287,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015.02.20 21:33:37 | 000,000,955 | ---- | M] () -- C:\Users\Lorenzo\Desktop\Ghost Control.lnk
[2015.02.20 14:01:23 | 000,001,034 | ---- | M] () -- C:\Users\Lorenzo\Desktop\Dropbox.lnk
[1 C:\Users\Lorenzo\AppData\Local\*.tmp files -> C:\Users\Lorenzo\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015.03.04 18:08:23 | 000,092,049 | ---- | C] () -- C:\Users\Lorenzo\Desktop\blockierung.png
[2015.03.02 21:51:14 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015.02.21 21:02:30 | 000,000,996 | ---- | C] () -- C:\Users\Lorenzo\Desktop\mnmnmn.lnk
[2015.02.21 16:37:40 | 000,000,980 | ---- | C] () -- C:\Users\Lorenzo\Desktop\1234.lnk
[2015.02.21 14:58:21 | 000,001,075 | ---- | C] () -- C:\Users\Lorenzo\Desktop\4446 alles usbaue.lnk
[2015.02.21 13:00:45 | 000,001,068 | ---- | C] () -- C:\Users\Lorenzo\Desktop\15er c rop usbau.lnk
[2015.02.20 21:33:37 | 000,000,955 | ---- | C] () -- C:\Users\Lorenzo\Desktop\Ghost Control.lnk
[2014.11.20 20:44:32 | 000,000,000 | ---- | C] () -- C:\Users\Lorenzo\AppData\Local\{D0E3E504-269E-4912-8FEB-45CEDDCF1008}
[2014.11.15 14:20:00 | 000,000,230 | ---- | C] () -- C:\Users\Lorenzo\SciTE.session
[2014.11.15 14:05:01 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2014.06.23 15:01:57 | 000,000,032 | ---- | C] () -- C:\Windows\SysWow64\comcnt.sys
[2014.06.14 17:28:02 | 000,000,046 | ---- | C] () -- C:\Users\Lorenzo\jagex_cl_runescape_LIVE.dat
[2014.06.14 17:28:02 | 000,000,024 | ---- | C] () -- C:\Users\Lorenzo\random.dat
[2014.06.11 18:15:04 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014.06.09 14:54:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2014.06.09 14:34:45 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.06.25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2015.02.28 16:19:33 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\.minecraft
[2014.09.11 20:18:25 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\BitTorrent
[2014.12.14 20:11:53 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\CubeBot
[2015.02.21 11:50:20 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\Dropbox
[2015.01.28 18:24:14 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\DVDVideoSoft
[2014.11.02 15:06:15 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\EurekaLog
[2014.09.11 19:35:29 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\GetPrivate
[2014.09.11 19:42:10 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\InetStat
[2015.01.18 18:17:44 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\java
[2015.01.17 16:02:30 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\MailUpdate
[2014.09.04 20:24:46 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\namexif
[2014.08.14 11:47:52 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\Oracle
[2014.06.21 22:10:17 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\Philipp Winterberg
[2014.09.04 17:05:30 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\ProtectDISC
[2015.02.05 12:23:14 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\Spore
[2015.01.15 16:58:36 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\Sporen
[2014.06.13 23:43:49 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\Thunderbird
[2014.06.14 01:43:40 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\TuneUp Software
[2014.06.11 14:15:46 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\Unity

