PDA

View Full Version : Getting rid of ShopDrop from Chrome



MrLutz
2014-01-08, 00:19
Chrome has become infected with adware that has a 'Safesaver' keyword on roll-over. There is a green heart with an arrow coming out of it after various keywords and drop boxes.

However, the extensions in settings did not have Safesaver, they had ShopDroop. I can manually remove ShopDroop, but it re-instales on restarting chrome.

I am using Windows 7 64bit.

I have deleted ShopDrop as software in C:\Program (x86)\ShopDrop\ and i think in the c:\Programme\ folder.

Thank you very much,
Lutz


- I have allready made a backup of my registry using ERUNT
- I attached the dds-attach-file

- Following ist the dds-dds-file content:






DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Lutz at 22:53:45 on 2014-01-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4087.1662 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\SYSTEM32\NVVSVC.EXE
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\CMDAGENT.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE
C:\WINDOWS\SYSTEM32\NVVSVC.EXE
C:\Windows\System32\spoolsv.exe
C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\SCHED.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\WINDOWS\SYSWOW64\RUNDLL32.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVGUARD.EXE
C:\PROGRAM FILES (X86)\COMODO\DRAGON\DRAGON_UPDATER.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE 15\CLIENTX64\INTEGRATEDOFFICE.EXE
C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\SYSTEM32\SEARCHINDEXER.EXE
C:\WINDOWS\SYSTEM32\TASKHOST.EXE
C:\WINDOWS\SYSTEM32\TASKENG.EXE
C:\Windows\system32\Dwm.exe
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MICROSOFT MOUSE AND KEYBOARD CENTER\IPOINT.EXE
C:\PROGRAM FILES\MICROSOFT MOUSE AND KEYBOARD CENTER\ITYPE.EXE
C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\CISTRAY.EXE
C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE
C:\PROGRAM FILES\WINDOWS SIDEBAR\SIDEBAR.EXE
C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORUPDATE.EXE
C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVTRAY.EXE
C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE
C:\PROGRAMME\VIRTUALCLONEDRIVE\VCDDAEMON.EXE
C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVGNT.EXE
C:\PROGRAM FILES (X86)\ADTRUSTMEDIA\PRIVDOG\1.8.0.18\TRUSTEDADSSVC.EXE
C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\CIS.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\CAVWP.EXE
C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
C:\WINDOWS\SYSTEM32\SEARCHPROTOCOLHOST.EXE
C:\WINDOWS\SYSTEM32\SEARCHFILTERHOST.EXE
C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE
C:\WINDOWS\SYSTEM32\CSCRIPT.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [AmazonMP3DownloaderHelper] C:\Users\Lutz\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
mRun: [VirtualCloneDrive] "C:\Programme\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [ComodoFSChrome] "C:\Program Files (x86)\AdTrustMedia\PrivDog\FinalizeSetup.exe" /c
mRun: [PrivDogService] "C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pianoteq23.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{A82E81E1-186D-4F81-AC8B-38807575481C} : DHCPNameServer = 192.168.2.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= c:\progra~3\winsys~1\winsys~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: NewSavier: {09DBB4C7-B63E-2D9B-1E53-1243C48EA3FE} -
x64-BHO: ShoPDroop: {18CF500C-2817-1946-1A8C-B492AC705480} -
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
x64-Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-29 28600]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-9-24 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-9-24 709144]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-9-24 48872]
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2012-5-9 11864]
R2 8ffb8f2d;Win sys filter;C:\Windows\System32\rundll32.exe [2009-7-14 45568]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-2-24 440376]
R2 AntiVirService;Avira Echtzeit-Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-2-24 440376]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-29 108440]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-11-11 2098880]
R2 OfficeSvc;Microsoft Office-Dienst;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-6-2 1907896]
R2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\Windows\System32\drivers\stflt.sys [2014-1-7 51496]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2014-1-7 1149104]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 RDID1079;UA-25EX;C:\Windows\System32\drivers\Rdwm1079.sys [2013-8-22 199296]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-12-19 314400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 automap;Automap MIDI Driver Service;C:\Windows\System32\drivers\automap.sys [2010-1-14 11264]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-9-24 164056]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-9-27 121416]
S3 NvnUsbAudio;Novation USB Audio Driver;C:\Windows\System32\drivers\nvnusbaudio.sys [2010-5-26 55296]
S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2013-8-29 151848]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-4 59392]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-9 1255736]
.
=============== Created Last 30 ================
.
2014-01-07 20:59:04 -------- d-----w- C:\Users\Lutz\AppData\Roaming\Malwarebytes
2014-01-07 20:58:40 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-07 20:58:38 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-07 20:58:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-07 02:07:41 51496 ----a-w- C:\Windows\System32\drivers\stflt.sys
2014-01-07 02:07:40 -------- d-----w- C:\Users\Lutz\AppData\Roaming\Spyware Terminator
2014-01-07 02:07:40 -------- d-----w- C:\ProgramData\Spyware Terminator
2014-01-07 02:04:48 -------- d-----w- C:\Program Files (x86)\Spyware Terminator
2014-01-07 01:46:38 -------- d-----w- C:\ProgramData\Sophos
2014-01-07 01:46:23 73728 ----a-r- C:\Users\Lutz\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-01-07 01:46:22 73728 ----a-r- C:\Users\Lutz\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-01-07 01:46:22 73728 ----a-r- C:\Users\Lutz\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-01-07 01:46:19 -------- d-----w- C:\Program Files (x86)\Sophos
2013-12-31 18:06:56 -------- d-----w- C:\ProgramData\abedejglimnllinlkgjljenbmlanlplk
2013-12-31 18:06:48 -------- d-----w- C:\ProgramData\e8c71a22596d496b
2013-12-31 18:06:45 -------- d-----w- C:\ProgramData\NewSavier
2013-12-29 09:36:14 -------- d-----w- C:\ProgramData\Win sys filter
2013-12-12 10:43:59 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-12-12 10:43:59 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-12-12 10:43:57 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-12-12 10:43:57 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
.
==================== Find3M ====================
.
2013-12-12 10:40:18 84720 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2013-12-12 10:40:18 108440 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-12-10 22:23:37 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 22:23:37 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-26 02:58:59 86016 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-11-26 02:57:36 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-11-26 02:56:56 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-11-26 02:56:56 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-11-25 19:33:46 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-11-14 11:38:18 709144 ----a-w- C:\Windows\System32\drivers\cmdguard.sys
2013-11-14 11:38:02 43216 ----a-w- C:\Windows\System32\cmdcsr.dll
2013-11-12 14:56:35 57096 ----a-w- C:\Windows\System32\certsentry.dll
2013-11-12 14:56:35 48392 ----a-w- C:\Windows\SysWow64\certsentry.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-17 17:33:09 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2013-10-17 17:33:09 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
.
============= FINISH: 22:54:49.80 ===============

ken545
2014-01-09, 14:56
:welcome:

I am going to ask you to not install or uninstall any software on your system until we are done, I am also going to ask you not to run any other scanners or programs to remove malware unless advised by this forum, if you do it will just complicate the cleaning on your system

You have a lot of bogus programs that will instigate adds , lets do this



Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

MrLutz
2014-01-09, 18:08
Thank you very much! :)
Your help is very much appreciated.


