| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ständig Weiterleitung auf unerwünschte WerbeseitenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.07.2012, 07:10
| #1 |
| |  Ständig Weiterleitung auf unerwünschte Werbeseiten Hallo zusammen, ich habe folgendes Problem: Seit ein paar Tagen werde ich beim Internet Explorer auf Werbeseiten weitergeleitet. Dieses passiert meistens, wenn ich etwas lese und auf die nächste Seite klicken möchte oder einen Artikel lesen möchte. Es erscheint oben vor der weiterleitung die Internetadresse z.B "benathome", leider bin ich nicht schnell genung, mir die Adressen aufzuschreiben. Danach lande ich auf Otto.de oder bei Ebay. Avira und Adaware habe ich schon zig mal durchlaufen lassen, aber es wird keine Virus oder ähnliches angezeigt. Ich hoffe ihr könnt mir helfen Gruss bettina |
|
16.07.2012, 11:18
| #2 |
  | Ständig Weiterleitung auf unerwünschte Werbeseiten Hi,
__________________OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. AdwareCleaner (AdwCleaner) Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! Poste die Logfiles in Code-Tags Download über AdwCleaner by Xplode zum Desktop.  Starte AdwCleaner und klicke Search Nach einiger zeit öffnet ein Logfile (C:\AdwCleaner[xx].txt) poste dessen Inhalt hier ins Forum. chris
__________________ |
|
16.07.2012, 18:28
| #3 |
| | Ständig Weiterleitung auf unerwünschte Werbeseiten Hallo, vielen Dank, ich hoffe so ist es richtig gepostet:
__________________# AdwCleaner v1.702 - Logfile created 07/16/2012 at 19:18:59 # Updated 13/07/2012 by Xplode # Operating system : Windows 7 Home Premium (64 bits) # User : betti - BETTI-PC # Running from : C:\Users\betti\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\betti\AppData\Local\Conduit Folder Found : C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Folder Found : C:\Users\betti\AppData\Local\Temp\boost_interprocess Folder Found : C:\Users\betti\AppData\LocalLow\Conduit Folder Found : C:\Users\betti\AppData\LocalLow\pdfforge Folder Found : C:\Users\betti\AppData\LocalLow\PriceGong Folder Found : C:\Users\betti\AppData\LocalLow\Search Settings Folder Found : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\Conduit Folder Found : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\ConduitEngine Folder Found : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} Folder Found : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\extensions\engine@conduit.com Folder Found : C:\Program Files (x86)\Application Updater Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\pdfforge Toolbar Folder Found : C:\Program Files (x86)\Common Files\spigot ***** [Registry] ***** [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2431245 Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\Search Settings Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\Application Updater Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\pdfforge Key Found : HKLM\SOFTWARE\Search Settings [x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit [x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong [x64] Key Found : HKCU\Software\AppDataLow\Software\Search Settings [x64] Key Found : HKCU\Software\AppDataLow\Toolbar [x64] Key Found : HKCU\Software\Softonic [x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}] [x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} [x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] [x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}] [x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}] [x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}] ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v3.6.6 (de) Profile name : default File : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\prefs.js Found : user_pref("CT2431245..clientLogIsEnabled", true); Found : user_pref("CT2431245..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2431245..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2431245.CTID", "CT2431245"); Found : user_pref("CT2431245.CurrentServerDate", "20-5-2011"); Found : user_pref("CT2431245.DialogsAlignMode", "LTR"); Found : user_pref("CT2431245.DownloadReferralCookieData", ""); Found : user_pref("CT2431245.EMailNotifierPollDate", "Fri May 20 2011 07:50:23 GMT+0200"); Found : user_pref("CT2431245.FeedLastCount129009402595187825", 488); Found : user_pref("CT2431245.FeedPollDate7470634014180506963", "Fri May 20 2011 07:50:28 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634014269327586", "Fri May 20 2011 07:50:27 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634014329599698", "Fri May 20 2011 07:50:27 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634014537505092", "Fri May 20 2011 07:50:27 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634014970726540", "Fri May 20 2011 07:50:27 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634015410831318", "Fri May 20 2011 07:50:29 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634015483395460", "Fri May 20 2011 07:50:28 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634015636754705", "Fri May 20 2011 07:50:28 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634015768347545", "Fri May 20 2011 07:50:27 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634015855543602", "Fri May 20 2011 07:50:27 GMT+0200"); der zweite log :OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.07.2012 07:56:55 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\betti\Pictures\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 53,43% Memory free 7,93 Gb Paging File | 5,85 Gb Available in Paging File | 73,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,16 Gb Total Space | 226,18 Gb Free Space | 50,24% Space Free | Partition Type: NTFS Drive E: | 523,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: BETTI-PC | User Name: betti | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.16 07:56:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\betti\Pictures\Downloads\OTL.exe PRC - [2012.07.16 07:36:58 | 000,132,096 | ---- | M] () -- C:\Users\betti\AppData\Local\Temp\UDT-ABBAMGCHGAOGDHBBFHFH138\udt.exe PRC - [2012.05.23 19:02:16 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2012.05.23 19:02:15 | 002,152,720 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe PRC - [2012.05.08 22:32:45 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 22:32:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 22:32:35 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.10.21 11:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2010.09.15 11:11:22 | 000,339,312 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.11.04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe PRC - [2009.10.29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe PRC - [2009.10.29 07:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe PRC - [2009.10.27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe PRC - [2009.10.02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe PRC - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.08.21 02:25:56 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009.08.21 02:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.08.18 09:38:18 | 000,825,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.EXE PRC - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2009.08.06 19:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009.08.04 07:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009.07.11 00:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe PRC - [2009.07.10 11:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe PRC - [2009.07.08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe PRC - [2009.07.07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.06.11 08:10:17 | 000,503,808 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe PRC - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2006.04.18 06:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE ========== Modules (No Company Name) ========== MOD - [2012.07.16 07:36:58 | 000,132,096 | ---- | M] () -- C:\Users\betti\AppData\Local\Temp\UDT-ABBAMGCHGAOGDHBBFHFH138\udt.exe MOD - [2012.07.16 07:36:58 | 000,018,432 | ---- | M] () -- C:\Users\betti\AppData\Local\Temp\UDT-ABBAMGCHGAOGDHBBFHFH138\Tools.dll MOD - [2012.06.17 11:37:25 | 000,593,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\9023843c5179d58bd814b64f440679a1\System.Messaging.ni.dll MOD - [2012.06.15 22:19:11 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll MOD - [2012.06.15 22:18:33 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll MOD - [2012.06.15 22:18:25 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll MOD - [2012.05.12 10:25:24 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012.05.12 10:25:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012.05.12 10:25:19 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012.05.12 10:25:07 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2009.10.03 02:48:16 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.DEU MOD - [2009.10.03 02:45:02 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.DEU MOD - [2009.10.02 14:02:56 | 000,246,800 | ---- | M] () -- c:\PROGRA~2\mcafee\msk\mskapbho.dll MOD - [2009.06.11 08:10:17 | 000,503,808 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe MOD - [2009.02.27 17:40:12 | 001,712,128 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU MOD - [2009.02.27 14:04:22 | 000,319,488 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.DEU MOD - [2009.02.03 02:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2008.06.26 04:46:07 | 001,384,520 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\SSOle.dll MOD - [2008.06.26 04:45:14 | 000,367,104 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll MOD - [2008.06.26 04:45:06 | 000,155,648 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll ========== Win32 Services (SafeList) ========== SRV - [2012.05.23 19:02:15 