| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Incredibar Trojaner löschen, wie gehe ich vor?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.07.2012, 12:52
| #1 |
 |  Incredibar Trojaner löschen, wie gehe ich vor? Hallo an alle die das lesen. Ich hab ein Problem mit meinem Firefox, wenn ich das Programm starte erscheint MyStart Incredibar statt Google (wie gewohnt). Nun habe ich schon ein paar Einträge darüber gelesen, möchte allerdings nicht einfach blind auf diese vertrauen und hoffe ihr könnt individuell auf mein Problem eingehen. Vielen Dank schonmal im Vorraus.  |
|
22.07.2012, 10:40
| #2 |
| | Incredibar Trojaner löschen, wie gehe ich vor? Also da bis jetzt noch keine Antwort kam und ich nicht wirklich einen Plan habe was ich machen soll, habe ich in einem anderen Forum gelesen, dass man über about:config, die incredibar-daten zurücksetzen soll. Jetzt ist zumindest wieder Google bei mir als Standartsuchmaschine drin und von Incredibar ist nichts mehr zu sehen. Jetzt denke ich aber das es bestimmt noch nicht gereicht hat um alles loszuwerden. Nun dachte ich, ich könnte dieses OTL-Oldtimer benutzen, getraue mich aber ohne Hilfe nicht wirklich ran, da ja hier gepredigt wird man soll das Thema individuell angehen und nicht einfach irgendwelche Daten verwenden.
__________________Ich hoffe es findet jemand die Zeit mir dabei zu helfen. |
|
09.08.2012, 12:36
| #3 |
| /// Helfer-Team  | Incredibar Trojaner löschen, wie gehe ich vor? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. 2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
|
14.08.2012, 19:25
| #4 |
| | Incredibar Trojaner löschen, wie gehe ich vor? Vielen Dank, dass du dich gemeldet hast um mir bei zu stehen, ich hab jetzt schon Programme durchlaufen lassen, bin mir aber immer noch überhaupt nicht sicher. Hier erstmal das Ergebnis zu Schritt 1: Malwarebytes Anti-Malware 1.62.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.08.12.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 7.0.6002.18005 Tobias :: TOBIAS-PC [Administrator] 12.08.2012 18:26:43 mbam-log-2012-08-12 (18-26-43).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 384558 Laufzeit: 2 Stunde(n), 25 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Soll ich nun Schritt 2 machen? Vielen Dank schonmal.  |
|
14.08.2012, 20:32
| #5 | |
| /// Helfer-Team | Incredibar Trojaner löschen, wie gehe ich vor?Zitat:
|
|
15.08.2012, 16:17
| #6 |
| | Incredibar Trojaner löschen, wie gehe ich vor? Alles klar.  Hier folgen die zwei Logfiles.OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.08.2012 17:00:11 - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Tobias\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,90 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 62,84% Memory free
6,02 Gb Paging File | 4,63 Gb Available in Paging File | 76,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 169,25 Gb Free Space | 37,12% Space Free | Partition Type: NTFS
Drive G: | 6,94 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: TOBIAS-PC | User Name: Tobias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1843618265-1737691326-3216044275-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05FCCA87-5D38-4C57-8CE0-1A66C164C5C3}" = lport=138 | protocol=17 | dir=in | app=system |
"{11C53B6C-31F5-4339-9B58-1E09380F57EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{26AE8ACD-E1B2-49E3-AFE3-854412B34FE0}" = lport=445 | protocol=6 | dir=in | app=system |
"{2A962130-D730-4641-A6A9-91228E6FEF67}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3A8E309A-AC04-4DF2-B110-830FC1C2F4A7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3FBAF46C-B89F-4400-AFA7-81BEE82A8604}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4EDCC1D1-9B7F-4828-B5B2-576B22C9A883}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4FCA2F08-8BD4-4C6C-A54B-731B26BB6502}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6ACF25AD-F171-4712-A092-24A500DF6D07}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6C252705-E094-4321-A663-A07F8214EA2B}" = rport=137 | protocol=17 | dir=out | app=system |
"{7DE03FED-1D7B-41F3-8FC9-E687DD60EA49}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{84C995FD-8563-42BF-BDD3-C4B3F368A066}" = rport=139 | protocol=6 | dir=out | app=system |
"{867FE65B-CB73-4D26-AEBD-918289B89EC8}" = rport=445 | protocol=6 | dir=out | app=system |
"{87F1E710-E4A3-4236-83B6-C4B68CED1FA8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{95E4832F-C68C-43B9-BC17-00BC7017CF72}" = lport=139 | protocol=6 | dir=in | app=system |
"{A078D435-D3E5-4678-99EC-0DF9D326414A}" = rport=138 | protocol=17 | dir=out | app=system |
"{B549BB9D-0150-4C11-B2F7-47DBAF7A3814}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D7D82951-F090-40C5-AEBE-EE0C773C836F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D990D59E-9C3B-472A-9D94-E4529D6A9D28}" = lport=137 | protocol=17 | dir=in | app=system |
"{F5336DC7-C02F-46D9-BB7E-779728DF8FB9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F49519-115A-4E1C-A57C-3DB53A329EA6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{049C46EE-1E28-4849-8F3C-1AE8B5CBACAE}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{04C3DEBD-4B10-4745-9423-11BE7BD70447}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{055D2495-C00A-4230-BF82-DCC51FE9779F}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{07F9C0F4-6033-4821-A5E5-11336A01B46E}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{0E90343C-0E49-4FC1-903E-7ED61E353549}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{1213B9CB-AA9E-4520-AA8C-0410E4EB3401}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{1220F596-1F1E-4820-B362-2D9F1B78ED03}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1322E2D6-BEAF-46FF-BB17-0191558EB856}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{13B625BD-4327-4B7B-9520-3B3FD03980A7}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{13FB8714-61B4-4C36-B132-AB92C82C1C03}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{1696AE61-A1D5-4096-B3BE-06146875F469}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{172B75C8-1920-4C5D-BDB0-9F43FE08AB86}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1A9C145B-AA31-4812-8C84-918BCA3E2533}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{1AD0E4CF-DDCF-4D52-9C35-BA427599C912}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1BF50021-28F7-47BA-824F-6B0DC58B8D3A}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{1C0C3D0A-86F7-43EE-9689-693FEF231110}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{1F001140-0C08-4629-8B52-023A177C94ED}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{243A321B-46D5-484E-A283-B4CF90DE16C7}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{24B47A2A-5157-4915-88E7-0B6C17F1BE1E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{28C2C5ED-7E3D-4605-8AE7-DFBF898A2DF6}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{2DCB8C26-A974-4599-9EE4-81A981F99CC0}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{2FA33226-E98B-4988-B6E9-13075B43D3F2}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{2FB4AF89-7A5D-4217-B835-1B0612CC5320}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{34A80F70-A171-4349-B26B-E048B3BF8904}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{36AE8BAF-2191-4F48-B406-91C6A92D9B96}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{38E40F02-960D-41B8-8233-1D0B605216F4}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{3A509323-4E40-4D52-90EB-3ECA84223768}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{3D835E4A-2C93-427A-9F35-B5E406612C0F}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{3DCC411C-85F8-4FA9-A451-D462CC2F82BB}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{3FAD6E5C-C8B8-46B8-B817-E93EB4BBAD9F}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{4A67FEE5-DD64-4654-9C15-F89AE55BB94B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{4DDD1EFB-093D-4E5C-B3FE-D1FE2D962BCF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{52F0F2EE-9126-4E20-9983-A157F0B39AA9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5726745A-CC5F-47C3-A45C-424C3A5126D2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{590CB752-1A9B-4BA2-894F-E22E441942EE}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{5E2B7F16-833E-4DA5-8A13-C99B63E8FEB5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{64ABBB51-02B3-445D-8F59-F785280318F2}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{661D9833-DE3C-48CE-81A9-2C86369E569E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{672D35FA-2F23-4E64-A940-34087BD8C7F2}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{6BE730B5-BE0C-4C89-9083-877C48680762}