I did the scan (it went unexpectedly quick, about 1 minute).

I dont recognize any of the entrys as one i would like to keep.


Here are the results:

# AdwCleaner v3.016 - Bericht erstellt am 09/01/2014 um 16:57:34
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Lutz - HEIMSTUDIO
# Gestartet von : C:\Users\Lutz\Desktop\AdwCleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
Ordner Gefunden C:\hotspot shield
Ordner Gefunden C:\ProgramData\Babylon
Ordner Gefunden C:\ProgramData\StarApp
Ordner Gefunden C:\Users\Lutz\AppData\Local\Babylon
Ordner Gefunden C:\Users\Lutz\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gefunden C:\Users\Lutz\AppData\Roaming\dvdvideosoftiehelpers

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKCU\Software\PIP
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : [x64] HKCU\Software\APN PIP
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Schlüssel Gefunden : [x64] HKCU\Software\PIP
Schlüssel Gefunden : [x64] HKCU\Software\Softonic
Schlüssel Gefunden : [x64] HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_rcomplex_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_rcomplex_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gefunden : HKLM\Software\PIP
Schlüssel Gefunden : HKLM\Software\SP Global
Schlüssel Gefunden : HKLM\Software\SProtector
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=c186cd58-ab7c-4e9d-b953-0093436bbe9e&searchtype=ds&q={searchTerms}&installDate=26/07/2013
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=c186cd58-ab7c-4e9d-b953-0093436bbe9e&searchtype=ds&q={searchTerms}&installDate=26/07/2013

-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8892 octets] - [09/01/2014 16:57:34]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8952 octets] ##########

MrLutz
2014-01-09, 18:10
I just realised, that some of that is in german.
If any of that needs to be translated tell me, i will repost in english.
Lutz

ken545
2014-01-09, 18:33
OK, thank you, I will let you know if I need you to translate

Double click on AdwCleaner.exe to run the tool again.

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.




http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

MrLutz
2014-01-09, 20:11
Following is the Logfile report after eraseing with Adwcleaner:

Also, the log file of the Junkware Removal Tool is below Adwcleaner log file.

While scanning with JRT i got the message 'not enough ram do this action' while scanning modules and registry.
i dont know if this is true, because my ram was allways about 60% empty while scanning..
JRT also tried to dele registry entries from privdog, which i thought to be a trustworthy safety-program.

Greetings,
Lutz




# AdwCleaner v3.016 - Bericht erstellt am 09/01/2014 um 18:31:19
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Lutz - HEIMSTUDIO
# Gestartet von : C:\Users\Lutz\Desktop\AdwCleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\hotspot shield
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\StarApp
Ordner Gelöscht : C:\Users\Lutz\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Lutz\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gelöscht : C:\Users\Lutz\AppData\Roaming\dvdvideosoftiehelpers
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_rcomplex_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_rcomplex_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\Software\SProtector
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9100 octets] - [09/01/2014 16:57:34]
AdwCleaner[R2].txt - [9160 octets] - [09/01/2014 18:30:11]
AdwCleaner[S0].txt - [8046 octets] - [09/01/2014 18:31:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8106 octets] ##########










~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Lutz on 09/01/2014 at 18:43:55.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\privdogservice
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\privdogservice



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\adtrustmedia"
Successfully deleted: [Folder] "C:\Users\Lutz\AppData\Roaming\getrighttogo"
Failed to delete: [Folder] "C:\Users\Lutz\appdata\local\adtrustmedia"
Successfully deleted: [Folder] "C:\Users\Lutz\appdata\locallow\wbtooltb"
Failed to delete: [Folder] "C:\Program Files (x86)\adtrustmedia"
Successfully deleted: [Folder] "C:\Program Files (x86)\saveshare"
Failed to delete: [Folder] "C:\Program Files (x86)\wbtooltb"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/01/2014 at 19:02:27.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ken545
2014-01-09, 20:17
:bigthumb:


Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

MrLutz
2014-01-09, 20:58
The Malwarebytes Scan supposidly did not find any infected objects:





Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.09.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Lutz :: HEIMSTUDIO [Administrator]

09/01/2014 19:24:59
mbam-log-2014-01-09 (19-24-59).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 242117
Laufzeit: 7 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ken545
2014-01-09, 21:27
Good, lets take a final look

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

MrLutz
2014-01-09, 21:39
I am just doing a scan of my harddrive with malwarebytes, not a quick scan, so far it has found at least 1 infected object. is it allright for me to finish that scan, delet all hits as instructed for the quick-scan and do the OTL scan right after that?

ken545
2014-01-09, 22:57
Yes, please post the Malwarebytes log so I can what was removed

MrLutz
2014-01-10, 11:42
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.09.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Lutz :: HEIMSTUDIO [Administrator]

09/01/2014 19:34:18
mbam-log-2014-01-09 (19-34-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 488698
Laufzeit: 1 Stunde(n), 36 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\COMODO\Cis\Quarantine\data\{AB6899AC-8418-48C7-AD1E-D16A6F332C46} (PUP.Optional.InstallIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

MrLutz
2014-01-10, 11:44
Im not really shure why, but OTL didnt give me an extras file...

but here is the OTL report:


OTL logfile created on: 10/01/2014 05:46:46 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lutz\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy

3.99 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 57.07% Memory free
7.98 Gb Paging File | 5.75 Gb Available in Paging File | 72.03% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 686.54 Gb Free Space | 73.71% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: HEIMSTUDIO | User Name: Lutz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
PRC - C:\Users\Lutz\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
PRC - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:[b]64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (8ffb8f2d) -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
SRV - (DragonUpdater) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (OfficeSvc) -- C:\Programme\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation)
SRV - (ST2012_Svc) -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (Crawler.com)
SRV - (cmdAgent) -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (cmdvirth) -- C:\Programme\COMODO\COMODO Internet Security\cmdvirth.exe (COMODO)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (SophosVirusRemovalTool) -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe (Sophos Limited)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (getPlusHelper) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (sp_rsdrv2) -- C:\Windows\SysNative\drivers\stflt.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NvnUsbAudio) -- C:\Windows\SysNative\drivers\nvnusbaudio.sys (Novation DMS Ltd.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (automap) -- C:\Windows\SysNative\drivers\automap.sys (Novation Digital Music Systems Limited)
DRV:64bit: - (RDID1079) -- C:\Windows\SysNative\drivers\Rdwm1079.sys (Roland Corporation)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 1D 28 44 32 94 CA 01 [binary data]
IE - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\..\SearchScopes\{9B9E88B8-7483-4FE5-942D-B29444C530F0}: "URL" = http://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