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2012.05.08 22:32:45 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 22:32:35 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.13 12:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.11.04 17:47:32 | 000,155,456 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan\Mcshield.exe -- (McShield) SRV - [2009.11.04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon) SRV - [2009.10.29 07:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc) SRV - [2009.10.28 12:50:32 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2009.10.27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService) SRV - [2009.10.02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service) SRV - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.08.21 02:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.08.18 22:40:12 | 000,796,192 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.07.10 11:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2009.07.08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe -- (McProxy) SRV - [2009.07.07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe -- (McNASvc) SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.03.27 12:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV - [2006.04.18 06:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 22:32:46 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 22:32:46 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.28 20:35:28 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.04.16 21:24:34 | 000,027,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID) DRV:64bit: - [2009.11.04 17:54:06 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2009.11.04 17:54:06 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2009.11.04 17:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk) DRV:64bit: - [2009.11.04 17:47:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk) DRV:64bit: - [2009.08.14 16:54:54 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.07.27 09:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) DRV:64bit: - [2009.07.21 08:03:34 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.26 22:25:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009.06.24 23:03:24 | 000,048,128 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuvotoncir.sys -- (nuvotoncir) DRV:64bit: - [2009.06.24 05:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.14 02:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.05.05 10:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.05 10:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009.04.09 23:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP) DRV:64bit: - [2009.03.25 13:44:39 | 000,053,816 | R--- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DgivEcp.sys -- (DgiVecp) DRV:64bit: - [2008.03.28 17:25:30 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\OEM\factory\int15.sys -- (int15.sys) DRV:64bit: - [2007.10.22 08:58:43 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT) DRV - [2011.12.29 20:52:30 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof1.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof1.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12" FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files (x86)\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.03.02 08:21:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.07.05 19:58:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.27 22:30:05 | 000,000,000 | ---D | M] [2010.07.04 17:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\betti\AppData\Roaming\mozilla\Extensions [2012.07.15 15:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\betti\AppData\Roaming\mozilla\Firefox\Profiles\eldirn3t.default\extensions [2010.09.16 22:08:05 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\betti\AppData\Roaming\mozilla\Firefox\Profiles\eldirn3t.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.03.06 18:42:10 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\betti\AppData\Roaming\mozilla\Firefox\Profiles\eldirn3t.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2011.03.06 18:42:09 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\betti\AppData\Roaming\mozilla\Firefox\Profiles\eldirn3t.default\extensions\engine@conduit.com [2011.05.21 13:15:52 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\betti\AppData\Roaming\mozilla\Firefox\Profiles\eldirn3t.default\extensions\engine@plasmoo.com [2012.07.15 15:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.07.11 23:41:34 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.07.24 12:21:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.26 22:39:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.06.26 10:03:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.06.26 10:03:55 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.06.26 10:03:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.06.26 10:03:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.06.26 10:03:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: Google CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: InoViewer Plugin (Enabled) = C:\Program Files (x86)\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google Search = C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: SiteAdvisor = C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\ CHR - Extension: Gmail = C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2011.10.19 11:01:51 | 000,001,398 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 94.228.209.244 Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics. O1 - Hosts: 94.228.209.244 ad-emea.doubleclick.net. O1 - Hosts: 94.228.209.244 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats. O1 - Hosts: 178.250.45.15 Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics. O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net. O1 - Hosts: 178.250.45.15 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats. O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL () O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof1.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\prxtbsof1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [EPSON Stylus DX4200 Series] C:\Windows\SysNative\spool\DRIVERS\x64\3\E_FATIAEE.EXE (SEIKO EPSON CORPORATION) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Download-Version\TrayServer_de.exe (MAGIX AG) O4 - HKLM..\Run: [WAREHaus easy] C:\Program Files (x86)\Nebenkosten easy\UDT2.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\betti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm () O8:64bit: - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm () O8:64bit: - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm () O8:64bit: - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\betti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm () O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm () O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm () O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll () O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v911/Navigram.cab (Navigram Control) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47A0BA60-C2F9-4CE3-BE13-CEDD9A476836}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9E49A12-9959-489B-B3D2-2A6E3A19E6AF}: DhcpNameServer = 40.0.0.1 40.0.0.2 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (EsqehqoDbedb.dll) - File not found O29 - HKLM SecurityProviders - (EsqehqoDbedb.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003.10.09 15:12:24 | 000,000,103 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{53492d6d-9f7b-11de-a983-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{53492d6d-9f7b-11de-a983-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AnnoFinder.exe -- [2003.10.09 16:09:22 | 000,036,864 | R--- | M] () O33 - MountPoints2\{53492d6d-9f7b-11de-a983-806e6f6e6963}\Shell\Setup\command - "" = E:\setup.exe -- [2002.12.02 15:33:00 | 000,107,512 | R--- | M] (InstallShield Software Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.16 07:58:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.07.16 07:58:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2009.08.22 08:22:38 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.16 07:59:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.16 07:55:06 | 000,000,000 | ---- | M] () -- C:\Users\betti\defogger_reenable [2012.07.16 07:44:56 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.16 07:44:56 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.16 07:39:34 | 000,039,566 | ---- | M] () -- C:\Windows\SysNative\Config.MPF [2012.07.16 07:36:36 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.16 07:36:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.16 07:36:14 | 3193,643,008 | -HS- | M] () -- C:\hiberfil.sys [2012.07.15 12:59:44 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job [2012.07.14 23:06:06 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2012.07.14 23:06:06 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2012.07.11 03:31:05 | 005,107,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.03 23:02:42 | 000,138,100 | ---- | M] () -- C:\Users\betti\Documents\__shop.derticketservice.de_frankenheim-kino_details.html_eventid=386984.pdf [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.16 07:55:06 | 000,000,000 | ---- | C] () -- C:\Users\betti\defogger_reenable [2012.07.03 23:02:41 | 000,138,100 | ---- | C] () -- C:\Users\betti\Documents\__shop.derticketservice.de_frankenheim-kino_details.html_eventid=386984.pdf [2012.01.21 22:44:15 | 000,000,000 | ---- | C] () -- C:\Users\betti\AppData\Local\{B15CD112-9CEC-4C3F-9579-841D251F031C} [2011.12.29 20:52:39 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.12.29 20:52:39 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.12.13 08:51:27 | 000,000,132 | ---- | C] () -- C:\Windows\medigraf.INI [2011.03.19 