| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Infizierte Datei lässt sich nicht dauerhaft entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.08.2012, 15:03
| #1 |
 |  Infizierte Datei lässt sich nicht dauerhaft entfernen Hallo Trojaner-Board-Team, hallo Forum-Mitglieder, ich habe gestern diese Seite entdeckt und bin sehr froh, dass es euch gibt. Ich hoffe, ihr könnt mir bei meinem Problem helfen. Ich habe wie beschrieben die Malsoftware runtergeladen und denke, hab auch alles soweit richtig gemacht. Das Programm fand 2 Trojaner, die ich auch erfolgreich in die Quarantäne verschieben konnte und nachträglich löschen konnte. Jetzt findet er aber leider immer und immer wieder diesen "Rootkit" der sich nicht dauerhaft entfernen lässt. Kopie aus Meldung: Infizierte Dateien: 1 C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. Er schreibt zwar, er schiebt die Datei in die Quarantäne, aber beim nochmaligen durchsuchen taucht das Teil immer wieder auf. Hab es jetzt schon ein paarmal versucht, und komme nicht weiter. In meiner Quarantäne steht jetzt 3 x der selbe Link, aber vom System löschen lässt er sich nicht. Was kann ich noch tun? Ich hoffe, ihr könnt mir weiterhelfen.  Grüße Schwabenbär |
|
24.08.2012, 16:15
| #2 |
| /// Helfer-Team  | Infizierte Datei lässt sich nicht dauerhaft entfernen 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. 2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
|
24.08.2012, 18:52
| #3 |
| | Infizierte Datei lässt sich nicht dauerhaft entfernen Vielen Dank für die schnelle Antwort.
__________________Hier kommen die 2 Text-Editoren aus dem OTL-Programm. Aus OTL.Txt-Editor:OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.08.2012 19:21:09 - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Michi\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,22 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 36,31% Memory free 4,66 Gb Paging File | 3,16 Gb Available in Paging File | 67,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 192,06 Gb Total Space | 107,28 Gb Free Space | 55,86% Space Free | Partition Type: NTFS Drive D: | 97,03 Gb Total Space | 96,94 Gb Free Space | 99,91% Space Free | Partition Type: NTFS Computer Name: BRANKO-PC | User Name: Michi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Michi\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Vista Drive Icon\DrvIcon.exe (artArmin) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Programme\Launch Manager\WisKeyState.exe (Wistron Corp.) PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Programme\Launch Manager\OSDCtrl.exe () PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) PRC - C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe () ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - c:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3034.36868__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3034.36922__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3034.36901__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3034.36888__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3034.36909__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3034.37102__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3034.37066__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3034.37022__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3034.37132__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3034.37138__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3034.36881__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3034.37074__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3034.37080__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3034.37073__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3034.37131__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3034.37130__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3034.37030__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3034.37094__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Dashboard\2.0.3034.37039__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Dashboard\2.0.3034.37032__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Runtime\2.0.3034.37038__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3034.36889__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3034.36928__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3034.37045__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3034.37030__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3034.37044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3034.36935__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3034.37059__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3034.36941__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3034.36941__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3034.37058__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3034.37023__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3034.37016__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3034.37022__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3034.37030__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.3034.37115_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3034.37123__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3034.37122__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3034.37150__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3034.37160__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3034.36860__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3034.36876__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3034.36895__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3034.37115__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3034.36861__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3034.36861__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3034.36859__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3034.36860__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3034.37123__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Programme\Launch Manager\OSDCtrl.exe () ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll () SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (TestHandler) -- C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (FSCLBaseUpdaterService) -- C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe () ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (DgiVecp) -- C:\Windows\system32\Drivers\DgiVecp.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (rwlwt) -- C:\Windows\System32\drivers\tenn.sys () DRV - (rljjyclh) -- C:\Windows\System32\drivers\oqyl.sys () DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.) DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.) DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000&st=12&barid={7C3B8B58-548E-11DF-B935-001F16080FB3} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=5cd9e8250000000000000022431e92fd&tlver=1.4.19.19&ss=1&affID=17395 IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {a51a36e6-31e7-4838-9ff7-76298b527ec0} - C:\Programme\softonic-Germany\tbsoft.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={7C3B8B58-548E-11DF-B935-001F16080FB3} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000&st=12&barid={7C3B8B58-548E-11DF-B935-001F16080FB3} IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\URLSearchHook: {a51a36e6-31e7-4838-9ff7-76298b527ec0} - C:\Programme\softonic-Germany\tbsoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\SearchScopes,DefaultScope = {1F096B29-E9DA-4D64-8D63-936BE7762CC5} IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=16508 IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=5cd9e8250000000000000022431e92fd&tlver=1.4.19.19&ss=1&affID=17395 IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\SearchScopes\{432F3996-53CF-4698-A38E-FC4BDBC1E7FA}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=74462411-EA0B-4537-B5D9-4EB3539BC690&apn_sauid=1D9D4128-F090-47A5-8CCF-FB47117448AA IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE_de IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=lfA4-Z280ARz1ty_2rxPhhKxvP8?q={searchTerms} IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={7C3B8B58-548E-11DF-B935-001F16080FB3} IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "softonic-Germany Customized Web Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/" FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19 FF - prefs.js..extensions.enabledItems: {38542454-dfb6-44f5-b052-d4e071a3d073}:3.3.0.19 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {a51a36e6-31e7-4838-9ff7-76298b527ec0}:3.2.5.2 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=16508" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.06 19:33:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.22 21:59:01 | 000,000,000 | ---D | M] [2009.11.17 23:04:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Extensions [2012.08.24 00:42:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\l0egos2v.default\extensions [2010.04.27 21:53:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\l0egos2v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.08.22 21:27:00 | 000,000,000 | ---D | M] (Elf 1.12 Community Toolbar) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\l0egos2v.default\extensions\{38542454-dfb6-44f5-b052-d4e071a3d073} [2012.05.21 16:06:27 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\l0egos2v.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.08.22 21:45:41 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\l0egos2v.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.08.22 21:26:53 | 000,000,000 | ---D | M] (ST-Germany Community Toolbar) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\l0egos2v.default\extensions\{a51a36e6-31e7-4838-9ff7-76298b527ec0} [2010.04.30 20:46:29 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\l0egos2v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.22 21:26:44 | 000,000,000 | ---D | M] (ST-de3 Community Toolbar) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\l0egos2v.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.04.30 20:46:30 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\l0egos2v.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2011.03.24 18:38:35 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\l0egos2v.default\extensions\engine@conduit.com [2011.09.13 19:23:35 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\l0egos2v.default\extensions\ffxtlbr@babylon.com [2012.01.08 15:44:27 | 000,005,508 | ---- | M] () -- C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\searchplugins\webde-suche.xml [2012.08.22 21:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.11.17 22:14:26 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} [2012.08.22 21:59:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2009.11.17 22:14:26 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com [2012.08.06 19:33:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2012.08.06 19:33:07 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de [2012.08.22 21:59:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2012.06.12 23:00:21 | 000,172,310 | ---- | M] () (No name found) -- C:\USERS\MICHI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L0EGOS2V.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI [2012.08.12 12:30:49 | 000,526,409 | ---- | M] () (No name found) -- C:\USERS\MICHI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L0EGOS2V.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.04.18 18:18:44 | 000,002,428 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (softonic-Germany Toolbar) - {a51a36e6-31e7-4838-9ff7-76298b527ec0} - C:\Programme\softonic-Germany\tbsoft.dll (Conduit Ltd.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found. O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-Germany Toolbar) - {a51a36e6-31e7-4838-9ff7-76298b527ec0} - C:\Programme\softonic-Germany\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\Toolbar\WebBrowser: (softonic-Germany Toolbar) - {A51A36E6-31E7-4838-9FF7-76298B527EC0} - C:\Programme\softonic-Germany\tbsoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DrvIcon] C:\Programme\Vista Drive Icon\DrvIcon.exe (artArmin) O4 - HKLM..\Run: [FSCRecovery] c:\Programme\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe () O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe () O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [WisKeyState] C:\Program Files\Launch Manager\WisKeyState.exe (Wistron Corp.) O4 - HKU\.DEFAULT..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (Fujitsu Siemens Computers) O4 - HKU\S-1-5-18..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (Fujitsu Siemens Computers) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001..\Run: [AdobeBridge] File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - Startup: C:\Users\Branko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Branko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Michi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Michi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C07FE0B-525B-4DFD-A8F9-167A8BD31BA5}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E03E88AA-A301-41D3-9ACF-FB6D09713E93}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Michi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Michi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.24 18:03:00 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.08.23 21:04:22 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Malwarebytes [2012.08.23 21:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.23 21:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.23 21:04:11 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.23 21:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.23 20:52:48 | 000,000,000 | ---D | C] -- C:\Users\Michi\temp [2012.08.23 20:52:40 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2012.08.23 20:12:49 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\ConsumerSoft [2012.08.22 22:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2012.08.22 21:59:01 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll [2012.08.22 21:59:01 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.08.22 21:59:01 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.08.22 21:59:01 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.08.22 21:49:05 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2012.08.16 14:12:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.08.16 14:12:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.08.16 14:12:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.08.16 14:12:19 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.08.16 14:12:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.08.16 14:12:18 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.08.16 14:12:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.08.16 14:11:52 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.08.06 18:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software [2012.08.06 18:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software [2012.08.06 18:15:24 | 000,000,000 | ---D | C] -- C:\Users\Michi\Desktop\Branko [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.24 19:28:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.24 19:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.24 18:28:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc803221d2a1d0.job [2012.08.24 18:20:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.24 18:20:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.24 18:03:21 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.08.24 15:34:57 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\tenn.sys [2012.08.24 14:29:54 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\oqyl.sys [2012.08.24 14:20:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.24 14:20:32 | 2380,316,672 | -HS- | M] () -- C:\hiberfil.sys [2012.08.23 21:04:13 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.23 20:09:32 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.08.23 20:09:32 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.08.23 20:06:17 | 000,000,680 | ---- | M] () -- C:\Users\Michi\AppData\Local\d3d9caps.dat [2012.08.22 21:58:48 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll [2012.08.22 21:58:48 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2012.08.22 21:58:48 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.08.22 21:58:48 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.08.22 21:58:48 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.08.16 14:27:35 | 003,763,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.06 21:26:57 | 000,025,053 | ---- | M] () -- C:\Users\Michi\Desktop\405486_456667851023835_306866483_n.jpg [2012.08.06 19:33:50 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.08.06 18:22:13 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\DriveImage XML.lnk [2012.08.06 18:16:11 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.06 18:16:10 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.06 18:16:10 | 000,127,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.06 18:16:10 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.24 19:23:59 | 000,020,480 | ---- | C] () -- C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U\800000cb.