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{6CE85E23-5263-40C7-B81B-CD75D829A760}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{705A137C-21A2-4ECA-96D0-396E0ADF8D61}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{711C5806-A82E-428C-B099-81D9E7121B53}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{729A8D4F-59A4-4FE0-AFBE-DF681E77B079}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{7720F09E-0187-433A-9CF6-5F8336A03499}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{7A6401E4-53BC-4CD3-BB93-5ED238171EFF}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{7E2CC792-6A6E-4F21-9E45-A0B4AD7374B9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{851F9760-BDB7-4EEE-B9B3-7F27ACF5095D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8B8D7F38-6381-4B37-8912-CC27DB05616C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{8B939821-3350-448F-8369-421A4D4E5C4A}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{8F4D6BC8-98EE-43A3-ACB8-C129DCDB8446}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{94ED3B5A-493B-4550-9D36-13EE7A286967}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{9D8BC7D0-2A82-4775-89A6-16565980DDFE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9E35097E-1A37-43B2-84FB-741575C122DA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{A5856226-54A3-427B-ADE8-51F4B137E4A1}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{A8AACE52-728C-420E-AF8F-B9B712E0F1A3}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{AC901ED8-7FBB-4B43-855A-38B346FA8027}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{AE42203B-94F8-4A94-8AC4-A4F96A3F70B0}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{AEAAF999-A9FB-4AB9-A80F-2B69DCAD6B69}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{B1533555-FE8A-4FE1-A114-8467EAEE1E0F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B1DDA89C-7837-4E36-AB26-3269EDEFD4D7}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{BC5834CF-8ECF-46BB-99D9-0A073E0ADEBC}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{BEC2AB43-F3C1-4E81-8D81-EBB28B22E079}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{C1FE63CD-BE1C-4BB6-BA21-C1005D6B6F4C}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{C5B99655-A9A5-460F-982B-8D4DEACD675A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{CECB5949-B0C3-40E7-AA9D-D45136FC5F0D}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{D9406F1E-979E-4AFF-BD47-DB9885F7EB38}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{E6B5E9C3-D085-49A7-A2CB-DF6095BE131B}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{EB32D339-A447-4A96-A680-D37FB6DEBB0B}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{EE1E4F1A-9996-46DD-88CD-9E8E396605A6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EF71D745-E655-4156-9955-A74FBFC2082B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{F1744F9D-2AB6-40B0-9384-6BD2C7758DBC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{F67F0B87-DD1A-49CD-BAD7-E5A38A4869F7}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{FF52EBAD-C287-41EC-9C2F-D76FFDBDFA82}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"TCP Query User{034D7195-0AAF-49BE-A271-06C9C744B955}C:\users\tobias\appdata\local\temp\53921b729e9646b8b25234877cf1c4f1\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\tobias\appdata\local\temp\53921b729e9646b8b25234877cf1c4f1\relicdownloader.exe |
"TCP Query User{1C721F7B-C84A-4EE7-938A-FA57558AB80C}C:\program files\return to castle wolfenstein\wolfmp.exe" = protocol=6 | dir=in | app=c:\program files\return to castle wolfenstein\wolfmp.exe |
"TCP Query User{1EA60EC0-FAEB-4D1F-86EF-5CA380B34AA1}C:\program files\aoe ii an basti-pc\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\aoe ii an basti-pc\age2_x1\age2_x1.exe |
"TCP Query User{26B76531-DAB4-411F-B88D-3A55AAC3A7A5}C:\program files\ee\empire earth.exe" = protocol=6 | dir=in | app=c:\program files\ee\empire earth.exe |
"TCP Query User{33473C28-9CF0-4CB0-8C3B-0A700CB0FB36}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{3AFCBCE8-639C-485E-B0C3-B4979389A744}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{3B60AEBE-950F-4033-A12E-2C63B50ABD6B}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{465B3F7A-0806-4817-852E-A6C5D2862BE9}C:\users\tobias\appdata\local\temp\38c35652b6ce40ec91dc05799058c371\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\tobias\appdata\local\temp\38c35652b6ce40ec91dc05799058c371\relicdownloader.exe |
"TCP Query User{54475BEB-CA1B-45BE-A3B9-D9049083D631}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{5533BEEE-7488-4422-82EC-BA0282989068}C:\users\tobias\desktop\aoe ii an basti-pc\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\tobias\desktop\aoe ii an basti-pc\age2_x1\age2_x1.exe |
"TCP Query User{55467C16-1872-49CE-A1D3-108C10820DB9}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{55969A36-7A0B-4CEA-946B-20345B1E65AF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{6902E2CF-EDD4-4FDF-8D6F-2C0690EAE3A2}C:\users\tobias\desktop\verschiedenes\spiele\dragon age 2\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\users\tobias\desktop\verschiedenes\spiele\dragon age 2\dragon age\bin_ship\daorigins.exe |
"TCP Query User{6A93091B-EAE4-4153-8B34-3495D836D046}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=6 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe |
"TCP Query User{82817BF3-B189-4EC2-B1BD-DC5BBA776AD2}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{965F9CD8-289C-4ABB-A31C-92398BC26094}C:\users\tobias\desktop\dragon age 2\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\users\tobias\desktop\dragon age 2\dragon age\bin_ship\daorigins.exe |
"TCP Query User{A1D561E3-8442-48C7-A0E4-F75DB8CACDED}C:\program files\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"TCP Query User{A6E464C7-CEF5-4578-8060-658CB3A0E786}C:\program files\activision\modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\modern warfare 2\iw4mp.exe |
"TCP Query User{A7772747-9645-485B-BB44-28928E6513D4}C:\users\tobias\desktop\verschiedenes\spiele\dragon age 2\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\users\tobias\desktop\verschiedenes\spiele\dragon age 2\dragon age\bin_ship\daorigins.exe |
"TCP Query User{A7EC2FBB-ABE6-47B3-9AC7-8E678598CD07}C:\program files\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\program files\left 4 dead\left4dead.exe |
"TCP Query User{A8DB1CB9-051D-4878-9EA2-D86E33016C33}C:\program files\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"TCP Query User{C53C9CE9-4E6C-45D8-92AA-CECAD7A19CC6}C:\program files\left 4 dead\left4dead -dev.exe" = protocol=6 | dir=in | app=c:\program files\left 4 dead\left4dead -dev.exe |
"TCP Query User{C6385A63-9ECF-49C3-A228-CA3DCEF842ED}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{CD33ED20-608C-4B19-8AFD-46275DD4A2F1}C:\users\tobias\desktop\dragon age 2\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\users\tobias\desktop\dragon age 2\dragon age\bin_ship\daorigins.exe |
"TCP Query User{D79E3966-11CC-4F67-9FB4-9F7FF5AB8DAF}C:\users\tobias\appdata\local\temp\fc717a7d848e43e5bab491f9056b30c2\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\tobias\appdata\local\temp\fc717a7d848e43e5bab491f9056b30c2\relicdownloader.exe |
"TCP Query User{DBD854DF-E9A1-4DB7-80CC-89EAF112C288}C:\program files\return to castle wolfenstein\wolfmp.exe" = protocol=6 | dir=in | app=c:\program files\return to castle wolfenstein\wolfmp.exe |
"TCP Query User{E9C8BEB9-DCA1-4691-8D32-E624C7E805C6}C:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{EE7ACAC2-6AEA-46FF-94E0-33AF7B22F0F3}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{F1EE8DF7-91EE-43FB-8C2B-7551EF6CCBB0}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{F5F0BAEC-176A-44DB-97D0-6B10F75F0DDE}C:\program files\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\program files\left 4 dead\left4dead.exe |
"UDP Query User{34737153-9864-4B62-B0B4-CAD4146948C1}C:\program files\return to castle wolfenstein\wolfmp.exe" = protocol=17 | dir=in | app=c:\program files\return to castle wolfenstein\wolfmp.exe |
"UDP Query User{4057DB62-9A04-4900-AA9C-4B5228162427}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{4D837420-BB2B-4FEF-9DF7-5FA0D4A4FD4C}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{4F2F18A4-DED6-4E9E-B86C-AF370FD2A9E4}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{4FBD9F23-0C35-484A-9C80-B086388E16BE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{52AEA5B1-7937-4116-91E4-C4E30A85DBC6}C:\users\tobias\desktop\aoe ii an basti-pc\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\tobias\desktop\aoe ii an basti-pc\age2_x1\age2_x1.exe |