19:45:28 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2011.03.06 18:51:56 | 000,000,929 | ---- | C] () -- C:\Users\betti\.recently-used.xbel [2010.12.06 20:34:42 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe [2010.12.06 20:34:23 | 000,011,129 | ---- | C] () -- C:\Users\betti\AppData\Roaming\SmarThruOptions.xml [2010.12.06 20:34:11 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe [2010.12.06 20:34:00 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SecSNMP.dll [2010.12.06 20:33:46 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini [2010.12.06 20:33:43 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll [2010.12.06 20:31:22 | 000,113,768 | R--- | C] () -- C:\Windows\Wiainst.exe [2010.11.01 14:34:59 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.10.21 15:19:42 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2010.10.21 15:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll [2010.10.21 15:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll [2010.10.21 15:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll [2010.08.22 16:09:07 | 000,000,000 | ---- | C] () -- C:\Users\betti\AppData\Roaming\chrtmp [2010.07.06 19:31:48 | 000,007,680 | ---- | C] () -- C:\Users\betti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.02 21:18:44 | 000,566,427 | ---- | C] () -- C:\Users\betti\.pdf.pdf [2010.02.14 00:52:34 | 000,000,000 | ---- | C] () -- C:\Users\betti\AppData\Roaming\wklnhst.dat ========== LOP Check ========== [2010.06.10 21:28:42 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\Canon [2011.08.14 13:14:58 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.08.11 14:51:23 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.09.19 09:27:27 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\DVDVideoSoft [2011.05.21 13:15:46 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\DVDVideoSoftIEHelpers [2010.06.11 16:23:31 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\EPSON [2010.02.14 00:57:00 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\eSobi [2011.03.06 18:51:56 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\gtk-2.0 [2011.03.21 11:45:31 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\innoPlus [2011.10.07 19:52:03 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\Jens Lorek [2012.01.11 20:38:59 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\Lexware [2012.05.28 15:03:49 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\MAGIX [2010.12.06 20:34:25 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\SmarThru4 [2010.05.09 01:46:57 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\SoftDMA [2011.08.14 13:22:13 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.12.28 21:22:04 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\Template [2012.07.02 22:44:43 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\VSO [2010.08.02 07:52:30 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\Windows Live Writer [2012.07.15 12:59:44 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job [2012.04.01 01:00:09 | 000,000,320 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job [2012.05.18 07:26:21 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0 < End of report > der dritte dauert noch einen moment, vielleicht hilft das ja shcon ein wenig weiter. DANKE und hier das letzte: Malwarebytes Anti-Malware (Test) 1.62.0.1300 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.07.16.08 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 betti :: BETTI-PC [Administrator] Schutz: Aktiviert 16.07.2012 19:14:37 mbam-log-2012-07-16 (22-29-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 469756 Laufzeit: 2 Stunde(n), 42 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\betti\Pictures\Downloads\SoftonicDownloader_fuer_gimp.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\betti\Pictures\Downloads\SoftonicDownloader_fuer_magix-video-deluxe-mx.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. (Ende) ich hoffe es ist noch was zu retten... Danke lg Betti und hier das letzte: Malwarebytes Anti-Malware (Test) 1.62.0.1300 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.07.16.08 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 betti :: BETTI-PC [Administrator] Schutz: Aktiviert 16.07.2012 19:14:37 mbam-log-2012-07-16 (22-29-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 469756 Laufzeit: 2 Stunde(n), 42 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\betti\Pictures\Downloads\SoftonicDownloader_fuer_gimp.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\betti\Pictures\Downloads\SoftonicDownloader_fuer_magix-video-deluxe-mx.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. (Ende) ich hoffe es ist noch was zu retten... Danke lg Betti |
|
17.07.2012, 06:58
| #4 |
| | Ständig Weiterleitung auf unerwünschte Werbeseiten Hi, here we go... Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Windows\Wiainst.exe
Fix für OTL:
 Code:
ATTFilter
:OTL
MOD - [2012.07.16 07:36:58 | 000,132,096 | ---- | M] () -- C:\Users\betti\AppData\Local\Temp\UDT-ABBAMGCHGAOGDHBBFHFH138\udt.exe
MOD - [2012.07.16 07:36:58 | 000,018,432 | ---- | M] () -- C:\Users\betti\AppData\Local\Temp\UDT-ABBAMGCHGAOGDHBBFHFH138\Tools.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
[2010.12.06 20:31:22 | 000,113,768 | R--- | C] () -- C:\Windows\Wiainst.exe
:Commands
[emptytemp]
[Reboot]
Falls Adware gefunden wurde: AdwareCleaner Schliesse alle offenstehende Fenster und starte AdwCleaner (Win7/Vista: Als Administrator ausführen)
Dein Rechner wird neu gestartet und es öffnet sich ein Logfile (C:\AdwCleaner[xx].txt), poste dessen Inhalt hier ins Forum. Poste dann noch ein neues OTL-Log... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
17.07.2012, 18:37
| #5 |
| | Ständig Weiterleitung auf unerwünschte Werbeseiten All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel deleted successfully. ADS C:\ProgramData\Temp:AB689DEA deleted successfully. ADS C:\ProgramData\Temp:93DE1838 deleted successfully. ADS C:\ProgramData\Temp:E3C56885 deleted successfully. ADS C:\ProgramData\Temp:0B9176C0 deleted successfully. C:\Windows\Wiainst.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: AppData User: betti ->Temp folder emptied: 65368046 bytes ->Temporary Internet Files folder emptied: 593030390 bytes ->Java cache emptied: 16590860 bytes ->FireFox cache emptied: 92254326 bytes ->Google Chrome cache emptied: 6337660 bytes ->Flash cache emptied: 57067 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56468 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 14113 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 349183952 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36052464 bytes RecycleBin emptied: 8476818892 bytes Total Files Cleaned = 9.189,00 mb OTL by OldTimer - Version 3.2.54.0 log created on 07172012_081000 Files\Folders moved on Reboot... C:\Users\betti\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y18OJTH9\schlauch-pflege-wie-oft-putzt-ihr-240223-4[1].htm moved successfully. C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRQEMQ0U\54791-anleitung-uploadchannel-trojaner-board[1].htm moved successfully. C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MH1LL87B\afr[1].htm moved successfully. C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MH1LL87B\afr[2].htm moved successfully. C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MH1LL87B\afr[3].htm moved successfully. C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MH1LL87B\afr[4].htm moved successfully. C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MH1LL87B\data_sync[1].htm moved successfully. C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9CWR0NH\data_sync[1].htm moved successfully. C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6QJKX1D\ads[4].htm moved successfully. C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6QJKX1D\ads[5].htm moved successfully. C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMNR4YTW\afr[1].htm moved successfully. C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FM1TBPQT\ads[3].htm moved successfully. C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BD682KN8\ads[3].htm moved successfully. C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4LGLFST\analysis[1].htm moved successfully. C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0N2A8VS0\119605-staendig-weiterleitung-unerwuenschte-werbeseiten[1].htm moved successfully. File\Folder C:\Windows\temp\mcafee_bmANqlY31Mc7FGl not found! File\Folder C:\Windows\temp\mcmsc_231dXWyoXIvCESb not found! File\Folder C:\Windows\temp\mcmsc_96WpFpvq0YGa4xx not found! File\Folder C:\Windows\temp\mcmsc_oWOLoU5Yr3qvrwM not found! File\Folder C:\Windows\temp\mcmsc_ZDpaZ48GpsTO3Kw not found! File\Folder C:\Windows\temp\sqlite_HjjE4hgtiq0qvvF not found! File\Folder C:\Windows\temp\sqlite_ki97wjr6ovwLdxq not found! File\Folder C:\Windows\temp\sqlite_mNXhR42kPek5NNM not found! File\Folder C:\Windows\temp\sqlite_UYMiBUKgbRWyNT9 not found! PendingFileRenameOperations files... File C:\Users\betti\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y18OJTH9\schlauch-pflege-wie-oft-putzt-ihr-240223-4[1].htm not found! File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRQEMQ0U\54791-anleitung-uploadchannel-trojaner-board[1].htm not found! File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MH1LL87B\afr[1].htm not found! File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MH1LL87B\afr[2].htm not found! File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MH1LL87B\afr[3].htm not found! File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MH1LL87B\afr[4].htm not found! File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MH1LL87B\data_sync[1].htm not found! File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9CWR0NH\data_sync[1].htm not found! File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6QJKX1D\ads[4].htm not