@ [2012.08.24 15:34:57 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\tenn.sys [2012.08.24 14:29:54 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\oqyl.sys [2012.08.24 00:50:27 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U\80000000.@ [2012.08.23 21:04:13 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.22 21:38:42 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U\00000001.@ [2012.08.06 21:26:55 | 000,025,053 | ---- | C] () -- C:\Users\Michi\Desktop\405486_456667851023835_306866483_n.jpg [2012.08.06 18:22:13 | 000,000,918 | ---- | C] () -- C:\Users\Public\Desktop\DriveImage XML.lnk [2012.01.13 00:49:38 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\@ [2012.01.13 00:49:38 | 000,002,048 | -HS- | C] () -- C:\Users\Michi\AppData\Local\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\@ [2011.10.14 19:15:45 | 000,000,000 | ---- | C] () -- C:\Users\Michi\AppData\Local\{F0482072-47F8-4AC7-92C3-9C6782993162} [2011.10.14 19:15:45 | 000,000,000 | ---- | C] () -- C:\Users\Michi\AppData\Local\{89F3762B-1A8A-40EB-8877-1688B6F0E874} [2011.09.23 14:03:00 | 000,000,000 | ---- | C] () -- C:\Users\Michi\AppData\Local\{2774214D-4BE7-4C0B-B883-F339F1ECB13D} [2011.09.23 13:14:03 | 000,000,000 | ---- | C] () -- C:\Users\Michi\AppData\Local\{5DF38481-694B-4BAB-A8D7-ABA0DC3B81E1} [2011.05.26 12:53:01 | 000,000,000 | ---- | C] () -- C:\Users\Michi\AppData\Local\{BDFDC85B-C810-4821-9801-6797779B0842} [2011.03.07 15:18:42 | 000,000,132 | ---- | C] () -- C:\Users\Michi\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.02.28 19:08:50 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.02.23 15:03:38 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe [2011.02.23 15:01:44 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssp7ml3.dll [2010.08.29 22:39:25 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2010.07.09 15:41:53 | 000,000,680 | ---- | C] () -- C:\Users\Michi\AppData\Local\d3d9caps.dat [2010.02.18 20:09:11 | 000,020,992 | ---- | C] () -- C:\Users\Michi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.01 18:49:47 | 000,024,549 | ---- | C] () -- C:\Users\Michi\AppData\Roaming\UserTile.png [2009.11.23 19:17:19 | 000,000,000 | ---- | C] () -- C:\Users\Michi\AppData\Roaming\wklnhst.dat ========== LOP Check ========== [2011.03.01 17:20:06 | 000,000,000 | ---D | M] -- C:\Users\Branko\AppData\Roaming\Babylon [2012.01.25 19:46:40 | 000,000,000 | ---D | M] -- C:\Users\Branko\AppData\Roaming\elsterformular [2010.03.22 13:55:41 | 000,000,000 | ---D | M] -- C:\Users\Branko\AppData\Roaming\OpenOffice.org [2010.08.31 17:27:46 | 000,000,000 | ---D | M] -- C:\Users\Branko\AppData\Roaming\PeerNetworking [2009.11.19 20:37:43 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Amazon [2011.03.03 20:19:09 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.05.11 13:46:33 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\com.adobe.dmp.contentviewer [2011.05.09 18:12:26 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2009.11.17 23:39:33 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\CopyTrans [2011.09.13 19:56:39 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\DVDVideoSoft [2011.09.13 19:37:02 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\DVDVideoSoftIEHelpers [2010.03.16 21:06:01 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\OpenOffice.org [2009.11.18 00:51:35 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\ScreenSeven [2011.03.03 14:04:08 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2009.11.23 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Template [2011.03.06 22:29:58 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\WindSolutions [2012.08.24 14:19:44 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Aus Extras.Txt - EditorOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.08.2012 19:21:09 - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Michi\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,22 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 36,31% Memory free
4,66 Gb Paging File | 3,16 Gb Available in Paging File | 67,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 192,06 Gb Total Space | 107,28 Gb Free Space | 55,86% Space Free | Partition Type: NTFS
Drive D: | 97,03 Gb Total Space | 96,94 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
Computer Name: BRANKO-PC | User Name: Michi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1339509497-3006987741-1441456527-1001]
"EnableNotificationsRef" = 1
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01D077B2-EBC2-D3CE-C93F-3D6285688554}" = Catalyst Control Center Graphics Full New
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{089C498F-F37F-A4B9-4F1E-CB70643DE15A}" = Catalyst Control Center Localization Japanese
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FAEE6AC-5614-8C19-C649-8AFBDA06940E}" = ccc-core-static
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1284C032-AF85-47E2-33BD-8FF589924833}" = CCC Help Italian
"{16F42C96-1F4B-160D-C610-0F34524341CF}" = Catalyst Control Center Localization Turkish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18642F84-F583-4491-41B7-E2385A63859B}" = Catalyst Control Center Localization Hungarian
"{1A40AE7E-E0B8-1DCC-BDBF-FBAD0605778C}" = Catalyst Control Center Localization Swedish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 34
"{2D3D458D-0B38-2E33-08A9-ACD9F32B478B}" = CCC Help German
"{34021ED2-6D5E-8687-2FE2-FE952AF148F0}" = Catalyst Control Center Localization French
"{34C710D2-7247-7E43-828F-966688D2DE59}" = Catalyst Control Center Localization Spanish
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{395336D5-4396-D918-EA0C-51FE645A27F9}" = CCC Help French
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3FA83286-C1C0-681A-A99B-A195B051E2D4}" = Skins
"{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}" = Adobe InDesign CS
"{41D46777-91F4-2964-C92F-156718BFD6C2}" = Catalyst Control Center Graphics Full Existing
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{46D0FC74-4FB0-238E-BDAD-8FEDD20BE0A9}" = CCC Help Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D7FD58B-FEC0-A82E-4825-284C4016F775}" = Catalyst Control Center Localization Russian
"{4EF8BE6A-899C-4196-94E7-297C5F7A203E}" = pdfforge Toolbar v1.1.1
"{51470BC4-6582-059E-D29D-248461273EF6}" = Catalyst Control Center Graphics Previews Vista
"{51A3E74E-2D76-EC58-51F7-B5AA29C27BA9}" = CCC Help Chinese Traditional
"{5303BDEA-9AFE-7205-17D9-412F2A08ACDC}" = Catalyst Control Center Localization Polish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57A98027-DE21-3702-AE9E-9D9E3C369872}" = ccc-utility
"{58BF90E1-8051-3485-EFBE-2172DF7C66C9}" = CCC Help Chinese Standard
"{58E3755B-1E0D-307B-5FD6-2D424AF2E9F8}" = CCC Help Czech
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{62701057-5B94-D746-735D-1126F2E99978}" = CCC Help Japanese
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{66336E9B-5482-B5FB-94F0-405874EE3541}" = Adobe Download Assistant
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{756E4DC1-9324-66B1-B062-BC07ABDF6BBD}" = CCC Help Norwegian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AB93213-828A-3C16-5EFB-4D9698AF2734}" = Catalyst Control Center Localization Chinese Traditional
"{7FFB90F1-FD1C-C5FF-4961-30F8735969AA}" = ATI Catalyst Install Manager
"{83722EAE-DBE4-AFB8-8AC2-F790BC17ACE1}" = Catalyst Control Center Localization Portuguese
"{849C6A43-7355-FBDE-4723-C1CC3DF77248}" = Catalyst Control Center Localization Chinese Standard
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{893B7839-EEEE-DB64-DFB0-259D61CBE3E5}" = Catalyst Control Center Localization German
"{8CE00DD7-BA88-D261-DC58-6D2A412FB5FB}" = CCC Help Korean
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{96AFCF8B-3C53-49A2-8456-E637021B1031}" = Nero 8 Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D24F28F-791D-926B-5EBF-741B4E0B1FDB}" = CCC Help English
"{A44B40EB-59AA-2801-7CB1-998E74D0D895}" = CCC Help Russian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{B4695441-BC7D-DF5C-6018-FD022F86171E}" = Catalyst Control Center Core Implementation
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BC22842C-7CF3-1EBC-F10D-7A74C4AA52E1}" = Catalyst Control Center Localization Dutch
"{BD1B3451-AF14-1697-FF21-60112C206D00}" = CCC Help Danish
"{C3A2FF4E-864F-F8E5-7880-D1EDFE1A7896}" = CCC Help Greek
"{C58F654F-EADD-1F68-659E-88181D641CE7}" = CCC Help Thai
"{C65DE133-36F8-AFE1-1B74-71877D890C5C}" = Catalyst Control Center Localization Korean
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C87BC0B7-2BB8-49D1-8CE0-EB0410EF0938}" = SystemDiagnostics
"{CA45B622-88F9-4836-A529-DBF14698498D}" = Catalyst Control Center - Branding
"{CAAAB5BD-AB1B-792D-6962-A721ED4074C8}" = CCC Help Spanish
"{CB9FB73E-A07D-F109-6A0D-2A5F095F3635}" = Catalyst Control Center Localization Thai
"{CD844C3C-20EE-274B-E926-D424A02916E7}" = Catalyst Control Center Localization Norwegian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.3
"{D09ACD31-5B82-CB45-B2F3-85315AC90D42}" = CCC Help Finnish
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3A07BAE-624A-19E3-E136-9A1FF49F920C}" = CCC Help Swedish
"{D519B743-3D37-52F0-5BEB-662BC0DB4DCC}" = CCC Help Polish
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAA575D9-3E2E-CD34-623A-1B6775A92440}" = CCC Help Dutch
"{E0F456B2-A569-161C-2E0D-2C43D8232F3A}" = CCC Help Portuguese
"{E5275822-15B2-65DE-FB19-3DD506FAF4A1}" = Catalyst Control Center Graphics Light
"{EA77CFCF-693C-FF52-8B51-90745F1F398B}" = Catalyst Control Center Localization Danish
"{EC3FB2E1-E36F-3801-CEBD-90B47703B14B}" = Catalyst Control Center Localization Czech
"{F0697602-055D-0EFA-0AF1-EB127A7E2946}" = Catalyst Control Center Localization Finnish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4A86368-01BD-6AF1-1552-DAFB99F74F90}" = CCC Help Hungarian
"{F574CBB5-A312-C472-1C29-D5C9E3E8B61B}" = Catalyst Control Center Localization Greek
"{F58B763E-9FB9-4629-AF3C-CC9744BC4BA7}" = Fujitsu Siemens Computers Recovery
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FC8F9F2F-4B7A-A318-86A1-1695DCCCC586}" = Catalyst Control Center Localization Italian
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"CCleaner" = CCleaner (remove only)
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"conduitEngine" = Conduit Engine
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.11.804
"Free Studio_is1" = Free Studio version 4.6
"Free YouTube Download_is1" = Free YouTube Download version 3.0.14.908
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"Google Desktop" = Google Desktop
"Luxor Amun Rising" = Luxor Amun Rising (remove only)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Picasa 3" = Picasa 3
"Samsung ML-1660 Series" = Wartung Samsung ML-1660 Series
"softonic-Germany Toolbar" = softonic-Germany Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.17
"Virtual Villagers" = Virtual Villagers (remove only)
"Vista Drive Icon" = Vista Drive Icon 1.4
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.03.2011 16:26:57 | Computer Name = Branko-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.03.2011 16:31:26 | Computer Name = Branko-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3989 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 10b4 Anfangszeit: 01cbdc3d62d4ab64 Zeitpunkt der Beendigung:
37
Error - 06.03.2011 16:52:25 | Computer Name = Branko-PC | Source = Application Hang | ID = 1002
Description = Programm iTunes.exe, Version 10.2.0.34 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: b78 Anfangszeit: 01cbdc3ffddec8f4 Zeitpunkt der Beendigung:
37
Error - 06.03.2011 23:32:48 | Computer Name = Branko-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.03.2011 01:09:29 | Computer Name = Branko-PC | Source = EventSystem | ID = 4621
Description =
Error - 07.03.2011 07:06:59 | Computer Name = Branko-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.03.2011 14:21:34 | Computer Name = Branko-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 07.03.2011 14:21:35 | Computer Name = Branko-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 07.03.2011 17:52:49 | Computer Name = Branko-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.03.2011 20:38:36 | Computer Name = Branko-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 24.08.2012 06:17:25 | Computer Name = Branko-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 24.08.2012 06:17:51 | Computer Name = Branko-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Canon Inkjet PIXMA iP5000 nicht
unter dem Namen Canon Inkjet PIXMA iP5000 freigeben. Fehler: 1753. Der Drucker
kann nicht von anderen Benutzern im Netzwerk verwendet werden.
Error - 24.08.2012 06:19:00 | Computer Name = Branko-PC | Source = WMPNetworkSvc | ID = 866293
Description =
Error - 24.08.2012 08:20:40 | Computer Name = Branko-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
Error - 24.08.2012 08:22:14 | Computer Name = Branko-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Canon Inkjet PIXMA iP5000 nicht
unter dem Namen Canon Inkjet PIXMA iP5000 freigeben. Fehler: 1753. Der Drucker
kann nicht von anderen Benutzern im Netzwerk verwendet werden.