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2015.01.13 16:30:04 | 000,000,000 | -H-D | M] -- C:\$AVG
[2014.11.09 12:03:02 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2015.03.04 17:49:37 | 000,000,000 | ---D | M] -- C:\AdwCleaner
[2012.04.27 10:57:22 | 000,000,000 | ---D | M] -- C:\AMD
[2011.11.23 11:33:58 | 000,000,000 | ---D | M] -- C:\ATI
[2014.06.09 14:55:55 | 000,000,000 | -HSD | M] -- C:\Boot
[2015.02.20 18:48:05 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.11.21 18:05:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2014.11.21 18:39:10 | 000,000,000 | -HSD | M] -- C:\found.000
[2011.11.21 22:18:21 | 000,000,000 | ---D | M] -- C:\Intel
[2014.06.10 21:44:27 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0
[2013.05.06 18:50:42 | 000,000,000 | ---D | M] -- C:\LGP880
[2014.11.04 18:16:21 | 000,000,000 | ---D | M] -- C:\OETemp
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2015.01.24 14:50:48 | 000,000,000 | R--D | M] -- C:\Program Files
[2015.03.03 17:38:22 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2015.03.02 21:51:11 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2014.06.09 14:25:05 | 000,000,000 | -HSD | M] -- C:\Programme
[2014.06.09 14:25:05 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.11.22 09:23:49 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.11.24 19:38:10 | 000,000,000 | R--D | M] -- C:\Sandbox
[2015.03.04 18:10:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2014.12.13 12:30:10 | 000,000,000 | ---D | M] -- C:\temp
[2014.11.09 22:04:16 | 000,000,000 | ---D | M] -- C:\thprog
[2014.09.11 20:13:19 | 000,000,000 | R--D | M] -- C:\Users
[2015.02.23 18:42:52 | 000,000,000 | ---D | M] -- C:\Windows
[2015.03.02 22:48:45 | 000,000,000 | ---D | M] -- C:\Windows.old
 
P

Pop Up

Mitglied
< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: USERINIT.EXE >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WININIT.EXE >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014.11.21 06:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2014.03.04 12:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014.03.04 10:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014.07.17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\SysNative\winlogon.exe
[2014.07.17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[2014.07.16 04:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
 
P

Pop Up

Mitglied
OTL Extras logfile created on: 04.03.2015 18:04:46 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lorenzo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17633)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

4.00 Gb Total Physical Memory | 2.69 Gb Available Physical Memory | 67.14% Memory free
8.00 Gb Paging File | 6.29 Gb Available in Paging File | 78.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 97.29 Gb Free Space | 65.27% Space Free | Partition Type: NTFS
Drive D: | 2794.39 Gb Total Space | 2005.98 Gb Free Space | 71.79% Space Free | Partition Type: NTFS

Computer Name: LORENZOS-PC | User Name: Lorenzo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D813A7-576B-439C-BE6C-36AD5D671F2D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{088056E5-6041-41FC-A06B-EEEA84DB70FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{11337AA3-FD3B-4EAD-9DB0-F58B4891E87D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{113E6875-181A-4BA0-BE34-B8E643DAB043}" = lport=138 | protocol=17 | dir=in | app=system |
"{122D56A1-5C10-4358-BF91-952208F11577}" = lport=137 | protocol=17 | dir=in | app=system |
"{13770060-8DF5-47D1-8BD7-4C244DB2ACBF}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{1FBB2281-4D7B-422A-9D6C-53AE76D0AF70}" = lport=10243 | protocol=6 | dir=in | app=system |
"{20A2F54B-9BBB-4E77-845D-4420DC9B32EA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{214B5FC2-538F-4CC0-ABA1-556A22DFD950}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27156933-F7C4-44BF-A232-F162FF48E2E4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{34D2425B-D117-44F4-AF03-3A8ACC3D9B27}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{629A6B72-BBE4-4733-A8F9-EC1EFCEA8857}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{62EEB925-821A-41BF-9AE5-E0ABD61AD254}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{73DB681E-DCA8-4C56-B7EA-A849948205A7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{78AF69D1-08B5-4EF4-8B22-106959744463}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{7B612FEE-2514-44D4-AE36-4DAA0810A438}" = rport=137 | protocol=17 | dir=out | app=system |
"{7DB75EDC-0AB6-4D96-8028-69DA10D45009}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{7FA66C34-B5E8-4B41-8E83-BE3B16CC636B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E15662A-B8B3-4A66-96E0-C5A6B992DA44}" = rport=445 | protocol=6 | dir=out | app=system |
"{8FE20C1D-A4BA-4097-ADA8-396DD60F31A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{915637EC-9FD1-42A9-86C3-F6B8281E52EA}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{930E689B-64F9-4739-BC8A-FEE5F3B2E989}" = lport=445 | protocol=6 | dir=in | app=system |
"{9B8D85C3-8B43-440E-8A80-C2B48B6208AC}" = lport=139 | protocol=6 | dir=in | app=system |
"{A45A2A14-B6CF-4640-A5B2-7FEC61D0E075}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C7069E25-5745-4034-A819-C368AE65174B}" = rport=138 | protocol=17 | dir=out | app=system |
"{D53EDC76-D9E9-41E6-AB7C-AF4688CEC228}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F1D9B2F3-9E87-47FC-9627-A2F9D82DF39B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1E328BF-B950-4521-868F-505DBABD9D31}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{F821676B-D206-4E08-AA29-347BE24C9280}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F84578D0-A3B3-45E1-8F8A-57081C1AA074}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{FA76A3E6-5536-42A4-AF14-06794ED23163}" = rport=139 | protocol=6 | dir=out | app=system |
 