found! File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6QJKX1D\ads[5].htm not found! File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMNR4YTW\afr[1].htm not found! File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FM1TBPQT\ads[3].htm not found! File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BD682KN8\ads[3].htm not found! File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4LGLFST\analysis[1].htm not found! File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0N2A8VS0\119605-staendig-weiterleitung-unerwuenschte-werbeseiten[1].htm not found! File C:\Windows\temp\mcafee_bmANqlY31Mc7FGl not found! File C:\Windows\temp\mcmsc_231dXWyoXIvCESb not found! File C:\Windows\temp\mcmsc_96WpFpvq0YGa4xx not found! File C:\Windows\temp\mcmsc_oWOLoU5Yr3qvrwM not found! File C:\Windows\temp\mcmsc_ZDpaZ48GpsTO3Kw not found! File C:\Windows\temp\sqlite_HjjE4hgtiq0qvvF not found! File C:\Windows\temp\sqlite_ki97wjr6ovwLdxq not found! File C:\Windows\temp\sqlite_mNXhR42kPek5NNM not found! File C:\Windows\temp\sqlite_UYMiBUKgbRWyNT9 not found! Registry entries deleted on Reboot... leider hat mich der akku im stich gelassen und von virustotal ist die datei nicht mehr auffindbar. kann ich da noch was machen? Ich hoffe so ist es richtig mit dem log. bettina hier der log vom adware cleaner. # AdwCleaner v1.702 - Logfile created 07/17/2012 at 19:41:30 # Updated 13/07/2012 by Xplode # Operating system : Windows 7 Home Premium (64 bits) # User : betti - BETTI-PC # Running from : C:\Users\betti\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\betti\AppData\Local\Conduit Folder Found : C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Folder Found : C:\Users\betti\AppData\Local\Temp\boost_interprocess Folder Found : C:\Users\betti\AppData\LocalLow\Conduit Folder Found : C:\Users\betti\AppData\LocalLow\pdfforge Folder Found : C:\Users\betti\AppData\LocalLow\PriceGong Folder Found : C:\Users\betti\AppData\LocalLow\Search Settings Folder Found : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\Conduit Folder Found : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\ConduitEngine Folder Found : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} Folder Found : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\extensions\engine@conduit.com Folder Found : C:\Program Files (x86)\Application Updater Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\pdfforge Toolbar Folder Found : C:\Program Files (x86)\Common Files\spigot ***** [Registry] ***** [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2431245 Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\Search Settings Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\Application Updater Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\pdfforge Key Found : HKLM\SOFTWARE\Search Settings [x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit [x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong [x64] Key Found : HKCU\Software\AppDataLow\Software\Search Settings [x64] Key Found : HKCU\Software\AppDataLow\Toolbar [x64] Key Found : HKCU\Software\Softonic [x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}] [x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} [x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] [x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}] [x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}] [x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}] ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v3.6.6 (de) Profile name : default File : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\prefs.js Found : user_pref("CT2431245..clientLogIsEnabled", true); Found : user_pref("CT2431245..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2431245..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2431245.CTID", "CT2431245"); Found : user_pref("CT2431245.CurrentServerDate", "20-5-2011"); Found : user_pref("CT2431245.DialogsAlignMode", "LTR"); Found : user_pref("CT2431245.DownloadReferralCookieData", ""); Found : user_pref("CT2431245.EMailNotifierPollDate", "Fri May 20 2011 07:50:23 GMT+0200"); Found : user_pref("CT2431245.FeedLastCount129009402595187825", 488); Found : user_pref("CT2431245.FeedPollDate7470634014180506963", "Fri May 20 2011 07:50:28 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634014269327586", "Fri May 20 2011 07:50:27 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634014329599698", "Fri May 20 2011 07:50:27 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634014537505092", "Fri May 20 2011 07:50:27 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634014970726540", "Fri May 20 2011 07:50:27 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634015410831318", "Fri May 20 2011 07:50:29 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634015483395460", "Fri May 20 2011 07:50:28 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634015636754705", "Fri May 20 2011 07:50:28 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634015768347545", "Fri May 20 2011 07:50:27 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634015855543602", "Fri May 20 2011 07:50:27 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634016030710453", "Fri May 20 2011 07:50:27 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634016114705611", "Fri May 20 2011 07:50:29 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634016129205152", "Fri May 20 2011 07:50:28 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634016143724791", "Fri May 20 2011 07:50:29 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634016271239162", "Fri May 20 2011 07:50:29 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634016568520719", "Fri May 20 2011 07:50:28 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634016726993788", "Fri May 20 2011 07:50:27 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634017109031809", "Fri May 20 2011 07:50:28 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634017132743740", "Fri May 20 2011 07:50:28 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634017299547668", "Fri May 20 2011 07:50:28 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634017302327846", "Fri May 20 2011 07:50:28 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634017344111490", "Fri May 20 2011 07:50:27 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634017478360748", "Fri May 20 2011 07:50:29 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634017732797593", "Fri May 20 2011 07:50:27 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634017821686064", "Fri May 20 2011 07:50:29 GMT+0200"); Found : user_pref("CT2431245.FeedPollDate7470634018090228721", "Fri May 20 2011 07:50:28 GMT+0200"); Found : user_pref("CT2431245.FeedTTL7470634014269327586", 5); Found : user_pref("CT2431245.FeedTTL7470634014537505092", 5); Found : user_pref("CT2431245.FeedTTL7470634014970726540", 2); Found : user_pref("CT2431245.FeedTTL7470634016568520719", 30); Found : user_pref("CT2431245.FeedTTL7470634017109031809", 30); Found : user_pref("CT2431245.FeedTTL7470634017299547668", 2); Found : user_pref("CT2431245.FirstServerDate", "20-5-2011"); Found : user_pref("CT2431245.FirstTime", true); Found : user_pref("CT2431245.FirstTimeFF3", true); Found : user_pref("CT2431245.FixPageNotFoundErrors", true); Found : user_pref("CT2431245.GroupingServerCheckInterval", 1440); Found : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2431245.HasUserGlobalKeys", true); Found : user_pref("CT2431245.Initialize", true); Found : user_pref("CT2431245.InitializeCommonPrefs", true); Found : user_pref("CT2431245.InstallationAndCookieDataSentCount", 1); Found : user_pref("CT2431245.InstallationId", "Unknown"); Found : user_pref("CT2431245.InstallationType", "ExternalIntegration"); Found : user_pref("CT2431245.InstalledDate", "Fri May 20 2011 07:50:23 GMT+0200"); Found : user_pref("CT2431245.InvalidateCache", false); Found : user_pref("CT2431245.IsGrouping", false); Found : user_pref("CT2431245.IsMulticommunity", false); Found : user_pref("CT2431245.IsOpenThankYouPage", false); Found : user_pref("CT2431245.IsOpenUninstallPage", true); Found : user_pref("CT2431245.LanguagePackLastCheckTime", "Fri May 20 2011 07:50:25 GMT+0200"); Found : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2431245.LastLogin_3.2.5.2", "Fri May 20 2011 07:50:23 GMT+0200"); Found : user_pref("CT2431245.LatestVersion", "3.2.5.2"); Found : user_pref("CT2431245.Locale", "de-de"); Found : user_pref("CT2431245.MCDetectTooltipHeight", "83"); Found : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2431245.MCDetectTooltipWidth", "295"); Found : user_pref("CT2431245.RadioIsPodcast", false); Found : user_pref("CT2431245.RadioLastCheckTime", "Fri May 20 2011 07:50:28 GMT+0200"); Found : user_pref("CT2431245.RadioLastUpdateIPServer", "3"); Found : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000"); Found : user_pref("CT2431245.RadioMediaID", "20503672"); Found : user_pref("CT2431245.RadioMediaType", "Media Player"); Found : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672"); Found : user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland"); Found : user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u"); Found : user_pref("CT2431245.SearchFromAddressBarIsInit", true); Found : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...] Found : user_pref("CT2431245.SearchInNewTabEnabled", true); Found : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Fri May 20 2011 07:50:24 GMT+0200"); Found : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Found : user_pref("CT2431245.ServiceMapLastCheckTime", "Fri May 20 2011 07:50:22 GMT+0200"); Found : user_pref("CT2431245.SettingsLastCheckTime", "Fri May 20 2011 07:50:22 GMT+0200"); Found : user_pref("CT2431245.SettingsLastUpdate", "1305800360"); Found : user_pref("CT2431245.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Fri May 20 2011 07:50:22 GMT+0200"); Found : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1255344657"); Found : user_pref("CT2431245.