Error - 24.08.2012 08:22:18 | Computer Name = Branko-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 24.08.2012 08:22:18 | Computer Name = Branko-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 24.08.2012 08:22:18 | Computer Name = Branko-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 24.08.2012 08:22:18 | Computer Name = Branko-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 24.08.2012 08:22:56 | Computer Name = Branko-PC | Source = WMPNetworkSvc | ID = 866293
Description =
< End of report >
Gruß, schönes Wochenende und |
|
24.08.2012, 22:52
| #4 |
| /// Helfer-Team | Infizierte Datei lässt sich nicht dauerhaft entfernen Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll ()
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (DgiVecp) -- C:\Windows\system32\Drivers\DgiVecp.sys File not found
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&st=12&barid={7C3B8B58-548E-11DF-B935-001F16080FB3}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=5cd9e8250000000000000022431e92fd&tlver=1.4.19.19&ss=1&affID=17395
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {a51a36e6-31e7-4838-9ff7-76298b527ec0} - C:\Programme\softonic-Germany\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={7C3B8B58-548E-11DF-B935-001F16080FB3}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&st=12&barid={7C3B8B58-548E-11DF-B935-001F16080FB3}
IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\URLSearchHook: {a51a36e6-31e7-4838-9ff7-76298b527ec0} - C:\Programme\softonic-Germany\tbsoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found
IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\SearchScopes,DefaultScope = {1F096B29-E9DA-4D64-8D63-936BE7762CC5}
IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=16508
IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=5cd9e8250000000000000022431e92fd&tlver=1.4.19.19&ss=1&affID=17395
IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\SearchScopes\{432F3996-53CF-4698-A38E-FC4BDBC1E7FA}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=74462411-EA0B-4537-B5D9-4EB3539BC690&apn_sauid=1D9D4128-F090-47A5-8CCF-FB47117448AA
IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE_de
IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=lfA4-Z280ARz1ty_2rxPhhKxvP8?q={searchTerms}
IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={7C3B8B58-548E-11DF-B935-001F16080FB3}
IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-Germany Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.t-online.de/"
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=16508"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (softonic-Germany Toolbar) - {a51a36e6-31e7-4838-9ff7-76298b527ec0} - C:\Programme\softonic-Germany\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-Germany Toolbar) - {a51a36e6-31e7-4838-9ff7-76298b527ec0} - C:\Programme\softonic-Germany\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\..\Toolbar\WebBrowser: (softonic-Germany Toolbar) - {A51A36E6-31E7-4838-9FF7-76298B527EC0} - C:\Programme\softonic-Germany\tbsoft.dll (Conduit Ltd.)
O4 - HKU\S-1-5-21-1339509497-3006987741-1441456527-1001..\Run: [AdobeBridge] File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2012.08.22 22:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2012.08.24 19:28:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.24 19:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.24 19:23:59 | 000,020,480 | ---- | C] () -- C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U\800000cb.@
[2012.08.24 18:28:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc803221d2a1d0.job
[2012.08.22 21:58:48 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.08.24 00:50:27 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U\80000000.@
[2012.08.22 21:38:42 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U\00000001.@
[2012.01.13 00:49:38 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\@
[2012.01.13 00:49:38 | 000,002,048 | -HS- | C] () -- C:\Users\Michi\AppData\Local\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\@
[2011.03.01 17:20:06 | 000,000,000 | ---D | M] -- C:\Users\Branko\AppData\Roaming\Babylon
:Files
C:\Users\Michi\AppData\Local\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\
C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\
C:\Users\Michi\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Michi\AppData\Local\Temp\*.exe
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
26.08.2012, 12:53
| #5 |
| | Infizierte Datei lässt sich nicht dauerhaft entfernen All processes killed ========== OTL ========== Service Akamai stopped successfully! Service Akamai deleted successfully! c:\program files\common files\akamai/netsession_win_4f7fccd.dll moved successfully. Service NwlnkFwd stopped successfully! Service NwlnkFwd deleted successfully! File system32\DRIVERS\nwlnkfwd.sys File not found not found. Service NwlnkFlt stopped successfully! Service NwlnkFlt deleted successfully! File system32\DRIVERS\nwlnkflt.sys File not found not found. Service IpInIp stopped successfully! Service IpInIp deleted successfully! File system32\DRIVERS\ipinip.sys File not found not found. Service DgiVecp stopped successfully! Service DgiVecp deleted successfully! File C:\Windows\system32\Drivers\DgiVecp.sys File not found not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully. C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{a51a36e6-31e7-4838-9ff7-76298b527ec0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a51a36e6-31e7-4838-9ff7-76298b527ec0}\ deleted successfully. C:\Programme\softonic-Germany\tbsoft.dll moved successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found. File C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll not found. Registry value HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{a51a36e6-31e7-4838-9ff7-76298b527ec0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a51a36e6-31e7-4838-9ff7-76298b527ec0}\ not found. File C:\Programme\softonic-Germany\tbsoft.dll not found. Registry value HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found. HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ not found. Registry key HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\SearchScopes\{432F3996-53CF-4698-A38E-FC4BDBC1E7FA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{432F3996-53CF-4698-A38E-FC4BDBC1E7FA}\ not found. Registry key HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. Registry key HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found. Registry key HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Ask.com" removed from browser.search.defaultenginename Prefs.js: "softonic-Germany Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "" removed from browser.search.defaulturl Prefs.js: "Ask.com" removed from browser.search.order.1 Prefs.js: "chr-greentree_ff&type=971163" removed from browser.search.param.yahoo-fr Prefs.js: false removed from browser.search.suggest.enabled Prefs.js: true removed from browser.search.useDBForOrder Prefs.js: "hxxp://www.t-online.de/" removed from browser.startup.homepage Prefs.js: ffxtlbr@babylon.com:1.1.3 removed from extensions.enabledItems Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from keyword.URL Prefs.js: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=16508" removed from sweetim.toolbar.previous.browser.search.defaulturl Prefs.js: "Google" removed from sweetim.toolbar.previous.browser.search.selectedEngine Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from sweetim.toolbar.previous.keyword.URL Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully. C:\Programme\ConduitEngine\prxConduitEngine.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found. File C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a51a36e6-31e7-4838-9ff7-76298b527ec0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a51a36e6-31e7-4838-9ff7-76298b527ec0}\ not found. File C:\Programme\softonic-Germany\tbsoft.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully. C:\Programme\pdfforge Toolbar\pdfforgeToolbarIE.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Programme\ConduitEngine\prxConduitEngine.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found. File C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a51a36e6-31e7-4838-9ff7-76298b527ec0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a51a36e6-31e7-4838-9ff7-76298b527ec0}\ not found. File Germany\tbsoft.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found. File C:\Programme\pdfforge Toolbar\pdfforgeToolbarIE.dll not found. Registry value HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found. Registry value HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found. File C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll not found. Registry value HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A51A36E6-31E7-4838-9FF7-76298B527EC0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A51A36E6-31E7-4838-9FF7-76298B527EC0}\ not found. File Germany\tbsoft.dll not found. Registry value HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An vorhandene PDF-Datei anfügen\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\In Adobe PDF konvertieren\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Linkziel an vorhandene PDF-Datei anhängen\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Linkziel in Adobe PDF konvertieren\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\Windows\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. C:\ProgramData\Ask\APN-Stub folder moved successfully. C:\ProgramData\Ask folder moved successfully. C:\Windows\System32\ConduitEngine.tmp deleted successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully. C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully. C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U\800000cb.@ moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cc803221d2a1d0.job moved successfully. C:\Windows\System32\deployJava1.dll moved successfully. C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U\80000000.@ moved successfully. C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U\00000001.@ moved successfully. C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\@ moved successfully. C:\Users\Michi\AppData\Local\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\@ moved successfully. C:\Users\Branko\AppData\Roaming\Babylon\updates folder moved successfully. C:\Users\Branko\AppData\Roaming\Babylon\Content\icons folder moved successfully. C:\Users\Branko\AppData\Roaming\Babylon\Content folder moved successfully. C:\Users\Branko\AppData\Roaming\Babylon folder moved successfully. ========== FILES ========== C:\Users\Michi\AppData\Local\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U folder moved successfully. C:\Users\Michi\AppData\Local\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\L folder moved successfully. C:\Users\Michi\AppData\Local\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e} folder moved successfully. C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U folder moved successfully. C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\L folder moved successfully. Folder move failed. C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e} scheduled to be moved on reboot. C:\Users\Michi\AppData\Local\{2774214D-4BE7-4C0B-B883-F339F1ECB13D} moved successfully. C:\Users\Michi\AppData\Local\{5DF38481-694B-4BAB-A8D7-ABA0DC3B81E1} moved successfully. C:\Users\Michi\AppData\Local\{89F3762B-1A8A-40EB-8877-1688B6F0E874} moved successfully. C:\Users\Michi\AppData\Local\{BDFDC85B-C810-4821-9801-6797779B0842} moved successfully. C:\Users\Michi\AppData\Local\{F0482072-47F8-4AC7-92C3-9C6782993162} moved successfully. File\Folder C:\ProgramData\*.exe not found. File\Folder C:\ProgramData\TEMP not found. File\Folder C:\Users\Michi\AppData\Local\Temp\*.exe not found. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6d0ad391-5ab8f17c-n folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Michi\Downloads\cmd.bat deleted successfully. C:\Users\Michi\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Branko ->Temp folder emptied: 49025536 bytes ->Temporary Internet Files folder emptied: 15272543 bytes ->Java cache emptied: 1635126 bytes ->FireFox cache emptied: 53680519 bytes ->Apple Safari cache emptied: 23835648 bytes ->Flash cache emptied: 506 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User User: Michi ->Temp folder emptied: 213789 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 51326831 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 528 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 14295 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 186,00 mb OTL by OldTimer - Version 3.2.58.1 log created on 08262012_134115 Files\Folders moved on Reboot... C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U folder moved successfully. C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e} folder moved successfully. File\Folder C:\Users\Branko\AppData\Local\Temp\2011-10-28-1198426082_04-RG.PDF not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... So hallo, ich habe alles so ausgeführt wie beschrieben und jetzt scheint mein Rechner wieder sauber zu sein. Das Malware-Programm findet nichts mehr. Jetzt werde ich mal wieder meinen Antivire draufladen und hoffe, er meckert auch nicht mehr! Das ist wie beschrieben die infizierte Datei: Die Datei wurde geöffnet und ich konnte es löschen. Hier nochmal der Link. Infizierte Dateien: 1 C:\_OTL\MovedFiles\08262012_134115\C_Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. So, vielen vielen Dank für eure Hilfe, das hätte ich alleine niemals hinbekommen.  Ich werde euch gerne weiterempfehlen. Herzliche Grüsse, und einen schönen Sonntag noch... Schwabenbär |
|
27.08.2012, 02:13
| #6 |