"UDP Query User{5EC010ED-BECC-4540-808D-59FBBA664909}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{66A97CA6-2D9E-405B-B7CD-A40F0D8533A5}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{6D124A68-15B1-4F63-801B-867FE9818610}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=17 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe |
"UDP Query User{6E2DAE33-8090-43C3-A4EE-9BE8CC6D913F}C:\users\tobias\desktop\verschiedenes\spiele\dragon age 2\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\users\tobias\desktop\verschiedenes\spiele\dragon age 2\dragon age\bin_ship\daorigins.exe |
"UDP Query User{83DB8D89-E950-4828-9B41-9871295F2907}C:\program files\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\program files\left 4 dead\left4dead.exe |
"UDP Query User{92F297F6-A82E-4C8B-8386-178959094584}C:\program files\aoe ii an basti-pc\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\aoe ii an basti-pc\age2_x1\age2_x1.exe |
"UDP Query User{934D18D9-88E4-49F1-8871-9C638BF4AABD}C:\program files\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"UDP Query User{9879D3CC-DAB7-4A6D-A33C-245F24CDA9F5}C:\users\tobias\desktop\verschiedenes\spiele\dragon age 2\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\users\tobias\desktop\verschiedenes\spiele\dragon age 2\dragon age\bin_ship\daorigins.exe |
"UDP Query User{9CA34818-31E9-4DCB-8D20-BDE685DB52BF}C:\users\tobias\appdata\local\temp\38c35652b6ce40ec91dc05799058c371\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\tobias\appdata\local\temp\38c35652b6ce40ec91dc05799058c371\relicdownloader.exe |
"UDP Query User{9DB03C4E-E5D3-4A43-95D4-BFA531081A7C}C:\program files\left 4 dead\left4dead -dev.exe" = protocol=17 | dir=in | app=c:\program files\left 4 dead\left4dead -dev.exe |
"UDP Query User{9E4FD7E4-7C6D-48A7-BCCA-2E7E9C0B502E}C:\program files\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\program files\left 4 dead\left4dead.exe |
"UDP Query User{9ED2FF77-7771-483C-A711-88306D399042}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{A1CFFBA1-B836-42E2-9C78-9F81C0A2E9BC}C:\users\tobias\appdata\local\temp\53921b729e9646b8b25234877cf1c4f1\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\tobias\appdata\local\temp\53921b729e9646b8b25234877cf1c4f1\relicdownloader.exe |
"UDP Query User{A3E34108-545B-4BFA-A844-E4552CCC93A0}C:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{AD0B8936-7634-4E21-A73D-1EE19167CAF0}C:\users\tobias\desktop\dragon age 2\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\users\tobias\desktop\dragon age 2\dragon age\bin_ship\daorigins.exe |
"UDP Query User{AFD4EE98-63B9-4556-A5CF-0F50A9E5FA50}C:\users\tobias\desktop\dragon age 2\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\users\tobias\desktop\dragon age 2\dragon age\bin_ship\daorigins.exe |
"UDP Query User{BA3BE5E0-8113-4590-ADB2-70E2F1A468B8}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{CF1E6FF4-B015-42CC-9323-692098F7D08C}C:\program files\return to castle wolfenstein\wolfmp.exe" = protocol=17 | dir=in | app=c:\program files\return to castle wolfenstein\wolfmp.exe |
"UDP Query User{D0397D9A-515D-4222-9D65-A825B301213D}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{D08FA082-7700-4152-8FE5-AD05870E39DE}C:\program files\activision\modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\modern warfare 2\iw4mp.exe |
"UDP Query User{DFCB79E0-5A68-4873-BFDC-302911FDE4EE}C:\users\tobias\appdata\local\temp\fc717a7d848e43e5bab491f9056b30c2\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\tobias\appdata\local\temp\fc717a7d848e43e5bab491f9056b30c2\relicdownloader.exe |
"UDP Query User{E22F05C3-302E-41A4-92B4-E9FB760FEEB9}C:\program files\ee\empire earth.exe" = protocol=17 | dir=in | app=c:\program files\ee\empire earth.exe |
"UDP Query User{F2D4F7E8-2E3C-45C3-80C8-1A017AEFB531}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |
"UDP Query User{F5A490FD-D570-4010-8086-2ADDA647567E}C:\program files\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0B41341B-4BC2-7CB0-8178-C5D0AD92EEF2}" = CCC Help Greek
"{0F5A95A6-7A7E-93E7-C77B-470FD9B667F8}" = CCC Help Turkish
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FA83AF5-C201-4E45-BBBD-79E8ABADE53E}" = Catalyst Control Center - Branding
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2158685C-E2B3-4026-B0A1-0FFE31837AFD}" = PlayLinc
"{229F7A4D-6E3B-EB2C-9110-6DEA56E99108}" = Catalyst Control Center Localization All
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2FB5CC56-872B-A0D7-A525-EBF9DB08689B}" = CCC Help French
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.462
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{38EA4830-58AE-65AD-A8B3-6064D394D7ED}" = CCC Help Czech
"{39718956-7340-3DFE-3A35-14C91DC9D63D}" = Catalyst Control Center Graphics Previews Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3F88036C-CF12-1114-459A-E266572C017E}" = CCC Help Chinese Standard
"{4955AA6E-8C6B-A5B9-B18E-E16384E33B50}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4B7FE3B3-9A06-285A-EB91-BC3CA6D60AD8}" = CCC Help Polish
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CDE854F-E21C-135B-ED5A-8E9F82B0007E}" = ATI Catalyst Install Manager
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{603C6F75-DE85-0E39-9D68-938113A2F5E6}" = Catalyst Control Center Graphics Full Existing
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6513AD91-DA94-2BD0-E568-432993A4D6BE}" = Skins
"{66E54441-49CF-BA7C-31F8-2B0E8F6ED16C}" = CCC Help Italian
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{721E52C2-EA00-C621-3684-D970952071F9}" = CCC Help Finnish
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{750E150C-26FE-7E07-173B-51E79256A923}" = CCC Help Dutch
"{756E414B-D957-3C82-84D4-A3C287F8EB6A}" = CCC Help Japanese
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{75B384B3-01D1-7483-7F5E-266FB8B17C07}" = CCC Help German
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7B18FBCB-A4B6-50E7-ABC6-8DE3544A3252}" = Catalyst Control Center InstallProxy
"{7D6A6201-8191-7F50-E56B-E06A060419F2}" = CCC Help Russian
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0CED3C4-8144-59C4-C5F4-2EA55F34B9B5}" = CCC Help Hungarian
"{A5BADEDF-5C2E-D41B-CDB7-4EF1126EFAC8}" = CCC Help Norwegian
"{A8BEBC07-B5D5-8717-835D-52A06E8436FE}" = CCC Help Korean
"{AAEC5400-3AAA-EE21-ABAB-6817E92A1CAD}" = Catalyst Control Center Graphics Light
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{AE30124B-94BE-4ECC-CA37-25A1773442F0}" = CCC Help Spanish
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF5C4D9B-90F3-F13A-1B4C-C3B715D3DBF4}" = ccc-core-static
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B55DB8FF-D820-556E-A1A3-33DBAE66A4D3}" = Catalyst Control Center Graphics Full New
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BE43F19F-EE18-E389-BBF5-37C27AF16661}" = CCC Help English
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C53895B8-ABF5-A16E-3415-B8CE794420BD}" = ccc-utility
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEDE4E96-8001-EE93-6F25-96A7E1A87AC9}" = CCC Help Portuguese
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D1FAA013-337E-EE72-B238-47A32B2B8314}" = CCC Help Swedish
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D7645CC1-EB78-3481-FBC4-EBC525488E3C}" = Catalyst Control Center Core Implementation
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E283C37C-C781-586F-CA53-5175CB8C4519}" = CCC Help Thai
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EAE682E9-A523-7972-B39B-75674154AF1F}" = CCC Help Danish
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Company of Heroes" = Company of Heroes
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FormatFactory" = FormatFactory 2.60
"Free YouTube Download_is1" = Free YouTube Download version 3.1.30.627
"G-Force" = G-Force
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"incredibar" = Incredibar Toolbar on IE
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"IrfanView" = IrfanView (remove only)
"Left 4 Dead" = Left 4 Dead
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Manhunt 2" = Manhunt 2
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird (6.0)" = Mozilla Thunderbird (6.0)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Red Eye Remover Pro_is1" = Red Eye Remover Pro 1.2
"Return to Castle Wolfenstein" = Return to Castle Wolfenstein
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 22380" = Fallout: New Vegas
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1843618265-1737691326-3216044275-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.06.2011 04:31:16 | Computer Name = Tobias-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Real\RealPlayer\plugins\rmxrend.dll".