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID"); Found : user_pref("CT2431245.UserID", "UN19394633091674662"); Found : user_pref("CT2431245.WeatherNetwork", ""); Found : user_pref("CT2431245.WeatherPollDate", "Fri May 20 2011 07:50:25 GMT+0200"); Found : user_pref("CT2431245.WeatherUnit", "C"); Found : user_pref("CT2431245.alertChannelId", "825452"); Found : user_pref("CT2431245.backendstorage.for_aoi", "31333035383730363332"); Found : user_pref("CT2431245.backendstorage.for_ccid", "6E756C6C"); Found : user_pref("CT2431245.backendstorage.for_cdtr5", "31333035383730363332"); Found : user_pref("CT2431245.backendstorage.for_cid", "4445"); Found : user_pref("CT2431245.backendstorage.for_ip", "39322E37322E33332E3233"); Found : user_pref("CT2431245.backendstorage.for_lcut", "31333035383730363333"); Found : user_pref("CT2431245.backendstorage.for_pid", "31303130"); Found : user_pref("CT2431245.backendstorage.for_rid", "3037"); Found : user_pref("CT2431245.backendstorage.for_zoneid", "39353933"); Found : user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E"); Found : user_pref("CT2431245.myStuffEnabled", true); Found : user_pref("CT2431245.myStuffPublihserMinWidth", 400); Found : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2431245.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2431245.testingCtid", ""); Found : user_pref("CT2431245.toolbarAppMetaDataLastCheckTime", "Fri May 20 2011 07:50:23 GMT+0200"); Found : user_pref("CT2431245.toolbarContextMenuLastCheckTime", "Fri May 20 2011 07:50:25 GMT+0200"); Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63441308206287[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...] Found : user_pref("CommunityToolbar.EngineOwner", "CT2431245"); Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"); Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic-de3"); Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2431245"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic-de3"); Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?ei=utf-8&[...] Found : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2431245"); Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2431245"); Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 60); Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri May 20 2011 07:50:24 GMT+0200"); Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.alert.locale", "en"); Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri May 20 2011 07:50:21 GMT+0200"); Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.alert.showTrayIcon", false); Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.alert.userId", "f6153b5d-335e-46a4-92db-f95bbe45c270"); Found : user_pref("ConduitEngine.FirstServerDate", "05/20/2011 08"); Found : user_pref("ConduitEngine.FirstTime", true); Found : user_pref("ConduitEngine.FirstTimeFF3", true); Found : user_pref("ConduitEngine.HasUserGlobalKeys", true); Found : user_pref("ConduitEngine.Initialize", true); Found : user_pref("ConduitEngine.InitializeCommonPrefs", true); Found : user_pref("ConduitEngine.InstalledDate", "Fri May 20 2011 07:50:23 GMT+0200"); Found : user_pref("ConduitEngine.IsMulticommunity", false); Found : user_pref("ConduitEngine.IsOpenThankYouPage", false); Found : user_pref("ConduitEngine.IsOpenUninstallPage", true); Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Fri May 20 2011 07:50:23 GMT+0200"); Found : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Fri May 20 2011 07:50:23 GMT+0200"); Found : user_pref("ConduitEngine.PublisherContainerWidth", 0); Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Fri May 20 2011 07:50:22 GMT+0200"); Found : user_pref("ConduitEngine.UserID", "UN50644644229747811"); Found : user_pref("ConduitEngine.engineLocale", "de"); Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Fri May 20 2011 07:50:23 GMT+0200"); Found : user_pref("ConduitEngine.initDone", true); -\\ Google Chrome v [Unable to get version] File : C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Preferences Found : "description": "The fastest way to search the web.", ************************* AdwCleaner[R1].txt - [20354 octets] - [16/07/2012 19:18:59] AdwCleaner[R2].txt - [20415 octets] - [16/07/2012 19:20:06] AdwCleaner[R3].txt - [20375 octets] - [17/07/2012 19:41:30] ########## EOF - C:\AdwCleaner[R3].txt - [20504 octets] ########## |
|
18.07.2012, 06:38
| #6 |
| | Ständig Weiterleitung auf unerwünschte Werbeseiten Hi, MAM alle Funde löschen lassen, nie was von Softonic runterladen, die installieren alles möglich gleich mit... Hast Du alle Funde von Adware wie beschrieben löschen lassen? AdwareCleaner Schliesse alle offenstehende Fenster und starte AdwCleaner (Win7/Vista: Als Administrator ausführen)
Dein Rechner wird neu gestartet und es öffnet sich ein Logfile (C:\AdwCleaner[xx].txt), poste dessen Inhalt hier ins Forum. chris
__________________ --> Ständig Weiterleitung auf unerwünschte Werbeseiten |
|
18.07.2012, 06:49
| #7 |
| | Ständig Weiterleitung auf unerwünschte Werbeseiten Guten Morgen, hier das Logfile. Habe mit MAM alles löschen lassen. Kann ich das Programm weiter nutzen um den Rechner durchsuchen zu lassen? Log: # AdwCleaner v1.702 - Logfile created 07/18/2012 at 07:42:50 # Updated 13/07/2012 by Xplode # Operating system : Windows 7 Home Premium (64 bits) # User : betti - BETTI-PC # Running from : C:\Users\betti\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\betti\AppData\Local\Conduit Folder Deleted : C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Folder Deleted : C:\Users\betti\AppData\Local\Temp\boost_interprocess Folder Deleted : C:\Users\betti\AppData\LocalLow\Conduit Folder Deleted : C:\Users\betti\AppData\LocalLow\pdfforge Folder Deleted : C:\Users\betti\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\betti\AppData\LocalLow\Search Settings Folder Deleted : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\Conduit Folder Deleted : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\ConduitEngine Folder Deleted : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} Folder Deleted : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\extensions\engine@conduit.com Folder Deleted : C:\Program Files (x86)\Application Updater Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\pdfforge Toolbar Folder Deleted : C:\Program Files (x86)\Common Files\spigot ***** [Registry] ***** [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2431245 Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\SOFTWARE\Application Updater Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\pdfforge Key Deleted : HKLM\SOFTWARE\Search Settings ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}] ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v3.6.6 (de) Profile name : default File : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\prefs.js Deleted : user_pref("CT2431245..clientLogIsEnabled", true); Deleted : user_pref("CT2431245..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2431245..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2431245.CTID", "CT2431245"); Deleted : user_pref("CT2431245.CurrentServerDate", "20-5-2011"); Deleted : user_pref("CT2431245.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2431245.DownloadReferralCookieData", ""); Deleted : user_pref("CT2431245.EMailNotifierPollDate", "Fri May 20 2011 07:50:23 GMT+0200"); Deleted : user_pref("CT2431245.FeedLastCount129009402595187825", 488); Deleted : user_pref("CT2431245.FeedPollDate7470634014180506963", "Fri May 20 2011 07:50:28 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634014269327586", "Fri May 20 2011 07:50:27 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634014329599698", "Fri May 20 2011 07:50:27 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634014537505092", "Fri May 20 2011 07:50:27 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634014970726540", "Fri May 20 2011 07:50:27 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634015410831318", "Fri May 20 2011 07:50:29 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634015483395460", "Fri May 20 2011 07:50:28 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634015636754705", "Fri May 20 2011 07:50:28 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634015768347545", "Fri May 20 2011 07:50:27 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634015855543602", "Fri May 20 2011 07:50:27 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634016030710453", "Fri May 20 2011 07:50:27 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634016114705611", "Fri May 20 2011 07:50:29 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634016129205152", "Fri May 20 2011 07:50:28 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634016143724791", "Fri May 20 2011 07:50:29 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634016271239162", "Fri May 20 2011 07:50:29 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634016568520719", "Fri May 20 2011 07:50:28 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634016726993788", "Fri May 20 2011 07:50:27 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634017109031809", "Fri May 20 2011 07:50:28 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634017132743740", "Fri May 20 2011 07:50:28 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634017299547668", "Fri May 20 2011 07:50:28 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634017302327846", "Fri May 20 2011 07:50:28 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634017344111490", "Fri May 20 2011 07:50:27 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634017478360748", "Fri May 20 2011 07:50:29 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634017732797593", "Fri May 20 2011 07:50:27 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634017821686064", "Fri May 20 2011 07:50:29 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634018090228721", "Fri May 20 2011 07:50:28 GMT+0200"); Deleted : user_pref("CT2431245.FeedTTL7470634014269327586", 5); Deleted : user_pref("CT2431245.FeedTTL7470634014537505092", 5); Deleted : user_pref("CT2431245.FeedTTL7470634014970726540", 2); Deleted : user_pref("CT2431245.FeedTTL7470634016568520719", 30); Deleted : user_pref("CT2431245.FeedTTL7470634017109031809", 30); Deleted : user_pref("CT2431245.FeedTTL7470634017299547668", 2); Deleted : user_pref("CT2431245.FirstServerDate", "20-5-2011"); Deleted : user_pref("CT2431245.FirstTime", true); Deleted : user_pref("CT2431245.FirstTimeFF3", true); Deleted : user_pref("CT2431245.FixPageNotFoundErrors", true); Deleted : user_pref("CT2431245.