| /// Helfer-Team | Infizierte Datei lässt sich nicht dauerhaft entfernen Sehr gut! Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> Infizierte Datei lässt sich nicht dauerhaft entfernen |
|
29.08.2012, 20:22
| #7 |
| | Infizierte Datei lässt sich nicht dauerhaft entfernen Hallo t'john, tja, zu früh gefreut... Das Malware-Programm sagt ok, nichts gefunden nach dem Komplettdurchlauf, aber mein AntiVira meckert und meldet er hätte ein "W32/Patched.UB" gefunden. Zugriff verweigert, lässt sich nicht löschen. Toll... Hier nochmal das log: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.29.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Michi :: BRANKO-PC [Administrator] Schutz: Aktiviert 29.08.2012 18:01:11 mbam-log-2012-08-29 (18-01-11).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 381589 Laufzeit: 3 Stunde(n), 1 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Der Text des AdwCleaner-Programm bringt diese Meldung nach dem Search: # AdwCleaner v1.801 - Logfile created 08/29/2012 at 21:06:29 # Updated 14/08/2012 by Xplode # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # User : Michi - BRANKO-PC # Boot Mode : Normal # Running from : C:\Users\Michi\Downloads\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\Branko\AppData\Local\Babylon Folder Found : C:\Users\Michi\AppData\Local\Conduit Folder Found : C:\Users\Branko\AppData\LocalLow\BabylonToolbar Folder Found : C:\Users\Branko\AppData\LocalLow\Conduit Folder Found : C:\Users\Branko\AppData\LocalLow\ConduitEngine Folder Found : C:\Users\Branko\AppData\LocalLow\DVDVideoSoftTB Folder Found : C:\Users\Branko\AppData\LocalLow\pdfforge Folder Found : C:\Users\Branko\AppData\LocalLow\PriceGong Folder Found : C:\Users\Branko\AppData\LocalLow\Search Settings Folder Found : C:\Users\Branko\AppData\LocalLow\softonic-Germany Folder Found : C:\Users\Branko\AppData\LocalLow\SweetIM Folder Found : C:\Users\Michi\AppData\LocalLow\BabylonToolbar Folder Found : C:\Users\Michi\AppData\LocalLow\Conduit Folder Found : C:\Users\Michi\AppData\LocalLow\ConduitEngine Folder Found : C:\Users\Michi\AppData\LocalLow\DVDVideoSoftTB Folder Found : C:\Users\Michi\AppData\LocalLow\pdfforge Folder Found : C:\Users\Michi\AppData\LocalLow\Search Settings Folder Found : C:\Users\Michi\AppData\LocalLow\softonic-Germany Folder Found : C:\Users\Michi\AppData\Roaming\OpenCandy Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\Conduit Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\ConduitCommon Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\ConduitEngine Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\CT2269050 Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\CT2269050 Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\CT2431245 Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\CT2449729 Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\CT2625848 Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\CT2857572 Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\Smartbar Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\SweetIMToolbarData Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\SweetPacksToolbarData Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{38542454-dfb6-44f5-b052-d4e071a3d073} Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{a51a36e6-31e7-4838-9ff7-76298b527ec0} Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\engine@conduit.com Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\ffxtlbr@babylon.com Folder Found : C:\Program Files\Babylon Folder Found : C:\Program Files\Conduit Folder Found : C:\Program Files\ConduitEngine Folder Found : C:\Program Files\DVDVideoSoftTB Folder Found : C:\Program Files\pdfforge Toolbar Folder Found : C:\Program Files\softonic-Germany File Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi File Found : C:\Program Files\Mozilla Firefox\Extensions\search@searchsettings.com File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml ***** [Registry] ***** [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2449729[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2625848 Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\conduitEngine Key Found : HKCU\Software\AppDataLow\Software\pdfforge Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EF8BE6A-899C-4196-94E7-297C5F7A203E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Found : HKCU\Software\Softonic Key Found : HKCU\Software\SweetIm Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\Installer\Features\a6eb8fe4c9986914497e92c7f5a702e3 Key Found : HKLM\SOFTWARE\Classes\Installer\Products\a6eb8fe4c9986914497e92c7f5a702e3 Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\conduitEngine Key Found : HKLM\SOFTWARE\conduitEngine Key Found : HKLM\SOFTWARE\DVDVideoSoftTB Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4EF8BE6A-899C-4196-94E7-297C5F7A203E} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\softonic-Germany Toolbar Key Found : HKLM\SOFTWARE\pdfforge Key Found : HKLM\SOFTWARE\Search Settings Key Found : HKLM\SOFTWARE\softonic-Germany Key Found : HKLM\SOFTWARE\SweetIM ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F75B8121-0A98-4503-ADAA-5180CF1D7556} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FAE2191-BA19-43C5-8283-989E95ADB67D} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9911698-4371-47F6-AF08-FB01D34050DB} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74739784-809D-4F8B-B266-8E3F9C00950B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6799308A-7679-49B5-9BA9-66294B7C3AFF} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}] ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848 -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\Branko\AppData\Roaming\Mozilla\Firefox\Profiles\1s3savbq.default\prefs.js Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Found : user_pref("browser.search.defaulturl", "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browserse[...] Found : user_pref("browser.search.order.1", "Search the web (Babylon)"); Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?babsrc=adbartrp&AF=16508&q="); Profile name : default File : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\prefs.js Found : user_pref("CT2269050..clientLogIsEnabled", false); Found : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true); Found : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true); Found : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true); Found : user_pref("CT2269050.CTID", "CT2269050"); Found : user_pref("CT2269050.CurrentServerDate", "29-8-2012"); Found : user_pref("CT2269050.DialogsAlignMode", "LTR"); Found : user_pref("CT2269050.DialogsGetterLastCheckTime", "Wed Aug 29 2012 17:06:47 GMT+0200"); Found : user_pref("CT2269050.DownloadReferralCookieData", ""); Found : user_pref("CT2269050.EMailNotifierPollDate", "Tue Aug 31 2010 18:02:30 GMT+0200"); Found : user_pref("CT2269050.FirstServerDate", "30-4-2010"); Found : user_pref("CT2269050.FirstTime", true); Found : user_pref("CT2269050.FirstTimeFF3", true); Found : user_pref("CT2269050.FirstTimeSettingsDone", true); Found : user_pref("CT2269050.FixPageNotFoundErrors", true); Found : user_pref("CT2269050.GroupingServerCheckInterval", 1440); Found : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2269050.HasUserGlobalKeys", true); Found : user_pref("CT2269050.Initialize", true); Found : user_pref("CT2269050.InitializeCommonPrefs", true); Found : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT2269050.InstallationType", "Unknown"); Found : user_pref("CT2269050.InstalledDate", "Fri Apr 30 2010 21:52:48 GMT+0200"); Found : user_pref("CT2269050.InvalidateCache", false); Found : user_pref("CT2269050.IsGrouping", false); Found : user_pref("CT2269050.IsMulticommunity", false); Found : user_pref("CT2269050.IsOpenThankYouPage", false); Found : user_pref("CT2269050.IsOpenUninstallPage", false); Found : user_pref("CT2269050.LanguagePackLastCheckTime", "Wed Aug 29 2012 17:06:47 GMT+0200"); Found : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2269050.LastLogin_2.5.8.6", "Fri Apr 30 2010 21:52:49 GMT+0200"); Found : user_pref("CT2269050.LastLogin_2.7.2.0", "Tue Aug 31 2010 17:56:16 GMT+0200"); Found : user_pref("CT2269050.LastLogin_3.12.0.7", "Fri Apr 27 2012 10:16:30 GMT+0200"); Found : user_pref("CT2269050.LastLogin_3.12.2.3", "Wed May 30 2012 17:00:47 GMT+0200"); Found : user_pref("CT2269050.LastLogin_3.13.0.6", "Fri Jun 22 2012 15:55:12 GMT+0200"); Found : user_pref("CT2269050.LastLogin_3.15.1.0", "Wed Aug 29 2012 17:06:46 GMT+0200"); Found : user_pref("CT2269050.LatestVersion", "3.15.1.0"); Found : user_pref("CT2269050.Locale", "en"); Found : user_pref("CT2269050.LoginCache", 4); Found : user_pref("CT2269050.MCDetectTooltipHeight", "83"); Found : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2269050.MCDetectTooltipWidth", "295"); Found : user_pref("CT2269050.MyStuffEnabledAtInstallation", true); Found : user_pref("CT2269050.RadioIsPodcast", false); Found : user_pref("CT2269050.RadioLastCheckTime", "Tue Aug 31 2010 17:56:16 GMT+0200"); Found : user_pref("CT2269050.RadioLastUpdateIPServer", "3"); Found : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000"); Found : user_pref("CT2269050.RadioMediaID", "12473383"); Found : user_pref("CT2269050.RadioMediaType", "Media Player"); Found : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383"); Found : user_pref("CT2269050.RadioStationName", "Hotmix%20108"); Found : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082"); Found : user_pref("CT2269050.SHRINK_TOOLBAR", 1); Found : user_pref("CT2269050.SavedHomepage", "hxxp://home.sweetim.com"); Found : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Found : user_pref("CT2269050.SearchFromAddressBarIsInit", true); Found : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...] Found : user_pref("CT2269050.SearchInNewTabEnabled", true); Found : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Wed Aug 29 2012 17:06:45 GMT+0200"); Found : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Found : user_pref("CT2269050.ServiceMapLastCheckTime", "Wed Aug 29 2012 17:06:45 GMT+0200"); Found : user_pref("CT2269050.SettingsCheckIntervalMin", 120); Found : user_pref("CT2269050.SettingsLastCheckTime", "Wed Aug 29 2012 17:06:44 GMT+0200"); Found : user_pref("CT2269050.SettingsLastUpdate", "1346236157"); Found : user_pref("CT2269050.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sun Aug 29 2010 22:46:48 GMT+0200"); Found : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1272286482"); Found : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050"); Found : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT2269050.UserID", "UN34423118382261710"); Found : user_pref("CT2269050.ValidationData_Toolbar", 2); Found : user_pref("CT2269050.WeatherNetwork", ""); Found : user_pref("CT2269050.WeatherPollDate", "Tue Aug 31 2010 17:56:17 GMT+0200"); Found : user_pref("CT2269050.WeatherUnit", "C"); Found : user_pref("CT2269050.alertChannelId", "666138"); Found : user_pref("CT2269050.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E"); Found : user_pref("CT2269050.clientLogIsEnabled", false); Found : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Found : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT2269050.homepageProtectorEnableByLogin", true); Found : user_pref("CT2269050.initDone", true); Found : user_pref("CT2269050.myStuffEnabled", true); Found : user_pref("CT2269050.myStuffPublihserMinWidth", 400); Found : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2269050.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2269050.revertSettingsEnabled", true); Found : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT2269050.searchProtectorEnableByLogin", true); Found : user_pref("CT2269050.testingCtid", ""); Found : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Wed Aug 29 2012 17:06:47 GMT+0200"); Found : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Found : user_pref("CT2269050.usagesFlag", 2); Found : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2431245.CTID", "CT2431245"); Found : user_pref("CT2431245.CurrentServerDate", "31-8-2010"); Found : user_pref("CT2431245.DialogsAlignMode", "LTR"); Found : user_pref("CT2431245.DownloadReferralCookieData", ""); Nochmal danke für die tolle Hilfe! Gruss und schönen Abend Schwabenbär |
|
29.08.2012, 22:26
| #8 |
| /// Helfer-Team | Infizierte Datei lässt sich nicht dauerhaft entfernen Malware mit Combofix beseitigen Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen! |
|
30.08.2012, 15:50
| #9 |
| | Infizierte Datei lässt sich nicht dauerhaft entfernen Hallo, das scheint ja echt was größeres... Ich will ja nicht nerven, aber es wird immer besser... Ich kann dieses Combofix nicht installieren, da die Meldung kommt: Achtung!!! ComboFix hat festgestellt das folgende Real-Time-Scanner aktiv sind. antivirus: Avira Desktop antispyware: Avira Desktop Ich habe aber das komplette Antivire-Programm deinstalliert und einen Neustart gemacht. Hängt das mit dem komischen "W32/Patched.UB" zusammen? Ich finde keine restlichen AntiVire-Daten auf dem Desktop und verstehe nur noch Bahnhof...  Gruss Schwabenbär |
|
30.08.2012, 20:29
| #10 |
| /// Helfer-Team | Infizierte Datei lässt sich nicht dauerhaft entfernen Laesst sich Combofix dennoch starten? |
|
02.09.2012, 14:15
| #11 |
| | Infizierte Datei lässt sich nicht dauerhaft entfernen Da bin ich wieder... So hallo, ja nach dem heutigen Update von Combofix hat er sich ohne Probleme installiert und er hat die Platte durchsucht. Dann automatischer Neustart. Und hier das Log: Combofix Logfile: Code:
ATTFilter ComboFix 12-08-31.08 - Michi 02.09.2012 14:44:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2269.1113 [GMT 2:00]
ausgeführt von:: c:\users\Michi\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\Inst9753.exe
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-02 bis 2012-09-02 ))))))))))))))))))))))))))))))
.
.