P

Pop Up

Mitglied
========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06427B0A-316A-4073-9FDB-4A8DBC2CA762}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{15807382-794F-491F-88DF-ACE34128CE35}" = protocol=6 | dir=in | app=c:\users\lorenzo\appdata\roaming\dropbox\bin\dropbox.exe |
"{2715FC45-B970-48FE-B28C-87EF504E058C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{279192B5-8CEB-490A-8253-FD70D729CDA3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2970F4C7-73EA-4E63-A4AA-07B63BF92763}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2A069A19-321E-4682-A1A4-377ABF10A3C0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{3C4F08EB-473C-40DF-8400-49C04426D98B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5369D035-FA6F-4F86-95D3-992A358A20E1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{536E8821-62A5-445A-92B5-ADA9A6BC0648}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{5845214F-2C56-4FFE-A4CE-3E927B5122F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{587CEB8F-7448-442C-BBBA-0EBD017D59F5}" = protocol=6 | dir=in | app=c:\program files (x86)\simplefiles\simplefiles.exe |
"{58D7EC46-1838-4C95-AC22-4D93714B70B3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{5C27F817-4BC4-4FFC-8B94-211509641BFB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{629A0D4A-BBAE-4734-8E74-8EB2483774FB}" = protocol=6 | dir=out | app=system |
"{62F1DD75-20FD-4C4A-BA8D-B5880EDB0479}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{65FF5129-0A24-48FE-AA52-5DA47691AD36}" = protocol=58 | dir=in | app=system |
"{6E3F87D4-A383-406B-9A0A-861F9A452F78}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{6EA44262-B208-4DEA-A7F5-FC29A2EFBDB9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{765F3BEF-C893-4516-A714-2C6D831B8C49}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{79D899C0-5AC8-46B6-B241-E20B9DAD9808}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7DAD97AB-2418-4FE6-ADB5-686C9CB683E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{873F065A-D59B-460C-9701-6F7C09A06C63}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{9ACED52E-EA4D-49DC-B6C8-68686B493E59}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A2A015F3-6AD5-4023-8B42-CEF632AEA71F}" = protocol=6 | dir=in | app=c:\users\lorenzo\appdata\local\temp\temp2_winrar_password_remover_1.7_serial_keygen.zip\winrar_password_remover_1.7_serial_keygen.exe |
"{A7081F14-9E36-4DB6-BC90-82F89EDC1DAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A95162F5-F122-4281-83CC-15E0630C0100}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AC0C0CB1-DD53-4C44-B1E4-D6C7349FCFFB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{ACB4BCC7-3496-49FA-AB4E-AB3F626BE935}" = protocol=17 | dir=in | app=c:\program files (x86)\simplefiles\simplefiles.exe |
"{B161DE5F-78E9-4F11-9195-CE56D8D0088A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B2A55FED-2070-4CB5-8AFD-B47ECEC4124C}" = protocol=17 | dir=in | app=c:\users\lorenzo\appdata\roaming\dropbox\bin\dropbox.exe |
"{BDA68BB2-BC41-4D17-B482-F426FF7B1731}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{BF045A83-5364-4FC7-98D8-D177067F3ECB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C129FB11-5888-411A-B8A9-50D1CB275489}" = protocol=17 | dir=in | app=c:\program files (x86)\simplefiles\downloader.exe |
"{C568E3AF-6297-4EF1-8807-0BB993E6E75F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{CA141E3C-75CA-4A0E-A18D-3131AFEBE46E}" = protocol=6 | dir=in | app=c:\program files (x86)\simplefiles\downloader.exe |
"{D0CC5BFB-E8FA-4F53-924B-37EE95BBE2A0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DC428B3D-F51A-4B04-B47A-5B007ED2D5B2}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{E1DC6E0E-14B7-46B6-B196-2780A1E6C754}" = protocol=6 | dir=in | app=c:\program files (x86)\fiddler2\fiddler.exe |
"{E50EB91C-DD37-4DBA-BB7C-EFB1ACAC6EB9}" = protocol=17 | dir=in | app=c:\users\lorenzo\appdata\local\temp\temp2_winrar_password_remover_1.7_serial_keygen.zip\winrar_password_remover_1.7_serial_keygen.exe |