Die
abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 24.06.2011 15:18:00 | Computer Name = Tobias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.06.2011 15:18:00 | Computer Name = Tobias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.06.2011 15:18:14 | Computer Name = Tobias-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.06.2011 15:18:33 | Computer Name = Tobias-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 24.06.2011 15:18:33 | Computer Name = Tobias-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 24.06.2011 15:18:33 | Computer Name = Tobias-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 24.06.2011 15:18:33 | Computer Name = Tobias-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 26.06.2011 04:07:42 | Computer Name = Tobias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 26.06.2011 04:07:42 | Computer Name = Tobias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 26.06.2011 04:08:47 | Computer Name = Tobias-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 29.07.2012 09:54:35 | Computer Name = Tobias-PC | Source = bowser | ID = 8003
Description =
Error - 29.07.2012 10:05:37 | Computer Name = Tobias-PC | Source = bowser | ID = 8003
Description =
Error - 05.08.2012 07:44:35 | Computer Name = Tobias-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 05.08.2012 07:46:55 | Computer Name = Tobias-PC | Source = BROWSER | ID = 8032
Description =
Error - 09.08.2012 09:55:26 | Computer Name = Tobias-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 09.08.2012 12:07:22 | Computer Name = Tobias-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 09.08.2012 13:19:01 | Computer Name = Tobias-PC | Source = bowser | ID = 8003
Description =
Error - 12.08.2012 12:05:55 | Computer Name = Tobias-PC | Source = bowser | ID = 8003
Description =
Error - 12.08.2012 13:04:13 | Computer Name = Tobias-PC | Source = bowser | ID = 8003
Description =
Error - 14.08.2012 14:18:22 | Computer Name = Tobias-PC | Source = bowser | ID = 8003
Description =
< End of report >
----------------------------------------------------------------------------------OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.08.2012 17:00:11 - Run 2 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Tobias\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,90 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 62,84% Memory free 6,02 Gb Paging File | 4,63 Gb Available in Paging File | 76,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 169,25 Gb Free Space | 37,12% Space Free | Partition Type: NTFS Drive G: | 6,94 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: TOBIAS-PC | User Name: Tobias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Tobias\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Razer\DeathAdder\razerhid.exe () PRC - C:\Programme\Razer\DeathAdder\vdDaemon.exe (TODO: <Company name>) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated) PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.) PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\Acer\Optical Drive Power Management\ODDPWR.exe (Acer Incorporated) PRC - C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe (Acer Incorporated) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Razer\DeathAdder\razerofa.exe (Razer Inc.) PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Programme\Razer\DeathAdder\razerhid.exe () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3452.36805__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3452.36786__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3452.36806__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3452.36800__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3452.36795__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3452.36876__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3452.36885__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3452.36844__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3452.36857__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3452.36795__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3452.36838__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3452.36843__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossFireX.Graphics.Dashboard\2.0.3452.36900__90ba9c70f846762e\CLI.Aspect.CrossFireX.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3452.36877__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3452.36875__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3452.36829__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3452.36885__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3452.36901__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3452.36806__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3452.36830__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3452.36829__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3452.36810__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3452.36830__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3452.36836__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3452.36837__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3428.28328__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3452.36800__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3452.36871__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3452.36869__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3452.36786__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3452.36784__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3452.36881__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3452.36782__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3452.36791__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3452.36784__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3452.36782__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3452.36870__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Programme\Launch Manager\PowerUtl.dll () ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe () SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (DAUpdaterSvc) -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (ODDPwrSvc) -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe (Acer Incorporated) SRV - (DsiWMIService) -- C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (a123h08t) -- File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (VKbms) -- C:\Windows\System32\drivers\VKbms.sys (Windows (R) Win 7 DDK provider) DRV - (hidkmdf) -- C:\Windows\System32\drivers\hidkmdf.sys (Windows (R) Win 7 DDK provider) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (NETw1v32) Intel(R) -- C:\Windows\System32\drivers\NETw1v32.sys (Intel Corporation) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (intelkmd) -- C:\Windows\System32\drivers\igdpmd32.sys (Intel Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (danewFltr) -- C:\Windows\System32\drivers\danew.sys (Razer (Asia-Pacific) Pte Ltd) DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.) DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.) DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.) DRV - (hamachi_oem) -- C:\Windows\System32\drivers\gan_adapter.sys (Applied Networking Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data] IE - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com Worldwide - Select your local country or region [binary data] IE - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE352 IE - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms} IE - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "MyStart Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110419 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.07.19 13:16:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.09 16:00:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.09 16:01:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.08.09 16:00:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.08.09 16:01:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.09 16:00:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.09 16:01:01 | 000,000,000 | ---D | M] [2010.04.26 20:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias\AppData\Roaming\mozilla\Extensions [2010.04.26 20:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.02.14 23:38:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2012.08.13 18:16:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\1qu77e88.default\extensions [2012.07.01 18:34:20 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\1qu77e88.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.12 18:12:26 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\1qu77e88.default\searchplugins\icqplugin-1.xml [2011.06.24 11:52:43 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\1qu77e88.default\searchplugins\icqplugin-2.xml [2011.08.21 10:13:57 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\1qu77e88.default\searchplugins\icqplugin-3.xml [2011.09.10 10:19:07 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\1qu77e88.default\searchplugins\icqplugin-4.xml [2011.09.10 12:52:17 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\1qu77e88.default\searchplugins\icqplugin-5.xml [2011.10.17 22:02:14 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\1qu77e88.default\searchplugins\icqplugin-6.xml [2011.11.12 19:46:28 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\1qu77e88.default\searchplugins\icqplugin-7.xml [2011.06.22 11:02:14 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\1qu77e88.default\searchplugins\icqplugin.xml [2012.04.01 17:47:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.19 17:37:40 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.10 11:02:08 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.07.11 09:43:28 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.11 09:43:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.11 09:43:28 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.11 09:43:28 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.11 09:43:28 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.11 09:43:28 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll File not found O3 - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [DeathAdder] C:\Programme\Razer\DeathAdder\razerhid.exe () O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4 - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000..\Run: [MsgCenterExe] "C:\Program Files\Real\RealPlayer\update\RealOneMessageCenter.exe" -osboot File not found O4 - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Tobias\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFE5A7C9-1382-471C-9023-F85A8747AF23}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.08.24 03:51:10 | 000,000,044 | R--- | M] () - G:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{69a34860-05d1-11df-aa6a-001f16b7da77}\Shell - "" = AutoRun O33 - MountPoints2\{69a34860-05d1-11df-aa6a-001f16b7da77}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{8bd90f1b-d1f5-11de-8bfc-001e64063340}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL julIAn.exe O33 - MountPoints2\{a702828e-9189-11de-81e4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a702828e-9189-11de-81e4-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Setup.exe -- [2010.08.24 03:51:12 | 000,345,896 | R--- | M] (Valve Corporation) O33 - MountPoints2\{f8717660-1af9-11df-945b-001e64063340}\Shell - "" = AutoRun O33 - MountPoints2\{f8717660-1af9-11df-945b-001e64063340}\Shell\AutoRun\command - "" = F:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.15 16:15:50 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD [2012.08.13 18:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [2012.08.13 18:25:00 | 000,049,152 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\E_DCINST.DLL [2012.08.13 18:24:58 | 000,086,528 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FLBCAE.DLL [2012.08.13 18:24:56 | 000,078,848 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FD4BCAE.DLL [2012.08.13 18:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON [2012.08.09 16:00:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.07.24 14:05:19 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\vlc [2012.07.24 13:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.07.24 10:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.07.24 10:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.07.24 10:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2012.07.22 11:30:57 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Tobias\Desktop\OTL.exe [2012.07.20 13:39:26 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Desktop\Dokumente [2012.07.19 13:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant [2012.07.19 12:51:06 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\SoundSpectrum [2012.07.19 12:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G-Force [2012.07.19 12:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\SoundSpectrum [2012.07.19 12:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real [2012.07.17 17:27:43 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Desktop\Bewerbung ========== Files - Modified Within 30 Days ========== [2012.08.15 16:39:15 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.15 16:39:15 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.15 16:39:15 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.15 16:39:15 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.15 16:38:42 | 000,183,808 | ---- | M] () -- C:\Users\Tobias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.15 16:15:27 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.15 16:15:27 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.15 16:15:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.15 16:15:06 | 3119,292,416 | -HS- | M] () -- C:\hiberfil.sys [2012.08.13 21:56:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2012.08.13 21:56:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job [2012.08.12 18:17:59 | 000,001,823 | ---- | M] () -- C:\Users\Tobias\Desktop\trojaner.rtf [2012.08.09 15:56:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job [2012.08.05 14:35:38 | 000,001,801 | ---- | M] () -- C:\Users\Tobias\Desktop\Doku.rtf [2012.08.04 10:18:51 | 000,032,172 | ---- | M] () -- C:\Users\Tobias\Desktop\Unbenannt.jpg [2012.08.04 09:56:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job [2012.07.24 13:54:20 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.07.24 11:41:34 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012.07.24 11:41:34 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2012.07.24 11:35:25 | 000,000,494 | ---- | M] () -- C:\Windows\wininit.ini [2012.07.24 10:53:36 | 000,001,059 | ---- | M] () -- C:\Users\Tobias\Desktop\Spybot - Search & Destroy.lnk [2012.07.22 11:31:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tobias\Desktop\OTL.exe [2012.07.22 10:46:44 | 000,000,280 | ---- | M] () -- C:\Users\Tobias\Desktop\Dokument.rtf [2012.07.19 13:16:36 | 000,000,454 | ---- | M] () -- C:\user.js ========== Files Created - No Company Name ========== [2012.08.12 18:17:59 | 000,001,823 | ---- | C] () -- C:\Users\Tobias\Desktop\trojaner.rtf [2012.08.05 14:35:38 | 000,001,801 | ---- | C] () -- C:\Users\Tobias\Desktop\Doku.rtf [2012.08.04 10:16:55 | 000,032,172 | ---- | C] () -- C:\Users\Tobias\Desktop\Unbenannt.jpg [2012.07.24 13:54:20 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.07.24 11:41:34 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2012.07.24 11:41:34 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2012.07.24 11:35:25 | 000,000,494 | ---- | C] () -- C:\Windows\wininit.ini [2012.07.24 10:53:36 | 000,001,059 | ---- | C] () -- C:\Users\Tobias\Desktop\Spybot - Search & Destroy.lnk [2012.07.22 10:46:40 | 000,000,280 | ---- | C] () -- C:\Users\Tobias\Desktop\Dokument.rtf [2012.07.19 13:16:35 | 000,000,454 | ---- | C] () -- C:\user.js [2011.06.21 12:15:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2011.06.21 12:13:50 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2011.06.21 12:13:25 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011.04.17 21:03:04 | 000,027,043 | ---- | C] () -- C:\Users\Tobias\AppData\Roaming\UserTile.png [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.03.16 14:26:23 | 000,000,680 | ---- | C] () -- C:\Users\Tobias\AppData\Local\d3d9caps.dat [2011.02.11 11:25:11 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll [2011.02.11 11:25:11 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll [2010.09.01 16:29:17 | 000,000,810 | ---- | C] () -- C:\Windows\Rtcw.INI [2009.11.29 15:10:42 | 000,003,423 | ---- | C] () -- C:\Users\Tobias\.recently-used.xbel [2009.11.15 17:01:02 | 000,183,808 | ---- | C] () -- C:\Users\Tobias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:B203B914 @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:131C0EE9 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E1982A23 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:CDFF58FE @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:814B9485 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3B3A35EC @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:4F636E25 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:ADE16379 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:ABE89FFE @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:3064D21D @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:35759C73 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:DCAF903C @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:798A3728 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:41099CE9 @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:CE0A077E @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:9E22BBE8 < End of report > Viel Spaß damit. |
|
15.08.2012, 22:08
| #7 |
| /// Helfer-Team | Incredibar Trojaner löschen, wie gehe ich vor? Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (a123h08t) -- File not found
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE352
IE - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110419
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.07.19 13:16:30 | 000,000,000 | ---D | M]
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll File not found
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll File not found
O3 - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O4 - HKU\S-1-5-21-1843618265-1737691326-3216044275-1000..\Run: [MsgCenterExe] "C:\Program Files\Real\RealPlayer\update\RealOneMessageCenter.exe" -osboot File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.08.24 03:51:10 | 000,000,044 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{69a34860-05d1-11df-aa6a-001f16b7da77}\Shell - "" = AutoRun
O33 - MountPoints2\{69a34860-05d1-11df-aa6a-001f16b7da77}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{8bd90f1b-d1f5-11de-8bfc-001e64063340}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL julIAn.exe
O33 - MountPoints2\{a702828e-9189-11de-81e4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a702828e-9189-11de-81e4-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Setup.exe -- [2010.08.24 03:51:12 | 000,345,896 | R--- | M] (Valve Corporation)
O33 - MountPoints2\{f8717660-1af9-11df-945b-001e64063340}\Shell - "" = AutoRun
O33 - MountPoints2\{f8717660-1af9-11df-945b-001e64063340}\Shell\AutoRun\command - "" = F:\pushinst.exe
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:131C0EE9
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1982A23
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:814B9485
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:3B3A35EC
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ADE16379
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3064D21D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:35759C73
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:DCAF903C
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:41099CE9
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:CE0A077E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:9E22BBE8
[2012.07.19 13:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012.07.19 13:16:36 | 000,000,454 | ---- | M] () -- C:\user.js
[2012.08.13 21:56:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.08.13 21:56:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2012.08.09 15:56:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2012.08.04 09:56:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
16.08.2012, 17:45
| #8 |
| | Incredibar Trojaner löschen, wie gehe ich vor? So ich hab nun alles ausgeführt, anbei die Daten. All processes killed ========== OTL ========== Process ExtensionUpdaterService.exe killed successfully! Service Web Assistant Updater stopped successfully! Service Web Assistant Updater deleted successfully! C:\Programme\Web Assistant\ExtensionUpdaterService.exe moved successfully. Service NwlnkFwd stopped successfully! Service NwlnkFwd deleted successfully! File system32\DRIVERS\nwlnkfwd.sys File not found not found. Service NwlnkFlt stopped successfully! Service NwlnkFlt deleted successfully! File system32\DRIVERS\nwlnkflt.sys File not found not found. Service IpInIp stopped successfully! Service IpInIp deleted successfully! File system32\DRIVERS\ipinip.sys File not found not found. Error: No service named a123h08t was found to stop! Service\Driver key a123h08t not found. File File not found not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully. C:\Programme\softonic-de3\prxtbsof0.dll moved successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found. File C:\Programme\softonic-de3\prxtbsof0.dll not found. HKEY_USERS\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_USERS\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found. Registry key HKEY_USERS\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. Registry key HKEY_USERS\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found. Registry key HKEY_USERS\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Prefs.js: "MyStart Search" removed from browser.search.defaultenginename Prefs.js: "softonic-de3 Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "MyStart Search" removed from browser.search.selectedEngine Prefs.js: true removed from browser.search.useDBForOrder Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage Prefs.js: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01 removed from extensions.enabledItems Prefs.js: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 removed from extensions.enabledItems Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems Prefs.js: nasanightlaunch@example.com:0.6.20110419 removed from extensions.enabledItems Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully. File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully. C:\Programme\Web Assistant\Extension32.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found. File C:\Programme\softonic-de3\prxtbsof0.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found. File de3\prxtbsof0.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F9639E4A-801B-4843-AEE3-03D9DA199E77} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully. C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll moved successfully. Registry value HKEY_USERS\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found. File de3\prxtbsof0.dll not found. Registry value HKEY_USERS\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MsgCenterExe deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. File move failed. G:\autorun.inf scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69a34860-05d1-11df-aa6a-001f16b7da77}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69a34860-05d1-11df-aa6a-001f16b7da77}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69a34860-05d1-11df-aa6a-001f16b7da77}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69a34860-05d1-11df-aa6a-001f16b7da77}\ not found. File G:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bd90f1b-d1f5-11de-8bfc-001e64063340}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bd90f1b-d1f5-11de-8bfc-001e64063340}\ not found. File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL julIAn.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a702828e-9189-11de-81e4-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a702828e-9189-11de-81e4-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a702828e-9189-11de-81e4-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a702828e-9189-11de-81e4-806e6f6e6963}\ not found. File move failed. G:\Setup.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8717660-1af9-11df-945b-001e64063340}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8717660-1af9-11df-945b-001e64063340}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8717660-1af9-11df-945b-001e64063340}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8717660-1af9-11df-945b-001e64063340}\ not found. File F:\pushinst.exe not found. ADS C:\ProgramData\Temp:B203B914 deleted successfully. ADS C:\ProgramData\Temp:131C0EE9 deleted successfully. ADS C:\ProgramData\Temp:E1982A23 deleted successfully. ADS C:\ProgramData\Temp:CDFF58FE deleted successfully. ADS C:\ProgramData\Temp:814B9485 deleted successfully. ADS C:\ProgramData\Temp:3B3A35EC deleted successfully. ADS C:\ProgramData\Temp:4F636E25 deleted successfully. ADS C:\ProgramData\Temp:ADE16379 deleted successfully. ADS C:\ProgramData\Temp:ABE89FFE deleted successfully. ADS C:\ProgramData\Temp:B623B5B8 deleted successfully. ADS C:\ProgramData\Temp:3064D21D deleted successfully. ADS C:\ProgramData\Temp:35759C73 deleted successfully. ADS C:\ProgramData\Temp  CAF903C deleted successfully.ADS C:\ProgramData\Temp:798A3728 deleted successfully. ADS C:\ProgramData\Temp:41099CE9 deleted successfully. ADS C:\ProgramData\Temp:CE0A077E deleted successfully. ADS C:\ProgramData\Temp:9E22BBE8 deleted successfully. C:\Program Files\Web Assistant\resources folder moved successfully. C:\Program Files\Web Assistant\libraries folder moved successfully. C:\Program Files\Web Assistant\Firefox\defaults\preferences folder moved successfully. C:\Program Files\Web Assistant\Firefox\defaults folder moved successfully. C:\Program Files\Web Assistant\Firefox\chrome\skin folder moved successfully. C:\Program Files\Web Assistant\Firefox\chrome\locale\en-US folder moved successfully. C:\Program Files\Web Assistant\Firefox\chrome\locale folder moved successfully. C:\Program Files\Web Assistant\Firefox\chrome\content\resources folder moved successfully. C:\Program Files\Web Assistant\Firefox\chrome\content\libraries folder moved successfully. C:\Program Files\Web Assistant\Firefox\chrome\content folder moved successfully. C:\Program Files\Web Assistant\Firefox\chrome folder moved successfully. C:\Program Files\Web Assistant\Firefox folder moved successfully. C:\Program Files\Web Assistant folder moved successfully. C:\user.js moved successfully. C:\Windows\Tasks\Ad-Aware Update (Weekly).job moved successfully. C:\Windows\Tasks\Ad-Aware Update (Daily 1).job moved successfully. C:\Windows\Tasks\Ad-Aware Update (Daily 4).job moved successfully. C:\Windows\Tasks\Ad-Aware Update (Daily 3).job moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Tobias\Desktop\cmd.bat deleted successfully. C:\Users\Tobias\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 75 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Tobias ->Temp folder emptied: 55285992 bytes ->Temporary Internet Files folder emptied: 45287572 bytes ->Java cache emptied: 98659 bytes ->FireFox cache emptied: 65698062 bytes ->Flash cache emptied: 966 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 93448 bytes RecycleBin emptied: 45419839 bytes Total Files Cleaned = 202,00 mb OTL by OldTimer - Version 3.2.54.0 log created on 08162012_184008 Files\Folders moved on Reboot... File move failed. G:\autorun.inf scheduled to be moved on reboot. File move failed. G:\Setup.exe scheduled to be moved on reboot. PendingFileRenameOperations files... [2010.08.24 03:51:10 | 000,000,044 | R--- | M] () G:\autorun.inf : MD5=B31F3D09BEDBB0A7C6F68983D930EEB9 [2010.08.24 03:51:12 | 000,345,896 | R--- | M] (Valve Corporation) G:\Setup.exe : MD5=5A95EC15928801942CE9E76AFFE566B5 Registry entries deleted on Reboot... Sorry ich hab mich verdrückt, ich bin nicht so bewandert mit Foreneinträgen.  Code:
ATTFilter All processes killed
========== OTL ==========
Process ExtensionUpdaterService.exe killed successfully!