2012-09-02 12:54 . 2012-09-02 12:57 -------- d-----w- c:\users\Michi\AppData\Local\temp
2012-09-02 12:54 . 2012-09-02 12:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-02 12:54 . 2012-09-02 12:54 -------- d-----w- c:\users\Branko\AppData\Local\temp
2012-08-26 16:14 . 2012-08-26 16:16 -------- d-----w- c:\users\Michi\AppData\Roaming\DVDVideoSoftIEHelpers
2012-08-26 16:14 . 2012-08-24 13:58 405152 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-08-26 16:14 . 2012-08-26 16:15 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2012-08-26 16:14 . 2012-08-26 16:15 -------- d-----w- c:\program files\DVDVideoSoft
2012-08-26 15:47 . 2012-08-26 16:15 -------- d-----w- c:\users\Michi\AppData\Roaming\OpenCandy
2012-08-26 11:41 . 2012-08-26 11:41 -------- d-----w- C:\_OTL
2012-08-23 19:04 . 2012-08-23 19:04 -------- d-----w- c:\users\Michi\AppData\Roaming\Malwarebytes
2012-08-23 19:04 . 2012-08-23 19:04 -------- d-----w- c:\programdata\Malwarebytes
2012-08-23 18:52 . 2012-08-23 18:52 -------- d-----w- c:\users\Michi\temp
2012-08-23 18:52 . 2012-08-23 18:52 -------- d-----w- c:\program files\TeamViewer
2012-08-23 18:12 . 2012-08-23 18:12 -------- d-----w- c:\users\Michi\AppData\Local\ConsumerSoft
2012-08-22 19:59 . 2012-08-22 19:58 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-22 19:49 . 2012-08-22 19:49 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-22 19:27 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{07AB42B6-5696-4DB0-BB19-5DEDD0A230CF}\mpengine.dll
2012-08-15 20:25 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-06 17:33 . 2012-07-14 00:12 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-08-06 17:33 . 2012-07-14 00:12 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-08-06 16:22 . 2012-08-06 16:22 -------- d-----w- c:\program files\Runtime Software
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-23 18:09 . 2012-04-22 11:45 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-23 18:09 . 2011-06-10 18:45 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-04 14:02 . 2012-08-16 12:11 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-29 00:09 . 2012-08-16 12:12 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-06 06:49 . 2012-06-06 06:49 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 16:47 . 2012-07-12 10:33 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-12 10:33 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-12 10:33 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-14 00:15 . 2011-03-24 16:37 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-08-14 08:25 . 2010-03-27 00:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-01 6025216]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2008-03-26 188416]
"WisKeyState"="c:\program files\Launch Manager\WisKeyState.exe" [2008-03-07 208896]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2008-03-03 258048]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2007-12-25 241664]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-14 30192]
"FSCRecovery"="c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" [2008-05-08 268096]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2010-06-07 618496]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-08 533264]
.
c:\users\Branko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-6-10 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1339509497-3006987741-1441456527-1001]
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848
mStart Page =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Michi\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Michi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-09-02 14:57
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\WisLMSvc.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-02 15:04:36 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-02 13:04
.
Vor Suchlauf: 17 Verzeichnis(se), 114.353.479.680 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 117.190.549.504 Bytes frei
.
- - End Of File - - 4B8BD110017EEFD56C461FFAA3DB50B9
Ich installiere jetzt mal noch keine Antiviren-Programme. Hoffentlich hat das Combofix das jetzt gepackt.  ))Schönen Restsonntag und Gruß Schwabenbär Ich glaube jetzt funktioniert wieder alles wieder wie es sein sollte! Tausend Dank für Eure Hilfe.  Gruss Schwabenbär |
|
02.09.2012, 20:45
| #12 |
| /// Helfer-Team | Infizierte Datei lässt sich nicht dauerhaft entfernen Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
04.09.2012, 15:20
| #13 |
| | Infizierte Datei lässt sich nicht dauerhaft entfernen Hallo, hier der Log vom adwcleaner. # AdwCleaner v1.801 - Logfile created 09/04/2012 at 16:12:52 # Updated 14/08/2012 by Xplode # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # User : Michi - BRANKO-PC # Boot Mode : Normal # Running from : C:\Users\Michi\Downloads\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Branko\AppData\Local\Babylon Folder Deleted : C:\Users\Michi\AppData\Local\Babylon Folder Deleted : C:\Users\Michi\AppData\Local\Conduit Folder Deleted : C:\Users\Branko\AppData\LocalLow\BabylonToolbar Folder Deleted : C:\Users\Branko\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Branko\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\Branko\AppData\LocalLow\DVDVideoSoftTB Folder Deleted : C:\Users\Branko\AppData\LocalLow\pdfforge Folder Deleted : C:\Users\Branko\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Branko\AppData\LocalLow\Search Settings Folder Deleted : C:\Users\Branko\AppData\LocalLow\softonic-Germany Folder Deleted : C:\Users\Branko\AppData\LocalLow\SweetIM Folder Deleted : C:\Users\Michi\AppData\LocalLow\BabylonToolbar Folder Deleted : C:\Users\Michi\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Michi\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\Michi\AppData\LocalLow\DVDVideoSoftTB Folder Deleted : C:\Users\Michi\AppData\LocalLow\pdfforge Folder Deleted : C:\Users\Michi\AppData\LocalLow\Search Settings Folder Deleted : C:\Users\Michi\AppData\LocalLow\softonic-Germany Folder Deleted : C:\Users\Michi\AppData\Roaming\Babylon Folder Deleted : C:\Users\Michi\AppData\Roaming\OpenCandy Folder Deleted : C:\Users\Michi\AppData\Roaming\pdfforge Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\Conduit Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\ConduitCommon Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\ConduitEngine Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\CT2269050 Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\CT2431245 Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\CT2449729 Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\CT2625848 Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\CT2857572 Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\Smartbar Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\SweetIMToolbarData Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\SweetPacksToolbarData Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{38542454-dfb6-44f5-b052-d4e071a3d073} Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{a51a36e6-31e7-4838-9ff7-76298b527ec0} Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\engine@conduit.com Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\ffxtlbr@babylon.com Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\ConduitEngine Folder Deleted : C:\Program Files\DVDVideoSoftTB Folder Deleted : C:\Program Files\BrowserCompanion File Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi File Deleted : C:\Program Files\Mozilla Firefox\Extensions\search@searchsettings.com File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml ***** [Registry] ***** [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2449729[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2625848 Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EF8BE6A-899C-4196-94E7-297C5F7A203E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\SweetIm Key Deleted : HKLM\SOFTWARE\Babylon Key Deleted : HKLM\SOFTWARE\BabylonToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\a6eb8fe4c9986914497e92c7f5a702e3 Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\a6eb8fe4c9986914497e92c7f5a702e3 Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\conduitEngine Key Deleted : HKLM\SOFTWARE\DVDVideoSoftTB Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4EF8BE6A-899C-4196-94E7-297C5F7A203E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\softonic-Germany Toolbar Key Deleted : HKLM\SOFTWARE\pdfforge Key Deleted : HKLM\SOFTWARE\Search Settings Key Deleted : HKLM\SOFTWARE\softonic-Germany Key Deleted : HKLM\SOFTWARE\SweetIM ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F75B8121-0A98-4503-ADAA-5180CF1D7556} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FAE2191-BA19-43C5-8283-989E95ADB67D} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9911698-4371-47F6-AF08-FB01D34050DB} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74739784-809D-4F8B-B266-8E3F9C00950B} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6799308A-7679-49B5-9BA9-66294B7C3AFF} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=109958&tt=3612_5&babsrc=HP_ss&mntrId=5cd9e8250000000000000022431e92fd --> hxxp://www.google.com -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\Branko\AppData\Roaming\Mozilla\Firefox\Profiles\1s3savbq.default\prefs.js C:\Users\Branko\AppData\Roaming\Mozilla\Firefox\Profiles\1s3savbq.default\user.js ... Deleted ! Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Deleted : user_pref("browser.search.defaulturl", "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browserse[...] Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)"); Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?babsrc=adbartrp&AF=16508&q="); Profile name : default File : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\prefs.js C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\user.js ... Deleted ! Deleted : user_pref("CT2269050..clientLogIsEnabled", false); Deleted : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true); Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true); Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true); Deleted : user_pref("CT2269050.CTID", "CT2269050"); Deleted : user_pref("CT2269050.CurrentServerDate", "4-9-2012"); Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2269050.DialogsGetterLastCheckTime", "Sun Sep 02 2012 14:38:47 GMT+0200"); Deleted : user_pref("CT2269050.DownloadReferralCookieData", ""); Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Tue Aug 31 2010 18:02:30 GMT+0200"); Deleted : user_pref("CT2269050.FirstServerDate", "30-4-2010"); Deleted : user_pref("CT2269050.FirstTime", true); Deleted : user_pref("CT2269050.FirstTimeFF3", true); Deleted : user_pref("CT2269050.FirstTimeSettingsDone", true); Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true); Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2269050.HasUserGlobalKeys", true); Deleted : user_pref("CT2269050.Initialize", true); Deleted : user_pref("CT2269050.InitializeCommonPrefs", true); Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2269050.InstallationType", "Unknown"); Deleted : user_pref("CT2269050.InstalledDate", "Fri Apr 30 2010 21:52:48 GMT+0200"); Deleted : user_pref("CT2269050.InvalidateCache", false); Deleted : user_pref("CT2269050.IsGrouping", false); Deleted : user_pref("CT2269050.IsMulticommunity", false); Deleted : user_pref("CT2269050.IsOpenThankYouPage", false); Deleted : user_pref("CT2269050.IsOpenUninstallPage", false); Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Mon Sep 03 2012 16:12:00 GMT+0200"); Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2269050.LastLogin_2.5.8.6", "Fri Apr 30 2010 21:52:49 GMT+0200"); Deleted : user_pref("CT2269050.LastLogin_2.7.2.0", "Tue Aug 31 2010 17:56:16 GMT+0200"); Deleted : user_pref("CT2269050.LastLogin_3.12.0.7", "Fri Apr 27 2012 10:16:30 GMT+0200"); Deleted : user_pref("CT2269050.LastLogin_3.12.2.3", "Wed May 30 2012 17:00:47 GMT+0200"); Deleted : user_pref("CT2269050.LastLogin_3.13.0.6", "Fri Jun 22 2012 15:55:12 GMT+0200"); Deleted : user_pref("CT2269050.LastLogin_3.15.1.0", "Tue Sep 04 2012 16:04:11 GMT+0200"); Deleted : user_pref("CT2269050.LatestVersion", "3.15.1.0"); Deleted : user_pref("CT2269050.Locale", "en"); Deleted : user_pref("CT2269050.LoginCache", 4); Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2269050.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT2269050.RadioIsPodcast", false); Deleted : user_pref("CT2269050.RadioLastCheckTime", "Tue Aug 31 2010 17:56:16 GMT+0200"); Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000"); Deleted : user_pref("CT2269050.RadioMediaID", "12473383"); Deleted : user_pref("CT2269050.RadioMediaType", "Media Player"); Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383"); Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108"); Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082"); Deleted : user_pref("CT2269050.SHRINK_TOOLBAR", 1); Deleted : user_pref("CT2269050.SavedHomepage", "hxxp://home.sweetim.com"); Deleted : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...] Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true); Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Mon Sep 03 2012 16:12:00 GMT+0200"); Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2269050.ServiceMapLastCheckTime", "Mon Sep 03 2012 16:12:00 GMT+0200"); Deleted : user_pref("CT2269050.SettingsCheckIntervalMin", 120); Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Tue Sep 04 2012 16:04:08 GMT+0200"); Deleted : user_pref("CT2269050.SettingsLastUpdate", "1346669743"); Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sun Aug 29 2010 22:46:48 GMT+0200"); Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1272286482"); Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050"); Deleted : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT2269050.UserID", "UN34423118382261710"); Deleted : user_pref("CT2269050.ValidationData_Toolbar", 2); Deleted : user_pref("CT2269050.WeatherNetwork", ""); Deleted : user_pref("CT2269050.WeatherPollDate", "Tue Aug 31 2010 17:56:17 GMT+0200"); Deleted : user_pref("CT2269050.WeatherUnit", "C"); Deleted : user_pref("CT2269050.alertChannelId", "666138"); Deleted : user_pref("CT2269050.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E"); Deleted : user_pref("CT2269050.clientLogIsEnabled", false); Deleted : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Deleted : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT2269050.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT2269050.initDone", true); Deleted : user_pref("CT2269050.myStuffEnabled", true); Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2269050.revertSettingsEnabled", true); Deleted : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT2269050.searchProtectorEnableByLogin", true); Deleted : user_pref("CT2269050.testingCtid", ""); Deleted : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Mon Sep 03 2012 16:12:01 GMT+0200"); Deleted : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Deleted : user_pref("CT2269050.usagesFlag", 2); Deleted : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2431245.CTID", "CT2431245"); Deleted : user_pref("CT2431245.CurrentServerDate", "31-8-2010"); Deleted : user_pref("CT2431245.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2431245.DownloadReferralCookieData", ""); Deleted : user_pref("CT2431245.EMailNotifierPollDate", "Tue Aug 31 2010 18:02:30 GMT+0200"); Deleted : user_pref("CT2431245.FeedLastCount129009402595187825", 496); Deleted : user_pref("CT2431245.FeedPollDate7470634014180506963", "Tue Aug 31 2010 17:56:20 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634014269327586", "Tue Aug 31 2010 17:56:19 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634014329599698", "Tue Aug 31 2010 17:56:19 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634014537505092", "Tue Aug 31 2010 17:56:19 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634014970726540", "Tue Aug 31 2010 17:56:19 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634015410831318", "Tue Aug 31 2010 17:56:23 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634015483395460", "Tue Aug 31 2010 17:56:20 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634015636754705", "Tue Aug 31 2010 17:56:20 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634015768347545", "Tue Aug 31 2010 17:56:20 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634015855543602", "Tue Aug 31 2010 17:56:19 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634016030710453", "Tue Aug 31 2010 17:56:19 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634016114705611", "Tue Aug 31 2010 17:56:21 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634016129205152", "Tue Aug 31 2010 17:56:21 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634016143724791", "Tue Aug 31 2010 17:56:23 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634016271239162", "Tue Aug 31 2010 17:56:23 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634016568520719", "Tue Aug 31 2010 17:56:20 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634016726993788", "Tue Aug 31 2010 17:56:19 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634017109031809", "Tue Aug 31 2010 17:56:20 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634017132743740", "Tue Aug 31 2010 17:56:20 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634017299547668", "Tue Aug 31 2010 17:56:21 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634017302327846", "Tue Aug 31 2010 17:56:20 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634017344111490", "Tue Aug 31 2010 17:56:19 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634017478360748", "Tue Aug 31 2010 17:56:23 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634017732797593", "Tue Aug 31 2010 17:56:19 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634017821686064", "Tue Aug 31 2010 17:56:23 GMT+0200"); Deleted : user_pref("CT2431245.FeedPollDate7470634018090228721", "Tue Aug 31 2010 17:56:21 GMT+0200"); Deleted : user_pref("CT2431245.FeedTTL7470634014269327586", 5); Deleted : user_pref("CT2431245.FeedTTL7470634014537505092", 5); Deleted : user_pref("CT2431245.FeedTTL7470634014970726540", 2); Deleted : user_pref("CT2431245.FeedTTL7470634015636754705", 5); Deleted : user_pref("CT2431245.FeedTTL7470634016568520719", 30); Deleted : user_pref("CT2431245.FirstServerDate", "31-8-2010"); Deleted : user_pref("CT2431245.FirstTime", true); Deleted : user_pref("CT2431245.FirstTimeFF3", true); Deleted : user_pref("CT2431245.FirstTimeSettingsDone", true); Deleted : user_pref("CT2431245.FixPageNotFoundErrors", true); Deleted : user_pref("CT2431245.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2431245.Initialize", true); Deleted : user_pref("CT2431245.InitializeCommonPrefs", true); Deleted : user_pref("CT2431245.InstallationAndCookieDataSentCount", 1); Deleted : user_pref("CT2431245.InstallationType", "UnknownIntegration"); Deleted : user_pref("CT2431245.InstalledDate", "Tue Aug 31 2010 17:56:18 GMT+0200"); Deleted : user_pref("CT2431245.InvalidateCache", false); Deleted : user_pref("CT2431245.IsGrouping", false); Deleted : user_pref("CT2431245.IsMulticommunity", false); Deleted : user_pref("CT2431245.IsOpenThankYouPage", false); Deleted : user_pref("CT2431245.IsOpenUninstallPage", true); Deleted : user_pref("CT2431245.LanguagePackLastCheckTime", "Tue Aug 31 2010 17:56:20 GMT+0200"); Deleted : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2431245.LastLogin_2.7.2.0", "Tue Aug 31 2010 17:56:20 GMT+0200"); Deleted : user_pref("CT2431245.LatestVersion", "2.7.2.0"); Deleted : user_pref("CT2431245.Locale", "de-de"); Deleted : user_pref("CT2431245.LoginCache", 4); Deleted : user_pref("CT2431245.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2431245.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2431245.RadioIsPodcast", false); Deleted : user_pref("CT2431245.RadioLastCheckTime", "Tue Aug 31 2010 17:56:20 GMT+0200"); Deleted : user_pref("CT2431245.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000"); Deleted : user_pref("CT2431245.RadioMediaID", "20503672"); Deleted : user_pref("CT2431245.RadioMediaType", "Media Player"); Deleted : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672"); Deleted : user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland"); Deleted : user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u"); Deleted : user_pref("CT2431245.SavedHomepage", "hxxp://www.t-online.de/"); Deleted : user_pref("CT2431245.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Deleted : user_pref("CT2431245.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...] Deleted : user_pref("CT2431245.SearchInNewTabEnabled", true); Deleted : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Tue Aug 31 2010 17:56:20 GMT+0200"); Deleted : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2431245.SettingsCheckIntervalMin", 120); Deleted : user_pref("CT2431245.SettingsLastCheckTime", "Tue Aug 31 2010 17:56:16 GMT+0200"); Deleted : user_pref("CT2431245.SettingsLastUpdate", "1281127908"); Deleted : user_pref("CT2431245.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Tue Aug 31 2010 17:56:16 GMT+0200"); Deleted : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1255348257"); Deleted : user_pref("CT2431245.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...] Deleted : user_pref("CT2431245.UserID", "UN42251906708570826"); Deleted : user_pref("CT2431245.ValidationData_Toolbar", 0); Deleted : user_pref("CT2431245.WeatherNetwork", ""); Deleted : user_pref("CT2431245.WeatherPollDate", "Tue Aug 31 2010 17:56:20 GMT+0200"); Deleted : user_pref("CT2431245.WeatherUnit", "C"); Deleted : user_pref("CT2431245.alertChannelId", "825452"); Deleted : user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E"); Deleted : user_pref("CT2431245.clientLogIsEnabled", false); Deleted : user_pref("CT2431245.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Deleted : user_pref("CT2431245.myStuffEnabled", true); Deleted : user_pref("CT2431245.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2431245.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2431245.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Deleted : user_pref("CT2449729..clientLogIsEnabled", false); Deleted : user_pref("CT2449729..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2449729..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2449729.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2449729.CTID", "CT2449729"); Deleted : user_pref("CT2449729.CurrentServerDate", "28-2-2011"); Deleted : user_pref("CT2449729.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2449729.DialogsGetterLastCheckTime", "Mon Feb 28 2011 20:39:22 GMT+0100"); Deleted : user_pref("CT2449729.DownloadReferralCookieData", ""); Deleted : user_pref("CT2449729.EMailNotifierPollDate", "Mon Feb 28 2011 21:24:03 GMT+0100"); Deleted : user_pref("CT2449729.FeedLastCount129029445737143755", 506); Deleted : user_pref("CT2449729.FeedPollDate7470634014180506963", "Mon Feb 28 2011 20:39:04 GMT+0100"); Deleted : user_pref("CT2449729.FeedPollDate7470634014269327586", "Mon Feb 28 2011 20:39:03 GMT+0100"); Deleted : user_pref("CT2449729.FeedPollDate7470634014329599698", "Mon Feb 28 2011 20:39:03 GMT+0100"); Deleted : user_pref("CT2449729.FeedPollDate7470634014537505092", "Mon Feb 28 2011 20:39:03 GMT+0100"); Deleted : user_pref("CT2449729.FeedPollDate7470634014970726540", "Mon Feb 28 2011 20:39:03 GMT+0100"); Deleted : user_pref("CT2449729.FeedPollDate7470634015410831318", "Mon Feb 28 2011 20:39:05 GMT+0100"); Deleted : user_pref("CT2449729.FeedPollDate7470634015483395460", "Mon Feb 28 2011 20:39:04 GMT+0100"); Deleted : user_pref("CT2449729.FeedPollDate7470634015636754705", "Mon Feb 28 2011 20:39:04 GMT+0100"); Deleted : user_pref("CT2449729.FeedPollDate7470634015768347545", "Mon Feb 28 2011 20:39:03 GMT+0100"); Deleted : user_pref("CT2449729.FeedPollDate7470634015855543602", "Mon Feb 28 2011 20:39:03 GMT+0100"); Deleted : user_pref("CT2449729.FeedPollDate7470634016030710453", "Mon Feb 28 2011 20:39:03 GMT+0100"); Deleted : user_pref("CT2449729.FeedPollDate7470634016114705611", "Mon Feb 28 2011 20:39:05 GMT+0100"); Deleted : user_pref("CT2449729.FeedPollDate7470634016129205152", "Mon Feb 28 2011 20:39:04 GMT+0100"); Deleted : user_pref("CT2449729.FeedPollDate7470634016143724791", "Mon Feb 28 2011 20:39:05 GMT+0100"); Deleted : user_pref("CT2449729.FeedPollDate7470634016271239162", "Mon Feb 28 2011 20:39:05 GMT+0100"); Deleted : user_pref("CT2449729.FeedPollDate7470634016568520719", "Mon Feb 28 2011 20:39:04 GMT+0100"); Deleted : user_pref("CT2449729.FeedPollDate7470634016726993788", "Mon Feb 28 2011 20:39:03 GMT+0100"); Deleted : user_pref("CT2449729.FeedPollDate7470634017109031809", "Mon Feb 28 2011 20:39:04 GMT+0100"); Deleted : user_pref("CT2449729.FeedPollDate7470634017132743740", "Mon Feb 28 2011 20:39:04 GMT+0100"); Deleted : user_pref("CT2449729.FeedPollDate7470634017299547668", "Mon Feb 28 2011 20:39:04 GMT+0100"); Deleted : user_pref("CT2449729.FeedPollDate7470634017302327846", "Mon Feb 28 2011 20:39:04 GMT+0100"); Deleted : user_pref("CT2449729.FeedPollDate7470634017344111490", "Mon Feb 28 2011 20:39:03 GMT+0100"); Deleted : user_pref("CT2449729.FeedPollDate7470634017478360748", "Mon Feb 28 2011 20:39:05 GMT+0100"); Deleted : user_pref("CT2449729.FeedPollDate7470634017732797593", "Mon Feb 28 2011 20:39:03 GMT+0100"); Deleted : user_pref("CT2449729.FeedPollDate7470634017821686064", "Mon Feb 28 2011 20:39:05 GMT+0100"); Deleted : user_pref("CT2449729.FeedPollDate7470634018090228721", "Mon Feb 28 2011 20:39:04 GMT+0100"); Deleted : user_pref("CT2449729.FeedTTL7470634014269327586", 5); Deleted : user_pref("CT2449729.FeedTTL7470634014970726540", 2); Deleted : user_pref("CT2449729.FeedTTL7470634015636754705", 5); Deleted : user_pref("CT2449729.FeedTTL7470634016568520719", 30); Deleted : user_pref("CT2449729.FirstServerDate", "28-2-2011"); Deleted : user_pref("CT2449729.FirstTime", true); Deleted : user_pref("CT2449729.FirstTimeFF3", true); Deleted : user_pref("CT2449729.FixPageNotFoundErrors", true); Deleted : user_pref("CT2449729.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2449729.