"{E5D97745-CB92-4598-B496-503E702FBED6}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{E9D52BB1-5DBC-432D-BEA9-38CF8DE1CD5C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF3ABE88-B18F-49C6-A2A0-C4BDCC4149EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F8AA8143-4CDA-49F4-8818-11257A471989}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{358A4824-4216-405B-9F90-D572FE4AFACC}C:\users\lorenzo\appdata\local\microsoft\windows\temporary internet files\content.ie5\hl3thv3e\setup[1].exe" = protocol=6 | dir=in | app=c:\users\lorenzo\appdata\local\microsoft\windows\temporary internet files\content.ie5\hl3thv3e\setup[1].exe |
"TCP Query User{3CE5BE5D-69D0-4FD4-B0BE-691D9154CA5C}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{463EA94A-5337-443D-9F98-6839C68F4D70}C:\programdata\kaspersky lab setup files\setup[1].exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\setup[1].exe |
"TCP Query User{5D4F83CC-AD63-4E97-9568-BB458F76E174}C:\users\lorenzo\appdata\roaming\cubebot\botcube_prx.exe" = protocol=6 | dir=in | app=c:\users\lorenzo\appdata\roaming\cubebot\botcube_prx.exe |
"TCP Query User{73F4D0DA-BC45-4B5A-914F-533C76978B24}C:\users\lorenzo\downloads\setup.exe" = protocol=6 | dir=in | app=c:\users\lorenzo\downloads\setup.exe |
"TCP Query User{9F94AA00-56B3-4B01-BF6C-CD1CC204EFB4}C:\users\lorenzo\appdata\local\microsoft\windows\temporary internet files\content.ie5\n81n89xa\setup[1].exe" = protocol=6 | dir=in | app=c:\users\lorenzo\appdata\local\microsoft\windows\temporary internet files\content.ie5\n81n89xa\setup[1].exe |
"TCP Query User{BEC242CE-1BA2-4A00-830A-1629462D7387}C:\users\lorenzo\desktop\seafight\sharpbot\sharpbot.exe" = protocol=6 | dir=in | app=c:\users\lorenzo\desktop\seafight\sharpbot\sharpbot.exe |
"TCP Query User{CD1B75E2-44C8-4E0A-82DF-4399B31A91B2}C:\programdata\kaspersky lab setup files\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\setup.exe |
"TCP Query User{D28F5A4C-F97D-48B6-AEE9-F72A29B7E24C}C:\program files (x86)\paros\ieembed.exe" = protocol=6 | dir=in | app=c:\program files (x86)\paros\ieembed.exe |
"UDP Query User{0E91359F-2DF6-46DC-B6DB-B5C325C75E8B}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{23825941-E653-40D1-8809-24DF911CABC9}C:\programdata\kaspersky lab setup files\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\setup.exe |
"UDP Query User{4230C50A-FF19-43D0-A4A5-7FAA308D371E}C:\users\lorenzo\appdata\roaming\cubebot\botcube_prx.exe" = protocol=17 | dir=in | app=c:\users\lorenzo\appdata\roaming\cubebot\botcube_prx.exe |
"UDP Query User{438AD76B-4615-4A4E-A2AF-B0BF34EC7552}C:\program files (x86)\paros\ieembed.exe" = protocol=17 | dir=in | app=c:\program files (x86)\paros\ieembed.exe |
"UDP Query User{695E0303-3CED-4611-BF9A-DD2E0EF1046F}C:\users\lorenzo\desktop\seafight\sharpbot\sharpbot.exe" = protocol=17 | dir=in | app=c:\users\lorenzo\desktop\seafight\sharpbot\sharpbot.exe |
"UDP Query User{7816E583-67A7-4998-B21D-07BB658084DB}C:\users\lorenzo\appdata\local\microsoft\windows\temporary internet files\content.ie5\hl3thv3e\setup[1].exe" = protocol=17 | dir=in | app=c:\users\lorenzo\appdata\local\microsoft\windows\temporary internet files\content.ie5\hl3thv3e\setup[1].exe |
"UDP Query User{7AC7B35F-41B3-4B54-8B15-8BF0597A80F4}C:\users\lorenzo\appdata\local\microsoft\windows\temporary internet files\content.ie5\n81n89xa\setup[1].exe" = protocol=17 | dir=in | app=c:\users\lorenzo\appdata\local\microsoft\windows\temporary internet files\content.ie5\n81n89xa\setup[1].exe |
"UDP Query User{C5503A8D-B10D-4114-BA06-4F060AD7E130}C:\programdata\kaspersky lab setup files\setup[1].exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\setup[1].exe |
"UDP Query User{D17E68F4-E588-4693-B270-0B08BDA18FD8}C:\users\lorenzo\downloads\setup.exe" = protocol=17 | dir=in | app=c:\users\lorenzo\downloads\setup.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 340.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update 16.13.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 16.13.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 16.13.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.25