[2013/06/09 12:15:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lutz\AppData\Roaming\mozilla\Extensions
[2010/12/29 16:53:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lutz\AppData\Roaming\mozilla\Extensions\{e3368f8a-0a96-0512-556c-bd9111a57f35}
[2013/05/24 08:21:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/05/24 08:21:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/05/24 08:21:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/05/24 08:21:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/05/24 08:21:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013/05/24 08:21:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/11 11:37:28 | 000,209,472 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2010/04/16 19:00:00 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll
[2011/10/08 13:29:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2011/10/08 13:29:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2011/10/08 13:29:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2011/10/08 13:29:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2011/10/08 13:29:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2011/10/08 13:29:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2011/10/08 13:29:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2010/04/16 19:00:00 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll
[2010/03/29 07:53:22 | 000,032,576 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll
[2010/12/08 22:21:24 | 000,002,224 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\webblog.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - Extension: Adblock Plus = C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0\
CHR - Extension: Google Wallet = C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (NewSavier) - {09DBB4C7-B63E-2D9B-1E53-1243C48EA3FE} - C:\ProgramData\NewSavier\ftjyO.x64.dll File not found
O2:64bit: - BHO: (ShoPDroop) - {18CF500C-2817-1946-1A8C-B492AC705480} - C:\ProgramData\ShoPDroop\k9tRw.x64.dll File not found
O3 - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Programme\COMODO\COMODO Internet Security\cistray.exe (COMODO)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ComodoFSChrome] "C:\Program Files (x86)\AdTrustMedia\PrivDog\FinalizeSetup.exe" /c File not found
O4 - HKLM..\Run: [PrivDogService] C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe (AdTrustMedia)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Programme\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3909343542-95317390-4005255391-1000..\Run: [AmazonMP3DownloaderHelper] C:\Users\Lutz\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe File not found
O4 - HKU\S-1-5-21-3909343542-95317390-4005255391-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3909343542-95317390-4005255391-1000..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pianoteq23.exe (Modartt)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - C:\Programme\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll (AdTrustMedia)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll (AdTrustMedia)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A82E81E1-186D-4F81-AC8B-38807575481C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\WINSYS~1\WINSYS~2.DLL) - C:\ProgramData\Win sys filter\Winsysfilter_x64.dll ()
O20 - AppInit_DLLs: (c:\progra~3\winsys~1\winsys~1.dll) - c:\ProgramData\Win sys filter\Winsysfilter.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/09 18:43:24 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/09 18:39:07 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\Lutz\Desktop\JRT.exe
[2014/01/09 16:57:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/07 22:53:01 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Lutz\Desktop\dds.scr
[2014/01/07 22:33:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2014/01/07 22:32:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/01/07 22:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2014/01/07 22:14:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lutz\Desktop\OTL.exe
[2014/01/07 22:12:55 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Lutz\Desktop\aswmbr.exe
[2014/01/07 21:59:04 | 000,000,000 | ---D | C] -- C:\Users\Lutz\AppData\Roaming\Malwarebytes
[2014/01/07 21:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/07 21:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/07 21:58:38 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/01/07 21:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/01/07 03:07:41 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2014/01/07 03:07:40 | 000,000,000 | ---D | C] -- C:\Users\Lutz\AppData\Roaming\Spyware Terminator
[2014/01/07 03:07:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2014/01/07 03:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2014/01/07 03:04:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2014/01/07 02:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2014/01/07 02:46:23 | 000,000,000 | ---D | C] -- C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2014/01/07 02:46:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2013/12/31 19:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\abedejglimnllinlkgjljenbmlanlplk
[2013/12/31 19:06:48 | 000,000,000 | ---D | C] -- C:\ProgramData\e8c71a22596d496b
[2013/12/31 19:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NewSavier
[2013/12/29 10:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Win sys filter
[2013/12/29 10:35:00 | 000,000,000 | ---D | C] -- C:\Users\Lutz\Desktop\Left4Uncut [09.07.2013]
[2013/12/24 00:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/12/22 15:01:10 | 000,000,000 | ---D | C] -- C:\Users\Lutz\Desktop\Mixtape hanna
[2013/12/15 01:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/12 11:44:02 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/12 11:44:02 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/12 11:44:02 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/12/12 11:44:01 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/12/12 11:44:01 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/12/12 11:44:01 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/12/12 11:44:01 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/12 11:44:01 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/12 11:44:01 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/12/12 11:44:01 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/12/12 11:44:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/12/12 11:44:01 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/12/12 11:44:00 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/12/12 11:43:59 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/12 11:43:59 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/12 11:43:57 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/12 11:39:56 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/12 11:39:49 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/12 11:39:49 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/12 11:39:49 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/12 11:39:49 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/12 11:39:49 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/12 11:39:49 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/12 11:39:49 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/12 11:39:49 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/10 05:41:02 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2014/01/10 05:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/10 05:20:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/10 02:59:30 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/10 02:59:30 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/10 02:51:33 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/10 02:51:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/10 02:51:03 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/09 18:39:11 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\Lutz\Desktop\JRT.exe
[2014/01/09 17:05:38 | 000,057,096 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2014/01/09 17:05:38 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2014/01/09 16:55:08 | 001,233,962 | ---- | M] () -- C:\Users\Lutz\Desktop\AdwCleaner.exe
[2014/01/07 22:56:24 | 000,000,512 | ---- | M] () -- C:\Users\Lutz\Desktop\MBR.dat
[2014/01/07 22:53:06 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Lutz\Desktop\dds.scr
[2014/01/07 22:32:25 | 000,000,905 | ---- | M] () -- C:\Users\Lutz\Desktop\ERUNT.lnk
[2014/01/07 22:14:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lutz\Desktop\OTL.exe
[2014/01/07 22:13:02 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Lutz\Desktop\aswmbr.exe
[2014/01/07 21:58:41 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/07 03:07:41 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2014/01/07 03:07:36 | 000,001,038 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2014/01/07 02:46:23 | 000,003,201 | ---- | M] () -- C:\Users\Lutz\Desktop\Sophos Virus Removal Tool.lnk
[2013/12/31 18:37:38 | 001,642,148 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/31 18:37:38 | 000,707,300 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/12/31 18:37:38 | 000,660,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/31 18:37:38 | 000,152,892 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/12/31 18:37:38 | 000,125,108 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/31 00:52:05 | 002,190,523 | ---- | M] () -- C:\Users\Lutz\Desktop\Les heurs perdue.mp3
[2013/12/31 00:51:28 | 003,076,596 | ---- | M] () -- C:\Users\Lutz\Desktop\Third law of harmonics - Dr quandary.mp3
[2013/12/28 04:06:44 | 000,000,868 | ---- | M] () -- C:\Users\Lutz\.recently-used.xbel
[2013/12/15 01:22:39 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/12/13 01:02:49 | 000,481,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/12 11:40:18 | 000,131,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/12/12 11:40:18 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/12/12 11:40:18 | 000,084,720 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/09 16:55:01 | 001,233,962 | ---- | C] () -- C:\Users\Lutz\Desktop\AdwCleaner.exe
[2014/01/07 22:32:25 | 000,000,905 | ---- | C] () -- C:\Users\Lutz\Desktop\ERUNT.lnk
[2014/01/07 22:14:17 | 000,000,512 | ---- | C] () -- C:\Users\Lutz\Desktop\MBR.dat
[2014/01/07 21:58:41 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/07 03:07:36 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2014/01/07 02:46:23 | 000,003,201 | ---- | C] () -- C:\Users\Lutz\Desktop\Sophos Virus Removal Tool.lnk
[2013/12/31 00:52:05 | 002,190,523 | ---- | C] () -- C:\Users\Lutz\Desktop\Les heurs perdue.mp3
[2013/12/31 00:51:26 | 003,076,596 | ---- | C] () -- C:\Users\Lutz\Desktop\Third law of harmonics - Dr quandary.mp3
[2013/12/28 04:06:44 | 000,000,868 | ---- | C] () -- C:\Users\Lutz\.recently-used.xbel
[2013/08/09 16:41:46 | 000,007,623 | ---- | C] () -- C:\Users\Lutz\AppData\Local\Resmon.ResmonCfg
[2011/06/06 23:53:45 | 000,018,432 | ---- | C] () -- C:\Users\Lutz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/27 19:13:56 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\2K Sports
[2011/01/01 21:32:58 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\ABW
[2013/10/13 13:36:27 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Amazon
[2014/01/09 18:31:20 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\CheckPoint
[2013/07/26 11:05:46 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\DAEMON Tools Lite
[2013/07/26 10:47:08 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\DassaultSystemes
[2011/01/01 21:18:40 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\doctronic
[2011/08/30 14:17:34 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Downloaded Installations
[2013/01/27 20:42:00 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Dropbox
[2013/11/23 00:44:02 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\DVDVideoSoft
[2010/12/04 14:25:58 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\FreeHideIP
[2012/12/24 11:19:11 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\FreeMoviesToDVD
[2010/01/24 00:31:46 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\FXpansion
[2012/11/11 20:45:10 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\gtk-2.0
[2010/10/01 18:52:21 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Leadertech
[2013/09/27 19:29:22 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\MotioninJoy
[2011/05/16 22:02:09 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\My Games
[2012/11/15 00:30:51 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\OfficeRecovery
[2012/11/15 00:33:12 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\OfficeRecovery.747864be
[2010/03/23 00:29:33 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\OpenOffice.org
[2013/11/25 15:30:15 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\openvr
[2010/12/16 02:11:17 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\PhotoFiltre
[2011/06/02 19:05:17 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\runic games
[2011/06/08 14:22:35 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\ScummVM
[2014/01/07 03:07:40 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Spyware Terminator
[2010/01/12 23:58:09 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Steinberg
[2012/12/05 10:20:56 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\TeamViewer
[2012/11/11 21:51:56 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\TuneUp Software
[2012/11/23 22:31:43 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\VST3 Presets