Service Web Assistant Updater stopped successfully!
Service Web Assistant Updater deleted successfully!
C:\Programme\Web Assistant\ExtensionUpdaterService.exe moved successfully.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys File not found not found.
Error: No service named a123h08t was found to stop!
Service\Driver key a123h08t not found.
File File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
C:\Programme\softonic-de3\prxtbsof0.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\prxtbsof0.dll not found.
HKEY_USERS\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_USERS\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_USERS\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: "softonic-de3 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "MyStart Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01 removed from extensions.enabledItems
Prefs.js: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: nasanightlaunch@example.com:0.6.20110419 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
C:\Programme\Web Assistant\Extension32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\prxtbsof0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\prxtbsof0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F9639E4A-801B-4843-AEE3-03D9DA199E77} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\prxtbsof0.dll not found.
Registry value HKEY_USERS\S-1-5-21-1843618265-1737691326-3216044275-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MsgCenterExe deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. G:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69a34860-05d1-11df-aa6a-001f16b7da77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69a34860-05d1-11df-aa6a-001f16b7da77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69a34860-05d1-11df-aa6a-001f16b7da77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69a34860-05d1-11df-aa6a-001f16b7da77}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bd90f1b-d1f5-11de-8bfc-001e64063340}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bd90f1b-d1f5-11de-8bfc-001e64063340}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL julIAn.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a702828e-9189-11de-81e4-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a702828e-9189-11de-81e4-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a702828e-9189-11de-81e4-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a702828e-9189-11de-81e4-806e6f6e6963}\ not found.
File move failed. G:\Setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8717660-1af9-11df-945b-001e64063340}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8717660-1af9-11df-945b-001e64063340}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8717660-1af9-11df-945b-001e64063340}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8717660-1af9-11df-945b-001e64063340}\ not found.
File F:\pushinst.exe not found.
ADS C:\ProgramData\Temp:B203B914 deleted successfully.
ADS C:\ProgramData\Temp:131C0EE9 deleted successfully.
ADS C:\ProgramData\Temp:E1982A23 deleted successfully.
ADS C:\ProgramData\Temp:CDFF58FE deleted successfully.
ADS C:\ProgramData\Temp:814B9485 deleted successfully.
ADS C:\ProgramData\Temp:3B3A35EC deleted successfully.
ADS C:\ProgramData\Temp:4F636E25 deleted successfully.
ADS C:\ProgramData\Temp:ADE16379 deleted successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
ADS C:\ProgramData\Temp:B623B5B8 deleted successfully.
ADS C:\ProgramData\Temp:3064D21D deleted successfully.
ADS C:\ProgramData\Temp:35759C73 deleted successfully.
ADS C:\ProgramData\Temp:DCAF903C deleted successfully.
ADS C:\ProgramData\Temp:798A3728 deleted successfully.
ADS C:\ProgramData\Temp:41099CE9 deleted successfully.
ADS C:\ProgramData\Temp:CE0A077E deleted successfully.
ADS C:\ProgramData\Temp:9E22BBE8 deleted successfully.
C:\Program Files\Web Assistant\resources folder moved successfully.
C:\Program Files\Web Assistant\libraries folder moved successfully.
C:\Program Files\Web Assistant\Firefox\defaults\preferences folder moved successfully.
C:\Program Files\Web Assistant\Firefox\defaults folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\skin folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\locale\en-US folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\locale folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\content\resources folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\content\libraries folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\content folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome folder moved successfully.
C:\Program Files\Web Assistant\Firefox folder moved successfully.
C:\Program Files\Web Assistant folder moved successfully.
C:\user.js moved successfully.
C:\Windows\Tasks\Ad-Aware Update (Weekly).job moved successfully.
C:\Windows\Tasks\Ad-Aware Update (Daily 1).job moved successfully.
C:\Windows\Tasks\Ad-Aware Update (Daily 4).job moved successfully.
C:\Windows\Tasks\Ad-Aware Update (Daily 3).job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Tobias\Desktop\cmd.bat deleted successfully.
C:\Users\Tobias\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 75 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Tobias
->Temp folder emptied: 55285992 bytes
->Temporary Internet Files folder emptied: 45287572 bytes
->Java cache emptied: 98659 bytes
->FireFox cache emptied: 65698062 bytes
->Flash cache emptied: 966 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 93448 bytes
RecycleBin emptied: 45419839 bytes
Total Files Cleaned = 202,00 mb
OTL by OldTimer - Version 3.2.54.0 log created on 08162012_184008
Files\Folders moved on Reboot...
File move failed. G:\autorun.inf scheduled to be moved on reboot.
File move failed. G:\Setup.exe scheduled to be moved on reboot.
PendingFileRenameOperations files...
[2010.08.24 03:51:10 | 000,000,044 | R--- | M] () G:\autorun.inf : MD5=B31F3D09BEDBB0A7C6F68983D930EEB9
[2010.08.24 03:51:12 | 000,345,896 | R--- | M] (Valve Corporation) G:\Setup.exe : MD5=5A95EC15928801942CE9E76AFFE566B5
Registry entries deleted on Reboot...
|
|
17.08.2012, 01:17
| #9 |
| /// Helfer-Team | Incredibar Trojaner löschen, wie gehe ich vor? Sehr gut! Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
17.08.2012, 17:33
| #10 |
| | Incredibar Trojaner löschen, wie gehe ich vor? So also zu Schritt 1 die Daten: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.17.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 7.0.6002.18005 Tobias :: TOBIAS-PC [Administrator] 17.08.2012 15:34:47 mbam-log-2012-08-17 (15-34-47).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 386402 Laufzeit: 2 Stunde(n), 23 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Danke nochmals für die tatkräftige Unterstützung. So anbei nun Schritt 2. Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/17/2012 at 20:39:56
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Tobias - TOBIAS-PC
# Boot Mode : Normal
# Running from : C:\Users\Tobias\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\Tobias\AppData\Local\Conduit
Folder Found : C:\Users\Tobias\AppData\LocalLow\Conduit
Folder Found : C:\Users\Tobias\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Tobias\AppData\LocalLow\softonic-de3
Folder Found : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\1qu77e88.default\Conduit
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\DAEMON Tools Toolbar
Folder Found : C:\Program Files\softonic-de3
***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\I
Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\softonic-de3 Toolbar
Key Found : HKLM\SOFTWARE\softonic-de3
Key Found : HKLM\SOFTWARE\Web Assistant
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{78D26211-C357-43A8-A589-4A6DD0AF6ACD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{26EEC21B-9797-4A49-9C0B-0092CF4822E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66CF3F82-8857-42E2-A6BC-FEB80868C4D1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54D3B813-CE83-45C8-8E82-B348D885A6D4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{26EEC21B-9797-4A49-9C0B-0092CF4822E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
***** [Internet Browsers] *****
-\\ Internet Explorer v7.0.6002.18005
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\1qu77e88.default\prefs.js
Found : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2431245.CTID", "CT2431245");
Found : user_pref("CT2431245.CommunitiesChangesLastCheckTime", "0");
Found : user_pref("CT2431245.CurrentServerDate", "13-3-2011");
Found : user_pref("CT2431245.DialogsAlignMode", "LTR");
Found : user_pref("CT2431245.DownloadReferralCookieData", "");
Found : user_pref("CT2431245.EMailNotifierPollDate", "Sun Mar 13 2011 19:31:51 GMT+0100");
Found : user_pref("CT2431245.FeedLastCount129009402595187825", 1192);