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}" = System Requirements Lab for Intel
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.1
"{26A24AE4-039D-4CA4-87B4-2F83218031F0}" = Java 8 Update 31
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}" = Kaspersky Total Security
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"AutoItv3" = AutoIt v3.3.12.0
"Fiddler2" = Fiddler
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.53.113
"Ghost Control_is1" = Ghost Control 3.0.6
"Google Chrome" = Google Chrome
"ImageMagick 6.6.7 Q16_is1" = ImageMagick 6.6.7-2 Q16 (2011-01-15)
"InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}" = Kaspersky Total Security
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.4.1028
"Mozilla Firefox 35.0.1 (x86 de)" = Mozilla Firefox 35.0.1 (x86 de)
"Mozilla Thunderbird 31.3.0 (x86 de)" = Mozilla Thunderbird 31.3.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Paros_is1" = Paros 3.2.13
"RAR File Open Knife - Free Opener" = RAR File Open Knife - Free Opener
 
P

Pop Up

Mitglied
========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Dropbox" = Dropbox
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tesseract-OCR" = Tesseract-OCR 3.00 - open source OCR engine
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 01.03.2015 10:47:45 | Computer Name = Lorenzos-PC | Source = WinMgmt | ID = 10
Description =

Error - 02.03.2015 13:12:01 | Computer Name = Lorenzos-PC | Source = WinMgmt | ID = 10
Description =