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/10/08 16:01:17 | 099,859,239 | ---- | M] ()(C:\Windows\SysWow64\¡??C) -- C:\Windows\SysWow64\¡ំC
[2013/10/08 16:01:17 | 099,859,239 | ---- | C] ()(C:\Windows\SysWow64\¡??C) -- C:\Windows\SysWow64\¡ំC

< End of report >

ken545
2014-01-10, 15:25
Open OTL.exe
[list]
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:OTL
O2:64bit: - BHO: (NewSavier) - {09DBB4C7-B63E-2D9B-1E53-1243C48EA3FE} - C:\ProgramData\NewSavier\ftjyO.x64.dll File not found
O2:64bit: - BHO: (ShoPDroop) - {18CF500C-2817-1946-1A8C-B492AC705480} - C:\ProgramData\ShoPDroop\k9tRw.x64.dll File not found
[2013/12/31 19:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NewSavier

:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]



Then run a new scan with OTL and post the log please. How does your computer behave now ?

MrLutz
2014-01-10, 16:30
Concerning the safesaver/shopdrop nothing has changed. i still get roll-over commercials and also ads before youtube-videos.
shopdrop is still there as a chrome-add-on.


here is the requested OTL scan:



OTL logfile created on: 10/01/2014 15:18:39 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lutz\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy

3.99 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 48.36% Memory free
7.98 Gb Paging File | 5.41 Gb Available in Paging File | 67.78% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 686.47 Gb Free Space | 73.70% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: HEIMSTUDIO | User Name: Lutz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
PRC - C:\Users\Lutz\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
PRC - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)


========== Modules (No Company Name) ==========

MOD - c:\ProgramData\Win sys filter\Winsysfilter.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (8ffb8f2d) -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
SRV - (DragonUpdater) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (OfficeSvc) -- C:\Programme\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation)
SRV - (ST2012_Svc) -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (Crawler.com)
SRV - (cmdAgent) -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (cmdvirth) -- C:\Programme\COMODO\COMODO Internet Security\cmdvirth.exe (COMODO)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (SophosVirusRemovalTool) -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe (Sophos Limited)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (getPlusHelper) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (sp_rsdrv2) -- C:\Windows\SysNative\drivers\stflt.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NvnUsbAudio) -- C:\Windows\SysNative\drivers\nvnusbaudio.sys (Novation DMS Ltd.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (automap) -- C:\Windows\SysNative\drivers\automap.sys (Novation Digital Music Systems Limited)
DRV:64bit: - (RDID1079) -- C:\Windows\SysNative\drivers\Rdwm1079.sys (Roland Corporation)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 1D 28 44 32 94 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{9B9E88B8-7483-4FE5-942D-B29444C530F0}: "URL" = http://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

