| |
| |||||||
Log-Analyse und Auswertung: RKIT/Agent.desj in BAcroIEHelpe171.dll als MalwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.07.2012, 04:35
| #1 |
 |  RKIT/Agent.desj in BAcroIEHelpe171.dll als Malware einen guten Tag an alle freundlichen Helfer, ich bin neu hier, weil ich dieses Ding RKIT/Agent.desj in BAcroIEHelpe171.dll als Malware gefunden habe. Antivir hat mir diese Fehlermeldung ausgegeben. Hier im Forum habe ich einen Thread über "RKIT/Agent.desg" gefunden und die beiden angegebenen Suchprogramme Malwarebytes Anti-Malware und OTL drüberlaufen lassen. Hier meine Log-Dateien: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.26.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 xy :: XY1 [Administrator] Schutz: Aktiviert 26.07.2012 02:56:11 mbam-log-2012-07-26 (04-27-11).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|S:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 539202 Laufzeit: 1 Stunde(n), 22 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 5 HKCR\CLSID\{1D6A5EE5-2D25-4D81-A94F-F8E694A1BADF} (Trojan.Agent) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D6A5EE5-2D25-4D81-A94F-F8E694A1BADF} (Trojan.Agent) -> Keine Aktion durchgeführt. HKCR\CLSID\{F99BD4F5-D402-4c21-A8BC-510830B6BE37} (Trojan.Banker) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Keine Aktion durchgeführt. HKCU\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\xy\AppData\Roaming\appconf32.exe -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Daten: hxxp://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bösartig: (hxxp://www.helpmeopen.com/?n=app&ext=%s) Gut: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 19 C:\$Recycle.Bin\S-1-5-21-1304805427-2328156682-2798200666-1000\$RHU85YL.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\GameHouse Games\ocean_express_v10_tft.exe (PUP.Adware.MediaGet) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Vlcclassic\Uninstall.exe (Trojan.FakeVLC) -> Keine Aktion durchgeführt. C:\Users\xy\Desktop\Download\internet_download_manager_514_build_5.exe (PUP.Adware.MediaGet) -> Keine Aktion durchgeführt. C:\Users\xy\Desktop\Download\internet_download_manager_v5183_repack_winall_incl_crack_rig_[h33t]_[m8].exe (PUP.Adware.MediaGet) -> Keine Aktion durchgeführt. C:\Users\xy\Desktop\Sicherungen\diverses\SoftonicDownloader_fuer_internet-download-manager.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\xy\Desktop\Sicherungen\diverses\KeyPatch IDM\KEY PATCH IDM.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt. C:\Users\xy\Documents\Downloads\Programs\FLVConverterSetup.exe (Adware.Agent) -> Keine Aktion durchgeführt. C:\Users\xy\Documents\Downloads\Programs\SoftonicDownloader_fuer_adobe-illustrator_2.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\xy\Documents\Downloads\Programs\SoftonicDownloader_fuer_adobe-illustrator_3.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\xy\Documents\Downloads\Programs\SoftonicDownloader_fuer_mozilla-firefox.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\xy\Documents\Downloads\Programs\SoftonicDownloader_fuer_mozilla-firefox_2.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\xy\Documents\Internet Download Manager [IDM] v6.08 Build 9 - Crack UnREaL\idman608.exe (PUP.SmsPay) -> Keine Aktion durchgeführt. C:\Users\xy\Downloads\SoftonicDownloader_fuer_7-zip.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\xy\Downloads\SoftonicDownloader_fuer_luxor-3.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\xy\Downloads\SoftonicDownloader_fuer_winzip.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. S:\EDV\Programme\IDM\KeyPatch IDM\KEY PATCH IDM.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt. C:\Users\xy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Keine Aktion durchgeführt. C:\Users\xy\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Keine Aktion durchgeführt. (Ende) Und hier Nr. 2 OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 7/26/2012 4:50:36 AM - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\xy\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 59.66% Memory free 8.00 Gb Paging File | 6.12 Gb Available in Paging File | 76.59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 919.79 Gb Total Space | 622.01 Gb Free Space | 67.63% Space Free | Partition Type: NTFS Drive D: | 286.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive S: | 931.51 Gb Total Space | 817.66 Gb Free Space | 87.78% Space Free | Partition Type: NTFS Computer Name: xy | User Name: xy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\xy\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Users\nettmarketing\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) PRC - c:\xampp\apache\bin\httpd.exe (Apache Software Foundation) PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) PRC - c:\xampp\mysql\bin\mysqld.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\agcp.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe () PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.) PRC - C:\Windows\SysWOW64\TSTheme.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe () PRC - C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\xy\AppData\Local\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll () MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL () MOD - C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe () MOD - C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe () MOD - C:\Program Files (x86)\Portrait Displays\Pivot Software\Winphook.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Apache2.2) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation) SRV - (mysql) -- c:\xampp\mysql\bin\mysqld.exe () SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (FileZilla Server) -- c:\xampp\FileZillaFTP\FileZillaServer.exe (FileZilla Project) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (DTSRVC) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe () SRV - (PdiService) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (NBVol) -- C:\Windows\SysNative\drivers\NBVol.sys (Nero AG) DRV:64bit: - (NBVolUp) -- C:\Windows\SysNative\drivers\NBVolUp.sys (Nero AG) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (PdiPorts) -- C:\Windows\SysNative\drivers\PdiPorts.sys (Portrait Displays, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (s115mgmt) -- C:\Windows\SysNative\drivers\s115mgmt.sys (MCCI Corporation) DRV:64bit: - (s115obex) -- C:\Windows\SysNative\drivers\s115obex.sys (MCCI Corporation) DRV:64bit: - (s115mdm) -- C:\Windows\SysNative\drivers\s115mdm.sys (MCCI Corporation) DRV:64bit: - (s115mdfl) -- C:\Windows\SysNative\drivers\s115mdfl.sys (MCCI Corporation) DRV:64bit: - (s115bus) -- C:\Windows\SysNative\drivers\s115bus.sys (MCCI Corporation) DRV - (KLAntiFL) -- C:\Windows\SysWOW64\flcss.sys (Kaspersky Lab.) DRV - (cdrbsdrv) -- C:\Windows\SysWow64\drivers\CDRBSDRV.SYS (B.H.A Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://eu.ask.com/web?l=dis&o=APN10383&gct=hp&apn_dtid=^YYYYYY^YY^DE&apn_ptnrs=^ABI&apn_uid=3414145426654138&p2=^ABI^YYYYYY^YY^DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 63 15 27 FB 34 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch&babsrc=SP_ss&mntrId=d2f250df000000000000000000000000 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb106/?search={searchTerms}&loc=IB_DS&a=6PQoHNhJyF&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "NCH DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledItems: sparweltgutscheinewl@sparwelt.de:1.0 FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.7 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {e84cc2c1-b722-48fc-a39c-edb8b525c777}:3.3.0.19 FF - prefs.js..extensions.enabledItems: {78D3E302-AEE0-40BB-B866-28A0139E12C8}:1.9.1 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2883880&SearchSource=2&q=" FF - prefs.js..network.proxy.http: "89.187.142.176" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/17 19:24:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\xy\AppData\Roaming\12001.049 [2012/07/25 19:00:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Users\nettmarketing\AppData\Local\Mozilla Firefox\components [2012/05/07 12:22:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Users\xy\AppData\Local\Mozilla Firefox\plugins [2012/06/21 03:36:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Components: C:\Users\xy\AppData\Local\Mozilla Thunderbird\components [2012/02/26 03:29:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Plugins: C:\Users\xy\AppData\Local\Mozilla Thunderbird\plugins [2012/06/21 03:36:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{78D3E302-AEE0-40BB-B866-28A0139E12C8}: C:\Users\xy\AppData\Local\{78D3E302-AEE0-40BB-B866-28A0139E12C8} [2011/02/23 20:57:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\xy\AppData\Roaming\IDM\idmmzcc3 [2012/02/21 14:30:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\xy\AppData\Roaming\12001.049 [2012/07/25 19:00:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\xy\AppData\Roaming\IDM\idmmzcc3 [2012/02/21 14:30:29 | 000,000,000 | ---D | M] [2011/08/24 00:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xy\AppData\Roaming\mozilla\Extensions [2012/07/22 20:40:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xy\AppData\Roaming\mozilla\Firefox\Profiles\m8tbqzhj.default\extensions [2012/02/17 20:25:51 | 000,002,203 | ---- | M] () -- C:\Users\xy\AppData\Roaming\Mozilla\Firefox\Profiles\m8tbqzhj.default\searchplugins\MyStart Search.xml [2012/02/09 22:49:34 | 000,003,915 | ---- | M] () -- C:\Users\xy\AppData\Roaming\Mozilla\Firefox\Profiles\m8tbqzhj.default\searchplugins\sweetim.xml [2011/03/14 17:12:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/03/22 14:03:49 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2012/07/22 20:40:53 | 000,016,192 | ---- | M] () (No name found) -- C:\USERS\XY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M8TBQZHJ.DEFAULT\EXTENSIONS\{DD3D7613-0246-469D-BC65-2A3CC1668ADC}.XPI [2012/07/19 18:31:45 | 000,182,698 | ---- | M] () (No name found) -- C:\USERS\XY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M8TBQZHJ.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI ========== Chrome ========== O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - \bin\jp2ssv.dll File not found O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Tonec Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [DT PLP] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe () O4 - HKCU..\Run: [DriverFinder] C:\Program Files (x86)\DriverFinder\DriverFinder.exe () O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.) O4 - HKCU..\Run: [MediaGet2] C:\Users\xy\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm () O8:64bit: - Extra context menu item: Download FLV-Videoinhalt mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm () O8:64bit: - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm () O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found O8 - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm () O8 - Extra context menu item: Download FLV-Videoinhalt mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm () O8 - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm () O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDFB34AE-F807-4974-AF8E-758837A55731}: NameServer = 62.220.18.8 89.246.64.8 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{5c45222c-384d-11df-bd63-00016c6d2d52}\Shell - "" = AutoRun O33 - MountPoints2\{5c45222c-384d-11df-bd63-00016c6d2d52}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/26 03:03:53 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\xy\Desktop\OTL.exe [2012/07/26 02:55:11 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\Malwarebytes [2012/07/26 02:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/26 02:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/07/26 02:55:05 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/07/26 02:55:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/07/26 02:53:22 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\xy\Desktop\mbam-setup-1.62.0.1300.exe [2012/07/25 19:00:36 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.049 [2012/07/25 17:07:26 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{4D7A0A5E-B48B-4BBC-8145-656EB89FD66E} [2012/07/25 17:05:46 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{82D677AB-8531-48E9-ACF1-F5C9D0F82390} [2012/07/24 17:05:10 | 000,000,000 | ---D | C] -- C:\Users\xy\Documents\Abelssoft [2012/07/24 16:57:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2012/07/24 16:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Downloader [2012/07/24 16:57:35 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\Abelssoft [2012/07/24 16:57:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Downloader [2012/07/24 10:10:00 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{E21AF4D3-7E6E-4FAF-AA15-D82CB44B5363} [2012/07/24 10:09:19 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{0CB7FB11-7E9F-452D-B5BE-B60B0C55F956} [2012/07/23 16:11:40 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{11F2392D-2581-46DC-AEB7-413CF9DE4057} [2012/07/23 16:11:28 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{D28E86B6-66FB-488C-8A9B-B870FDC79420} [2012/07/22 23:49:38 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\DOSBox [2012/07/22 23:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74 [2012/07/22 23:49:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOSBox-0.74 [2012/07/22 23:49:08 | 001,448,809 | ---- | C] (DOSBox Team) -- C:\Users\xy\Desktop\DOSBox0.74-win32-installer.exe [2012/07/22 21:58:33 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.048 [2012/07/22 19:05:37 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{020CA139-17A0-47C6-BF52-54527A3F2533} [2012/07/22 19:05:03 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{93807DCA-1931-42B3-B4AA-387E6396E480} [2012/07/21 12:20:25 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{EA1932EC-D00C-482D-B34D-1B184CD997EC} [2012/07/21 12:19:28 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{9C3B821B-110F-49D9-8C6F-57DB997AAA11} [2012/07/21 12:19:19 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.047 [2012/07/20 23:14:41 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.046 [2012/07/20 20:23:40 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.045 [2012/07/20 18:18:58 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{FCDE9EF0-BE38-4581-9C3F-50C3DB60F6E6} [2012/07/20 18:18:46 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{1051A9E8-002D-416E-A0E3-CFD45F5AB649} [2012/07/20 04:26:05 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{70450F31-7FF2-4CB8-8881-139759D4E01B} [2012/07/20 04:20:38 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{E489FD4B-FA14-4F72-A00A-7EB7221CFCDC} [2012/07/19 12:39:42 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{69F3B32D-93C7-41AE-BB16-241CCE71A5CB} [2012/07/19 12:38:36 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{C9104B7B-C5CF-4042-B103-8A6755483179} [2012/07/18 19:48:12 | 000,000,000 | ---D | C] -- C:\Users\xy\Desktop\diverse [2012/07/18 18:42:15 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.044 [2012/07/18 17:47:22 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{A637AEAC-2F07-447E-B136-7544A0BD6EF0} [2012/07/18 17:47:08 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{B7DA9789-032C-4E52-844D-BB679EA577C7} [2012/07/18 01:51:01 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.043 [2012/07/18 01:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia [2012/07/18 01:33:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Macromedia [2012/07/18 01:33:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macromedia [2012/07/18 01:31:46 | 000,000,000 | ---D | C] -- C:\Dreamweaver [2012/07/18 01:29:34 | 063,826,688 | ---- | C] (Macromedia ) -- C:\Dreamweaver8-de.exe [2012/07/18 00:36:53 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{571C3852-7267-4EFC-99A4-D0858DE92FBD} [2012/07/17 11:42:55 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{56FD8C72-0DE1-4322-9A46-E1D2D7527466} [2012/07/17 11:41:33 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{EB173A65-EB10-48C2-B86B-03A8FDA78963} [2012/07/16 16:32:53 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{D671580E-15AB-4023-8F0A-DE23E3471717} [2012/07/15 20:58:25 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.042 [2012/07/15 16:47:14 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{B58883FD-F600-4FDF-97CC-F25D4553AB2E} [2012/07/15 16:45:56 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{730FF455-C96C-4801-AEA2-65137EC589B5} [2012/07/15 03:22:31 | 000,000,000 | ---D | C] -- C:\Users\xy\Desktop\Symbole Georg [2012/07/13 20:52:25 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{9998E708-CB4A-439D-9B43-465335CDBA6E} [2012/07/13 20:50:47 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{31B72970-27F3-40DA-9D53-B033114F3B94} [2012/07/13 17:10:08 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.041 [2012/07/13 16:11:18 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{5CEA8BA6-BF66-4D53-BBC9-845120473842} [2012/07/12 22:04:12 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.039 [2012/07/12 17:31:20 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{93EA5E4D-096B-4E77-A324-F9E81E28AEA6} [2012/07/12 17:31:09 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{6DBCD172-FFE9-48C1-A8F8-EFD5142F1BC3} [2012/07/12 01:28:30 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{85517877-691C-4F5C-8149-14C5A9F2FBC0} [2012/07/12 01:27:08 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{DFCE3867-4C81-41B9-8BF9-CECC4C63D9E6} [2012/07/11 20:11:24 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.038 [2012/07/11 13:37:07 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{D9920FB2-9A2D-4FE4-89E4-E98117819A25} [2012/07/10 21:45:42 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.037 [2012/07/10 21:39:56 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{7B198E84-07E4-433F-A67D-359F0EB73BD4} [2012/07/09 20:43:06 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/07/09 20:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2012/07/09 19:19:55 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{E206C76B-0ABF-47CE-A01C-E80DA4248E4B} [2012/07/09 19:18:29 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{B127DE71-843A-473D-AB66-3C219DA9D123} [2012/07/09 18:12:25 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.036 [2012/07/09 04:21:44 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{2EF289B3-7EBD-4182-BD42-16251DCF4162} [2012/07/09 04:20:10 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{DB96A567-BAEF-4EB4-9D33-01F1EE3261BF} [2012/07/08 17:00:31 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.035 [2012/07/08 16:53:59 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{B100FE45-C78B-426D-BF84-05869903DE12} [2012/07/07 23:41:36 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{9991520E-C80B-4579-9934-0226D9282E8F} [2012/07/06 18:41:35 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.034 [2012/07/06 18:36:26 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{40988373-CEFD-440F-932C-7E036325CEF2} [2012/07/06 18:36:14 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{CB006CD2-6D3D-4F65-AFCD-5D1230A70084} [2012/07/06 18:25:07 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{57C4123C-61DB-49B5-9099-98DD2460632D} [2012/07/06 00:20:03 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.033 [2012/07/05 15:55:18 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{F47ED7B9-CCEB-4A25-B0A2-06E7C1CB69B0} [2012/07/05 15:53:06 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{0668A87B-2BCF-412F-A8B6-0AA1924C3F4B} [2012/07/04 18:15:15 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.032 [2012/07/04 15:51:30 | 001,128,916 | ---- | C] (www.hellopdf.com ) -- C:\Users\xy\Desktop\pdf2wordsetup.exe [2012/07/04 15:28:10 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{083E7C3A-9592-4022-89F1-4CB548F8349A} [2012/07/03 20:20:37 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.031 [2012/07/03 20:20:33 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{66A55336-DCFB-4A0E-ABAF-6F09EF267747} [2012/07/03 15:21:54 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{C627445B-F20F-4768-9B20-BBF5B96B7619} [2012/07/02 19:00:59 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{03846435-EE6A-4BD5-BCDF-A268E5C1BD5F} [2012/07/02 19:00:16 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{2B0240D3-20C2-49A9-BB89-E068510B8F62} [2012/07/01 13:36:53 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{220245A4-8D90-47D0-8B8A-A659C239D677} [2012/07/01 13:35:41 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{D416A0C9-E6BD-4380-8228-0E8036325A6E} [2012/06/30 22:05:44 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{83ACC411-3A01-4F89-8F68-92CBAB913479} [2012/06/29 18:56:59 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.030 [2012/06/29 18:01:37 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{F0430FCB-236C-40B9-BB2A-0657C3449CD8} [2012/06/29 16:46:49 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{3887AA61-1BBE-4196-A76A-4768989AD252} [2012/06/29 02:04:10 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{CF501BD7-F1AC-4FB9-A926-43461ED99B6C} [2012/06/29 02:03:24 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{4DFC9BDC-06F4-4B34-8E5B-742BEFD5656D} [2012/06/28 18:39:00 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{91F1357B-F89C-4630-836F-06A58BD7ECD4} [2012/06/28 18:38:43 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{36F10E53-0475-4D37-B536-F4F4BDE61FB0} [2012/06/28 05:27:35 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{EA1FBD3F-B711-4F45-9E71-7AB4241FF7EE} [2012/06/28 05:26:01 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{66E48C4C-436E-48B1-8D1B-CF2C5C0D3F35} [2012/06/27 19:30:23 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.029 [2012/06/27 00:59:47 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.027 [2012/06/26 16:44:15 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{126CE1F2-F11C-422B-8191-C40B087A2C7C} [2012/06/26 16:44:03 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{7C7D8982-FB2B-4EEA-9A51-5EE0600B71B2} [2012/06/26 05:27:19 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{75178E1A-F862-43E8-AABF-C71FDE145C64} [1 C:\Users\xy\AppData\Roaming\*.tmp files -> C:\Users\xy\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/26 04:29:17 | 000,000,032 | ---- | M] () -- C:\Users\xy\AppData\Roaming\blckdom.res [2012/07/26 04:13:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/07/26 03:03:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\xy\Desktop\OTL.exe [2012/07/26 02:55:07 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/07/26 02:53:39 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\xy\Desktop\mbam-setup-1.62.0.1300.exe [2012/07/26 02:46:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/25 14:58:22 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/25 14:58:22 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/25 14:52:52 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys [2012/07/24 18:51:18 | 000,268,944 | ---- | M] () -- C:\Users\xy\AppData\Roaming\AcroIEHelpe174.dll [2012/07/24 18:51:18 | 000,006,400 | ---- | M] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe174.dll [2012/07/24 18:29:07 | 000,056,320 | ---- | M] () -- C:\Users\xy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/07/24 16:57:35 | 000,001,184 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Song Downloader.lnk [2012/07/24 16:57:28 | 001,586,074 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/07/24 16:57:28 | 000,694,250 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/07/24 16:57:28 | 000,651,728 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/07/24 16:57:28 | 000,147,374 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/07/24 16:57:28 | 000,120,660 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/07/24 16:57:17 | 001,585,802 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/07/24 16:48:33 | 000,373,153 | ---- | M] () -- C:\Users\xy\Desktop\Unbenannt.wma [2012/07/24 13:06:47 | 000,000,230 | ---- | M] () -- C:\Users\xy\Desktop\Mithören oo.url [2012/07/23 17:12:45 | 000,006,400 | ---- | M] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe173.dll [2012/07/22 23:49:21 | 000,001,925 | ---- | M] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk [2012/07/22 23:49:10 | 001,448,809 | ---- | M] (DOSBox Team) -- C:\Users\xy\Desktop\DOSBox0.74-win32-installer.exe [2012/07/22 23:47:23 | 000,272,779 | ---- | M] () -- C:\Users\xy\Desktop\logical(1).zip [2012/07/22 23:45:12 | 000,272,779 | ---- | M] () -- C:\Users\xy\Desktop\logical.zip [2012/07/20 23:14:53 | 000,006,400 | ---- | M] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe172.dll [2012/07/20 19:36:16 | 000,000,132 | ---- | M] () -- C:\Users\xy\AppData\Roaming\Adobe GIF Format CS5 Prefs [2012/07/20 19:22:02 | 003,747,947 | ---- | M] () -- C:\Users\xy\Desktop\20120720-Sceneline-72.jpg [2012/07/19 17:03:00 | 000,000,349 | ---- | M] () -- C:\Users\xy\Desktop\Tell IT Statistik.url [2012/07/19 14:28:00 | 000,000,513 | ---- | M] () -- C:\Users\xy\Desktop\Report SFD01.url [2012/07/18 19:15:41 | 005,500,408 | ---- | M] () -- C:\Users\xy\Desktop\leg1.jpg [2012/07/18 18:42:25 | 000,006,400 | ---- | M] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe171.dll [2012/07/18 16:32:08 | 005,134,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/18 01:34:56 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\Macromedia Dreamweaver 8.lnk [2012/07/18 01:34:56 | 000,002,011 | ---- | M] () -- C:\Users\xy\Application Data\Microsoft\Internet Explorer\Quick Launch\Macromedia Dreamweaver 8.lnk [2012/07/16 16:43:28 | 004,881,904 | R--- | M] () -- C:\Users\xy\Desktop\Verdeckter Vermittler - THE AWAKENED GUIDE TO CONSPIRACY, DEIN BEGLEITER ZUM ÜBERLEBEN IN DER NEUEN WELTORDNUNG.pdf [2012/07/16 16:37:26 | 000,006,400 | ---- | M] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe169.dll [2012/07/12 22:04:24 | 000,006,400 | ---- | M] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe167.dll [2012/07/11 20:11:36 | 000,006,400 | ---- | M] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe165.dll [2012/07/09 20:39:32 | 002,500,792 | ---- | M] () -- C:\Users\xy\Desktop\AdobeDownloadAssistant.exe [2012/07/04 15:52:45 | 000,001,060 | ---- | M] () -- C:\Users\xy\Desktop\Free PDF to Word Doc Converter.lnk [2012/07/04 15:51:42 | 001,128,916 | ---- | M] (www.hellopdf.com ) -- C:\Users\xy\Desktop\pdf2wordsetup.exe [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/06/29 17:13:53 | 041,304,829 | ---- | M] () -- C:\Users\xy\Desktop\Autoren_und_Coaches_gesucht_Webinar.zip [1 C:\Users\xy\AppData\Roaming\*.tmp files -> C:\Users\xy\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/26 02:55:07 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/07/24 18:51:18 | 000,268,944 | ---- | C] () -- C:\Users\xy\AppData\Roaming\AcroIEHelpe174.dll [2012/07/24 18:51:18 | 000,006,400 | ---- | C] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe174.dll [2012/07/24 16:57:35 | 000,001,184 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Song Downloader.lnk [2012/07/24 16:55:32 | 001,586,074 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/07/24 16:48:33 | 000,373,153 | ---- | C] () -- C:\Users\xy\Desktop\Unbenannt.wma [2012/07/24 13:06:31 | 000,000,230 | ---- | C] () -- C:\Users\xy\Desktop\Mithören Tell IT.url [2012/07/23 17:12:45 | 000,006,400 | ---- | C] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe173.dll [2012/07/22 23:49:21 | 000,001,925 | ---- | C] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk [2012/07/22 23:47:22 | 000,272,779 | ---- | C] () -- C:\Users\xy\Desktop\logical(1).zip [2012/07/22 23:45:12 | 000,272,779 | ---- | C] () -- C:\Users\xy\Desktop\logical.zip [2012/07/20 23:14:53 | 000,006,400 | ---- | C] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe172.dll [2012/07/20 22:22:35 | 000,000,032 | ---- | C] () -- C:\Users\xy\AppData\Roaming\blckdom.res [2012/07/20 19:22:00 | 003,747,947 | ---- | C] () -- C:\Users\xy\Desktop\20120720-Sceneline-72.jpg [2012/07/19 17:02:47 | 000,000,349 | ---- | C] () -- C:\Users\xy\Desktop\Tell IT Statistik.url [2012/07/19 14:37:52 | 000,000,513 | ---- | C] () -- C:\Users\xy\Desktop\Report SFD01.url [2012/07/18 19:14:59 | 005,500,408 | ---- | C] () -- C:\Users\xy\Desktop\leg1.jpg [2012/07/18 18:42:25 | 000,006,400 | ---- | C] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe171.dll [2012/07/18 18:16:21 | 000,000,502 | ---- | C] () -- C:\Users\xy\Desktop\ProduktA - ProduktB.url [2012/07/18 01:34:56 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\Macromedia Dreamweaver 8.lnk [2012/07/18 01:34:56 | 000,002,011 | ---- | C] () -- C:\Users\xy\Application Data\Microsoft\Internet Explorer\Quick Launch\Macromedia Dreamweaver 8.lnk [2012/07/16 16:43:23 | 004,881,904 | R--- | C] () -- C:\Users\xy\Desktop\Verdeckter Vermittler - THE AWAKENED GUIDE TO CONSPIRACY, DEIN BEGLEITER ZUM ÜBERLEBEN IN DER NEUEN WELTORDNUNG.pdf [2012/07/16 16:37:26 | 000,006,400 | ---- | C] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe169.dll [2012/07/12 22:04:24 | 000,006,400 | ---- | C] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe167.dll [2012/07/11 20:11:36 | 000,006,400 | ---- | C] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe165.dll [2012/07/09 20:39:18 | 002,500,792 | ---- | C] () -- C:\Users\xy\Desktop\AdobeDownloadAssistant.exe [2012/07/04 15:52:11 | 000,001,060 | ---- | C] () -- C:\Users\xy\Desktop\Free PDF to Word Doc Converter.lnk [2012/06/29 17:08:59 | 041,304,829 | ---- | C] () -- C:\Users\xy\Desktop\Autoren_und_Coaches_gesucht_Webinar.zip [2012/06/04 19:39:00 | 000,000,055 | ---- | C] () -- C:\Windows\Ulead32.ini [2012/06/04 19:39:00 | 000,000,036 | ---- | C] () -- C:\Windows\dswplug.ini [2012/06/04 19:39:00 | 000,000,011 | ---- | C] () -- C:\Windows\Msdevctl.ini [2012/05/25 17:10:10 | 000,000,013 | ---- | C] () -- C:\Users\xy\AppData\Roaming\urhtps.dat [2012/05/07 13:27:52 | 000,004,096 | -H-- | C] () -- C:\Users\xy\AppData\Local\keyfile3.drm [2012/03/30 00:14:48 | 000,000,030 | ---- | C] () -- C:\Users\xy\easyWhiteboard.ini [2012/03/29 20:01:26 | 000,030,720 | ---- | C] () -- C:\Users\xy\AIRMAIL.POT [2012/03/24 01:48:20 | 000,003,000 | ---- | C] () -- C:\Users\xy\index.php [2012/03/23 20:59:13 | 000,001,888 | ---- | C] () -- C:\Users\xy\setup.ts [2012/02/27 17:13:29 | 000,285,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\Onsio.sys [2012/02/27 17:13:29 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\Onsreged.sys [2012/02/21 18:16:00 | 000,000,023 | -HS- | C] () -- C:\Windows\SysWow64\baefbaeac5_d.dll [2012/02/09 21:17:50 | 000,003,572 | ---- | C] () -- C:\ProgramData\paths_2012_02_09_201714.reg [2012/02/09 21:17:50 | 000,000,818 | ---- | C] () -- C:\ProgramData\actvxcom_2012_02_09_201714.reg [2012/02/09 21:17:50 | 000,000,578 | ---- | C] () -- C:\ProgramData\ext_2012_02_09_201714.reg [2012/02/09 21:17:50 | 000,000,438 | ---- | C] () -- C:\ProgramData\softempt_2012_02_09_201714.reg [2012/02/09 21:17:50 | 000,000,432 | ---- | C] () -- C:\ProgramData\shrdlls_2012_02_09_201714.reg [2012/02/09 21:17:50 | 000,000,332 | ---- | C] () -- C:\ProgramData\runs_2012_02_09_201714.reg [2011/08/23 01:18:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll [2011/08/23 01:17:52 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2011/08/23 01:17:33 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011/07/15 21:29:50 | 000,007,432 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys [2011/03/10 21:14:15 | 000,003,245 | ---- | C] () -- C:\Users\xy\133_5161_0305_Informationen zur Abgabe LStB 2010 - 0_ElsterOnline19.pdf [2011/03/04 19:12:50 | 000,000,036 | ---- | C] () -- C:\Users\xy\AppData\Local\housecall.guid.cache [2011/03/04 18:56:28 | 000,001,618 | ---- | C] () -- C:\Windows\Sandboxie.ini [2011/02/23 20:57:25 | 000,000,120 | ---- | C] () -- C:\Users\xy\AppData\Local\Bxohuqucadot.dat [2011/02/23 20:57:25 | 000,000,000 | ---- | C] () -- C:\Users\xy\AppData\Local\Uyureqoharus.bin [2011/02/22 23:25:14 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe [2010/11/28 22:52:49 | 000,056,320 | ---- | C] () -- C:\Users\xy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/11/09 23:43:14 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2010/08/11 00:07:30 | 000,001,456 | ---- | C] () -- C:\Users\xy\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2010/08/10 20:16:18 | 000,000,132 | ---- | C] () -- C:\Users\xy\AppData\Roaming\Adobe GIF Format CS5 Prefs [2010/07/13 01:06:00 | 000,000,427 | ---- | C] () -- C:\Users\xy\.jalbum-ftp-accounts.xml [2010/07/10 20:07:47 | 000,000,051 | ---- | C] () -- C:\Users\xy\.jalbum-recent-projects.properties [2010/07/10 20:00:29 | 000,000,948 | ---- | C] () -- C:\Users\xy\.jalbum-defaults.jap [2010/05/26 18:42:26 | 000,010,231 | ---- | C] () -- C:\Users\xy\cc_privat_elster_2048.pfx [2010/03/30 23:17:11 | 000,000,678 | ---- | C] () -- C:\Users\xy\.jmf-resource ========== Alternate Data Streams ========== @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:EDAD7DB0 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:B9F8237A @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:5AC256BC @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:890CC2F3 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:CE0A077E < End of report > Und zuletzt OTL extra:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 7/26/2012 4:50:36 AM - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\xy\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
4.00 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 59.66% Memory free
8.00 Gb Paging File | 6.12 Gb Available in Paging File | 76.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.79 Gb Total Space | 622.01 Gb Free Space | 67.63% Space Free | Partition Type: NTFS
Drive D: | 286.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive S: | 931.51 Gb Total Space | 817.66 Gb Free Space | 87.78% Space Free | Partition Type: NTFS
Computer Name: XY1 | User Name: xy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BA771DE-8237-458B-9381-CB915417C84B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{35B38B70-1CB5-41DC-BB8F-E73EF993B399}" = lport=49170 | protocol=6 | dir=in | name=akamai netsession interface |
"{663EB8AB-1D8E-4157-986D-E72ED8BF0C4B}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{7730B69B-16E3-467C-A9DD-CD6968875A48}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F1F512EA-286A-4B01-8EE6-996C4829B860}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F935FC2D-1EF8-4A0F-9B5C-469C825CEB8F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3EC37C99-ABAC-4009-94F8-A45C16D04E05}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D174681B-AD0C-454D-B8EC-B02969E921F5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F31E583E-7269-44CA-AA6D-2BC3EBBCDF66}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 26
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1" = YouTube Song Downloader
"{44025BD7-AD10-4769-99AE-6378FD0303D6}" = Macromedia Dreamweaver 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5943B7F7-678B-477E-9AEE-6E4C6962322B}" = Sparwelt.de Gutschein Alarm
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{706EA4A8-97B5-4C29-A0F3-0B38C666F0C4}" = QuarkXPress
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90AB0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 1
"{90AC0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 2
"{90AD0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 3
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{ABDA87DF-E9A5-4C5A-BE5C-63593915945D}_is1" = Visitor 1.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4EF231A-7218-41B1-AB84-F5B48B74C50A}" = SmartControl
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"81% Gewinn für Jedermann_is1" = 81% Gewinn für Jedermann
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon iP4500 series Benutzerregistrierung" = Canon iP4500 series Benutzerregistrierung
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Color Lines Classic" = Color Lines Classic
"Die Macht des Steuerzahlers_is1" = Die Macht des Steuerzahlers
"DivX Setup" = DivX-Setup
"DriverFinder" = DriverFinder
"easy Whiteboard" = easy Whiteboard
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ElsterFormular 12.4.0.7094p" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.5.3
"Finanzierungen mit und ohne SCHUFA_is1" = Finanzierungen mit und ohne SCHUFA
"FormatFactory" = FormatFactory 2.60
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"Internet Download Manager 5.18 Buld 3" = Internet Download Manager 5.18 Buld 3
"IsoBuster_is1" = IsoBuster 2.8.5
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"loadtbs-2.1" = loadtbs-2.1
"Luxor Amun Rising with Luxor" = Luxor Amun Rising with Luxor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mittel gegen Titel_is1" = Mittel gegen Titel
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird (3.1.16)" = Mozilla Thunderbird (3.1.16)
"Nero - Burning Rom!UninstallKey" = Nero - Burning Rom (Web installer)
"Pyramids" = Pyramids
"QuarkXPress Passport" = QuarkXPress Passport 4.0
"RegSupreme Pro_is1" = RegSupreme Pro
"Restorer Ultimate 7.5NSIS" = Restorer Ultimate 7.5
"So brummt Ihr Laden_is1" = Reich durch Vergleich
"Some PDF to Word Converter_is1" = Some PDF to Word Converter 1.5
"ST5UNST #2" = Eyes v2.0
"TeamViewer 6" = TeamViewer 6
"Uninstall_is1" = Uninstall 1.0.0.1
"Usenet.nl_is1" = Usenet.nl
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"xampp" = XAMPP 1.7.7
"Xilisoft PowerPoint to Video Converter Free" = Xilisoft PowerPoint to Video Converter Free
========== Last 20 Event Log Errors ==========
[ Media Center Events ]
Error - 3/17/2011 4:50:16 AM | Computer Name = xy1 | Source = MCUpdate | ID = 0
Description = 09:50:16 - Error connecting to the internet. 09:50:16 - Unable
to contact server..