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2431245.HasUserGlobalKeys", true); Deleted : user_pref("CT2431245.Initialize", true); Deleted : user_pref("CT2431245.InitializeCommonPrefs", true); Deleted : user_pref("CT2431245.InstallationAndCookieDataSentCount", 1); Deleted : user_pref("CT2431245.InstallationId", "Unknown"); Deleted : user_pref("CT2431245.InstallationType", "ExternalIntegration"); Deleted : user_pref("CT2431245.InstalledDate", "Fri May 20 2011 07:50:23 GMT+0200"); Deleted : user_pref("CT2431245.InvalidateCache", false); Deleted : user_pref("CT2431245.IsGrouping", false); Deleted : user_pref("CT2431245.IsMulticommunity", false); Deleted : user_pref("CT2431245.IsOpenThankYouPage", false); Deleted : user_pref("CT2431245.IsOpenUninstallPage", true); Deleted : user_pref("CT2431245.LanguagePackLastCheckTime", "Fri May 20 2011 07:50:25 GMT+0200"); Deleted : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2431245.LastLogin_3.2.5.2", "Fri May 20 2011 07:50:23 GMT+0200"); Deleted : user_pref("CT2431245.LatestVersion", "3.2.5.2"); Deleted : user_pref("CT2431245.Locale", "de-de"); Deleted : user_pref("CT2431245.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2431245.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2431245.RadioIsPodcast", false); Deleted : user_pref("CT2431245.RadioLastCheckTime", "Fri May 20 2011 07:50:28 GMT+0200"); Deleted : user_pref("CT2431245.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000"); Deleted : user_pref("CT2431245.RadioMediaID", "20503672"); Deleted : user_pref("CT2431245.RadioMediaType", "Media Player"); Deleted : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672"); Deleted : user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland"); Deleted : user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u"); Deleted : user_pref("CT2431245.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...] Deleted : user_pref("CT2431245.SearchInNewTabEnabled", true); Deleted : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Fri May 20 2011 07:50:24 GMT+0200"); Deleted : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2431245.ServiceMapLastCheckTime", "Fri May 20 2011 07:50:22 GMT+0200"); Deleted : user_pref("CT2431245.SettingsLastCheckTime", "Fri May 20 2011 07:50:22 GMT+0200"); Deleted : user_pref("CT2431245.SettingsLastUpdate", "1305800360"); Deleted : user_pref("CT2431245.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Fri May 20 2011 07:50:22 GMT+0200"); Deleted : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1255344657"); Deleted : user_pref("CT2431245.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID"); Deleted : user_pref("CT2431245.UserID", "UN19394633091674662"); Deleted : user_pref("CT2431245.WeatherNetwork", ""); Deleted : user_pref("CT2431245.WeatherPollDate", "Fri May 20 2011 07:50:25 GMT+0200"); Deleted : user_pref("CT2431245.WeatherUnit", "C"); Deleted : user_pref("CT2431245.alertChannelId", "825452"); Deleted : user_pref("CT2431245.backendstorage.for_aoi", "31333035383730363332"); Deleted : user_pref("CT2431245.backendstorage.for_ccid", "6E756C6C"); Deleted : user_pref("CT2431245.backendstorage.for_cdtr5", "31333035383730363332"); Deleted : user_pref("CT2431245.backendstorage.for_cid", "4445"); Deleted : user_pref("CT2431245.backendstorage.for_ip", "39322E37322E33332E3233"); Deleted : user_pref("CT2431245.backendstorage.for_lcut", "31333035383730363333"); Deleted : user_pref("CT2431245.backendstorage.for_pid", "31303130"); Deleted : user_pref("CT2431245.backendstorage.for_rid", "3037"); Deleted : user_pref("CT2431245.backendstorage.for_zoneid", "39353933"); Deleted : user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E"); Deleted : user_pref("CT2431245.myStuffEnabled", true); Deleted : user_pref("CT2431245.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2431245.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2431245.testingCtid", ""); Deleted : user_pref("CT2431245.toolbarAppMetaDataLastCheckTime", "Fri May 20 2011 07:50:23 GMT+0200"); Deleted : user_pref("CT2431245.toolbarContextMenuLastCheckTime", "Fri May 20 2011 07:50:25 GMT+0200"); Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63441308206287[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...] Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2431245"); Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"); Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic-de3"); Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2431245"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic-de3"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?ei=utf-8&[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2431245"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2431245"); Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60); Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri May 20 2011 07:50:24 GMT+0200"); Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri May 20 2011 07:50:21 GMT+0200"); Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.alert.userId", "f6153b5d-335e-46a4-92db-f95bbe45c270"); Deleted : user_pref("ConduitEngine.FirstServerDate", "05/20/2011 08"); Deleted : user_pref("ConduitEngine.FirstTime", true); Deleted : user_pref("ConduitEngine.FirstTimeFF3", true); Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true); Deleted : user_pref("ConduitEngine.Initialize", true); Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true); Deleted : user_pref("ConduitEngine.InstalledDate", "Fri May 20 2011 07:50:23 GMT+0200"); Deleted : user_pref("ConduitEngine.IsMulticommunity", false); Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false); Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true); Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Fri May 20 2011 07:50:23 GMT+0200"); Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Fri May 20 2011 07:50:23 GMT+0200"); Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0); Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Fri May 20 2011 07:50:22 GMT+0200"); Deleted : user_pref("ConduitEngine.UserID", "UN50644644229747811"); Deleted : user_pref("ConduitEngine.engineLocale", "de"); Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Fri May 20 2011 07:50:23 GMT+0200"); Deleted : user_pref("ConduitEngine.initDone", true); -\\ Google Chrome v [Unable to get version] File : C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted : "description": "The fastest way to search the web.", ************************* AdwCleaner[R1].txt - [20354 octets] - [16/07/2012 19:18:59] AdwCleaner[R2].txt - [20415 octets] - [16/07/2012 19:20:06] AdwCleaner[R3].txt - [20476 octets] - [17/07/2012 19:41:30] AdwCleaner[S1].txt - [19436 octets] - [18/07/2012 07:42:50] ########## EOF - C:\AdwCleaner[S1].txt - [19565 octets] ########## Gruss Bettina |
|
18.07.2012, 07:01
| #8 |
| | Ständig Weiterleitung auf unerwünschte Werbeseiten Hi, ja Du kannst MAM weiter nutzen, 1x die Woche updaten und dann Scannen lassen. Erstelle und poste bitte noch ein neues OTL-Logfile... Wie verhält sich der Rechner? chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
18.07.2012, 07:23
| #9 |
| | Ständig Weiterleitung auf unerwünschte Werbeseiten Also es scheint wieder normal zu sein. Ich werde nach der Arbeit nochmal in Ruhe prüfen ob ich wieder weitergeleitet werde. Hier der OTL logOTL Logfile: Code:
ATTFilter OTL logfile created on: 18.07.2012 08:07:09 - Run 3 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\betti\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 52,25% Memory free 7,93 Gb Paging File | 5,62 Gb Available in Paging File | 70,84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,16 Gb Total Space | 233,05 Gb Free Space | 51,77% Space Free | Partition Type: NTFS Drive E: | 523,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: BETTI-PC | User Name: betti | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\betti\AppData\Local\Temp\UDT-ABBAMGCHGAOGDHBBFHFH2\udt.exe () PRC - C:\Users\betti\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.) PRC - c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Windows\PLFSetI.exe () PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Users\betti\AppData\Local\Temp\UDT-ABBAMGCHGAOGDHBBFHFH2\udt.exe () MOD - C:\Users\betti\AppData\Local\Temp\UDT-ABBAMGCHGAOGDHBBFHFH2\Tools.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\9023843c5179d58bd814b64f440679a1\System.Messaging.