[2013/06/09 12:15:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lutz\AppData\Roaming\mozilla\Extensions
[2010/12/29 16:53:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lutz\AppData\Roaming\mozilla\Extensions\{e3368f8a-0a96-0512-556c-bd9111a57f35}
[2013/05/24 08:21:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/05/24 08:21:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/05/24 08:21:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/05/24 08:21:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/05/24 08:21:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013/05/24 08:21:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/12/08 22:21:24 | 000,002,224 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\webblog.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - Extension: Adblock Plus = C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0\
CHR - Extension: Google Wallet = C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (NewSavier) - {09DBB4C7-B63E-2D9B-1E53-1243C48EA3FE} - C:\ProgramData\NewSavier\ftjyO.x64.dll File not found
O2:64bit: - BHO: (ShoPDroop) - {18CF500C-2817-1946-1A8C-B492AC705480} - C:\ProgramData\ShoPDroop\k9tRw.x64.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Programme\COMODO\COMODO Internet Security\cistray.exe (COMODO)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ComodoFSChrome] "C:\Program Files (x86)\AdTrustMedia\PrivDog\FinalizeSetup.exe" /c File not found
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Programme\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [AmazonMP3DownloaderHelper] C:\Users\Lutz\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe File not found
O4 - Startup: C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pianoteq23.exe (Modartt)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - C:\Programme\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll (AdTrustMedia)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll File not found
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A82E81E1-186D-4F81-AC8B-38807575481C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\WINSYS~1\WINSYS~2.DLL) - C:\ProgramData\Win sys filter\Winsysfilter_x64.dll ()
O20 - AppInit_DLLs: (c:\progra~3\winsys~1\winsys~1.dll) - c:\ProgramData\Win sys filter\Winsysfilter.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/10 11:01:18 | 000,000,000 | ---D | C] -- C:\Users\Lutz\Desktop\Berichte
[2014/01/09 18:43:24 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/09 18:39:07 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\Lutz\Desktop\JRT.exe
[2014/01/09 16:57:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/07 22:53:01 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Lutz\Desktop\dds.scr
[2014/01/07 22:33:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2014/01/07 22:32:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/01/07 22:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2014/01/07 22:14:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lutz\Desktop\OTL.exe
[2014/01/07 22:12:55 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Lutz\Desktop\aswmbr.exe
[2014/01/07 21:59:04 | 000,000,000 | ---D | C] -- C:\Users\Lutz\AppData\Roaming\Malwarebytes
[2014/01/07 21:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/07 21:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/07 21:58:38 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/01/07 21:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/01/07 03:07:41 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2014/01/07 03:07:40 | 000,000,000 | ---D | C] -- C:\Users\Lutz\AppData\Roaming\Spyware Terminator
[2014/01/07 03:07:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2014/01/07 03:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2014/01/07 03:04:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2014/01/07 02:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2014/01/07 02:46:23 | 000,000,000 | ---D | C] -- C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2014/01/07 02:46:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2013/12/31 19:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\abedejglimnllinlkgjljenbmlanlplk
[2013/12/31 19:06:48 | 000,000,000 | ---D | C] -- C:\ProgramData\e8c71a22596d496b
[2013/12/31 19:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NewSavier
[2013/12/29 10:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Win sys filter
[2013/12/29 10:35:00 | 000,000,000 | ---D | C] -- C:\Users\Lutz\Desktop\Left4Uncut [09.07.2013]
[2013/12/24 00:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/12/22 15:01:10 | 000,000,000 | ---D | C] -- C:\Users\Lutz\Desktop\Mixtape hanna
[2013/12/15 01:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/12 11:44:02 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/12 11:44:02 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/12 11:44:02 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/12/12 11:44:01 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/12/12 11:44:01 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/12/12 11:44:01 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/12/12 11:44:01 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/12 11:44:01 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/12 11:44:01 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/12/12 11:44:01 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/12/12 11:44:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/12/12 11:44:01 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/12/12 11:44:00 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/12/12 11:43:59 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/12 11:43:59 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/12 11:43:57 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/12 11:39:56 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/12 11:39:49 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/12 11:39:49 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/12 11:39:49 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/12 11:39:49 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/12 11:39:49 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/12 11:39:49 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/12 11:39:49 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/12 11:39:49 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/10 15:24:03 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2014/01/10 15:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/10 15:22:02 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/10 15:22:02 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/10 15:20:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/10 15:14:37 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/10 15:14:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/10 15:14:04 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/09 18:39:11 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\Lutz\Desktop\JRT.exe
[2014/01/09 17:05:38 | 000,057,096 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2014/01/09 17:05:38 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2014/01/09 16:55:08 | 001,233,962 | ---- | M] () -- C:\Users\Lutz\Desktop\AdwCleaner.exe
[2014/01/07 22:53:06 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Lutz\Desktop\dds.scr
[2014/01/07 22:32:25 | 000,000,905 | ---- | M] () -- C:\Users\Lutz\Desktop\ERUNT.lnk
[2014/01/07 22:14:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lutz\Desktop\OTL.exe
[2014/01/07 22:13:02 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Lutz\Desktop\aswmbr.exe
[2014/01/07 21:58:41 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/07 03:07:41 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2014/01/07 03:07:36 | 000,001,038 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2014/01/07 02:46:23 | 000,003,201 | ---- | M] () -- C:\Users\Lutz\Desktop\Sophos Virus Removal Tool.lnk
[2013/12/31 18:37:38 | 001,642,148 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/31 18:37:38 | 000,707,300 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/12/31 18:37:38 | 000,660,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/31 18:37:38 | 000,152,892 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/12/31 18:37:38 | 000,125,108 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/31 00:52:05 | 002,190,523 | ---- | M] () -- C:\Users\Lutz\Desktop\Les heurs perdue.mp3
[2013/12/31 00:51:28 | 003,076,596 | ---- | M] () -- C:\Users\Lutz\Desktop\Third law of harmonics - Dr quandary.mp3
[2013/12/28 04:06:44 | 000,000,868 | ---- | M] () -- C:\Users\Lutz\.recently-used.xbel
[2013/12/15 01:22:39 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/12/13 01:02:49 | 000,481,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/12 11:40:18 | 000,131,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/12/12 11:40:18 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/12/12 11:40:18 | 000,084,720 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/09 16:55:01 | 001,233,962 | ---- | C] () -- C:\Users\Lutz\Desktop\AdwCleaner.exe
[2014/01/07 22:32:25 | 000,000,905 | ---- | C] () -- C:\Users\Lutz\Desktop\ERUNT.lnk
[2014/01/07 21:58:41 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/07 03:07:36 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2014/01/07 02:46:23 | 000,003,201 | ---- | C] () -- C:\Users\Lutz\Desktop\Sophos Virus Removal Tool.lnk
[2013/12/31 00:52:05 | 002,190,523 | ---- | C] () -- C:\Users\Lutz\Desktop\Les heurs perdue.mp3
[2013/12/31 00:51:26 | 003,076,596 | ---- | C] () -- C:\Users\Lutz\Desktop\Third law of harmonics - Dr quandary.mp3
[2013/12/28 04:06:44 | 000,000,868 | ---- | C] () -- C:\Users\Lutz\.recently-used.xbel
[2013/08/09 16:41:46 | 000,007,623 | ---- | C] () -- C:\Users\Lutz\AppData\Local\Resmon.ResmonCfg
[2011/06/06 23:53:45 | 000,018,432 | ---- | C] () -- C:\Users\Lutz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< :OTL >

< O2:64bit: - BHO: (NewSavier) - {09DBB4C7-B63E-2D9B-1E53-1243C48EA3FE} - C:\ProgramData\NewSavier\ftjyO.x64.dll File not found >

< O2:64bit: - BHO: (ShoPDroop) - {18CF500C-2817-1946-1A8C-B492AC705480} - C:\ProgramData\ShoPDroop\k9tRw.x64.dll File not found >

< [2013/12/31 19:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NewSavier >
Invalid Switch: 31 19:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NewSavier

< >

< :Services >

< >

< :Reg >

< >

< :Files >

< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.

< >

< >

< :Commands >

< [purity] >

< [resethosts] >

< [EMPTYJAVA] >

< [emptytemp] >

< [start explorer] >

< [Reboot] >

========== Files - Unicode (All) ==========
[2013/10/08 16:01:17 | 099,859,239 | ---- | M] ()(C:\Windows\SysWow64\¡??C) -- C:\Windows\SysWow64\¡ំC
[2013/10/08 16:01:17 | 099,859,239 | ---- | C] ()(C:\Windows\SysWow64\¡??C) -- C:\Windows\SysWow64\¡ំC

< End of report >







thank you very much for you patience!!

ken545
2014-01-10, 16:46
Did you run the fix I posted , those two entries are still on your log ?