Error - 02.03.2015 13:23:39 | Computer Name = Lorenzos-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Winrar_PASSWORD_Remover_1.7_serial_keygen.exe,
Version: 1.0.511.1, Zeitstempel: 0x54c2d1fe Name des fehlerhaften Moduls: ntdll.dll,
Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00038e19 ID des fehlerhaften Prozesses: 0x1790 Startzeit der fehlerhaften Anwendung:
0x01d0550d14409d4c Pfad der fehlerhaften Anwendung: C:\Users\Lorenzo\AppData\Local\Temp\Temp2_Winrar_PASSWORD_Remover_1.7_serial_keygen.zip\Winrar_PASSWORD_Remover_1.7_serial_keygen.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: dd0b2a18-c100-11e4-b675-001fe2067c58

Error - 02.03.2015 13:53:15 | Computer Name = Lorenzos-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Uninstall.exe_unknown, Version: 0.0.0.0,
Zeitstempel: 0x54b998e3 Name des fehlerhaften Moduls: Uninstall.exe, Version: 0.0.0.0,
Zeitstempel: 0x54b998e3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00007261 ID des fehlerhaften
Prozesses: 0x1c14 Startzeit der fehlerhaften Anwendung: 0x01d05511c0e2bdfd Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\SavePass 1.1\Uninstall.exe Pfad des
fehlerhaften Moduls: C:\Program Files (x86)\SavePass 1.1\Uninstall.exe Berichtskennung:
001f2fe3-c105-11e4-b675-001fe2067c58

Error - 03.03.2015 12:27:56 | Computer Name = Lorenzos-PC | Source = WinMgmt | ID = 10
Description =

Error - 03.03.2015 12:37:35 | Computer Name = Lorenzos-PC | Source = Application Hang | ID = 1002
Description = Programm adwcleaner_4.111.exe, Version 4.1.1.1 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 308 Startzeit: 01d055cfc0da472e Endzeit: 0 Anwendungspfad: C:\Users\Lorenzo\Downloads\adwcleaner_4.111.exe

Berichts-ID:
90a19966-c1c3-11e4-8a16-001fe2067c58

Error - 03.03.2015 12:59:15 | Computer Name = Lorenzos-PC | Source = Application Hang | ID = 1002
Description = Programm adwcleaner_4.111.exe, Version 4.1.1.1 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1444 Startzeit: 01d055d1965ec77d Endzeit: 9 Anwendungspfad:
C:\Users\Lorenzo\Downloads\adwcleaner_4.111.exe Berichts-ID: 99894a1e-c1c6-11e4-8a16-001fe2067c58


Error - 03.03.2015 16:41:21 | Computer Name = Lorenzos-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 04.03.2015 12:47:42 | Computer Name = Lorenzos-PC | Source = WinMgmt | ID = 10
Description =

Error - 04.03.2015 13:03:00 | Computer Name = Lorenzos-PC | Source = Application Hang | ID = 1002
Description = Programm adwcleaner_4.111.exe, Version 4.1.1.1 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1680 Startzeit: 01d0569b2f84baf7 Endzeit: 16 Anwendungspfad:
C:\Users\Lorenzo\Downloads\adwcleaner_4.111.exe Berichts-ID: 11e453c5-c290-11e4-ac21-001fe2067c58


[ System Events ]
Error - 28.02.2015 06:30:02 | Computer Name = Lorenzos-PC | Source = DCOM | ID = 10010
Description =

Error - 01.03.2015 10:47:13 | Computer Name = Lorenzos-PC | Source = DCOM | ID = 10016
Description =

Error - 01.03.2015 10:51:29 | Computer Name = Lorenzos-PC | Source = DCOM | ID = 10010
Description =

Error - 02.03.2015 13:11:32 | Computer Name = Lorenzos-PC | Source = DCOM | ID = 10016
Description =

Error - 02.03.2015 13:19:31 | Computer Name = Lorenzos-PC | Source = DCOM | ID = 10010
Description =

Error - 03.03.2015 12:27:31 | Computer Name = Lorenzos-PC | Source = DCOM | ID = 10016
Description =