Found : user_pref("CT2431245.FeedPollDate7470634014180506963", "Sun Mar 13 2011 18:54:22 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634014269327586", "Sun Mar 13 2011 18:54:21 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634014329599698", "Sun Mar 13 2011 18:54:21 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634014537505092", "Sun Mar 13 2011 18:54:21 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634014970726540", "Sun Mar 13 2011 18:54:21 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634015410831318", "Sun Mar 13 2011 18:54:23 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634015483395460", "Sun Mar 13 2011 18:54:22 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634015636754705", "Sun Mar 13 2011 18:54:22 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634015768347545", "Sun Mar 13 2011 18:54:22 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634015855543602", "Sun Mar 13 2011 18:54:21 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634016030710453", "Sun Mar 13 2011 18:54:21 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634016114705611", "Sun Mar 13 2011 18:54:23 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634016129205152", "Sun Mar 13 2011 18:54:23 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634016143724791", "Sun Mar 13 2011 18:54:23 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634016271239162", "Sun Mar 13 2011 18:54:23 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634016568520719", "Sun Mar 13 2011 18:54:22 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634016726993788", "Sun Mar 13 2011 18:54:21 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634017109031809", "Sun Mar 13 2011 18:54:22 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634017132743740", "Sun Mar 13 2011 18:54:22 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634017299547668", "Sun Mar 13 2011 18:54:22 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634017302327846", "Sun Mar 13 2011 18:54:22 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634017344111490", "Sun Mar 13 2011 18:54:21 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634017478360748", "Sun Mar 13 2011 18:54:23 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634017732797593", "Sun Mar 13 2011 18:54:21 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634017821686064", "Sun Mar 13 2011 18:54:23 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634018090228721", "Sun Mar 13 2011 18:54:22 GMT+0100");
Found : user_pref("CT2431245.FeedTTL7470634014269327586", 5);
Found : user_pref("CT2431245.FeedTTL7470634014537505092", 5);
Found : user_pref("CT2431245.FeedTTL7470634014970726540", 2);
Found : user_pref("CT2431245.FeedTTL7470634015636754705", 5);
Found : user_pref("CT2431245.FeedTTL7470634016568520719", 30);
Found : user_pref("CT2431245.FirstServerDate", "15-8-2010");
Found : user_pref("CT2431245.FirstTime", true);
Found : user_pref("CT2431245.FirstTimeFF3", true);
Found : user_pref("CT2431245.FirstTimeSettingsDone", true);
Found : user_pref("CT2431245.FixPageNotFoundErrors", true);
Found : user_pref("CT2431245.GroupingInvalidateCache", false);
Found : user_pref("CT2431245.GroupingLastCheckTime", "0");
Found : user_pref("CT2431245.GroupingLastServerUpdateTime", "0");
Found : user_pref("CT2431245.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2431245.Initialize", true);
Found : user_pref("CT2431245.InitializeCommonPrefs", true);
Found : user_pref("CT2431245.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2431245.InstallationType", "UnknownIntegration");
Found : user_pref("CT2431245.InstalledDate", "Sun Aug 15 2010 22:05:45 GMT+0200");
Found : user_pref("CT2431245.InvalidateCache", false);
Found : user_pref("CT2431245.IsGrouping", false);
Found : user_pref("CT2431245.IsMulticommunity", false);
Found : user_pref("CT2431245.IsOpenThankYouPage", false);
Found : user_pref("CT2431245.IsOpenUninstallPage", true);
Found : user_pref("CT2431245.LanguagePackLastCheckTime", "Sun Mar 13 2011 19:06:23 GMT+0100");
Found : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2431245.LastLogin_2.7.1.3", "Sun Sep 26 2010 13:03:47 GMT+0200");
Found : user_pref("CT2431245.LastLogin_2.7.2.0", "Sun Mar 13 2011 18:55:33 GMT+0100");
Found : user_pref("CT2431245.LatestVersion", "3.2.5.2");
Found : user_pref("CT2431245.Locale", "de-de");
Found : user_pref("CT2431245.LoginCache", 4);
Found : user_pref("CT2431245.MCDetectTooltipHeight", "83");
Found : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2431245.MCDetectTooltipWidth", "295");
Found : user_pref("CT2431245.RadioIsPodcast", false);
Found : user_pref("CT2431245.RadioLastCheckTime", "Sun Mar 13 2011 18:54:21 GMT+0100");
Found : user_pref("CT2431245.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000");
Found : user_pref("CT2431245.RadioMediaID", "20503677");
Found : user_pref("CT2431245.RadioMediaType", "Media Player");
Found : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT2431245_RECENT20503677");
Found : user_pref("CT2431245.RadioStationName", "pop-rock%2002");
Found : user_pref("CT2431245.RadioStationURL", "hxxp://www.wazee.org/128.asx");
Found : user_pref("CT2431245.RadioVolume", "26");
Found : user_pref("CT2431245.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2431245.SavedHomepage", "hxxp://www.google.de/ig?hl=de");
Found : user_pref("CT2431245.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2431245.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Found : user_pref("CT2431245.SearchInNewTabEnabled", true);
Found : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Sun Mar 13 2011 18:54:20 GMT+0100");
Found : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2431245.SearchInNewTabUserEnabled", false);
Found : user_pref("CT2431245.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2431245.SettingsLastCheckTime", "Sun Mar 13 2011 18:54:20 GMT+0100");
Found : user_pref("CT2431245.SettingsLastUpdate", "1299543701");
Found : user_pref("CT2431245.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Mon Mar 07 2011 19:26:25 GMT+0100");
Found : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1255348257");
Found : user_pref("CT2431245.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Found : user_pref("CT2431245.UserID", "UN04768920916060282");
Found : user_pref("CT2431245.ValidationData_Search", 0);
Found : user_pref("CT2431245.ValidationData_Toolbar", 2);
Found : user_pref("CT2431245.WeatherNetwork", "");
Found : user_pref("CT2431245.WeatherPollDate", "Sun Mar 13 2011 19:25:11 GMT+0100");
Found : user_pref("CT2431245.WeatherUnit", "C");
Found : user_pref("CT2431245.alertChannelId", "825452");
Found : user_pref("CT2431245.backendstorage._fb_dailyactivity", "31333030303338383930383132");
Found : user_pref("CT2431245.backendstorage._fb_lifetimesent", "54525545");
Found : user_pref("CT2431245.backendstorage.facebook_ctid_connect_send", "73656E646564");
Found : user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "434C4F5345");
Found : user_pref("CT2431245.backendstorage.li_dailyactivity", "31333030303339353731333732");
Found : user_pref("CT2431245.backendstorage.li_lifetimesent", "54525545");
Found : user_pref("CT2431245.clientLogIsEnabled", false);
Found : user_pref("CT2431245.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2431245.myStuffEnabled", true);
Found : user_pref("CT2431245.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2431245.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2431245.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://storage.conduit.com/45/243/CT2431245/Gadg[...]
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.triplegames.com/shared/apps/gamearcade/ar[...]
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2431245");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2431245");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Jan 03 2011 17:57:16 GMT+0100");
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2431245");
Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10671");
Found : user_pref("extensions.incredibar_i.excTlbr", false);
Found : user_pref("extensions.incredibar_i.id", "7c9e3ac8000000000000001e64063340");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15540");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "7777720");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyIpjlIjf&loc=IB[...]
Found : user_pref("extensions.incredibar_i.upn2", "6OyIpjlIjf");
Found : user_pref("extensions.incredibar_i.upn2n", "92261781853049281");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1413:16:35");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
*************************
AdwCleaner[R1].txt - [18894 octets] - [17/08/2012 20:39:56]
########## EOF - C:\AdwCleaner[R1].txt - [19023 octets] ##########
|
|
29.08.2012, 18:59
| #11 |
| | Incredibar Trojaner löschen, wie gehe ich vor? Hallo, ist mein Virenproblem jetzt gelöst und alles wieder i.O. oder muss ich noch irgendwas machen?  Vielen Dank schonmal! |
|
29.08.2012, 22:02
| #12 |
| /// Helfer-Team | Incredibar Trojaner löschen, wie gehe ich vor?
dann: Lasse SUPERAntiSpyware laufen: http://www.trojaner-board.de/51871-a...tispyware.html |
|
30.08.2012, 18:08
| #13 |
| | Incredibar Trojaner löschen, wie gehe ich vor? zu Befehl. Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/30/2012 at 19:03:27
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Tobias - TOBIAS-PC
# Boot Mode : Normal
# Running from : C:\Users\Tobias\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\Tobias\AppData\Local\Conduit
Folder Deleted : C:\Users\Tobias\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Tobias\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Tobias\AppData\LocalLow\softonic-de3
Folder Deleted : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\1qu77e88.default\Conduit
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files\softonic-de3
***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\softonic-de3 Toolbar
Key Deleted : HKLM\SOFTWARE\softonic-de3
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78D26211-C357-43A8-A589-4A6DD0AF6ACD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26EEC21B-9797-4A49-9C0B-0092CF4822E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66CF3F82-8857-42E2-A6BC-FEB80868C4D1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54D3B813-CE83-45C8-8E82-B348D885A6D4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{26EEC21B-9797-4A49-9C0B-0092CF4822E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
***** [Internet Browsers] *****
-\\ Internet Explorer v7.0.6002.18005
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\1qu77e88.default\prefs.js
C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\1qu77e88.default\user.js ... Deleted !