MrLutz
2014-01-10, 17:54
As far as im aware, i did everything you told me, which fix would think could be missing?
with OLT i just scanned so far, and didnt clean up, was that maybe wrong?

Lutz

ken545
2014-01-10, 18:11
Lets try running the fix again, post the log from the fix and then run a new scan with OTL and post that new log as well


Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL





:OTL
O2:64bit: - BHO: (NewSavier) - {09DBB4C7-B63E-2D9B-1E53-1243C48EA3FE} - C:\ProgramData\NewSavier\ftjyO.x64.dll File not found
O2:64bit: - BHO: (ShoPDroop) - {18CF500C-2817-1946-1A8C-B492AC705480} - C:\ProgramData\ShoPDroop\k9tRw.x64.dll File not found
[2013/12/31 19:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NewSavier

:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

Then run a new scan with OTL and post the new log please

MrLutz
2014-01-10, 19:06
Ok, here is the log after fixing with OLT:
(so far, shopdroop is still there..)








All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09DBB4C7-B63E-2D9B-1E53-1243C48EA3FE}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09DBB4C7-B63E-2D9B-1E53-1243C48EA3FE}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18CF500C-2817-1946-1A8C-B492AC705480}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18CF500C-2817-1946-1A8C-B492AC705480}\ deleted successfully.
C:\ProgramData\NewSavier folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Lutz\Desktop\cmd.bat deleted successfully.
C:\Users\Lutz\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Lutz
->Java cache emptied: 33107463 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 32.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Lutz
->Temp folder emptied: 410192668 bytes
->Temporary Internet Files folder emptied: 75795241 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 372676143 bytes
->Flash cache emptied: 1216 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 1115688 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 450599123 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304566 bytes
RecycleBin emptied: 77093 bytes

Total Files Cleaned = 1,290.00 mb

========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Lutz\Desktop\cmd.bat deleted successfully.
C:\Users\Lutz\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Lutz
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Lutz
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01102014_174341

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
C:\Users\Lutz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\FireFly(2014011015141478C).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(2014011015141478C).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(2014011015141578C).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x86.de-de.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...








HERE IS THE LOG AFTER SCANNING AFTER FIX:



OTL logfile created on: 10/01/2014 17:53:44 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lutz\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy

3.99 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 61.89% Memory free
7.98 Gb Paging File | 6.03 Gb Available in Paging File | 75.55% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 687.56 Gb Free Space | 73.82% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: HEIMSTUDIO | User Name: Lutz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
PRC - C:\Users\Lutz\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
PRC - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:[b]64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (8ffb8f2d) -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
SRV - (DragonUpdater) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (OfficeSvc) -- C:\Programme\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation)
SRV - (ST2012_Svc) -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (Crawler.com)
SRV - (cmdAgent) -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (cmdvirth) -- C:\Programme\COMODO\COMODO Internet Security\cmdvirth.exe (COMODO)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (SophosVirusRemovalTool) -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe (Sophos Limited)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (getPlusHelper) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (sp_rsdrv2) -- C:\Windows\SysNative\drivers\stflt.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NvnUsbAudio) -- C:\Windows\SysNative\drivers\nvnusbaudio.sys (Novation DMS Ltd.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (automap) -- C:\Windows\SysNative\drivers\automap.sys (Novation Digital Music Systems Limited)
DRV:64bit: - (RDID1079) -- C:\Windows\SysNative\drivers\Rdwm1079.sys (Roland Corporation)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 1D 28 44 32 94 CA 01 [binary data]
IE - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\..\SearchScopes\{9B9E88B8-7483-4FE5-942D-B29444C530F0}: "URL" = http://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

