InstantSavings App

MichaelD · July 4, 2013

Hey guys,

for 3,4 weeks now I'm infected with some kind of Malware that always shows an ad by "InstantSavings" on any flash video on the web before playing. ALso my starting Page was set to something like qvo6.com which i could luckily remove. The ads still bother me and I#m afraid there's more behind them. Here the logs from dds.scr:

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16618 BrowserJavaVersion: 10.25.2
Run by paul at 20:03:53 on 2013-07-04
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3070.1024 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Windows\system32\srvany.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\KMService.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\paul\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Unified Remote\RemoteServer.exe
C:\Program Files\Logitech\Z Cinema\Z Cinema.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Hotspot Shield\bin\hsscp.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [F.lux] "c:\users\paul\local settings\apps\f.lux\flux.exe" /noshow
uRun: [unified Remote v2] c:\program files\unified remote\RemoteServer.exe
uRun: [AdobeBridge] <no file>
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\paul\appdata\roaming\micros~1\windows\startm~1\programs\startup\zcinem~1.lnk - c:\users\paul\appdata\roaming\microsoft\installer\{3d1a8e16-10a6-43e0-90be-0a0474a637a7}\NewShortcut1_3D1A8E1610A643E090BE0A0474A637A7.exe
mPolicies-Explorer: NoDriveTypeAutoRun = dword:8
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.