Error - 3/17/2011 4:50:29 AM | Computer Name = xy1 | Source = MCUpdate | ID = 0
Description = 09:50:21 - Error connecting to the internet. 09:50:21 - Unable
to contact server..
Error - 3/17/2011 5:52:07 AM | Computer Name = xy1 | Source = MCUpdate | ID = 0
Description = 10:52:07 - Error connecting to the internet. 10:52:07 - Unable
to contact server..
Error - 3/17/2011 5:52:14 AM | Computer Name = xy1 | Source = MCUpdate | ID = 0
Description = 10:52:12 - Error connecting to the internet. 10:52:12 - Unable
to contact server..
Error - 3/17/2011 6:53:54 AM | Computer Name = xy1 | Source = MCUpdate | ID = 0
Description = 11:53:54 - Error connecting to the internet. 11:53:54 - Unable
to contact server..
Error - 3/17/2011 6:54:01 AM | Computer Name = xy1 | Source = MCUpdate | ID = 0
Description = 11:53:59 - Error connecting to the internet. 11:53:59 - Unable
to contact server..
Error - 3/17/2011 7:55:40 AM | Computer Name = xy1 | Source = MCUpdate | ID = 0
Description = 12:55:40 - Error connecting to the internet. 12:55:40 - Unable
to contact server..
Error - 3/17/2011 7:55:47 AM | Computer Name = xy1 | Source = MCUpdate | ID = 0
Description = 12:55:45 - Error connecting to the internet. 12:55:45 - Unable
to contact server..
Error - 3/18/2011 8:03:10 AM | Computer Name = xy1 | Source = MCUpdate | ID = 0
Description = 13:03:09 - Error connecting to the internet. 13:03:10 - Unable
to contact server..
Error - 3/18/2011 8:03:23 AM | Computer Name = xy1 | Source = MCUpdate | ID = 0
Description = 13:03:15 - Error connecting to the internet. 13:03:15 - Unable
to contact server..
[ System Events ]
Error - 7/24/2012 2:01:57 PM | Computer Name = xy1 | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
beendet: %%1.
Error - 7/25/2012 8:52:49 AM | Computer Name = xy1 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 7/25/2012 8:52:50 AM | Computer Name = xy1 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 7/25/2012 8:53:15 AM | Computer Name = xy1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "KLAntiFL" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 7/25/2012 8:53:15 AM | Computer Name = xy1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 7/25/2012 8:53:15 AM | Computer Name = xy1 | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE and AuthIP IPsec Keying Modules" ist von folgendem
Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 7/25/2012 8:53:15 AM | Computer Name = xy1 | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec Policy Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 7/25/2012 8:53:18 AM | Computer Name = xy1 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computer Browser" wurde mit folgendem Fehler beendet:
%%1060
Error - 7/25/2012 9:23:34 AM | Computer Name = xy1 | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
Error - 7/25/2012 8:01:36 PM | Computer Name = xy1 | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
< End of report >
Ich hoffe, dass ihr mit diesen Meldungen etwas anfangen und am besten mir weiterhelfen könnt. Ich bedanke mich im Voraus für eure Mühe und Unterstützung und wünsche einen schönen stressfreien Tag. Lyci Geändert von lyci (26.07.2012 um 04:47 Uhr) |
|
26.07.2012, 20:03
| #2 |
| /// Helfer-Team  | RKIT/Agent.desj in BAcroIEHelpe171.dll als Malware Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Ersetze die Platzhalter wieder in den Benutzernamen zurück! Code:
ATTFilter :Processes
killallprocesses
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/web?l=dis&o=APN10383&gct=hp&apn_dtid=^YYYYYY^YY^DE&apn_ptnrs=^ABI&apn_uid=3414145426654138&p2=^ABI^YYYYYY^YY^DE
IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch&babsrc=SP_ss&mntrId=d2f250df000000000000000000000000
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb106/?search={searchTerms}&loc=IB_DS&a=6PQoHNhJyF&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "NCH DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: sparweltgutscheinewl@sparwelt.de:1.0
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.7
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {e84cc2c1-b722-48fc-a39c-edb8b525c777}:3.3.0.19
FF - prefs.js..extensions.enabledItems: {78D3E302-AEE0-40BB-B866-28A0139E12C8}:1.9.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2883880&SearchSource=2&q="
FF - prefs.js..network.proxy.http: "89.187.142.176"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\xy\AppData\Roaming\12001.049 [2012/07/25 19:00:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Users\nettmarketing\AppData\Local\Mozilla Firefox\components [2012/05/07 12:22:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Users\xy\AppData\Local\Mozilla Firefox\plugins [2012/06/21 03:36:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\xy\AppData\Roaming\12001.049 [2012/07/25 19:00:36 | 000,000,000 | ---D | M]
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - \bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5c45222c-384d-11df-bd63-00016c6d2d52}\Shell - "" = AutoRun
O33 - MountPoints2\{5c45222c-384d-11df-bd63-00016c6d2d52}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
[2012/07/25 19:00:36 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.049
[2012/07/22 21:58:33 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.048
[2012/07/21 12:19:19 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.047
[2012/07/20 23:14:41 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.046
[2012/07/20 20:23:40 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.045
[2012/07/18 18:42:15 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.044
[2012/07/18 01:51:01 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.043
[2012/07/15 20:58:25 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.042
[2012/07/13 17:10:08 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.041
[2012/07/12 22:04:12 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.039
[2012/07/11 20:11:24 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.038
[2012/07/10 21:45:42 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.037
[2012/07/09 18:12:25 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.036
[2012/07/08 17:00:31 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.035
[2012/07/06 18:41:35 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.034
[2012/07/06 00:20:03 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.033
[2012/07/04 18:15:15 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.032
[2012/07/03 20:20:37 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.031
[2012/06/29 18:56:59 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.030
[2012/06/27 19:30:23 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.029
[2012/06/27 00:59:47 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.027
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:EDAD7DB0
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:B9F8237A
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:5AC256BC
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:890CC2F3
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:CE0A077E
[2012/07/03 20:20:33 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{66A55336-DCFB-4A0E-ABAF-6F09EF267747}
[2012/07/26 04:29:17 | 000,000,032 | ---- | M] () -- C:\Users\xy\AppData\Roaming\blckdom.res
[2012/07/26 04:13:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/24 16:57:35 | 000,001,184 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Song Downloader.lnk
:Files
J:\LaunchU3.exe -a
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[emptyjava]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
27.07.2012, 00:10
| #3 |
| | RKIT/Agent.desj in BAcroIEHelpe171.dll als Malware Hi t'john,
__________________erst einmal vielen Dank für deine schnelle Hilfe. Die zweite Sache ist, ob ich alles richtig verstehe und richtig mache. Ich habe deine Anweisungen befolgt. Es kam keine Aufforderung zum Neustart, sondern nach viel Gerappelt und Geratter blieb der Bildschirm schwarz. Also habe ich einen Neustart veranlasst. Außer, dass Windows mich fragte, ob ich "normal" starten wolle, war alles okay. Es kam auch sehr schnell ein Texteditorfenster von OTL. Das habe ich dann mal kopiert. Vielleicht ist es das, was du brauchst. Denn danach kam nichts mehr in dieser Hinsicht. "All processes killed ========== PROCESSES ========== ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{b106b661-3e1b-4015-af5c-195e909f35c6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b106b661-3e1b-4015-af5c-195e909f35c6}\ not found. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename Prefs.js: "NCH DE Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "" removed from browser.search.defaulturl Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1 Prefs.js: false removed from browser.search.update Prefs.js: true removed from browser.search.useDBForOrder Prefs.js: "about:home" removed from browser.startup.homepage Prefs.js: sparweltgutscheinewl@sparwelt.de:1.0 removed from extensions.enabledItems Prefs.js: mozilla_cc@internetdownloadmanager.com:6.7 removed from extensions.enabledItems Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems Prefs.js: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 removed from extensions.enabledItems Prefs.js: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2 removed from extensions.enabledItems Prefs.js: {e84cc2c1-b722-48fc-a39c-edb8b525c777}:3.3.0.19 removed from extensions.enabledItems Prefs.js: {78D3E302-AEE0-40BB-B866-28A0139E12C8}:1.9.1 removed from extensions.enabledItems Prefs.js: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 removed from extensions.enabledItems Prefs.js: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 removed from extensions.enabledItems Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2883880&SearchSource=2&q=" removed from keyword.URL Prefs.js: "89.187.142.176" removed from network.proxy.http Prefs.js: 3128 removed from network.proxy.http_port Prefs.js: "localhost, 127.0.0.1, stealthy.co" removed from network.proxy.no_proxies_on Prefs.js: true removed from network.proxy.share_proxy_settings Prefs.js: 0 removed from network.proxy.type 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully. File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\nett-marketing\AppData\Roaming\12001.049 not found. File HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Users\nettmarketing\AppData\Local\Mozilla Firefox\components not found. File HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Users\ nett-marketing\AppData\Local\Mozilla Firefox\plugins not found. File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\ nett-marketing \AppData\Roaming\12001.049 not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 deleted successfully. C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully. C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c45222c-384d-11df-bd63-00016c6d2d52}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c45222c-384d-11df-bd63-00016c6d2d52}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c45222c-384d-11df-bd63-00016c6d2d52}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c45222c-384d-11df-bd63-00016c6d2d52}\ not found. File J:\LaunchU3.exe -a not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.049\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.048\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.047\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.046\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.045\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.044\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.043\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.042\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.041\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.039\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.038\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.037\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.036\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.035\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.034\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.033\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.032\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.031\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.030\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.029\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.027\ not found. ADS C:\ProgramData\TEMP:EDAD7DB0 deleted successfully. ADS C:\ProgramData\TEMP:B9F8237A deleted successfully. ADS C:\ProgramData\TEMP:5AC256BC deleted successfully. ADS C:\ProgramData\TEMP:890CC2F3 deleted successfully. ADS C:\ProgramData\TEMP:CE0A077E deleted successfully. Folder C:\Users\ nett-marketing \AppData\Local\{66A55336-DCFB-4A0E-ABAF-6F09EF267747}\ not found. File C:\Users\ nett-marketing\AppData\Roaming\blckdom.res not found. C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully. C:\Users\Public\Desktop\YouTube Song Downloader.lnk moved successfully. ========== FILES ========== File\Folder J:\LaunchU3.exe -a not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\nett-marketing\Desktop\cmd.bat deleted successfully. C:\Users\nett-marketing\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56478 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: nett-marketing ->Temp folder emptied: 6622302268 bytes ->Temporary Internet Files folder emptied: 21370325 bytes ->Java cache emptied: 15770482 bytes ->FireFox cache emptied: 60322458 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 57404 bytes User: nettmarketing ->Temp folder emptied: 1331975564 bytes ->Temporary Internet Files folder emptied: 35603596 bytes ->Java cache emptied: 3619219 bytes ->FireFox cache emptied: 174850532 bytes ->Google Chrome cache emptied: 6766810 bytes ->Flash cache emptied: 12363 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 5368288 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67496 bytes RecycleBin emptied: 2348146564 bytes Total Files Cleaned = 10,134.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: nett-marketing ->Flash cache emptied: 0 bytes User: nettmarketing ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYJAVA] User: All Users User: Default User: Default User User: nett-marketing ->Java cache emptied: 0 bytes User: nettmarketing ->Java cache emptied: 0 bytes User: Public Total Java Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.54.1 log created on 07272012_004650 Files\Folders moved on Reboot... C:\Users\nett-marketing\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... File C:\Users\nett-marketing\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! Registry entries deleted on Reboot..." Was nun? Ist alles in Ordnung oder gibt es weiter Ärger? Vielen Dank und einen schönen Abend. Lyci |
|
27.07.2012, 00:48
| #4 | |
| /// Helfer-Team | RKIT/Agent.desj in BAcroIEHelpe171.dll als Malware Du hast beim zurueckersetzen Fehler gemacht: Zitat:
Nochmal! |
|
27.07.2012, 01:31
| #5 |
| | RKIT/Agent.desj in BAcroIEHelpe171.dll als Malware hi t'john, tja, immer diese Kleinigkeiten. :-( Vielen Dank für deine Hilfe und Geduld! Ich habe alles korrigiert und dann den Prozess wiederholt. Es schien alles soweit in Ordnung, denn es kam die Aufforderung zum Neustart... und es klappte auch soweit. Ich bekomme keine Virenmeldung mehr ... Aber ... leider ist noch irgendwo ein Fehler. Ich z. B. movie2k aufrufen, aber keinen Film/Serie online ansehen. Runterladen möchte ich ja (schon) gar nicht. Vorher konnte ich online schauen. Freundliche Grüße lyci |
|
27.07.2012, 01:46
| #6 |
| /// Helfer-Team | RKIT/Agent.desj in BAcroIEHelpe171.dll als Malware Wir sind noch nicht fertig  wo ist das Log?