[2013/06/09 12:15:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lutz\AppData\Roaming\mozilla\Extensions
[2010/12/29 16:53:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lutz\AppData\Roaming\mozilla\Extensions\{e3368f8a-0a96-0512-556c-bd9111a57f35}
[2013/05/24 08:21:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/05/24 08:21:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/05/24 08:21:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/05/24 08:21:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/05/24 08:21:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013/05/24 08:21:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/12/08 22:21:24 | 000,002,224 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\webblog.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - Extension: Adblock Plus = C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0\
CHR - Extension: Google Wallet = C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3 - HKU\S-1-5-21-3909343542-95317390-4005255391-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Programme\COMODO\COMODO Internet Security\cistray.exe (COMODO)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ComodoFSChrome] "C:\Program Files (x86)\AdTrustMedia\PrivDog\FinalizeSetup.exe" /c File not found
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Programme\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3909343542-95317390-4005255391-1000..\Run: [AmazonMP3DownloaderHelper] C:\Users\Lutz\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - C:\Programme\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll (AdTrustMedia)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll File not found
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A82E81E1-186D-4F81-AC8B-38807575481C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\WINSYS~1\WINSYS~2.DLL) - C:\ProgramData\Win sys filter\Winsysfilter_x64.dll ()
O20 - AppInit_DLLs: (c:\progra~3\winsys~1\winsys~1.dll) - c:\ProgramData\Win sys filter\Winsysfilter.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/10 17:43:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/10 11:01:18 | 000,000,000 | ---D | C] -- C:\Users\Lutz\Desktop\Berichte
[2014/01/09 18:43:24 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/09 18:39:07 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\Lutz\Desktop\JRT.exe
[2014/01/09 16:57:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/07 22:53:01 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Lutz\Desktop\dds.scr
[2014/01/07 22:33:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2014/01/07 22:32:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/01/07 22:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2014/01/07 22:14:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lutz\Desktop\OTL.exe
[2014/01/07 22:12:55 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Lutz\Desktop\aswmbr.exe
[2014/01/07 21:59:04 | 000,000,000 | ---D | C] -- C:\Users\Lutz\AppData\Roaming\Malwarebytes
[2014/01/07 21:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/07 21:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/07 21:58:38 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/01/07 21:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/01/07 03:07:41 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2014/01/07 03:07:40 | 000,000,000 | ---D | C] -- C:\Users\Lutz\AppData\Roaming\Spyware Terminator
[2014/01/07 03:07:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2014/01/07 03:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2014/01/07 03:04:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2014/01/07 02:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2014/01/07 02:46:23 | 000,000,000 | ---D | C] -- C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2014/01/07 02:46:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2013/12/31 19:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\abedejglimnllinlkgjljenbmlanlplk
[2013/12/31 19:06:48 | 000,000,000 | ---D | C] -- C:\ProgramData\e8c71a22596d496b
[2013/12/29 10:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Win sys filter
[2013/12/29 10:35:00 | 000,000,000 | ---D | C] -- C:\Users\Lutz\Desktop\Left4Uncut [09.07.2013]
[2013/12/24 00:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/12/22 15:01:10 | 000,000,000 | ---D | C] -- C:\Users\Lutz\Desktop\Mixtape hanna
[2013/12/15 01:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/12 11:44:02 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/12 11:44:02 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/12 11:44:02 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/12/12 11:44:01 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/12/12 11:44:01 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/12/12 11:44:01 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/12/12 11:44:01 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/12 11:44:01 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/12 11:44:01 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/12/12 11:44:01 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/12/12 11:44:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/12/12 11:44:01 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/12/12 11:44:00 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/12/12 11:43:59 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/12 11:43:59 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/12 11:43:57 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/12 11:39:56 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/12 11:39:49 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/12 11:39:49 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/12 11:39:49 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/12 11:39:49 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/12 11:39:49 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/12 11:39:49 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/12 11:39:49 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/12 11:39:49 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/10 17:56:44 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2014/01/10 17:55:05 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/10 17:55:05 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/10 17:48:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/10 17:46:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/10 17:46:46 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/10 17:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/10 17:20:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/09 18:39:11 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\Lutz\Desktop\JRT.exe
[2014/01/09 17:05:38 | 000,057,096 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2014/01/09 17:05:38 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2014/01/09 16:55:08 | 001,233,962 | ---- | M] () -- C:\Users\Lutz\Desktop\AdwCleaner.exe
[2014/01/07 22:53:06 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Lutz\Desktop\dds.scr
[2014/01/07 22:32:25 | 000,000,905 | ---- | M] () -- C:\Users\Lutz\Desktop\ERUNT.lnk
[2014/01/07 22:14:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lutz\Desktop\OTL.exe
[2014/01/07 22:13:02 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Lutz\Desktop\aswmbr.exe
[2014/01/07 21:58:41 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/07 03:07:41 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2014/01/07 03:07:36 | 000,001,038 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2014/01/07 02:46:23 | 000,003,201 | ---- | M] () -- C:\Users\Lutz\Desktop\Sophos Virus Removal Tool.lnk
[2013/12/31 18:37:38 | 001,642,148 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/31 18:37:38 | 000,707,300 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/12/31 18:37:38 | 000,660,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/31 18:37:38 | 000,152,892 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/12/31 18:37:38 | 000,125,108 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/31 00:52:05 | 002,190,523 | ---- | M] () -- C:\Users\Lutz\Desktop\Les heurs perdue.mp3
[2013/12/31 00:51:28 | 003,076,596 | ---- | M] () -- C:\Users\Lutz\Desktop\Third law of harmonics - Dr quandary.mp3
[2013/12/28 04:06:44 | 000,000,868 | ---- | M] () -- C:\Users\Lutz\.recently-used.xbel
[2013/12/15 01:22:39 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/12/13 01:02:49 | 000,481,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/12 11:40:18 | 000,131,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/12/12 11:40:18 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/12/12 11:40:18 | 000,084,720 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/09 16:55:01 | 001,233,962 | ---- | C] () -- C:\Users\Lutz\Desktop\AdwCleaner.exe
[2014/01/07 22:32:25 | 000,000,905 | ---- | C] () -- C:\Users\Lutz\Desktop\ERUNT.lnk
[2014/01/07 21:58:41 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/07 03:07:36 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2014/01/07 02:46:23 | 000,003,201 | ---- | C] () -- C:\Users\Lutz\Desktop\Sophos Virus Removal Tool.lnk
[2013/12/31 00:52:05 | 002,190,523 | ---- | C] () -- C:\Users\Lutz\Desktop\Les heurs perdue.mp3
[2013/12/31 00:51:26 | 003,076,596 | ---- | C] () -- C:\Users\Lutz\Desktop\Third law of harmonics - Dr quandary.mp3
[2013/12/28 04:06:44 | 000,000,868 | ---- | C] () -- C:\Users\Lutz\.recently-used.xbel
[2013/08/09 16:41:46 | 000,007,623 | ---- | C] () -- C:\Users\Lutz\AppData\Local\Resmon.ResmonCfg
[2011/06/06 23:53:45 | 000,018,432 | ---- | C] () -- C:\Users\Lutz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/27 19:13:56 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\2K Sports
[2011/01/01 21:32:58 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\ABW
[2013/10/13 13:36:27 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Amazon
[2014/01/09 18:31:20 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\CheckPoint
[2013/07/26 11:05:46 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\DAEMON Tools Lite
[2013/07/26 10:47:08 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\DassaultSystemes
[2011/01/01 21:18:40 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\doctronic
[2011/08/30 14:17:34 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Downloaded Installations
[2013/01/27 20:42:00 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Dropbox
[2013/11/23 00:44:02 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\DVDVideoSoft
[2010/12/04 14:25:58 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\FreeHideIP
[2012/12/24 11:19:11 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\FreeMoviesToDVD
[2010/01/24 00:31:46 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\FXpansion
[2012/11/11 20:45:10 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\gtk-2.0
[2010/10/01 18:52:21 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Leadertech
[2013/09/27 19:29:22 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\MotioninJoy
[2011/05/16 22:02:09 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\My Games
[2012/11/15 00:30:51 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\OfficeRecovery
[2012/11/15 00:33:12 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\OfficeRecovery.747864be
[2010/03/23 00:29:33 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\OpenOffice.org
[2013/11/25 15:30:15 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\openvr
[2010/12/16 02:11:17 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\PhotoFiltre
[2011/06/02 19:05:17 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\runic games
[2011/06/08 14:22:35 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\ScummVM
[2014/01/07 03:07:40 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Spyware Terminator
[2010/01/12 23:58:09 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Steinberg
[2012/12/05 10:20:56 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\TeamViewer
[2012/11/11 21:51:56 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\TuneUp Software
[2012/11/23 22:31:43 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\VST3 Presets

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/10/08 16:01:17 | 099,859,239 | ---- | M] ()(C:\Windows\SysWow64\¡??C) -- C:\Windows\SysWow64\¡ំC
[2013/10/08 16:01:17 | 099,859,239 | ---- | C] ()(C:\Windows\SysWow64\¡??C) -- C:\Windows\SysWow64\¡ំC

< End of report >

ken545
2014-01-10, 19:39
Good, thanks for the logs, those bad entries are now gone

Run your browsers through this and see if you can see and remove any trace of those two entries

Internet Explorer


Open Internet Explorer
Click on Tools up on the top right
Click on Manage Add Ons
Click on Search Providers
Highlite the one you want to remove and select Delete




Firefox


Open Firefox
Up on the Top Right in the Search Box , click on the down arrow and select Manage Search Engines
Highlite the one you want to remove and select Delete




Chrome


Open Chrome
Up on the Top Right click on the 3 Bars
Click on Settings
Then Manage Search Engines
Highlite the one you want to remove and select Delete

MrLutz
2014-01-10, 19:53
OK, i did it.
But i couldnt see any entry called safesaver or shopdroop or anything similar, i think.
i erased every one except google now.

ken545
2014-01-10, 19:57
So are you still having problems with ShopDrop ?

MrLutz
2014-01-10, 20:42
Unfortunatly yes.