TCP: NameServer = 129.13.64.5 129.13.96.2
TCP: Interfaces\{B66C7A43-0B86-4CE5-A01F-018DF5E2F824} : DHCPNameServer = 129.13.64.5 129.13.96.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\paul\appdata\roaming\mozilla\firefox\profiles\wkixeshx.default-1372940707311\
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\paul\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-05-12 16:25; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: 2013-07-02 21:33; afurladvisor@anchorfree.com; c:\program files\mozilla firefox\browser\extensions\afurladvisor@anchorfree.com
FF - ExtSQL: 2013-07-04 14:26; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\paul\appdata\roaming\mozilla\firefox\profiles\wkixeshx.default-1372940707311\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-07-04 14:28; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\paul\appdata\roaming\mozilla\firefox\profiles\wkixeshx.default-1372940707311\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-07-04 14:28; {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}; c:\users\paul\appdata\roaming\mozilla\firefox\profiles\wkixeshx.default-1372940707311\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF - ExtSQL: 2013-07-04 14:28; ich@maltegoetz.de; c:\users\paul\appdata\roaming\mozilla\firefox\profiles\wkixeshx.default-1372940707311\extensions\ich@maltegoetz.de
FF - ExtSQL: 2013-07-04 14:28; firegestures@xuldev.org; c:\users\paul\appdata\roaming\mozilla\firefox\profiles\wkixeshx.default-1372940707311\extensions\firegestures@xuldev.org.xpi
FF - ExtSQL: 2013-07-04 16:19; 7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com; c:\users\paul\appdata\roaming\mozilla\firefox\profiles\wkixeshx.default-1372940707311\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-5-12 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-5-12 175176]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-6-29 13560]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-5-12 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-5-12 369584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-1-26 242240]
R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2013-6-21 41160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-5-12 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-12 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-5-12 46808]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\cmw_srv.exe [2013-6-21 831272]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2013-6-21 548136]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2012-10-17 8192]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-11-25 687400]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2012-3-23 87040]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-7-2 4150112]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2012-9-26 27136]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-6-21 37064]
R3 ZCinema_TSHD;ZCinema TruSurround HD driver;c:\windows\system32\drivers\ZCinema_SRS_i386.sys [2007-8-22 18448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-18 14848]
S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-12-18 49664]
S3 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2012-9-26 745368]
.
=============== Created Last 30 ================
.
2013-07-02 18:46:42   7068072   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{b37c94ea-140c-4417-8d57-fcbce2eb2129}\mpengine.dll
2013-07-02 17:58:04   --------   d-----w-   C:\studium
2013-07-02 17:57:10   --------   d-----w-   C:\Desktop
2013-07-02 17:56:32   --------   d-----w-   C:\laptop
2013-07-02 17:50:16   --------   d-----w-   c:\program files\TeamViewer
2013-07-02 01:06:22   --------   d-----w-   c:\users\paul\appdata\roaming\TeamViewer
2013-07-01 00:21:01   --------   d-----w-   c:\programdata\Hotspot Shield
2013-07-01 00:20:20   --------   d-----w-   c:\program files\Hotspot Shield
2013-07-01 00:19:49   --------   d-----w-   c:\users\paul\appdata\roaming\Hotspot Shield
2013-06-30 18:50:01   --------   d-----w-   C:\Output
2013-06-29 21:07:04   --------   d-----w-   c:\users\paul\appdata\roaming\SUPERAntiSpyware.com
2013-06-29 21:06:47   --------   d-----w-   c:\program files\SUPERAntiSpyware
2013-06-29 21:06:46   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2013-06-29 21:05:52   --------   d-----w-   c:\users\paul\appdata\roaming\LavasoftStatistics
2013-06-29 21:04:46   44424   ----a-w-   c:\windows\system32\sbbd.exe
2013-06-29 21:04:46   13560   ----a-w-   c:\windows\system32\drivers\gfibto.sys
2013-06-29 21:04:43   --------   d-----w-   c:\users\paul\appdata\roaming\Ad-Aware Antivirus
2013-06-29 19:23:09   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2013-06-29 15:44:18   --------   d-----w-   c:\users\paul\appdata\roaming\Malwarebytes
2013-06-29 15:43:44   --------   d-----w-   c:\programdata\Malwarebytes
2013-06-28 19:45:37   --------   d-----w-   c:\users\paul\appdata\local\World in Conflict
2013-06-28 19:13:47   --------   d-----w-   c:\program files\JDownloader
2013-06-28 19:09:30   --------   d-----w-   c:\program files\Plus-HD-2.3
2013-06-23 15:15:00   --------   d-----w-   c:\users\paul\appdata\roaming\Might & Magic Heroes VI
2013-06-23 12:40:22   867240   ----a-w-   c:\windows\system32\npDeployJava1.dll
2013-06-23 12:40:13   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2013-06-21 01:09:02   37064   ----a-w-   c:\windows\system32\drivers\taphss6.sys
2013-06-21 01:05:26   41160   ----a-w-   c:\windows\system32\drivers\hssdrv6.sys
2013-06-18 22:26:05   --------   d-----w-   c:\users\paul\appdata\roaming\Tropico 4
2013-06-18 13:20:59   1230336   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2013-06-18 13:02:51   9728   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-12 18:15:02   1505280   ----a-w-   c:\windows\system32\d3d11.dll
2013-06-12 18:14:57   24576   ----a-w-   c:\windows\system32\cryptdlg.dll
2013-06-12 18:14:55   492544   ----a-w-   c:\windows\system32\win32spl.dll
2013-06-12 18:14:52   903168   ----a-w-   c:\windows\system32\certutil.exe
2013-06-12 18:14:51   140288   ----a-w-   c:\windows\system32\cryptsvc.dll
2013-06-12 18:14:51   1160192   ----a-w-   c:\windows\system32\crypt32.dll
2013-06-12 18:14:51   103936   ----a-w-   c:\windows\system32\cryptnet.dll
2013-06-12 18:14:50   43008   ----a-w-   c:\windows\system32\certenc.dll
2013-06-12 18:14:42   3913576   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-06-12 18:14:41   3968872   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2013-06-12 18:14:40   1293672   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-06-05 00:58:54   --------   d-----w-   c:\users\paul\appdata\roaming\3909 LLC
.
==================== Find3M ====================
.
2013-06-28 19:09:34   420944   ----a-w-   c:\windows\system32\msvcp100.dll
2013-06-28 17:25:28   770344   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2013-06-28 17:25:28   175176   ----a-w-   c:\windows\system32\drivers\aswVmm.sys
2013-06-23 12:40:05   789416   ----a-w-   c:\windows\system32\deployJava1.dll
2013-06-18 13:02:51   906240   ----a-w-   c:\windows\system32\FntCache.dll
2013-06-12 18:01:57   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 18:01:57   692104   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-05-09 08:59:10   61680   ----a-w-   c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59:10   49376   ----a-w-   c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59:09   66336   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58:37   41664   ----a-w-   c:\windows\avastSS.scr
2013-05-02 00:06:08   238872   ------w-   c:\windows\system32\MpSigStub.exe
2013-04-13 04:45:16   474624   ----a-w-   c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15   2176512   ----a-w-   c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45:29   1211752   ----a-w-   c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18:40   728424   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18:40   218984   ----a-w-   c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14:06   2347520   ----a-w-   c:\windows\system32\win32k.sys
2013-04-07 23:31:40   138032   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
2013-04-07 23:31:32   281688   ----a-w-   c:\windows\system32\PnkBstrB.xtr
2013-04-07 23:31:32   281688   ----a-w-   c:\windows\system32\PnkBstrB.exe
.
============= FINISH: 20:04:18,37 ===============

attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12.01.2012 15:00:42
System Uptime: 04.07.2013 15:39:25 (5 hours ago)
.
Motherboard: Foxconn | | 45CMX/45GMX/45CMX-K
Processor: Intel® Core2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 1584/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 46,32 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 14 GiB total, 6,494 GiB free.
F: is FIXED (NTFS) - 108 GiB total, 9,272 GiB free.
G: is FIXED (NTFS) - 41 GiB total, 25,264 GiB free.
H: is FIXED (NTFS) - 135 GiB total, 20,926 GiB free.
I: is Removable
J: is Removable
K: is Removable
L: is Removable
M: is CDROM (CDFS)
O: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_BSTHDDRV\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BSTHDDRV\0000
Service:
.
==== System Restore Points ===================
.
RP47: 29.06.2013 23:36:25 - Revo Uninstaller's restore point - Age of Empires III - The WarChiefs
RP49: 29.06.2013 23:37:23 - Entfernt Age of Empires III - The WarChiefs
RP51: 29.06.2013 23:41:36 - Revo Uninstaller's restore point - Age of Empires III
RP53: 29.06.2013 23:42:07 - Entfernt Age of Empires III
RP55: 29.06.2013 23:43:50 - Revo Uninstaller's restore point - Battlelog Web Plugins
RP57: 29.06.2013 23:45:17 - Revo Uninstaller's restore point - Dishonored
RP59: 29.06.2013 23:47:32 - Revo Uninstaller's restore point - eSafe Security Control 1.0.0.2522
RP61: 29.06.2013 23:48:45 - Revo Uninstaller's restore point - Google Chrome
RP63: 29.06.2013 23:50:53 - Revo Uninstaller's restore point - ESN Sonar
RP65: 29.06.2013 23:52:12 - Revo Uninstaller's restore point - Faster Than Light
RP67: 29.06.2013 23:54:01 - Revo Uninstaller's restore point - Malwarebytes Anti-Malware Version 1.75.0.1300
RP69: 30.06.2013 02:25:23 - Revo Uninstaller's restore point - Origin
RP71: 30.06.2013 02:29:15 - Revo Uninstaller's restore point - Recuva
RP73: 30.06.2013 02:30:28 - Revo Uninstaller's restore point - Spybot - Search & Destroy
RP75: 30.06.2013 02:31:57 - Revo Uninstaller's restore point - Ubisoft Game Launcher
RP76: 30.06.2013 02:32:16 - Removed Ubisoft Game Launcher
RP78: 30.06.2013 02:33:05 - Revo Uninstaller's restore point - Uplay
RP80: 30.06.2013 03:27:53 - Revo Uninstaller's restore point - Reus
RP81: 01.07.2013 02:20:24 - Gerätetreiber-Paketinstallation: Anchorfree Inc Netzwerkdienst
RP82: 01.07.2013 02:21:08 - Gerätetreiber-Paketinstallation: Anchorfree HSS VPN Adapter Netzwerkadapter
RP83: 02.07.2013 20:46:02 - Windows Update
RP85: 04.07.2013 14:04:05 - Revo Uninstaller's restore point - Splashtop Streamer
RP86: 04.07.2013 14:08:32 - Entfernt Splashtop Streamer
.
==== Installed Programs ======================
.
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop CS6
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Aquamarin Haushaltsbuch 2.9.2 b
avast! Free Antivirus
BioShock Infinite
Bonjour
Cheat Engine 6.2
Convert Audio Free FLAC to MP3 version 1.0
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
F.lux
FIFA 13
Google Drive
Google Update Helper
Grand Theft Auto IV
Hotspot Shield 3.09
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
iTunes
Java 7 Update 25
Java Auto Updater
Java 6 Update 30
JDownloader 0.9
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended DEU Language Pack
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0 Refresh
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 22.0 (x86 de)
Mozilla Maintenance Service
MP4 To MP3 Converter V3.0.4
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
Nero Burning ROM 11
Nero ControlCenter 11
Nero Core Components 11
Nero Update
nero.prerequisites.msi
Nur Entfernen der CopyTrans Suite möglich
NVIDIA 3D Vision Treiber 311.06
NVIDIA Grafiktreiber 311.06
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX-Systemsoftware 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Systemsteuerung 311.06
NVIDIA Update 1.11.3
NVIDIA Update Components
PDF Settings CS6
PDF24 Creator 4.4.3
Picasa 3
Plus-HD-2.3
PunkBuster Services
Revo Uninstaller 1.94
Rockstar Games Social Club
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Sid Meier's Civilization V - Gods and Kings
Skype™ 6.1
SopCast 3.8.2
Steam
StrongDC++ 2.41
SUPERAntiSpyware
swMSM
TeamViewer 8
TreeSize Professional 4.2
Tropico 4 Modern Times V1.0.6(CREATED BY XEONKING©)
Tunngle beta
Unified Remote
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VLC media player 2.0.6
WinRAR
Z Cinema
.
==== End Of File ===========================