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2449729.HasUserGlobalKeys", true); Deleted : user_pref("CT2449729.Initialize", true); Deleted : user_pref("CT2449729.InitializeCommonPrefs", true); Deleted : user_pref("CT2449729.InstallationAndCookieDataSentCount", 1); Deleted : user_pref("CT2449729.InstallationId", "softonic-Germany.exe"); Deleted : user_pref("CT2449729.InstallationType", "ConduitIntegration"); Deleted : user_pref("CT2449729.InstalledDate", "Mon Feb 28 2011 20:39:02 GMT+0100"); Deleted : user_pref("CT2449729.InvalidateCache", false); Deleted : user_pref("CT2449729.IsGrouping", false); Deleted : user_pref("CT2449729.IsMulticommunity", false); Deleted : user_pref("CT2449729.IsOpenThankYouPage", false); Deleted : user_pref("CT2449729.IsOpenUninstallPage", true); Deleted : user_pref("CT2449729.LanguagePackLastCheckTime", "Mon Feb 28 2011 20:39:11 GMT+0100"); Deleted : user_pref("CT2449729.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2449729.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2449729.LastLogin_3.3.0.19", "Mon Feb 28 2011 20:39:01 GMT+0100"); Deleted : user_pref("CT2449729.LatestVersion", "3.2.5.2"); Deleted : user_pref("CT2449729.Locale", "de-de"); Deleted : user_pref("CT2449729.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2449729.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2449729.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2449729.RadioIsPodcast", false); Deleted : user_pref("CT2449729.RadioLastCheckTime", "Mon Feb 28 2011 20:39:03 GMT+0100"); Deleted : user_pref("CT2449729.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT2449729.RadioLastUpdateServer", "3"); Deleted : user_pref("CT2449729.RadioMediaID", "9962"); Deleted : user_pref("CT2449729.RadioMediaType", "Media Player"); Deleted : user_pref("CT2449729.RadioMenuSelectedID", "EBRadioMenu_CT24497299962"); Deleted : user_pref("CT2449729.RadioStationName", "California%20Rock"); Deleted : user_pref("CT2449729.RadioStationURL", "hxxp://feedlive.net/california.asx"); Deleted : user_pref("CT2449729.SavedHomepage", "hxxp://www.t-online.de/"); Deleted : user_pref("CT2449729.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2449729.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT244[...] Deleted : user_pref("CT2449729.SearchInNewTabEnabled", true); Deleted : user_pref("CT2449729.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2449729.SearchInNewTabLastCheckTime", "Mon Feb 28 2011 20:39:03 GMT+0100"); Deleted : user_pref("CT2449729.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2449729.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2449729.ServiceMapLastCheckTime", "Mon Feb 28 2011 20:39:00 GMT+0100"); Deleted : user_pref("CT2449729.SettingsLastCheckTime", "Mon Feb 28 2011 20:39:00 GMT+0100"); Deleted : user_pref("CT2449729.SettingsLastUpdate", "1297858522"); Deleted : user_pref("CT2449729.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2449729.ThirdPartyComponentsLastCheck", "Mon Feb 28 2011 20:39:00 GMT+0100"); Deleted : user_pref("CT2449729.ThirdPartyComponentsLastUpdate", "1255348257"); Deleted : user_pref("CT2449729.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID"); Deleted : user_pref("CT2449729.UserID", "UN94126971300382876"); Deleted : user_pref("CT2449729.WeatherNetwork", ""); Deleted : user_pref("CT2449729.WeatherPollDate", "Mon Feb 28 2011 21:09:46 GMT+0100"); Deleted : user_pref("CT2449729.WeatherUnit", "C"); Deleted : user_pref("CT2449729.alertChannelId", "843580"); Deleted : user_pref("CT2449729.backendstorage._fb_dailyactivity", "31323938393231393433363931"); Deleted : user_pref("CT2449729.backendstorage._fb_lifetimesent", "54525545"); Deleted : user_pref("CT2449729.backendstorage.facebook_ctid_connect_send", "73656E646564"); Deleted : user_pref("CT2449729.globalFirstTimeInfoLastCheckTime", "Mon Feb 28 2011 20:39:01 GMT+0100"); Deleted : user_pref("CT2449729.isAppTrackingManagerOn", true); Deleted : user_pref("CT2449729.myStuffEnabled", true); Deleted : user_pref("CT2449729.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2449729.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2449729.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2449729.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2449729.testingCtid", ""); Deleted : user_pref("CT2449729.toolbarAppMetaDataLastCheckTime", "Mon Feb 28 2011 20:39:00 GMT+0100"); Deleted : user_pref("CT2449729.toolbarContextMenuLastCheckTime", "Mon Feb 28 2011 20:39:11 GMT+0100"); Deleted : user_pref("CT2449729.usagesFlag", 1); Deleted : user_pref("CT2625848.1000082.isPlayDisplay", "true"); Deleted : user_pref("CT2625848.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...] Deleted : user_pref("CT2625848.2625848a129894023611240511000000paramsGK1", "{\"updateReqTime\":1345996432350,\[...] Deleted : user_pref("CT2625848.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT2625848.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...] Deleted : user_pref("CT2625848.FirstTime", "true"); Deleted : user_pref("CT2625848.FirstTimeFF3", "true"); Deleted : user_pref("CT2625848.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSBC[...] Deleted : user_pref("CT2625848.UserID", "UN27124993240142055"); Deleted : user_pref("CT2625848.addressBarTakeOverEnabledInHidden", "true"); Deleted : user_pref("CT2625848.autoDisableScopes", -1); Deleted : user_pref("CT2625848.browser.search.defaultthis.engineName", true); Deleted : user_pref("CT2625848.defaultSearch", "true"); Deleted : user_pref("CT2625848.embeddedsData", "[{\"appId\":\"129181467799155027\",\"apiPermissions\":{\"cross[...] Deleted : user_pref("CT2625848.enableAlerts", "false"); Deleted : user_pref("CT2625848.enableSearchFromAddressBar", "true"); Deleted : user_pref("CT2625848.firstTimeDialogOpened", "true"); Deleted : user_pref("CT2625848.fixPageNotFoundError", "true"); Deleted : user_pref("CT2625848.fixPageNotFoundErrorInHidden", "true"); Deleted : user_pref("CT2625848.fixUrls", true); Deleted : user_pref("CT2625848.installId", "ConduitNSISIntegration"); Deleted : user_pref("CT2625848.installType", "ConduitNSISIntegration"); Deleted : user_pref("CT2625848.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT2625848.isNewTabEnabled", true); Deleted : user_pref("CT2625848.isPerformedSmartBarTransition", "true"); Deleted : user_pref("CT2625848.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Deleted : user_pref("CT2625848.keyword", true); Deleted : user_pref("CT2625848.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...] Deleted : user_pref("CT2625848.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); Deleted : user_pref("CT2625848.openThankYouPage", "false"); Deleted : user_pref("CT2625848.openUninstallPage", "true"); Deleted : user_pref("CT2625848.search.searchAppId", "129181467799155027"); Deleted : user_pref("CT2625848.search.searchCount", "0"); Deleted : user_pref("CT2625848.searchInNewTabEnabledInHidden", "true"); Deleted : user_pref("CT2625848.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT2625848.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...] Deleted : user_pref("CT2625848.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...] Deleted : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...] Deleted : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...] Deleted : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...] Deleted : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...] Deleted : user_pref("CT2625848.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...] Deleted : user_pref("CT2625848.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1345996198035"); Deleted : user_pref("CT2625848.serviceLayer_services_appsMetadata_lastUpdate", "1345996198088"); Deleted : user_pref("CT2625848.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1345996199239"); Deleted : user_pref("CT2625848.serviceLayer_services_login_10.10.22.13_lastUpdate", "1346252928858"); Deleted : user_pref("CT2625848.serviceLayer_services_login_10.10.27.6_lastUpdate", "1346767582019"); Deleted : user_pref("CT2625848.serviceLayer_services_optimizer_lastUpdate", "1345996199468"); Deleted : user_pref("CT2625848.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1345996199324"); Deleted : user_pref("CT2625848.serviceLayer_services_searchAPI_lastUpdate", "1345996196777"); Deleted : user_pref("CT2625848.serviceLayer_services_serviceMap_lastUpdate", "1346682067961"); Deleted : user_pref("CT2625848.serviceLayer_services_toolbarContextMenu_lastUpdate", "1345996198365"); Deleted : user_pref("CT2625848.serviceLayer_services_toolbarSettings_lastUpdate", "1346767579620"); Deleted : user_pref("CT2625848.serviceLayer_services_translation_lastUpdate", "1346682068395"); Deleted : user_pref("CT2625848.settingsINI", true); Deleted : user_pref("CT2625848.shouldFirstTimeDialog", "false"); Deleted : user_pref("CT2625848.smartbar.CTID", "CT2625848"); Deleted : user_pref("CT2625848.smartbar.Uninstall", "0"); Deleted : user_pref("CT2625848.smartbar.homepage", true); Deleted : user_pref("CT2625848.smartbar.isHidden", true); Deleted : user_pref("CT2625848.smartbar.toolbarName", "DVDVideoSoftTB DE "); Deleted : user_pref("CT2625848.startPage", "userChanged"); Deleted : user_pref("CT2625848.toolbarBornServerTime", "26-8-2012"); Deleted : user_pref("CT2625848.toolbarCurrentServerTime", "4-9-2012"); Deleted : user_pref("CT2857572..clientLogIsEnabled", true); Deleted : user_pref("CT2857572..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2857572..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2857572.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2857572.AppTrackingLastCheckTime", "Mon Feb 28 2011 18:05:09 GMT+0100"); Deleted : user_pref("CT2857572.CT2857572", "CT2857572"); Deleted : user_pref("CT2857572.CurrentServerDate", "28-2-2011"); Deleted : user_pref("CT2857572.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2857572.DialogsGetterLastCheckTime", "Thu Jan 06 2011 13:06:36 GMT+0100"); Deleted : user_pref("CT2857572.DownloadReferralCookieData", ""); Deleted : user_pref("CT2857572.ExternalComponentPollDate129356796046694434", "Sun Feb 27 2011 15:19:29 GMT+010[...] Deleted : user_pref("CT2857572.FirstServerDate", "6-1-2011"); Deleted : user_pref("CT2857572.FirstTime", true); Deleted : user_pref("CT2857572.FirstTimeFF3", true); Deleted : user_pref("CT2857572.FixPageNotFoundErrors", false); Deleted : user_pref("CT2857572.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2857572.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2857572.HasUserGlobalKeys", true); Deleted : user_pref("CT2857572.Initialize", true); Deleted : user_pref("CT2857572.InitializeCommonPrefs", true); Deleted : user_pref("CT2857572.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2857572.InstalledDate", "Thu Jan 06 2011 13:06:37 GMT+0100"); Deleted : user_pref("CT2857572.InvalidateCache", false); Deleted : user_pref("CT2857572.IsGrouping", false); Deleted : user_pref("CT2857572.IsMulticommunity", false); Deleted : user_pref("CT2857572.IsOpenThankYouPage", true); Deleted : user_pref("CT2857572.IsOpenUninstallPage", true); Deleted : user_pref("CT2857572.LanguagePackLastCheckTime", "Mon Feb 28 2011 18:04:59 GMT+0100"); Deleted : user_pref("CT2857572.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2857572.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2857572.LastLogin_3.3.0.19", "Mon Feb 28 2011 18:04:59 GMT+0100"); Deleted : user_pref("CT2857572.LatestVersion", "3.2.5.2"); Deleted : user_pref("CT2857572.Locale", "en"); Deleted : user_pref("CT2857572.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2857572.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2857572.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2857572.RadioIsPodcast", false); Deleted : user_pref("CT2857572.RadioLastCheckTime", "Mon Feb 28 2011 18:04:59 GMT+0100"); Deleted : user_pref("CT2857572.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT2857572.RadioLastUpdateServer", "129400870958430000"); Deleted : user_pref("CT2857572.RadioMediaID", "21753723"); Deleted : user_pref("CT2857572.RadioMediaType", "Media Player"); Deleted : user_pref("CT2857572.RadioMenuSelectedID", "EBRadioMenu_CT285757221753723"); Deleted : user_pref("CT2857572.RadioStationName", "California%20Rock%20-%20Rock"); Deleted : user_pref("CT2857572.RadioStationURL", "hxxp://www.feedlive.net/california.asx"); Deleted : user_pref("CT2857572.SavedHomepage", "hxxp://www.t-online.de/"); Deleted : user_pref("CT2857572.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2857572.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...] Deleted : user_pref("CT2857572.SearchInNewTabEnabled", true); Deleted : user_pref("CT2857572.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2857572.SearchInNewTabLastCheckTime", "Mon Feb 28 2011 18:04:58 GMT+0100"); Deleted : user_pref("CT2857572.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2857572.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2857572.ServiceMapLastCheckTime", "Mon Feb 28 2011 18:04:58 GMT+0100"); Deleted : user_pref("CT2857572.SettingsLastCheckTime", "Mon Feb 28 2011 20:38:39 GMT+0100"); Deleted : user_pref("CT2857572.SettingsLastUpdate", "1298225553"); Deleted : user_pref("CT2857572.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2857572.ThirdPartyComponentsLastCheck", "Sat Feb 19 2011 10:30:47 GMT+0100"); Deleted : user_pref("CT2857572.ThirdPartyComponentsLastUpdate", "1246790578"); Deleted : user_pref("CT2857572.