Error - 03.03.2015 12:31:32 | Computer Name = Lorenzos-PC | Source = DCOM | ID = 10010
Description =

Error - 04.03.2015 12:47:12 | Computer Name = Lorenzos-PC | Source = DCOM | ID = 10016
Description =

Error - 04.03.2015 12:48:01 | Computer Name = Lorenzos-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 04.03.2015 12:50:43 | Computer Name = Lorenzos-PC | Source = DCOM | ID = 10010
Description =


< End of report >
 
Swisstreasure

Swisstreasure

Stammgast
Den Grund für das ganze habe ich mal gefunden:
C:\Users\Lorenzo\AppData\Local\Temp\Temp2_Winrar_P ASSWORD_Remover_1.7_serial_keygen.zip\Winrar_PASSW ORD_Remover_1.7_serial_keygen.exe
Zum Vergrößern anklicken....
Ich bin ein Gegener von solchen Tools, genau aus diesem Grund ;)

[size=+1]Schritt 1[/size]

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
thisisujrt.gif
Bitte lade Junkware Removal Tool auf Deinen Desktop.
  • Starte das Tool mit Doppelklick. Vista und 7 Nutzer bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Das Tool wird sich öffnen und mit dem Scan beginnen.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.
 
P

Pop Up

Mitglied
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Home Premium x64
Ran by Lorenzo on 07.03.2015 at 14:05:37.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Lorenzo\appdata\local\lpt"
Successfully deleted: [Folder] "C:\Users\Lorenzo\appdata\local\smartbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\advanced system protector"



~~~ FireFox

Successfully deleted the following from C:\Users\Lorenzo\AppData\Roaming\mozilla\firefox\profiles\yurz1oyo.default\prefs.js

user_pref("browser.search.searchengine.alias", "omiga-plus");
user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.iconURL", "hxxp://isearch.omiga-plus.com/favicon.ico");
user_pref("browser.search.searchengine.name", "omiga-plus");
user_pref("browser.search.searchengine.ptid", "pcs");
user_pref("browser.search.searchengine.uid", "SAMSUNGXHD161GJ_S14DJ90SB71227");
user_pref("browser.search.searchengine.url", "hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1421506949&from=pcs&uid=SAMSUNGXHD161GJ_S14DJ90SB71227&q={searchTerms}");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfil
user_pref("extensions.aPDVDZDW52397720XDDWJXW57740856com69795.69795.internaldb.Resources_meta.value", "%7B%22handlebars.js%22%3A%7B%22id%22%3A971100%2C%22ver%22%3A1%2C%22statu
user_pref("extensions.aPDVDZDW52397720XDDWJXW57740856com69795.69795.internaldb.Resources_resource_971109.value", "%22function%20startAskCom%28e%2Ct%2Cr%29%7Bfunction%20a%28e%2
user_pref("extensions.aPDVDZDW52397720XDDWJXW57740856com69795.69795.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%
user_pref("extensions.crossrider.bic", "14b08b36ac82f240c1065c8f1a037430");
user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQ6zvuZ2qcrXvuX0FvNkLR3HRCmfF1tnOQuVKRpOq6F03dieA0o-Tyi8wfCPFQLnUvl6n7ndOuIEuuZJXtA-Ur9DUfg1CPs_q2OTWXJ
Emptied folder: C:\Users\Lorenzo\AppData\Roaming\mozilla\firefox\profiles\yurz1oyo.default\minidumps [12 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.03.2015 at 14:18:24.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
P

Pop Up

Mitglied
keine, alles tipp topp :p (ausser manche laggs wie z.B. hab ich vorher ein Dokument ausgeschnitten und jetzt steht die ganze zeit auf meinem Bildschirm Ausschneiden auch im Standby Modus) ich denke dass geht mit einem Neustart aber weg..
Danke für die Hilfe!
 
Du musst dich einloggen oder registrieren, um hier zu antworten.
Oben