Shopdroop is still there as an add on in chrome and reinstalls after deleting again after startup...
hmm..

ken545
2014-01-10, 20:55
Open up Chrome and again click on the three bars up at the top right and go to Setting > Advanced Setting > Restore browser settings to their original defaults. Restore your browser, then close Chrome and see if it helped

MrLutz
2014-01-10, 21:33
Ok, now its still there, but its not automaticly activated anymore...

ken545
2014-01-10, 22:21
Lets do another search, you will need to download and run the 64 bit version of this program

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)


Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:folderfind
ShopDrop
:filefind
ShopDrop
:regfind
ShopDrop

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

MrLutz
2014-01-12, 06:06
Ok, i did the search, but it didnt find anything. but thats because i wrote the malware wrong in the title! that thing is actually written with two O's, sorry. i hope that didnt make all the stuff we did before useless..

i did the search again written correctly:




SystemLook 30.07.11 by jpshortstuff
Log created at 04:59 on 12/01/2014 by Lutz
Administrator - Elevation successful

========== folderfind ==========

Searching for "ShopDroop"
No folders found.

========== filefind ==========

Searching for "ShopDroop"
No files found.

========== regfind ==========

Searching for "ShopDroop"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopeDRop.ShopeDRop]
@="ShoPDroop"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopeDRop.ShopeDRop.4.7]
@="ShoPDroop"

-= EOF =-

ken545
2014-01-12, 14:28
Hi,

I saw the way it was spelled in your log, looks like they are trying to confuse us

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:OTL


:Services

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopeDRop.ShopeDRop]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopeDRop.ShopeDRop.4.7]

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

MrLutz
2014-01-12, 16:08
Ok, i ran OTL with the code.
I forgot to switch of antivir the first time, i intercepted some move from OTL.
so i did it gain, with all protection software switched of.
here is the first fix(i guess that one worked allready), below that the second fix with antivir etc of.



All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopeDRop.ShopeDRop\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopeDRop.ShopeDRop.4.7\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Lutz\Desktop\cmd.bat deleted successfully.
C:\Users\Lutz\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Lutz
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Lutz
->Temp folder emptied: 32327 bytes
->Temporary Internet Files folder emptied: 1864097 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 367767159 bytes
->Flash cache emptied: 708 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12065 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 353.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01122014_145342

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
C:\Users\Lutz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\FireFly(201401121444477CC).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(201401121444477CC).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(201401121444517CC).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x86.de-de.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...






SECOND FIX:






All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopeDRop.ShopeDRop\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopeDRop.ShopeDRop.4.7\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\Lutz\Desktop\cmd.bat deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Lutz
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Lutz
->Temp folder emptied: 25798 bytes
->Temporary Internet Files folder emptied: 556436 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6689466 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1930 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01122014_145915

Files\Folders moved on Reboot...
C:\Users\Lutz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\FireFly(2014011214554779C).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(2014011214554779C).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(2014011214554779C).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x86.de-de.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ken545
2014-01-12, 16:17
ok


Click the Chrome menu http://i24.photobucket.com/albums/c30/ken545/Clipboard01_zps2e55f676.jpgon the browser toolbar.
Select Settings.
Scroll down to Show advanced settings...
Locate the Privacy Section, select Content Settings
In the pop up window scoll to Plug-Ins, select Disable individual plug-ins...
Locate the following plug-ins and set them to Disable:

Shoopdrop

Exit Chrome settings menu.

MrLutz
2014-01-12, 17:25
In the Plug-ins menu shopdroop isnt shown.
i also dont get any pop-ups etc. anymore. shopdroop just still shows in the setting>add on's menu.

ken545
2014-01-12, 17:51
Can you go in there and remove or disable it ?

https://support.google.com/chrome/answer/187443?hl=en

MrLutz
2014-01-12, 19:24
If i uninstall, it reinstalls and is back and activated.
however i can deactivate and it wont reactivate after startup...

man, such an anoing thing...
but thank you for all your effort!

ken545
2014-01-12, 19:33
Good, then just keep deactivated

There is a new tool out by Malwarebytes Malwarebytes Anti Exploit, no scan to run, just down load and install it and it will help block your browser from exploits

http://downloads.malwarebytes.org/file/mbae_beta/

Give it a shot and let me know what you think

Read this
https://forums.malwarebytes.org/index.php?showtopic=136424

MrLutz
2014-01-14, 19:37
I installed and am running Malwarebytes Anti Exploit.

is seems like a easy enough and cool tool, which is hopefully going to prevent future attacks.
but its not capable of changing anything about shopdrop right'?
one different and easy enough step to get rid of shopdrop would be to reboot my system, right?

ken545
2014-01-14, 21:12
Not sure , cant hurt to reboot and see

ken545
2014-01-17, 15:46
Hows it going ?

MrLutz
2014-01-21, 23:33
Hi!
Well, with rebooting i actually ment 'format c:'.
that beast is still there and doesnt wanne go. even though it doesnt seem to do anything right now, i have to admit that i dont really feel safe that way.
so i figure, its going to be best if i put up the system completely new in the upcoming month. even though its going to be a hussle to save data and such, but still seems to be easier than dealing with it.

i haven't done that in the last 6 years yet, so maybe it was even overdue...
but i'm really thankfull for your help! sorry i'm givin up on u like that :)

Lutz

ken545
2014-01-22, 00:05
Sometimes a reformat of the drive and a new install of windows is a good thing, but I really dont think its needed here, but that up to you


Why dont you just try uninstalling Chome, use Revo Uninstaller so that you get all the files folders and registry entries, then reboot when its done and try installing a fresh new copy of Chrome

http://www.revouninstaller.com/revo_uninstaller_free_download.html


https://www.google.com/intl/en/chrome/browser/

Let me know how it went

MrLutz
2014-01-24, 22:13
:)

OK, so i uninstalled chrome, without using revo-uninstall and reinstalled after that.

shopdroop has now disappeared from chrome.

thank you :)

ken545
2014-01-24, 22:16
Wonderful, how is your system behaving now ?

MrLutz
2014-01-28, 20:46
Well, shopdroop is gone. i dont get the in-browser roll-overs anymore. also additional adds which were played in front of youtube videos arent anymore.

thank you :)
i bow before your pc-skills.

could u maybe post me an advisor on internet security? something like 'what is software i need to be protected, what makes my pc only slower? how do i behave?'

ken545
2014-01-28, 21:12
Hello,

You have done very well following instructions .

I see Avira Anti Virus and Comodo Firewall, both of these are fine, with these two programs you only need one of each, more than one is overkill and can slow your system down so just keep these two, keep them updated and with Avira run a scan at least once a week .

You can also keep Spybot Search and Destroy and Malwarebytes, keep them updated and scan for threats at least once a week

I see Java installed and its important to keep it updated, not sure what version you have .



We need to update your Java to keep you more secure

Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 7 Update 51, if not proceed with the instructions.
Go to the update Tab and update it
Important, during the upgrade UNCHECK ASK TOOL BAR. ( you do not need or want this )
Then go to your Add Remove Programs (WIN XP) or Programs and Features (Vista / Win 7) in the Control Panel and uninstall all previous versions.


You can verify the installation Here (http://www.java.com/en/download/help/testvm.xml)






Double click on AdwCleaner.exe to run the tool again.

Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.







Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

ken545
2014-01-30, 23:39
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.