__________________ --> RKIT/Agent.desj in BAcroIEHelpe171.dll als Malware |
|
27.07.2012, 10:20
| #7 |
| | RKIT/Agent.desj in BAcroIEHelpe171.dll als Malware Hi t'john, oh, pardon, stimmt. ;-) Ich hoffe, dieser Bericht ist der richtige. Laut Eigenschaften und Zeitraum der Erstellung, sollte es stimmen. Irgendwie kommt es mir komisch vor, dass wieder die Leerzeichen " \ nett-marketing \A "auftauchen. Ich hatte sie vorher alle entfernt oder ist es in diesem Bericht richtig, dass sie dort stehen? All processes killed ========== PROCESSES ========== ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{b106b661-3e1b-4015-af5c-195e909f35c6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b106b661-3e1b-4015-af5c-195e909f35c6}\ not found. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename Prefs.js: "NCH DE Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "" removed from browser.search.defaulturl Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1 Prefs.js: false removed from browser.search.update Prefs.js: true removed from browser.search.useDBForOrder Prefs.js: "about:home" removed from browser.startup.homepage Prefs.js: sparweltgutscheinewl@sparwelt.de:1.0 removed from extensions.enabledItems Prefs.js: mozilla_cc@internetdownloadmanager.com:6.7 removed from extensions.enabledItems Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems Prefs.js: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 removed from extensions.enabledItems Prefs.js: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2 removed from extensions.enabledItems Prefs.js: {e84cc2c1-b722-48fc-a39c-edb8b525c777}:3.3.0.19 removed from extensions.enabledItems Prefs.js: {78D3E302-AEE0-40BB-B866-28A0139E12C8}:1.9.1 removed from extensions.enabledItems Prefs.js: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 removed from extensions.enabledItems Prefs.js: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 removed from extensions.enabledItems Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2883880&SearchSource=2&q=" removed from keyword.URL Prefs.js: "89.187.142.176" removed from network.proxy.http Prefs.js: 3128 removed from network.proxy.http_port Prefs.js: "localhost, 127.0.0.1, stealthy.co" removed from network.proxy.no_proxies_on Prefs.js: true removed from network.proxy.share_proxy_settings Prefs.js: 0 removed from network.proxy.type 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully. File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\nett-marketing\AppData\Roaming\12001.049 not found. File HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Users\nettmarketing\AppData\Local\Mozilla Firefox\components not found. File HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Users\ nett-marketing\AppData\Local\Mozilla Firefox\plugins not found. File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\ nett-marketing \AppData\Roaming\12001.049 not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 deleted successfully. C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully. C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c45222c-384d-11df-bd63-00016c6d2d52}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c45222c-384d-11df-bd63-00016c6d2d52}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c45222c-384d-11df-bd63-00016c6d2d52}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c45222c-384d-11df-bd63-00016c6d2d52}\ not found. File J:\LaunchU3.exe -a not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.049\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.048\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.047\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.046\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.045\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.044\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.043\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.042\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.041\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.039\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.038\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.037\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.036\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.035\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.034\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.033\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.032\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.031\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.030\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.029\ not found. Folder C:\Users\ nett-marketing \AppData\Roaming\12001.027\ not found. ADS C:\ProgramData\TEMP:EDAD7DB0 deleted successfully. ADS C:\ProgramData\TEMP:B9F8237A deleted successfully. ADS C:\ProgramData\TEMP:5AC256BC deleted successfully. ADS C:\ProgramData\TEMP:890CC2F3 deleted successfully. ADS C:\ProgramData\TEMP:CE0A077E deleted successfully. Folder C:\Users\ nett-marketing \AppData\Local\{66A55336-DCFB-4A0E-ABAF-6F09EF267747}\ not found. File C:\Users\ nett-marketing\AppData\Roaming\blckdom.res not found. C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully. C:\Users\Public\Desktop\YouTube Song Downloader.lnk moved successfully. ========== FILES ========== File\Folder J:\LaunchU3.exe -a not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\nett-marketing\Desktop\cmd.bat deleted successfully. C:\Users\nett-marketing\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56478 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: nett-marketing ->Temp folder emptied: 6622302268 bytes ->Temporary Internet Files folder emptied: 21370325 bytes ->Java cache emptied: 15770482 bytes ->FireFox cache emptied: 60322458 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 57404 bytes User: nettmarketing ->Temp folder emptied: 1331975564 bytes ->Temporary Internet Files folder emptied: 35603596 bytes ->Java cache emptied: 3619219 bytes ->FireFox cache emptied: 174850532 bytes ->Google Chrome cache emptied: 6766810 bytes ->Flash cache emptied: 12363 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 5368288 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67496 bytes RecycleBin emptied: 2348146564 bytes Total Files Cleaned = 10,134.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: nett-marketing ->Flash cache emptied: 0 bytes User: nettmarketing ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYJAVA] User: All Users User: Default User: Default User User: nett-marketing ->Java cache emptied: 0 bytes User: nettmarketing ->Java cache emptied: 0 bytes User: Public Total Java Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.54.1 log created on 07272012_004650 Files\Folders moved on Reboot... C:\Users\nett-marketing\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... File C:\Users\nett-marketing\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! Registry entries deleted on Reboot... Vielen Dank für deine Mühe. MfG Lyci Geändert von lyci (27.07.2012 um 10:26 Uhr) |
|
27.07.2012, 11:34
| #8 |
| /// Helfer-Team | RKIT/Agent.desj in BAcroIEHelpe171.dll als Malware Da sind immer noch ueberall Leerzeichen! die musst du im Fix korrigieren! z.B.: statt: C:\Users\ nett-marketing \AppData\Roaming\12001.027\ so: C:\Users\nett-marketing\AppData\Roaming\12001.027\ |
|
27.07.2012, 13:45
| #9 |
| | RKIT/Agent.desj in BAcroIEHelpe171.dll als Malware Hi t'john, so, ich habe nun alles x mal geprüft. Da der user auch noch unterschiedlich geschrieben wird: "User: nett-marketing ->Flash cache emptied: 0 bytes User: nettmarketing ->Flash cache emptied: 0 bytes" mal mit "-" und mal ohne, habe ich alles doppelt durchlaufen lassen. Da das System funktioniert, war es wohl okay. Dieses Log File ist die Variation mit "-": All processes killed ========== PROCESSES ========== ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{b106b661-3e1b-4015-af5c-195e909f35c6} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b106b661-3e1b-4015-af5c-195e909f35c6}\ not found. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename Prefs.js: "NCH DE Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "" removed from browser.search.defaulturl Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1 Prefs.js: false removed from browser.search.update Prefs.js: true removed from browser.search.useDBForOrder Prefs.js: "about:home" removed from browser.startup.homepage Prefs.js: sparweltgutscheinewl@sparwelt.de:1.0 removed from extensions.enabledItems Prefs.js: mozilla_cc@internetdownloadmanager.com:6.7 removed from extensions.enabledItems Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems Prefs.js: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 removed from extensions.enabledItems Prefs.js: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2 removed from extensions.enabledItems Prefs.js: {e84cc2c1-b722-48fc-a39c-edb8b525c777}:3.3.0.19 removed from extensions.enabledItems Prefs.js: {78D3E302-AEE0-40BB-B866-28A0139E12C8}:1.9.1 removed from extensions.enabledItems Prefs.js: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 removed from extensions.enabledItems Prefs.js: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 removed from extensions.enabledItems Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2883880&SearchSource=2&q=" removed from keyword.URL Prefs.js: "89.187.142.176" removed from network.proxy.http Prefs.js: 3128 removed from network.proxy.http_port Prefs.js: "localhost, 127.0.0.1, stealthy.co" removed from network.proxy.no_proxies_on Prefs.js: true removed from network.proxy.share_proxy_settings Prefs.js: 0 removed from network.proxy.type 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1\ not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found. File C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ not found. File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\nett-marketing\AppData\Roaming\12001.049 not found. File HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Users\nettmarketing\AppData\Local\Mozilla Firefox\components not found. File HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Users\nett-marketing\AppData\Local\Mozilla Firefox\plugins not found. File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\nett-marketing\AppData\Roaming\12001.049 not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 not found. File C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate not found. File C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c45222c-384d-11df-bd63-00016c6d2d52}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c45222c-384d-11df-bd63-00016c6d2d52}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c45222c-384d-11df-bd63-00016c6d2d52}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c45222c-384d-11df-bd63-00016c6d2d52}\ not found. File J:\LaunchU3.exe -a not found. Folder C:\Users\nett-marketing\AppData\Roaming\12001.049\ not found. Folder C:\Users\nett-marketing\AppData\Roaming\12001.048\ not found. Folder C:\Users\nett-marketing\AppData\Roaming\12001.047\ not found. Folder C:\Users\nett-marketing\AppData\Roaming\12001.046\ not found. Folder C:\Users\nett-marketing\AppData\Roaming\12001.045\ not found. Folder C:\Users\nett-marketing\AppData\Roaming\12001.044\ not found. Folder C:\Users\nett-marketing\AppData\Roaming\12001.043\ not found. Folder C:\Users\nett-marketing\AppData\Roaming\12001.042\ not found. Folder C:\Users\nett-marketing\AppData\Roaming\12001.041\ not found. Folder C:\Users\nett-marketing\AppData\Roaming\12001.039\ not found. Folder C:\Users\nett-marketing\AppData\Roaming\12001.038\ not found. Folder C:\Users\nett-marketing\AppData\Roaming\12001.037\ not found. Folder C:\Users\nett-marketing\AppData\Roaming\12001.036\ not found. Folder C:\Users\nett-marketing\AppData\Roaming\12001.035\ not found. Folder C:\Users\nett-marketing\AppData\Roaming\12001.034\ not found. Folder C:\Users\nett-marketing\AppData\Roaming\12001.033\ not found. Folder C:\Users\nett-marketing\AppData\Roaming\12001.032\ not found. Folder C:\Users\nett-marketing\AppData\Roaming\12001.031\ not found. Folder C:\Users\nett-marketing\AppData\Roaming\12001.030\ not found. Folder C:\Users\nett-marketing\AppData\Roaming\12001.029\ not found. Folder C:\Users\nett-marketing\AppData\Roaming\12001.027\ not found. Unable to delete ADS C:\ProgramData\TEMP:EDAD7DB0 . Unable to delete ADS C:\ProgramData\TEMP:B9F8237A . Unable to delete ADS C:\ProgramData\TEMP:5AC256BC . Unable to delete ADS C:\ProgramData\TEMP:890CC2F3 . Unable to delete ADS C:\ProgramData\TEMP:CE0A077E . Folder C:\Users\nett-marketing\AppData\Local\{66A55336-DCFB-4A0E-ABAF-6F09EF267747}\ not found. File C:\Users\nett-marketing\AppData\Roaming\blckdom.res not found. File C:\Windows\tasks\Adobe Flash Player Updater.job not found. File C:\Users\Public\Desktop\YouTube Song Downloader.lnk not found. ========== FILES ========== File\Folder J:\LaunchU3.exe -a not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\nett-marketing\Desktop\cmd.bat deleted successfully. C:\Users\nett-marketing\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: nett-marketing ->Temp folder emptied: 2174 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 16782202 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: nettmarketing ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 66016 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 16.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: nett-marketing ->Flash cache emptied: 0 bytes User: nettmarketing ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYJAVA] User: All Users User: Default User: Default User User: nett-marketing ->Java cache emptied: 0 bytes User: nettmarketing ->Java cache emptied: 0 bytes User: Public Total Java Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.54.1 log created on 07272012_142853 Files\Folders moved on Reboot... C:\Users\nett-marketing\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... File C:\Users\nett-marketing\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! Registry entries deleted on Reboot... Hoffentlich verzweifelst du nicht an mir. ;-) MfG Lyci |