Thanks!

MrCharlie · July 4, 2013

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

MichaelD · July 4, 2013

RogueKiller V8.6.2 [Jul 3 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com

mail : tigzyRK<at>gmail<dot>com

Blog : http://tigzyrk.blogspot.com/

Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Gestartet in : Normaler Modus
Benutzer : paul [Admin Rechte]
Funktion : Scannen -- Datum : 07/04/2013 20:28:18
| ARK || FAK || MBR |

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 5 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> GEFUNDEN
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN

¤¤¤ Geplante Tasks : 4 ¤¤¤

¤¤¤ Autostart-Einträge : 1 ¤¤¤
[paul][sUSP PATH] Z Cinema.lnk : C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z Cinema.lnk @C:\Users\paul\AppData\Roaming\Microsoft\Installer\{3D1A8E16-10A6-43E0-90BE-0A0474A637A7}\NewShortcut1_3D1A8E1610A643E090BE0A0474A637A7.exe /Minimize [-][-] -> GEFUNDEN

¤¤¤ Web-Browsern : 0 ¤¤¤

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [GELADEN] ¤¤¤

¤¤¤ Externe Hives: ¤¤¤

¤¤¤ Infektion : ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

      127.0.0.1 reddit.com
      127.0.0.1 9gag.com
      127.0.0.1 livememe.com
      127.0.0.1 quickmeme.com
      127.0.0.1 kongregate.com
      127.0.0.1 armorgames.com

¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600AAJS-00PSA0 ATA Device +++++
--- User ---
[MBR] ed59c5c49fe6212edce5bcd29ca7b413
[bSP] 3cd069f506f01353791a3cedbb1c473e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 152525 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1600AAJS-00PSA0 ATA Device +++++
--- User ---
[MBR] f9d6811797210da4cbaa3d79415e11e6
[bSP] 175158c538a864f6887750f25e56501f : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 14660 Mo
1 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 30024383 | Size: 137966 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD1600AAJS-00PSA0 ATA Device +++++
--- User ---
[MBR] e24e70339ff142537a4af927bf9b98a0
[bSP] 0784d77b6b2a0f5a5c3b406cf9d620fa : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 41715 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 85449735 | Size: 110901 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Abgeschlossen : << RKreport[0]_S_07042013_202818.txt >>

MrCharlie · July 4, 2013

Download and run Avast Browser Cleanup, see if it detects any bad items. If so have the program delete them.

Then:

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.
AdwCleaner is a tool that deletes :
· Adwares (software ads)
· PUP/LPI (Potentially Undesirable Program)
· Toolbars
· Hijacker (Hijack of the browser's homepage)
It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
Now click on the Search tab.
Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.
You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:
/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

MichaelD · July 4, 2013

# AdwCleaner v2.304 - Datei am 04/07/2013 um 20:55:55 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : paul - TERRA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\paul\Desktop\adwcleaner.exe
# Option [suche]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\wkixeshx.default-1372940707311\foxydeal.sqlite

***** [Registrierungsdatenbank] *****

***** [internet Browser] *****

-\\ Internet Explorer v10.0.9200.16618

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\wkixeshx.default-1372940707311\prefs.js

Gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]

*************************

AdwCleaner[R1].txt - [11664 octets] - [02/07/2013 23:51:07]
AdwCleaner[R2].txt - [1663 octets] - [04/07/2013 20:54:35]
AdwCleaner[R3].txt - [1415 octets] - [04/07/2013 20:55:55]
AdwCleaner[s1].txt - [10965 octets] - [02/07/2013 23:52:06]

########## EOF - C:\AdwCleaner[R3].txt - [1536 octets] ##########

MrCharlie · July 4, 2013

Did AVAST find anything?
Looks like you already ran AdwCleaner, the log looks clean, am I correct?

MrC

MichaelD · July 4, 2013

Yes AVAST said that my Hotspot Shield (VPN) Addon for Firefox was dangerous so i removed it to be on the safe side.

Yes, the first time it found much more and i deleted them already (2 days ago), heres the old log:

# AdwCleaner v2.303 - Datei am 02/07/2013 um 23:52:06 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : paul - TERRA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\paul\Downloads\adwcleaner.exe
# Option [Löschen]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Datei Desinfiziert : C:\Users\paul\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Datei Desinfiziert : C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Datei Gelöscht : C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\luvztjac.default\foxydeal.sqlite
Ordner Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\Users\paul\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\paul\AppData\Roaming\eIntaller
Ordner Gelöscht : C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\luvztjac.default\jetpack
Ordner Gelöscht : C:\Users\paul\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311341126}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311341126}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322342226}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033426.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033426.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033426.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033426.Sandbox.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355345526}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346626}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344344426}
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311341126}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311341126}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\qvo6Software
Schlüssel Gelöscht : HKLM\Software\V9
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [internet Browser] *****

-\\ Internet Explorer v10.0.9200.16618

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\luvztjac.default\prefs.js

Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]

*************************

AdwCleaner[R1].txt - [11664 octets] - [02/07/2013 23:51:07]
AdwCleaner[s1].txt - [10834 octets] - [02/07/2013 23:52:06]

########## EOF - C:\AdwCleaner[s1].txt - [10895 octets] ##########

MrCharlie · July 5, 2013

OK...Next:

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Let me know if there's any improvement....MrC

AdvancedSetup · July 9, 2013

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

InstantSavings App

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information