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll () MOD - c:\PROGRA~2\mcafee\msk\mskapbho.dll () MOD - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Windows\twain_32\Samsung\CLX3170\SSOle.dll () MOD - C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll () MOD - C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll () ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (McSysmon) -- C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (McProxy) -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.) SRV - (McNASvc) -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agr64svc.exe (LSI Corporation) SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (HID) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (nuvotoncir) -- C:\Windows\SysNative\drivers\nuvotoncir.sys (Nuvoton Technology Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (MPFP) -- C:\Windows\SysNative\drivers\Mpfp.sys (McAfee, Inc.) DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.) DRV:64bit: - (int15.sys) -- C:\Windows\SysNative\OEM\factory\int15.sys (Acer, Inc.) DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.sys (Samsung Electronics) DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12" FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files (x86)\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.03.02 08:21:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.07.05 19:58:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.27 22:30:05 | 000,000,000 | ---D | M] [2010.07.04 17:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\betti\AppData\Roaming\mozilla\Extensions [2012.07.18 07:43:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\betti\AppData\Roaming\mozilla\Firefox\Profiles\eldirn3t.default\extensions [2010.09.16 22:08:05 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\betti\AppData\Roaming\mozilla\Firefox\Profiles\eldirn3t.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.05.21 13:15:52 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\betti\AppData\Roaming\mozilla\Firefox\Profiles\eldirn3t.default\extensions\engine@plasmoo.com [2012.07.15 15:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.07.11 23:41:34 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.07.24 12:21:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.26 22:39:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.06.26 10:03:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.06.26 10:03:55 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.06.26 10:03:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.06.26 10:03:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.06.26 10:03:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: Google CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: InoViewer Plugin (Enabled) = C:\Program Files (x86)\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google Search = C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: SiteAdvisor = C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\ O1 HOSTS File: ([2011.10.19 11:01:51 | 000,001,398 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 94.228.209.244 Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics. O1 - Hosts: 94.228.209.244 ad-emea.doubleclick.net. O1 - Hosts: 94.228.209.244 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats. O1 - Hosts: 178.250.45.15 Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics. O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net. O1 - Hosts: 178.250.45.15 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats. O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL () O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll () O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [EPSON Stylus DX4200 Series] C:\Windows\SysNative\spool\DRIVERS\x64\3\E_FATIAEE.EXE (SEIKO EPSON CORPORATION) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Download-Version\TrayServer_de.exe (MAGIX AG) O4 - HKLM..\Run: [WAREHaus easy] C:\Program Files (x86)\Nebenkosten easy\UDT2.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\betti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm () O8:64bit: - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm () O8:64bit: - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm () O8:64bit: - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\betti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm () O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm () O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm () O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll () O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v911/Navigram.cab (Navigram Control) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47A0BA60-C2F9-4CE3-BE13-CEDD9A476836}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9E49A12-9959-489B-B3D2-2A6E3A19E6AF}: DhcpNameServer = 40.0.0.1 40.0.0.2 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (EsqehqoDbedb.dll) - File not found O29 - HKLM SecurityProviders - (EsqehqoDbedb.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003.10.09 15:12:24 | 000,000,103 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{53492d6d-9f7b-11de-a983-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{53492d6d-9f7b-11de-a983-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AnnoFinder.exe -- [2003.10.09 16:09:22 | 000,036,864 | R--- | M] () O33 - MountPoints2\{53492d6d-9f7b-11de-a983-806e6f6e6963}\Shell\Setup\command - "" = E:\setup.exe -- [2002.12.02 15:33:00 | 000,107,512 | R--- | M] (InstallShield Software Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.17 08:10:00 | 000,000,000 | ---D | C] -- C:\_OTL [2012.07.16 19:13:19 | 000,000,000 | ---D | C] -- C:\Users\betti\AppData\Roaming\Malwarebytes [2012.07.16 19:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.16 19:12:16 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.16 19:12:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.16 19:12:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.16 19:10:37 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\betti\Desktop\mbam-setup-1.62.0.1300.exe [2012.07.16 19:08:47 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\betti\Desktop\OTL.exe [2012.07.16 07:58:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.07.16 07:58:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.07.11 03:02:32 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.11 03:02:32 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.11 03:02:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.11 03:02:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.11 03:02:30 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.11 03:02:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.11 03:02:30 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.11 03:02:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.11 03:02:29 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.11 03:02:29 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.11 03:02:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.11 03:02:28 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.11 03:02:28 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.11 02:18:12 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.06.25 16:04:24 | 001,394,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll [2012.06.19 17:24:54 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.19 17:24:54 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.19 17:24:54 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.19 17:24:25 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.19 17:24:25 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.19 17:24:25 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.19 17:24:05 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.19 17:24:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2009.08.22 08:22:38 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2012.07.18 07:59:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.18 07:52:50 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.18 07:52:50 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.18 07:46:44 | 000,039,952 | ---- | M] () -- C:\Windows\SysNative\Config.MPF [2012.07.18 07:44:35 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.18 07:44:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.18 07:44:25 | 3193,643,008 | -HS- | M] () -- C:\hiberfil.sys [2012.07.18 07:24:29 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2012.07.18 07:24:29 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2012.07.16 19:18:41 | 000,624,883 | ---- | M] () -- C:\Users\betti\Desktop\adwcleaner.exe [2012.07.16 19:12:18 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.16 19:10:45 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\betti\Desktop\mbam-setup-1.62.0.1300.exe [2012.07.16 19:08:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\betti\Desktop\OTL.exe [2012.07.16 07:55:06 | 000,000,000 | ---- | M] () -- C:\Users\betti\defogger_reenable [2012.07.15 12:59:44 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job [2012.07.11 03:31:05 | 005,107,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.03 23:02:42 | 000,138,100 | ---- | M] () -- C:\Users\betti\Documents\__shop.derticketservice.de_frankenheim-kino_details.html_eventid=386984.pdf [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.25 16:04:24 | 001,394,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll ========== Files Created - No Company Name ========== [2012.07.16 19:18:33 | 000,624,883 | ---- | C] () -- C:\Users\betti\Desktop\adwcleaner.exe [2012.07.16 19:12:18 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.16 07:55:06 | 000,000,000 | ---- | C] () -- C:\Users\betti\defogger_reenable [2012.07.03 23:02:41 | 000,138,100 | ---- | C] () -- C:\Users\betti\Documents\__shop.derticketservice.de_frankenheim-kino_details.html_eventid=386984.pdf [2012.01.21 22:44:15 | 000,000,000 | ---- | C] () -- C:\Users\betti\AppData\Local\{B15CD112-9CEC-4C3F-9579-841D251F031C} [2011.12.29 20:52:39 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.12.29 20:52:39 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.12.13 08:51:27 | 000,000,132 | ---- | C] () -- C:\Windows\medigraf.INI [2011.03.19 19:45:28 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2011.03.06 18:51:56 | 000,000,929 | ---- | C] () -- C:\Users\betti\.recently-used.xbel [2010.12.06 20:34:42 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe [2010.12.06 20:34:23 | 000,011,129 | ---- | C] () -- C:\Users\betti\AppData\Roaming\SmarThruOptions.xml [2010.12.06 20:34:11 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe [2010.12.06 20:34:00 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SecSNMP.dll [2010.12.06 20:33:46 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini [2010.12.06 20:33:43 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll [2010.11.01 14:34:59 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.10.21 15:19:42 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2010.10.21 15:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll [2010.10.21 15:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll [2010.10.21 15:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll [2010.08.22 16:09:07 | 000,000,000 | ---- | C] () -- C:\Users\betti\AppData\Roaming\chrtmp [2010.07.06 19:31:48 | 000,007,680 | ---- | C] () -- C:\Users\betti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.02 21:18:44 | 000,566,427 | ---- | C] () -- C:\Users\betti\.pdf.pdf [2010.02.14 00:52:34 | 000,000,000 | ---- | C] () -- C:\Users\betti\AppData\Roaming\wklnhst.dat < End of report > Gruss bettina |