|
27.07.2012, 14:03
| #10 |
| /// Helfer-Team | RKIT/Agent.desj in BAcroIEHelpe171.dll als Malware gut!  1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
27.07.2012, 18:28
| #11 |
| | RKIT/Agent.desj in BAcroIEHelpe171.dll als Malware Wunderschönen guten Abend, t'john, mal sehen, ob ich alles richtig gemacht habe. Es wurden noch 13 böse Objekte gefunden. Ich habe die Liste als Hardcopy angehängt, denn "zeige Resultate" mit einer netten speicherbaren Liste, gab es nicht. :-( Hier die beiden Logdateien. Sollte ADWCleaner etwas bereinigen? Habe ich erst mal nicht machen lassen, trotz Frage, weil du nichts davon geschrieben hast. Malwarebytes Anti-Malware (Test) 1.62.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.07.27.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 nett-marketing :: NETT-MARKETING1 [Administrator] Schutz: Aktiviert 27.07.2012 17:40:25 mbam-log-2012-07-27 (17-40-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|S:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 534836 Laufzeit: 1 Stunde(n), 1 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 13 C:\GameHouse Games\ocean_express_v10_crack_tft.exe (PUP.Adware.MediaGet) -> Keine Aktion durchgeführt. C:\Users\nett-marketing\Desktop\Download\internet_download_manager_514_build_5_crack_[working].exe (PUP.Adware.MediaGet) -> Keine Aktion durchgeführt. C:\Users\nett-marketing\Desktop\Download\internet_download_manager_v5183_repack_winall_incl_crack_rig_[h33t]_[m8].exe (PUP.Adware.MediaGet) -> Keine Aktion durchgeführt. C:\Users\nett-marketing\Desktop\Sicherungen\diverses\SoftonicDownloader_fuer_internet-download-manager.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\nett-marketing\Documents\Downloads\Programs\SoftonicDownloader_fuer_adobe-illustrator_2.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\nett-marketing\Documents\Downloads\Programs\SoftonicDownloader_fuer_adobe-illustrator_3.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\nett-marketing\Documents\Downloads\Programs\SoftonicDownloader_fuer_mozilla-firefox.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\nett-marketing\Documents\Downloads\Programs\SoftonicDownloader_fuer_mozilla-firefox_2.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\nett-marketing\Documents\Internet Download Manager [IDM] v6.08 Build 9 - Crack UnREaL\idman608.exe (PUP.SmsPay) -> Keine Aktion durchgeführt. C:\Users\nett-marketing\Desktop\Sicherungen\diverses\KeyPatch IDM\KEY PATCH IDM.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\nett-marketing\Documents\Downloads\Programs\FLVConverterSetup.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\nett-marketing\Documents\Downloads\Programs\VideoConverterSetup.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. S:\EDV\Programme\IDM\KeyPatch IDM\KEY PATCH IDM.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) und der nächste: # AdwCleaner v1.703 - Logfile created 07/27/2012 at 19:11:42 # Updated 20/07/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : nett-marketing - NETT-MARKETING1 # Running from : C:\Users\nett-marketing\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\nett-marketing\AppData\Local\Babylon Folder Found : C:\Users\nett-marketing\AppData\Local\Conduit Folder Found : C:\Users\nett-marketing\AppData\Local\Ilivid Player Folder Found : C:\Users\nett-marketing\AppData\LocalLow\BabylonToolbar Folder Found : C:\Users\nett-marketing\AppData\LocalLow\Bandoo Folder Found : C:\Users\nett-marketing\AppData\LocalLow\boost_interprocess Folder Found : C:\Users\nett-marketing\AppData\LocalLow\Conduit Folder Found : C:\Users\nett-marketing\AppData\LocalLow\Freeware.de Folder Found : C:\Users\nett-marketing\AppData\LocalLow\PriceGong Folder Found : C:\Users\nett-marketing\AppData\LocalLow\searchquband Folder Found : C:\Users\nettmarketing\AppData\LocalLow\boost_interprocess Folder Found : C:\Users\nett-marketing\AppData\Roaming\Babylon Folder Found : C:\Users\nett-marketing\AppData\Roaming\Bandoo Folder Found : C:\Users\nett-marketing\AppData\Roaming\loadtbs Folder Found : C:\Users\nett-marketing\AppData\Roaming\Media Finder Folder Found : C:\Users\nett-marketing\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com Folder Found : C:\Users\nett-marketing\AppData\Roaming\Mozilla\Firefox\Profiles\m8tbqzhj.default\Conduit Folder Found : C:\Users\nett-marketing\AppData\Roaming\Mozilla\Firefox\Profiles\m8tbqzhj.default\ConduitEngine Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\boost_interprocess Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder Folder Found : C:\Program Files\Babylon Folder Found : C:\Program Files (x86)\Babylon Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com File Found : C:\Users\nettmarketing\AppData\Local\Mozilla Firefox\searchplugins\babylon.xml File Found : C:\Users\nettmarketing\AppData\Local\Mozilla Firefox\searchplugins\SearchResults.xml File Found : C:\Users\nett-marketing\AppData\Roaming\Mozilla\Firefox\Profiles\m8tbqzhj.default\searchplugins\MyStart Search.xml File Found : C:\Users\nett-marketing\AppData\Roaming\Mozilla\Firefox\Profiles\m8tbqzhj.default\searchplugins\SweetIm.xml ***** [Registry] ***** [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2801937 Key Found : HKCU\Software\APN DTX Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar Key Found : HKCU\Software\AppDataLow\Software\Toolbar Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\Headlight Key Found : HKCU\Software\IM Key Found : HKCU\Software\ImInstaller Key Found : HKCU\Software\MediaFinder Key Found : HKCU\Software\Softonic Key Found : HKCU\Software\SweetIm Key Found : HKLM\SOFTWARE\Babylon Key Found : HKLM\SOFTWARE\bandoo Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\MF Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\Freeze.com Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Found : HKLM\SOFTWARE\SweetIM [x64] Key Found : HKCU\Software\APN DTX [x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong [x64] Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar [x64] Key Found : HKCU\Software\AppDataLow\Software\Toolbar [x64] Key Found : HKCU\Software\Conduit [x64] Key Found : HKCU\Software\DataMngr [x64] Key Found : HKCU\Software\Headlight [x64] Key Found : HKCU\Software\IM [x64] Key Found : HKCU\Software\ImInstaller [x64] Key Found : HKCU\Software\MediaFinder [x64] Key Found : HKCU\Software\Softonic [x64] Key Found : HKCU\Software\SweetIm [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE [x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine [x64] Key Found : HKLM\SOFTWARE\Classes\MF [x64] Key Found : HKLM\SOFTWARE\DataMngr ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644} Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5} Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84} Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB5CEE80-030A-4ED8-8E20-454E9C68380F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB5CEE80-030A-4ED8-8E20-454E9C68380F} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971} [x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC} [x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12} [x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} [x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB5CEE80-030A-4ED8-8E20-454E9C68380F} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB5CEE80-030A-4ED8-8E20-454E9C68380F} ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.babylon.com/?babsrc=NT_ss&mntrId=d2f250df000000000000000000000000 -\\ Mozilla Firefox v12.0 (de) Profile name : default File : C:\Users\nett-marketing\AppData\Roaming\Mozilla\Firefox\Profiles\m8tbqzhj.default\prefs.js Found : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2431245,CT2736476,CT2903601"); Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2801937&Search[...] Found : user_pref("CommunityToolbar.ConduitSearchList", "NCH DE Customized Web Search"); Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...] Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...] Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2883880/CT2883880[...] Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2903601/CT2903601[...] Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2801937/CT2801937[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=825452&fid=821260", "\"0\""[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=909619&fid=905414", "\"0\""[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1128724/1124413/DEFAULT", "[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1275839/1271511/DE", "\"0\"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1295532/1291203/DE", "\"0\"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/DE", "\"2-218[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2736476", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801937", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2883880", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2903601", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2801937", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.11[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2431245",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801937",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2883880",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2903601",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2431245&octid=[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2736476&octid=[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2801937&octid=[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2883880&octid=[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2801937&octid=[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2736476/CT2736476[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2903601/CT2903601[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/Idle.GIF", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/mini.gif", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/play.gif", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/stop.gif", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/volume.gif"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/maxi.gif", "[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play_mini.gi[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/Newtab/Softonic/CT2431245.xml", "\"07ba0[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"f9b[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"67e[...] Found : user_pref("CommunityToolbar.EngineHiddenByUser", false); Found : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine"); Found : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com"); Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine"); Found : user_pref("CommunityToolbar.IsEngineShown", true); Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\nett-marketing\\AppData\\Roaming\\M[...] Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.11.0.3"); Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2431245"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic-de3"); Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Found : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine"); Found : user_pref("CommunityToolbar.ToolbarsList2", ""); Found : user_pref("CommunityToolbar.ToolbarsList4", ""); Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Mar 29 2011 23:47:51 GMT+02[...] Found : user_pref("CommunityToolbar.alert.alertEnabled", true); Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Aug 04 2011 21:58:28 GMT+0200"); Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true); Found : user_pref("CommunityToolbar.alert.locale", "en"); Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Aug 05 2011 22:24:45 GMT+0200"); Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.alert.showTrayIcon", false); Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.alert.userId", "90b1e59b-3a92-4092-8900-5eb65dc63a85"); Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Dec 19 2010 18:59:19 GMT+0100"); Found : user_pref("CommunityToolbar.globalUserId", "cce786b6-72fe-4efa-b928-0e1c1e21f135"); Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2801937"); Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Apr 28 2012 23:00:1[...] Found : user_pref("CommunityToolbar.notifications.alertEnabled", true); Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Apr 29 2012 00:00:24 GMT+020[...] Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true); Found : user_pref("CommunityToolbar.notifications.locale", "en"); Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Apr 28 2012 23:00:18 GMT+0200"); Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.notifications.userId", "fc0cd34d-26df-4b00-879a-8c6d2e544d79"); Found : user_pref("CommunityToolbar.originalHomepage", "about:home"); Found : user_pref("CommunityToolbar.originalSearchEngine", "Google"); Found : user_pref("ConduitEngine.FirstServerDate", "11/10/2010 14"); Found : user_pref("ConduitEngine.FirstTime", true); Found : user_pref("ConduitEngine.FirstTimeFF3", true); Found : user_pref("ConduitEngine.HasUserGlobalKeys", true); Found : user_pref("ConduitEngine.HideEngineAfterRestart", false); Found : user_pref("ConduitEngine.Initialize", true); Found : user_pref("ConduitEngine.InitializeCommonPrefs", true); Found : user_pref("ConduitEngine.InstalledDate", "Wed Nov 10 2010 12:56:20 GMT+0100"); Found : user_pref("ConduitEngine.IsMulticommunity", false); Found : user_pref("ConduitEngine.IsOpenThankYouPage", false); Found : user_pref("ConduitEngine.IsOpenUninstallPage", true); Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Nov 10 2010 12:56:20 GMT+0100"); Found : user_pref("ConduitEngine.LastLogin_3.2.1.3", "Wed Nov 10 2010 17:45:38 GMT+0100"); Found : user_pref("ConduitEngine.PublisherContainerWidth", 0); Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Nov 10 2010 17:45:37 GMT+0100"); Found : user_pref("ConduitEngine.UserID", "UN10149469307669906"); Found : user_pref("ConduitEngine.engineLocale", "de"); Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Nov 10 2010 12:56:20 GMT+0100"); Found : user_pref("ConduitEngine.initDone", true); Found : user_pref("browser.babylon.HPOnNewTab", "isearch.babylon.com"); Found : user_pref("extensions.BabylonToolbar.admin", false); Found : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Found : user_pref("extensions.BabylonToolbar.babExt", ""); Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=109971"); Found : user_pref("extensions.BabylonToolbar.bbDpng", 7); Found : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Found : user_pref("extensions.BabylonToolbar.dfltSrch", true); Found : user_pref("extensions.BabylonToolbar.firstRun", false); Found : user_pref("extensions.BabylonToolbar.hmpg", true); Found : user_pref("extensions.BabylonToolbar.id", "d2f250df000000000000000000000000"); Found : user_pref("extensions.BabylonToolbar.instlDay", "15379"); Found : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Found : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://isearch.babylon.com/?babsrc=adbartrp&babsr[...] Found : user_pref("extensions.BabylonToolbar.lastDP", 7); Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1720:55:38"); Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "12.0"); Found : user_pref("extensions.BabylonToolbar.newTab", true); Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP"); Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false); Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Found : user_pref("extensions.BabylonToolbar.propectorlck", 74948582); Found : user_pref("extensions.BabylonToolbar.prtkDS", 1); Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Found : user_pref("extensions.BabylonToolbar.ptch_0717", true); Found : user_pref("extensions.BabylonToolbar.smplGrp", "none"); Found : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Found : user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)"); Found : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17"); Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1720:55:38"); Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17"); Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Found : user_pref("extensions.BabylonToolbar_i.babExt", ""); Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109971"); Found : user_pref("extensions.BabylonToolbar_i.hardId", "d2f250df000000000000000000000000"); Found : user_pref("extensions.BabylonToolbar_i.id", "d2f250df000000000000000000000000"); Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15379"); Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Found : user_pref("extensions.BabylonToolbar_i.newTab", false); Found : user_pref("extensions.BabylonToolbar_i.ovrDmn", "isearch.babylon.com"); Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:55:38"); Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Found : user_pref("extensions.incredibar_i.aflt", "orgnl"); Found : user_pref("extensions.incredibar_i.dfltLng", ""); Found : user_pref("extensions.incredibar_i.did", "10595"); Found : user_pref("extensions.incredibar_i.excTlbr", "false"); Found : user_pref("extensions.incredibar_i.hardId", "d2f250df000000000000000000000000"); Found : user_pref("extensions.incredibar_i.id", "d2f250df000000000000000000000000"); Found : user_pref("extensions.incredibar_i.installerproductid", "26"); Found : user_pref("extensions.incredibar_i.instlDay", "15387"); Found : user_pref("extensions.incredibar_i.instlRef", ""); Found : user_pref("extensions.incredibar_i.ms_url_id", ""); Found : user_pref("extensions.incredibar_i.newTab", false); Found : user_pref("extensions.incredibar_i.ppd", ""); Found : user_pref("extensions.incredibar_i.prdct", "incredibar"); Found : user_pref("extensions.incredibar_i.productid", "26"); Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); Found : user_pref("extensions.incredibar_i.smplGrp", "none"); Found : user_pref("extensions.incredibar_i.tlbrId", "base"); Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQoHNhJyF&loc=IB[...] Found : user_pref("extensions.incredibar_i.upn2", "6PQoHNhJyF"); Found : user_pref("extensions.incredibar_i.upn2n", "92542391949566785"); Found : user_pref("extensions.incredibar_i.vrsn", "1.5.3.27"); Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.3.2719:25:55"); Found : user_pref("extensions.incredibar_i.vrsni", "1.5.3.27"); Profile name : default File : C:\Users\nettmarketing\AppData\Roaming\Mozilla\Firefox\Profiles\q5sbmr4i.default\prefs.js [OK] File is clean. -\\ Google Chrome v [Unable to get version] File : C:\Users\nett-marketing\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\nettmarketing\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v [Unable to get version] File : C:\Users\nett-marketing\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [30697 octets] - [27/07/2012 19:05:28] AdwCleaner[R2].txt - [30703 octets] - [27/07/2012 19:11:42] ########## EOF - C:\AdwCleaner[R2].txt - [30832 octets] ########## Vielen Dank und was nun? MfG Lyci |
|
27.07.2012, 18:29
| #12 |
| /// Helfer-Team | RKIT/Agent.desj in BAcroIEHelpe171.dll als Malware Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
27.07.2012, 18:44
| #13 |
| | RKIT/Agent.desj in BAcroIEHelpe171.dll als Malware Hi t'john, hier step 1: # AdwCleaner v1.703 - Logfile created 07/27/2012 at 19:36:57 # Updated 20/07/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : nett-marketing - NETT-MARKETING1 # Running from : C:\Users\nett-marketing\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\nett-marketing\AppData\Local\Babylon Folder Deleted : C:\Users\nett-marketing\AppData\Local\Conduit Folder Deleted : C:\Users\nett-marketing\AppData\Local\Ilivid Player Folder Deleted : C:\Users\nett-marketing\AppData\LocalLow\BabylonToolbar Folder Deleted : C:\Users\nett-marketing\AppData\LocalLow\Bandoo Folder Deleted : C:\Users\nett-marketing\AppData\LocalLow\boost_interprocess Folder Deleted : C:\Users\nett-marketing\AppData\LocalLow\Conduit Folder Deleted : C:\Users\nett-marketing\AppData\LocalLow\Freeware.de Folder Deleted : C:\Users\nett-marketing\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\nett-marketing\AppData\LocalLow\searchquband Folder Deleted : C:\Users\nettmarketing\AppData\LocalLow\boost_interprocess Folder Deleted : C:\Users\nett-marketing\AppData\Roaming\Babylon Folder Deleted : C:\Users\nett-marketing\AppData\Roaming\Bandoo Folder Deleted : C:\Users\nett-marketing\AppData\Roaming\loadtbs Folder Deleted : C:\Users\nett-marketing\AppData\Roaming\Media Finder Folder Deleted : C:\Users\nett-marketing\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com Folder Deleted : C:\Users\nett-marketing\AppData\Roaming\Mozilla\Firefox\Profiles\m8tbqzhj.default\Conduit Folder Deleted : C:\Users\nett-marketing\AppData\Roaming\Mozilla\Firefox\Profiles\m8tbqzhj.default\ConduitEngine Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder Folder Deleted : C:\Program Files\Babylon Folder Deleted : C:\Program Files (x86)\Babylon Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com File Deleted : C:\Users\nettmarketing\AppData\Local\Mozilla Firefox\searchplugins\babylon.xml File Deleted : C:\Users\nettmarketing\AppData\Local\Mozilla Firefox\searchplugins\SearchResults.xml File Deleted : C:\Users\nett-marketing\AppData\Roaming\Mozilla\Firefox\Profiles\m8tbqzhj.default\searchplugins\MyStart Search.xml File Deleted : C:\Users\nett-marketing\AppData\Roaming\Mozilla\Firefox\Profiles\m8tbqzhj.default\searchplugins\SweetIm.xml ***** [Registry] ***** [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2801937 Key Deleted : HKCU\Software\APN DTX Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\Headlight Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\MediaFinder Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\SweetIm Key Deleted : HKLM\SOFTWARE\Babylon Key Deleted : HKLM\SOFTWARE\bandoo Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\MF Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\Freeze.com Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Deleted : HKLM\SOFTWARE\SweetIM [x64] Key Deleted : HKLM\SOFTWARE\DataMngr ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB5CEE80-030A-4ED8-8E20-454E9C68380F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB5CEE80-030A-4ED8-8E20-454E9C68380F} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32} [x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC} [x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12} [x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} [x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080} ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.babylon.com/?babsrc=NT_ss&mntrId=d2f250df000000000000000000000000 --> hxxp://www.google.com -\\ Mozilla Firefox v12.0 (de) Profile name : default File : C:\Users\nett-marketing\AppData\Roaming\Mozilla\Firefox\Profiles\m8tbqzhj.default\prefs.js C:\Users\nett-marketing\AppData\Roaming\Mozilla\Firefox\Profiles\m8tbqzhj.default\user.js ... Deleted ! Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2431245,CT2736476,CT2903601"); Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2801937&Search[...] Deleted : user_pref("CommunityToolbar.ConduitSearchList", "NCH DE Customized Web Search"); Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2883880/CT2883880[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2903601/CT2903601[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2801937/CT2801937[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=825452&fid=821260", "\"0\""[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=909619&fid=905414", "\"0\""[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1128724/1124413/DEFAULT", "[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1275839/1271511/DE", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1295532/1291203/DE", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/DE", "\"2-218[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2736476", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801937", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2883880", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2903601", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2801937", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.11[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2431245",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801937",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2883880",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2903601",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2431245&octid=[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2736476&octid=[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2801937&octid=[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2883880&octid=[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2801937&octid=[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2736476/CT2736476[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2903601/CT2903601[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/Idle.GIF", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/mini.gif", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/play.gif", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/stop.gif", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/volume.gif"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/maxi.gif", "[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play_mini.gi[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/Newtab/Softonic/CT2431245.xml", "\"07ba0[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"f9b[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"67e[...] Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", false); Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine"); Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com"); Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine"); Deleted : user_pref("CommunityToolbar.IsEngineShown", true); Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\nett-marketing\\AppData\\Roaming\\M[...] Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.11.0.3"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2431245"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic-de3"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", ""); Deleted : user_pref("CommunityToolbar.ToolbarsList4", ""); Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Mar 29 2011 23:47:51 GMT+02[...] Deleted : user_pref("CommunityToolbar.alert.alertEnabled", true); Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Aug 04 2011 21:58:28 GMT+0200"); Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true); Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Aug 05 2011 22:24:45 GMT+0200"); Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.alert.userId", "90b1e59b-3a92-4092-8900-5eb65dc63a85"); Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Dec 19 2010 18:59:19 GMT+0100"); Deleted : user_pref("CommunityToolbar.globalUserId", "cce786b6-72fe-4efa-b928-0e1c1e21f135"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2801937"); Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Apr 28 2012 23:00:1[...] Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true); Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Apr 29 2012 00:00:24 GMT+020[...] Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true); Deleted : user_pref("CommunityToolbar.notifications.locale", "en"); Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Apr 28 2012 23:00:18 GMT+0200"); Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.notifications.userId", "fc0cd34d-26df-4b00-879a-8c6d2e544d79"); Deleted : user_pref("CommunityToolbar.originalHomepage", "about:home"); Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google"); Deleted : user_pref("ConduitEngine.FirstServerDate", "11/10/2010 14"); Deleted : user_pref("ConduitEngine.FirstTime", true); Deleted : user_pref("ConduitEngine.FirstTimeFF3", true); Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true); Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", false); Deleted : user_pref("ConduitEngine.Initialize", true); Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true); Deleted : user_pref("ConduitEngine.InstalledDate", "Wed Nov 10 2010 12:56:20 GMT+0100"); Deleted : user_pref("ConduitEngine.IsMulticommunity", false); Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false); Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true); Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Nov 10 2010 12:56:20 GMT+0100"); Deleted : user_pref("ConduitEngine.LastLogin_3.2.1.3", "Wed Nov 10 2010 17:45:38 GMT+0100"); Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0); Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Nov 10 2010 17:45:37 GMT+0100"); Deleted : user_pref("ConduitEngine.UserID", "UN10149469307669906"); Deleted : user_pref("ConduitEngine.engineLocale", "de"); Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Nov 10 2010 12:56:20 GMT+0100"); Deleted : user_pref("ConduitEngine.initDone", true); Deleted : user_pref("browser.babylon.HPOnNewTab", "isearch.babylon.com"); Deleted : user_pref("extensions.BabylonToolbar.admin", false); Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar.babExt", ""); Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=109971"); Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 7); Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true); Deleted : user_pref("extensions.BabylonToolbar.firstRun", false); Deleted : user_pref("extensions.BabylonToolbar.hmpg", true); Deleted : user_pref("extensions.BabylonToolbar.id", "d2f250df000000000000000000000000"); Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15379"); Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://isearch.babylon.com/?babsrc=adbartrp&babsr[...] Deleted : user_pref("extensions.BabylonToolbar.lastDP", 7); Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1720:55:38"); Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "12.0"); Deleted : user_pref("extensions.BabylonToolbar.newTab", true); Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP"); Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false); Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 74948582); Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1); Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true); Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)"); Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17"); Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1720:55:38"); Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17"); Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar_i.babExt", ""); Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109971"); Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "d2f250df000000000000000000000000"); Deleted : user_pref("extensions.BabylonToolbar_i.id", "d2f250df000000000000000000000000"); Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15379"); Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false); Deleted : user_pref("extensions.BabylonToolbar_i.ovrDmn", "isearch.babylon.com"); Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:55:38"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl"); Deleted : user_pref("extensions.incredibar_i.dfltLng", ""); Deleted : user_pref("extensions.incredibar_i.did", "10595"); Deleted : user_pref("extensions.incredibar_i.excTlbr", "false"); Deleted : user_pref("extensions.incredibar_i.hardId", "d2f250df000000000000000000000000"); Deleted : user_pref("extensions.incredibar_i.id", "d2f250df000000000000000000000000"); Deleted : user_pref("extensions.incredibar_i.installerproductid", "26"); Deleted : user_pref("extensions.incredibar_i.instlDay", "15387"); Deleted : user_pref("extensions.incredibar_i.instlRef", ""); Deleted : user_pref("extensions.incredibar_i.ms_url_id", ""); Deleted : user_pref("extensions.incredibar_i.newTab", false); Deleted : user_pref("extensions.incredibar_i.ppd", ""); Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar"); Deleted : user_pref("extensions.incredibar_i.productid", "26"); Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); Deleted : user_pref("extensions.incredibar_i.smplGrp", "none"); Deleted : user_pref("extensions.incredibar_i.tlbrId", "base"); Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQoHNhJyF&loc=IB[...] Deleted : user_pref("extensions.incredibar_i.upn2", "6PQoHNhJyF"); Deleted : user_pref("extensions.incredibar_i.upn2n", "92542391949566785"); Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.3.27"); Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.3.2719:25:55"); Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.3.27"); Profile name : default File : C:\Users\nettmarketing\AppData\Roaming\Mozilla\Firefox\Profiles\q5sbmr4i.default\prefs.js [OK] File is clean. -\\ Google Chrome v [Unable to get version] File : C:\Users\nett-marketing\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\nettmarketing\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v [Unable to get version] File : C:\Users\nett-marketing\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [30697 octets] - [27/07/2012 19:05:28] AdwCleaner[R2].txt - [30758 octets] - [27/07/2012 19:11:42] AdwCleaner[S1].txt - [29112 octets] - [27/07/2012 19:36:57] ########## EOF - C:\AdwCleaner[S1].txt - [29241 octets] ########## Jetzt lasse ich das andere Programm laufen. eine Frage am Rande: "sind jetzt auch diese Zeckenseiten weg, die sich nicht entfernen lassen und sich im System festkrallen? Z. B. Spargutscheinwelt oder wie das Ding heißt? Oder diese Toolbars, die sich immer mit installieren?" Vielen Dank. MfG Lyci |
|
27.07.2012, 18:47
| #14 |
| /// Helfer-Team | RKIT/Agent.desj in BAcroIEHelpe171.dll als Malware ja, sollten sie. Bitte mit Emsisoft Log wieder melden. |
|
27.07.2012, 21:37
| #15 |
| | RKIT/Agent.desj in BAcroIEHelpe171.dll als Malware Hi, t'john, das Programm hat bei mir nur den Button "Bericht anzeigen" oder "weiter". Weiter hab ich mich erst einmal nicht getraut, nachher ist alles weg. Hier der bericht. Emsisoft Anti-Malware - Version 6.6 Letztes Update: N/A Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, S:\ Archiv Scan: An ADS Scan: An Scan Beginn: 7/27/2012 7:46:32 PM c:\users\nett-marketing\appdata\local\mediaget2\libeay32.dll gefunden: Riskware.Downloader.Win32.MediaGet.AMN!E1 c:\users\nett-marketing\appdata\local\mediaget2\libvlccore.dll gefunden: Riskware.Downloader.Win32.MediaGet.AMN!E1 c:\users\nett-marketing\appdata\local\mediaget2\libvlc.dll gefunden: Riskware.Downloader.Win32.MediaGet.AMN!E1 c:\users\nett-marketing\appdata\local\mediaget2\qtscript4.dll gefunden: Riskware.Downloader.Win32.MediaGet!E2 c:\users\nett-marketing\appdata\local\mediaget2\qtsql4.dll gefunden: Riskware.Downloader.Win32.MediaGet!E2 c:\users\nett-marketing\appdata\local\mediaget2\ssleay32.dll gefunden: Riskware.Downloader.Win32.MediaGet.AMN!E1 c:\users\nett-marketing\appdata\local\mediaget2\qtdeclarative4.dll gefunden: Riskware.Downloader.Win32.MediaGet!E2 c:\users\nett-marketing\appdata\local\mediaget2\qtnetwork4.dll gefunden: Riskware.Downloader.Win32.MediaGet!E2 c:\users\nett-marketing\appdata\local\mediaget2\qtxmlpatterns4.dll gefunden: Riskware.Downloader.Win32.MediaGet!E2 c:\users\nett-marketing\appdata\local\mediaget2\qtxml4.dll gefunden: Riskware.Downloader.Win32.MediaGet!E2 c:\users\nett-marketing\appdata\local\mediaget2\qtgui4.dll gefunden: Riskware.Downloader.Win32.MediaGet!E2 c:\users\nett-marketing\appdata\local\mediaget2\imageformats\qmng4.dll gefunden: Riskware.Downloader.Win32.MediaGet!E2 c:\users\nett-marketing\appdata\roaming\microsoft\windows\start menu\programs\mumbojumbo gefunden: Trace.File.luxor 2 and chainz 2 bundle!E1 c:\users\nett-marketing\desktop\luxor amun rising.lnk gefunden: Trace.File.luxor amun rising!E1 Key: hkey_local_machine\software\trymedia systems gefunden: Trace.Registry.trymedia!E1 Key: hkey_local_machine\software\trymedia systems\activemark software gefunden: Trace.Registry.trymedia!E1 C:\Users\nett-marketing\Documents\Internet Download Manager [IDM] v6.08 Build 9 - Crack UnREaL\idman608.exe gefunden: Win32.SMSSend!E2 C:\Users\nett-marketing\Documents\Downloads\Compressed\ocean.express.gamehouse.keygen-icu.zip -> ICU.nfo gefunden: Win32.SuspectCrc!E2 C:\Users\nett-marketing\Documents\Downloads\Compressed\ocean.express.gamehouse.keygen-icu.zip -> Ocean Express.(GameHouse).Keygen-icu.exe gefunden: Virus.Win32.Delf.ICC!E2 C:\Users\nett-marketing\Desktop\Sicherungen\diverses\SoftonicDownloader_fuer_internet-download-manager.exe gefunden: Riskware.Win32.SoftonicDownloader.AMN!E1 C:\Users\nett-marketing\Desktop\download Bilder Texte\movsharedl.exe gefunden: Trojan.Win32.Llac.chia.AMN!E1 C:\Users\nett-marketing\Desktop\Download\IDM-6.05-Full+Patch+Crack_ZONE-SHARING.INFO.rar -> Patch-IDM-v6.x_ZONE-SHARING.INFO.rar -> KeyPatch IDM\KEY PATCH IDM.exe gefunden: possible-Threat.Keygen.IDM!E2 C:\Users\nett-marketing\Desktop\Download\IDM-6.05-Full+Patch+Crack_ZONE-SHARING.INFO.rar -> Patch-IDM-v6.x_ZONE-SHARING.INFO.rar gefunden: possible-Threat.Keygen.IDM!E2 C:\Users\nett-marketing\AppData\Roaming\AcroIEHelpe174.dll gefunden: Trojan.Spy.Win32.Farko.AMN!E1 C:\Users\nett-marketing\AppData\Local\MediaGet2\mgiehook.dll gefunden: Riskware.Downloader.Win32.MediaGet.AMN!E1 C:\Users\nett-marketing\AppData\Local\MediaGet2\mediaget-admin-proxy.exe gefunden: Riskware.Downloader.Win32.MediaGet.AMN!E1 C:\Program Files (x86)\JDownloader\downloads\Deu-sp-Uni-Pat.rar -> Deutschland spielt - Universal - Patch\Medizin\Deutschland Spielt Unwrapper.exe gefunden: not-a-virus.Crack.DSU!E2 C:\Program Files (x86)\JDownloader\downloads\Deutschland spielt - Universal - Patch\Medizin\Deutschland Spielt Unwrapper.exe gefunden: Riskware.Crack.DSU!E2 C:\Program Files (x86)\FoxTabVideoConverter\VideoConverter.exe gefunden: Riskware.Win32.InstallCore.AMN!E1 S:\EDV\Programme\IDM\Patch-IDM-v6.x_ZONE-SHARING.INFO.rar -> KeyPatch IDM\KEY PATCH IDM.exe gefunden: possible-Threat.Keygen.IDM!E2 S:\diverses\Spielecracks\ICU.nfo gefunden: Win32.SuspectCrc!E2 S:\diverses\Spielecracks\Ocean Express.(GameHouse).Keygen-icu.exe gefunden: Virus.Win32.Delf.ICC!E2 Gescannt 767583 Gefunden 32 Scan Ende: 7/27/2012 9:00:17 PM Scan Zeit: 1:13:45 MfG Lyci |
|
| Themen zu RKIT/Agent.desj in BAcroIEHelpe171.dll als Malware |
| .dll, administrator, adobe flash player, audacity, avira, bho, browser, desktop, error, explorer, fehlermeldung, flash player, format, helper, hijacker.application, hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?ext=%s, install.exe, kaspersky, langs, launch, logfile, malware, malware gefunden, microsoft, neu, nvidia, plug-in, pup.adware.mediaget, pup.smspay, realtek, recycle.bin, registry, rkit/agent.desj, rogue.antimalwaredoctor, scan, schufa, search the web, searchscopes, security, server, software |
Linear-Darstellung