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID"); Deleted : user_pref("CT2857572.UserID", "UN28618226516012224"); Deleted : user_pref("CT2857572.ValidationData_Search", 2); Deleted : user_pref("CT2857572.ValidationData_Toolbar", 2); Deleted : user_pref("CT2857572.WeatherNetwork", ""); Deleted : user_pref("CT2857572.WeatherPollDate", "Mon Feb 28 2011 21:09:46 GMT+0100"); Deleted : user_pref("CT2857572.WeatherUnit", "C"); Deleted : user_pref("CT2857572.alertChannelId", "1249594"); Deleted : user_pref("CT2857572.approveUntrustedApps", true); Deleted : user_pref("CT2857572.backendstorage._fb_dailyactivity", "31323938393132373033303735"); Deleted : user_pref("CT2857572.backendstorage._fb_lifetimesent", "54525545"); Deleted : user_pref("CT2857572.backendstorage.facebook_ctid_connect_send", "73656E646564"); Deleted : user_pref("CT2857572.backendstorage.facebook_mode", "32"); Deleted : user_pref("CT2857572.backendstorage.facebook_user_first_login_date", "30322F31302F32303131"); Deleted : user_pref("CT2857572.backendstorage.facebook_user_locale", "6465"); Deleted : user_pref("CT2857572.backendstorage.facebook_user_survey_visit", "4E4F545F56495349544544"); Deleted : user_pref("CT2857572.backendstorage.hxxp://facebook_conduitapps_com/v3_2_0.facebook_ctid_connect_sen[...] Deleted : user_pref("CT2857572.backendstorage.hxxp://facebook_conduitapps_com/v3_2_1.facebook_ctid_connect_sen[...] Deleted : user_pref("CT2857572.globalFirstTimeInfoLastCheckTime", "Mon Feb 28 2011 18:04:59 GMT+0100"); Deleted : user_pref("CT2857572.isAppTrackingManagerOn", true); Deleted : user_pref("CT2857572.myStuffEnabled", true); Deleted : user_pref("CT2857572.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2857572.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2857572.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2857572.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2857572.oldAppsList", "129356796045131912,129356796046381930,129356796046694434,1000082[...] Deleted : user_pref("CT2857572.testingCtid", ""); Deleted : user_pref("CT2857572.toolbarAppMetaDataLastCheckTime", "Mon Feb 28 2011 18:04:59 GMT+0100"); Deleted : user_pref("CT2857572.toolbarContextMenuLastCheckTime", "Thu Jan 06 2011 13:06:37 GMT+0100"); Deleted : user_pref("CT2857572.usagesFlag", 2); Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2449729"); Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1249594/1245267/DE", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/843580/839383/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2449729", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2857572", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.0[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.2.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2857572",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2449729/CT2449729[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2857572/CT2857572[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"5f3[...] Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", false); Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2857572"); Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{38542454-dfb6-44f5-b052-d4e071a3d073}"); Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "elf_1.12"); Deleted : user_pref("CommunityToolbar.IsEngineShown", false); Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2857572"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{38542454-dfb6-44f5-b052-d4e071a3d073}"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "elf_1.12"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.sweetim.com/search.asp?src[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,CT2431245,ConduitEngine,CT2857572,CT2449729"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050,CT2431245,CT2857572,CT2449729"); Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Mar 24 2011 17:38:58 GMT+01[...] Deleted : user_pref("CommunityToolbar.alert.alertEnabled", true); Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jul 12 2011 17:54:15 GMT+0200"); Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jul 12 2011 17:54:09 GMT+0200"); Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.alert.userId", "e5c51fd0-b909-421a-9392-2aa7fdad4126"); Deleted : user_pref("CommunityToolbar.facebook.sessionKey", "2.sNvrDCpkZSutFUNdp9owzQ__.86400.1272744000-10000[...] Deleted : user_pref("CommunityToolbar.facebook.sessionSecret", "sNvrDCpkZSutFUNdp9owzQ__"); Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Aug 31 2010 17:56:15 GMT+0200"); Deleted : user_pref("CommunityToolbar.facebook.userId", "100001027080696"); Deleted : user_pref("CommunityToolbar.globalUserId", "eee2b23f-88c8-4ff6-bd1a-169a5026dce0"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2449729"); Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Mon Jun 20 2011 22:51:15 GMT+0200"); Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun Feb 27 2011 15:19:30 GMT+0100"); Deleted : user_pref("ConduitEngine.FirstServerDate", "01/06/2011 15"); Deleted : user_pref("ConduitEngine.FirstTime", true); Deleted : user_pref("ConduitEngine.FirstTimeFF3", true); Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true); Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", true); Deleted : user_pref("ConduitEngine.Initialize", true); Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true); Deleted : user_pref("ConduitEngine.InstalledDate", "Thu Jan 06 2011 13:06:35 GMT+0100"); Deleted : user_pref("ConduitEngine.IsMulticommunity", false); Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false); Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true); Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Feb 28 2011 18:05:01 GMT+0100"); Deleted : user_pref("ConduitEngine.LastLogin_3.3.0.19", "Mon Feb 28 2011 21:05:02 GMT+0100"); Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0); Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Feb 28 2011 21:05:02 GMT+0100"); Deleted : user_pref("ConduitEngine.UserID", "UN72742982783502340"); Deleted : user_pref("ConduitEngine.engineLocale", "de"); Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Feb 28 2011 18:05:01 GMT+0100"); Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon Feb 28 2011 18:05:01 GMT+0100"); Deleted : user_pref("ConduitEngine.initDone", true); Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true); Deleted : user_pref("Smartbar.ConduitHomepagesList", ""); Deleted : user_pref("Smartbar.ConduitSearchEngineList", ""); Deleted : user_pref("Smartbar.ConduitSearchUrlList", ""); Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.sweetim.com/search.asp?src=2&q="); Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2625848"); Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=109958&tt=3612_5&babsrc=NT_ss&mntr[...] Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)"); Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)"); Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=109958&tt=3612_5&babsrc=HP_s[...] Deleted : user_pref("extensions.BabylonToolbar.aflt", "orgnl"); Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 9); Deleted : user_pref("extensions.BabylonToolbar.cntry", "DE"); Deleted : user_pref("extensions.BabylonToolbar.firstRun", false); Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "11C451F463C521D1CBD851338FC91F14"); Deleted : user_pref("extensions.BabylonToolbar.lastActv", "13"); Deleted : user_pref("extensions.BabylonToolbar.lastDP", 9); Deleted : user_pref("extensions.BabylonToolbar.lastVrsn", "1.1.5"); Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", ""); Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "7.0"); Deleted : user_pref("extensions.BabylonToolbar.newTab", true); Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb"); Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 59428116); Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true); Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "free"); Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=[...] Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true"); Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...] Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335"); Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog"); Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;"); Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.html")[...] Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761"); Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true"); Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...] Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300"); Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog"); Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog"); Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...] Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500"); Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...] Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); Deleted : user_pref("sweetim.toolbar.mode.debug", "false"); Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "data:text/plain,browser.startup.home[...] Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "data:text/plain,keyword.URL=hxxp://go.web.de/br/m[...] Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true"); Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification"); Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", ""); Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*"); Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb"); Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "true"); Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb"); Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js"); Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false"); Deleted : user_pref("sweetim.toolbar.scripts.1.callback", ""); Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...] Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", ""); Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script"); Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false"); Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad"); Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.predictad.com/scripts/publishers/sweetim/pre[...] Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...] Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10"); Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1"); Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1"); Deleted : user_pref("sweetim.toolbar.searchguard.enable", "true"); Deleted : user_pref("sweetim.toolbar.simapp_id", "{7C3B8B58-548E-11DF-B935-001F16080FB3}"); ************************* AdwCleaner[R1].txt - [60442 octets] - [29/08/2012 21:06:29] AdwCleaner[S1].txt - [62690 octets] - [04/09/2012 16:12:52] ########## EOF - C:\AdwCleaner[S1].txt - [62819 octets] ########## |
|
04.09.2012, 19:35
| #14 |
| /// Helfer-Team | Infizierte Datei lässt sich nicht dauerhaft entfernen Schaue bitte in der Anleitung (http://www.trojaner-board.de/103809-...i-malware.html) nach, wo du die Logfiles finden kannst. Poste das Logfile bitte. |
|
04.09.2012, 22:15
| #15 |
| | Infizierte Datei lässt sich nicht dauerhaft entfernen Oh, sorry, da kommt das Log. Das Emisoft-Programm hat leider schon wieder was gefunden. Ich hab das alles mal in die Quarantäne verschoben. Habs mir nicht getraut zu löschen, da er meinte, er könnte das wieder zurückverschieben. Emsisoft Anti-Malware - Version 6.6 Letztes Update: 04.09.2012 17:12:02 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\ Archiv Scan: An ADS Scan: An Scan Beginn: 04.09.2012 17:16:51 c:\program files\phenomedia gefunden: Trace.File.moorfrog 1.0!E1 Key: hkey_local_machine\software\trymedia systems gefunden: Trace.Registry.trymedia!E1 Key: hkey_local_machine\software\trymedia systems\activemark software gefunden: Trace.Registry.trymedia!E1 C:\_OTL\MovedFiles\08262012_134115\C_Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U\00000001.@ gefunden: Trojan.Win32.Sirefef.AMN!E1 C:\_OTL\MovedFiles\08262012_134115\C_Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U\80000000.@ gefunden: Trojan.Win32.Sirefef.AMN!E1 C:\_OTL\MovedFiles\08262012_134115\C_Programme\pdfforge Toolbar\pdfforgeToolbarIE.dll gefunden: Adware.Win32.Toolbar.Dealio.AMN!E1 C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll gefunden: Adware.Win32.Toolbar.Dealio!E1 Gescannt 615601 Gefunden 7 Scan Ende: 04.09.2012 19:45:10 Scan Zeit: 2:28:19 C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll Quarantäne Adware.Win32.Toolbar.Dealio!E1 C:\_OTL\MovedFiles\08262012_134115\C_Programme\pdfforge Toolbar\pdfforgeToolbarIE.dll Quarantäne Adware.Win32.Toolbar.Dealio.AMN!E1 C:\_OTL\MovedFiles\08262012_134115\C_Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U\00000001.@ Quarantäne Trojan.Win32.Sirefef.AMN!E1 C:\_OTL\MovedFiles\08262012_134115\C_Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U\80000000.@ Quarantäne Trojan.Win32.Sirefef.AMN!E1 Key: hkey_local_machine\software\trymedia systems Quarantäne Trace.Registry.trymedia!E1 Key: hkey_local_machine\software\trymedia systems\activemark software Quarantäne Trace.Registry.trymedia!E1 c:\program files\phenomedia Quarantäne Trace.File.moorfrog 1.0!E1 Quarantäne 7 |
|
| Themen zu Infizierte Datei lässt sich nicht dauerhaft entfernen |
| access, datei, dateien, entdeck, entdeckt, entfernen, erfolgreich, gelöscht, gestern, hoffe, infizierte, infizierte datei, installer, link, löschen, meldung, problem, programm, quarantäne, richtig, rootkit, seite, system, verschieben, versucht, windows |
Linear-Darstellung