|
18.07.2012, 07:28
| #10 |
| | Ständig Weiterleitung auf unerwünschte Werbeseiten Hi, ganz aufgeräumt ist noch nicht, dann laufen da noch ein Programm bzw. Modul die ich nicht kenne: Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Users\betti\AppData\Local\Temp\UDT-ABBAMGCHGAOGDHBBFHFH2\udt.exe
C:\Users\betti\AppData\Local\Temp\UDT-ABBAMGCHGAOGDHBBFHFH2\Tools.dll
Prüfe mal in Ruhe alles und melde Dich dann wieder... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
18.07.2012, 07:34
| #11 |
| | Ständig Weiterleitung auf unerwünschte Werbeseiten hi, den ersten habe ich noch geschafft, der Rest später SHA256: bf06f847756d9bc6cd270dc437757aae6a95099fd2a663d1ccfbe505fa34d46e File name: udt.exe Detection ratio: 3 / 44 Analysis date: 2011-09-23 00:44:17 UTC ( 9 Monate, 4 Wochen ago ) 0 0 More details Antivirus Result Update AhnLab-V3 - 20110922 AntiVir - 20110922 Antiy-AVL - 20110922 Avast - 20110922 Avast5 - 20110922 AVG - 20110922 BitDefender - 20110923 ByteHero - 20110913 CAT-QuickHeal - 20110922 ClamAV - 20110923 Commtouch - 20110922 Comodo Heur.Suspicious 20110923 DrWeb - 20110922 Emsisoft - 20110923 eSafe - 20110920 eTrust-Vet - 20110922 F-Prot - 20110922 F-Secure - 20110923 Fortinet - 20110923 GData - 20110923 Ikarus - 20110923 Jiangmin - 20110922 K7AntiVirus - 20110922 Kaspersky - 20110922 McAfee - 20110923 McAfee-GW-Edition - 20110922 Microsoft - 20110922 NOD32 - 20110923 Norman - 20110922 nProtect - 20110922 Panda - 20110922 PCTools - 20110923 Prevx - 20110923 Rising - 20110922 Sophos - 20110923 SUPERAntiSpyware - 20110923 Symantec - 20110923 TheHacker - 20110922 TrendMicro PAK_Generic.001 20110922 TrendMicro-HouseCall PAK_Generic.001 20110923 VBA32 - 20110922 VIPRE - 20110922 ViRobot - 20110922 VirusBuster - 20110922 Comments Votes Additional information No comments You have not signed in. Only registered users can leave comments, sign in and have a voice! Sign in Join the community SHA256: bf06f847756d9bc6cd270dc437757aae6a95099fd2a663d1ccfbe505fa34d46e SHA1: 370e0ebb80b2b2e93227077d6491e165d487c5ab MD5: 92190d79bc842037105b3b2aa8df41e0 File size: 129.0 KB ( 132096 bytes ) File name: udt.exe File type: Win32 EXE Tags: upx Detection ratio: 3 / 44 Analysis date: 2011-09-23 00:44:17 UTC ( 9 Monate, 4 Wochen ago |
|
18.07.2012, 08:39
| #12 |
| | Ständig Weiterleitung auf unerwünschte Werbeseiten Hi, Dateien die ausführbar sind und in einem temporären Verzeichnis liegen, sind immer sehr ... äh... verdächtig. Ich würde sie Plattmachen... Schauen wir mal was die zweite Datei bringt... Fix für OTL:
Code:
ATTFilter
:OTL
PRC - C:\Users\betti\AppData\Local\Temp\UDT-ABBAMGCHGAOGDHBBFHFH2\udt.exe ()
MOD - C:\Users\betti\AppData\Local\Temp\UDT-ABBAMGCHGAOGDHBBFHFH2\Tools.dll ()
:Commands
[emptytemp]
[Reboot]
chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
18.07.2012, 16:05
| #13 |
| | Ständig Weiterleitung auf unerwünschte Werbeseiten hallo, die weiterleitung ist immer noch da.... oben auf dem Reiter des explorers erscheint kurz " google analytics! " und dann steht da document has moved... hier der erste log von virustotal SHA256: bf06f847756d9bc6cd270dc437757aae6a95099fd2a663d1ccfbe505fa34d46e SHA1: 370e0ebb80b2b2e93227077d6491e165d487c5ab MD5: 92190d79bc842037105b3b2aa8df41e0 File size: 129.0 KB ( 132096 bytes ) File name: udt.exe File type: Win32 EXE Tags: upx Detection ratio: 3 / 44 Analysis date: 2011-09-23 00:44:17 UTC ( 9 Monate, 4 Wochen ago ) 0 0 More details Antivirus Result Update AhnLab-V3 - 20110922 AntiVir - 20110922 Antiy-AVL - 20110922 Avast - 20110922 Avast5 - 20110922 AVG - 20110922 BitDefender - 20110923 ByteHero - 20110913 CAT-QuickHeal - 20110922 ClamAV - 20110923 Commtouch - 20110922 Comodo Heur.Suspicious 20110923 DrWeb - 20110922 Emsisoft - 20110923 eSafe - 20110920 eTrust-Vet - 20110922 F-Prot - 20110922 F-Secure - 20110923 Fortinet - 20110923 GData - 20110923 Ikarus - 20110923 Jiangmin - 20110922 K7AntiVirus - 20110922 Kaspersky - 20110922 McAfee - 20110923 McAfee-GW-Edition - 20110922 Microsoft - 20110922 NOD32 - 20110923 Norman - 20110922 nProtect - 20110922 Panda - 20110922 PCTools - 20110923 Prevx - 20110923 Rising - 20110922 Sophos - 20110923 SUPERAntiSpyware - 20110923 Symantec - 20110923 TheHacker - 20110922 TrendMicro PAK_Generic.001 20110922 TrendMicro-HouseCall PAK_Generic.001 20110923 VBA32 - 20110922 VIPRE - 20110922 ViRobot - 20110922 VirusBuster - 20110922 und Nr. 2 SHA256: 59a5f56d17385221c843089748ae43255885f6fd0bef079025ad1c8acb0bfef0 SHA1: 73da47149639f136d6918e885cb685fe52e8595c MD5: 4629be29c872be99dff638b1dbae2dba File size: 18.0 KB ( 18432 bytes ) File name: 4629BE29C872BE99DFF638B1DBAE2DBA File type: Win32 DLL Tags: armadillo Detection ratio: 2 / 40 Analysis date: 2012-05-16 07:08:05 UTC ( 2 Monate ago ) 0 0 More details Antivirus Result Update AhnLab-V3 - 20120515 AntiVir - 20120516 Antiy-AVL - 20120516 Avast - 20120516 AVG - 20120516 BitDefender - 20120516 ByteHero - 20120515 CAT-QuickHeal - 20120515 ClamAV - 20120516 Commtouch - 20120516 Comodo - 20120516 DrWeb - 20120516 Emsisoft - 20120516 eSafe - 20120515 eTrust-Vet - 20120515 F-Prot - 20120516 F-Secure - 20120516 Fortinet - 20120516 GData - 20120516 Ikarus - 20120516 Jiangmin - 20120516 K7AntiVirus - 20120515 Kaspersky - 20120516 McAfee - 20120516 McAfee-GW-Edition - 20120516 Microsoft - 20120516 NOD32 - 20120516 Norman - 20120516 nProtect - 20120516 PCTools - 20120516 Rising - 20120516 SUPERAntiSpyware - 20120516 Symantec - 20120516 TheHacker - 20120516 TrendMicro PAK_Generic.001 20120516 TrendMicro-HouseCall PAK_Generic.001 20120516 VBA32 - 20120515 VIPRE - 20120516 ViRobot - 20120516 VirusBuster - 20120515 Gruss Bettina All processes killed ========== OTL ========== No active process named udt.exe was found! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: AppData User: betti ->Temp folder emptied: 1420832 bytes ->Temporary Internet Files folder emptied: 19732533 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 671 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 119049715 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes RecycleBin emptied: 844416 bytes Total Files Cleaned = 135,00 mb OTL by OldTimer - Version 3.2.54.0 log created on 07182012_170840 Files\Folders moved on Reboot... C:\Users\betti\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHT4NHE6\119605-staendig-weiterleitung-unerwuenschte-werbeseiten-2[1].htm moved successfully. C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHT4NHE6\st[1] moved successfully. C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1GWF9CM\bv[1].htm moved successfully. File\Folder C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GG3W2OKC\analysis[2].htm not found! File\Folder C:\Windows\temp\mcmsc_RHbk7hcgLudPvui not found! File\Folder C:\Windows\temp\mcmsc_yRopT3FG0UKI8v9 not found! File\Folder C:\Windows\temp\sqlite_DLIhQ06jbwWpIle not found! File\Folder C:\Windows\temp\sqlite_fJ39IMpK3KMyzAy not found! File\Folder C:\Windows\temp\sqlite_OwghS48YNR6uecI not found! File\Folder C:\Windows\temp\sqlite_rKrDf03AKywhbee not found! PendingFileRenameOperations files... File C:\Users\betti\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHT4NHE6\119605-staendig-weiterleitung-unerwuenschte-werbeseiten-2[1].htm not found! File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHT4NHE6\st[1] not found! File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1GWF9CM\bv[1].htm not found! File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GG3W2OKC\analysis[2].htm not found! File C:\Windows\temp\mcmsc_RHbk7hcgLudPvui not found! File C:\Windows\temp\mcmsc_yRopT3FG0UKI8v9 not found! File C:\Windows\temp\sqlite_DLIhQ06jbwWpIle not found! File C:\Windows\temp\sqlite_fJ39IMpK3KMyzAy not found! File C:\Windows\temp\sqlite_OwghS48YNR6uecI not found! File C:\Windows\temp\sqlite_rKrDf03AKywhbee not found! Registry entries deleted on Reboot... aber die Weiterleitung ist immer noch drin. es erscheint "document has moved", oben im Reiter steht kurz google analytics. LG Bettina |
|
20.07.2012, 07:16
| #14 |
| | Ständig Weiterleitung auf unerwünschte Werbeseiten Hi, jetzt musst Du mir mal genau erklären was Du machst. Google-Analytics ist ein Google-Dienst... Du startest Firefox und eine Suchanfrage, dann klickst Du auf einen Fund und dann kommt innerhalb der Page der Hinweis auf die Redirection. Passiert das bei allen Funden oder nur bei bestimmten? Bitte die URL wo das passiert als private PM an mich. Es gibt tatsächlich Sachverhalte, wo der Seiteninhaber seine Pages reorganisiert hat und eine weiterleitung stattfindet, da er die Inhalte verschoben hat... Poste bitte noch ein neues OTL-Log... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu Ständig Weiterleitung auf unerwünschte Werbeseiten |
| adaware, adresse, adressen, artikel, erscheint, explorer, folge, folgendes, hallo zusammen, hoffe, home, interne, internet, internet explorer, klicke, klicken, problem, schnell, tagen, unerwünschte, virus, weiterleitung, werbeseite, zusammen, ähnliches |
Linear-Darstellung