Deleted : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2431245.CTID", "CT2431245");
Deleted : user_pref("CT2431245.CommunitiesChangesLastCheckTime", "0");
Deleted : user_pref("CT2431245.CurrentServerDate", "13-3-2011");
Deleted : user_pref("CT2431245.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2431245.DownloadReferralCookieData", "");
Deleted : user_pref("CT2431245.EMailNotifierPollDate", "Sun Mar 13 2011 19:31:51 GMT+0100");
Deleted : user_pref("CT2431245.FeedLastCount129009402595187825", 1192);
Deleted : user_pref("CT2431245.FeedPollDate7470634014180506963", "Sun Mar 13 2011 18:54:22 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634014269327586", "Sun Mar 13 2011 18:54:21 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634014329599698", "Sun Mar 13 2011 18:54:21 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634014537505092", "Sun Mar 13 2011 18:54:21 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634014970726540", "Sun Mar 13 2011 18:54:21 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634015410831318", "Sun Mar 13 2011 18:54:23 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634015483395460", "Sun Mar 13 2011 18:54:22 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634015636754705", "Sun Mar 13 2011 18:54:22 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634015768347545", "Sun Mar 13 2011 18:54:22 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634015855543602", "Sun Mar 13 2011 18:54:21 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634016030710453", "Sun Mar 13 2011 18:54:21 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634016114705611", "Sun Mar 13 2011 18:54:23 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634016129205152", "Sun Mar 13 2011 18:54:23 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634016143724791", "Sun Mar 13 2011 18:54:23 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634016271239162", "Sun Mar 13 2011 18:54:23 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634016568520719", "Sun Mar 13 2011 18:54:22 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634016726993788", "Sun Mar 13 2011 18:54:21 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634017109031809", "Sun Mar 13 2011 18:54:22 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634017132743740", "Sun Mar 13 2011 18:54:22 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634017299547668", "Sun Mar 13 2011 18:54:22 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634017302327846", "Sun Mar 13 2011 18:54:22 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634017344111490", "Sun Mar 13 2011 18:54:21 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634017478360748", "Sun Mar 13 2011 18:54:23 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634017732797593", "Sun Mar 13 2011 18:54:21 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634017821686064", "Sun Mar 13 2011 18:54:23 GMT+0100");
Deleted : user_pref("CT2431245.FeedPollDate7470634018090228721", "Sun Mar 13 2011 18:54:22 GMT+0100");
Deleted : user_pref("CT2431245.FeedTTL7470634014269327586", 5);
Deleted : user_pref("CT2431245.FeedTTL7470634014537505092", 5);
Deleted : user_pref("CT2431245.FeedTTL7470634014970726540", 2);
Deleted : user_pref("CT2431245.FeedTTL7470634015636754705", 5);
Deleted : user_pref("CT2431245.FeedTTL7470634016568520719", 30);
Deleted : user_pref("CT2431245.FirstServerDate", "15-8-2010");
Deleted : user_pref("CT2431245.FirstTime", true);
Deleted : user_pref("CT2431245.FirstTimeFF3", true);
Deleted : user_pref("CT2431245.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2431245.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2431245.GroupingInvalidateCache", false);
Deleted : user_pref("CT2431245.GroupingLastCheckTime", "0");
Deleted : user_pref("CT2431245.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT2431245.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2431245.Initialize", true);
Deleted : user_pref("CT2431245.InitializeCommonPrefs", true);
Deleted : user_pref("CT2431245.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2431245.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2431245.InstalledDate", "Sun Aug 15 2010 22:05:45 GMT+0200");
Deleted : user_pref("CT2431245.InvalidateCache", false);
Deleted : user_pref("CT2431245.IsGrouping", false);
Deleted : user_pref("CT2431245.IsMulticommunity", false);
Deleted : user_pref("CT2431245.IsOpenThankYouPage", false);
Deleted : user_pref("CT2431245.IsOpenUninstallPage", true);
Deleted : user_pref("CT2431245.LanguagePackLastCheckTime", "Sun Mar 13 2011 19:06:23 GMT+0100");
Deleted : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2431245.LastLogin_2.7.1.3", "Sun Sep 26 2010 13:03:47 GMT+0200");
Deleted : user_pref("CT2431245.LastLogin_2.7.2.0", "Sun Mar 13 2011 18:55:33 GMT+0100");
Deleted : user_pref("CT2431245.LatestVersion", "3.2.5.2");
Deleted : user_pref("CT2431245.Locale", "de-de");
Deleted : user_pref("CT2431245.LoginCache", 4);
Deleted : user_pref("CT2431245.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2431245.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2431245.RadioIsPodcast", false);
Deleted : user_pref("CT2431245.RadioLastCheckTime", "Sun Mar 13 2011 18:54:21 GMT+0100");
Deleted : user_pref("CT2431245.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000");
Deleted : user_pref("CT2431245.RadioMediaID", "20503677");
Deleted : user_pref("CT2431245.RadioMediaType", "Media Player");
Deleted : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT2431245_RECENT20503677");
Deleted : user_pref("CT2431245.RadioStationName", "pop-rock%2002");
Deleted : user_pref("CT2431245.RadioStationURL", "hxxp://www.wazee.org/128.asx");
Deleted : user_pref("CT2431245.RadioVolume", "26");
Deleted : user_pref("CT2431245.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2431245.SavedHomepage", "hxxp://www.google.de/ig?hl=de");
Deleted : user_pref("CT2431245.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2431245.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Deleted : user_pref("CT2431245.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Sun Mar 13 2011 18:54:20 GMT+0100");
Deleted : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2431245.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2431245.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2431245.SettingsLastCheckTime", "Sun Mar 13 2011 18:54:20 GMT+0100");
Deleted : user_pref("CT2431245.SettingsLastUpdate", "1299543701");
Deleted : user_pref("CT2431245.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Mon Mar 07 2011 19:26:25 GMT+0100");
Deleted : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1255348257");
Deleted : user_pref("CT2431245.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Deleted : user_pref("CT2431245.UserID", "UN04768920916060282");
Deleted : user_pref("CT2431245.ValidationData_Search", 0);
Deleted : user_pref("CT2431245.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2431245.WeatherNetwork", "");
Deleted : user_pref("CT2431245.WeatherPollDate", "Sun Mar 13 2011 19:25:11 GMT+0100");
Deleted : user_pref("CT2431245.WeatherUnit", "C");
Deleted : user_pref("CT2431245.alertChannelId", "825452");
Deleted : user_pref("CT2431245.backendstorage._fb_dailyactivity", "31333030303338383930383132");
Deleted : user_pref("CT2431245.backendstorage._fb_lifetimesent", "54525545");
Deleted : user_pref("CT2431245.backendstorage.facebook_ctid_connect_send", "73656E646564");
Deleted : user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "434C4F5345");
Deleted : user_pref("CT2431245.backendstorage.li_dailyactivity", "31333030303339353731333732");
Deleted : user_pref("CT2431245.backendstorage.li_lifetimesent", "54525545");
Deleted : user_pref("CT2431245.clientLogIsEnabled", false);
Deleted : user_pref("CT2431245.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2431245.myStuffEnabled", true);
Deleted : user_pref("CT2431245.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2431245.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2431245.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://storage.conduit.com/45/243/CT2431245/Gadg[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.triplegames.com/shared/apps/gamearcade/ar[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2431245");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2431245");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Jan 03 2011 17:57:16 GMT+0100");
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2431245");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10671");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "7c9e3ac8000000000000001e64063340");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15540");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "7777720");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyIpjlIjf&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6OyIpjlIjf");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92261781853049281");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1413:16:35");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
*************************
AdwCleaner[R1].txt - [19025 octets] - [17/08/2012 20:39:56]
AdwCleaner[S1].txt - [19520 octets] - [30/08/2012 19:03:27]
########## EOF - C:\AdwCleaner[S1].txt - [19649 octets] ##########
|
|
30.08.2012, 20:40
| #14 |
| /// Helfer-Team | Incredibar Trojaner löschen, wie gehe ich vor? SASW Log ? |
|
02.09.2012, 12:24
| #15 |
| | Incredibar Trojaner löschen, wie gehe ich vor? so da ist nun die letzte Datei. Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 09/02/2012 at 12:32 PM
Application Version : 5.5.1012
Core Rules Database Version : 9165
Trace Rules Database Version: 6977
Scan type : Complete Scan
Total Scan Time : 03:02:32
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)
Memory items scanned : 781
Memory threats detected : 0
Registry items scanned : 34413
Registry threats detected : 0
File items scanned : 185503
File threats detected : 4
Adware.Tracking Cookie
C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\98Q04FUP.txt [ /ad.zanox.com ]
C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\TM85ONW0.txt [ /zanox.com ]
C:\USERS\TOBIAS\Cookies\98Q04FUP.txt [ Cookie:tobias@ad.zanox.com/ ]
C:\USERS\TOBIAS\Cookies\TM85ONW0.txt [ Cookie:tobias@zanox.com/ ]
|
|
| Themen zu Incredibar Trojaner löschen, wie gehe ich vor? |
| bli, blind, einfach, einträge, erschein, erscheint, firefox, google, hoffe, incredibar, löschen, mystart, mystart incredibar, mystart incredibar entfernen, problem, programm, schonmal, starte, troja, trojaner, trojaner löschen, träge |
Linear-Darstellung
