| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "Polizei Trojaner" (Österreich)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.08.2012, 20:29
| #1 |
| |  "Polizei Trojaner" (Österreich) Hallo, ich habe mir gestern diesen Virus eingefangen. Daraufhin habe ich den Laptop (mehrmals) abgewürgt und dann wieder mit "Abgesicherter Modus mit Eingabeaufforderung" gestartet. Als ich mich angemeldet habe kam dann auch die Meldung: "Die Systemwiederherstellung wurde erfolgreich abgeschlossen. Das System wurde auf 25.08.12 14:15:39 zurückgesetzt. Die Dokumente sind davon nicht betroffen." Schließlich habe ich wieder die Verbindung zum Internet hergestellt, Malwarebytes Anti-Malware gedownloaded, aktualisiert und einen Vollscan gemacht. Hier das Ergebnis: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.29.05 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Selina :: SELINA-PC [Administrator] Schutz: Aktiviert 29.08.2012 18:26:00 mbam-log-2012-08-29 (18-26-00).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 479418 Laufzeit: 2 Stunde(n), 15 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Es wurde also nichts gefunden? Als nächstes habe ich die OTL.exe gestartet. Mit diesem Ergebnis: OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 29.08.2012 20:55:07 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Selina\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 42,80% Memory free 6,19 Gb Paging File | 3,56 Gb Available in Paging File | 57,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283,40 Gb Total Space | 151,53 Gb Free Space | 53,47% Space Free | Partition Type: NTFS Drive E: | 14,65 Gb Total Space | 7,09 Gb Free Space | 48,42% Space Free | Partition Type: NTFS Computer Name: SELINA-PC | User Name: Selina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.29 19:29:21 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Selina\Desktop\OTL.exe PRC - [2012.08.06 08:45:03 | 001,890,744 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.18 18:06:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.07.18 18:06:03 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.07.18 18:06:01 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.07.18 18:06:01 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.18 18:06:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.07.02 17:25:14 | 002,232,504 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe PRC - [2012.07.02 17:24:54 | 003,790,504 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe PRC - [2012.06.11 13:24:28 | 004,692,840 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010.07.27 12:01:09 | 000,484,816 | ---- | M] () -- C:\Program Files (x86)\3DataManager\3DataManager_Launcher.exe PRC - [2010.07.08 14:18:29 | 000,333,264 | ---- | M] () -- C:\Program Files (x86)\3DataManager\WTGService.exe PRC - [2010.04.30 13:24:26 | 000,160,424 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe PRC - [2010.04.30 13:24:18 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe PRC - [2010.01.28 14:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.10.02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe PRC - [2009.09.17 15:29:04 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe PRC - [2009.09.17 15:29:04 | 000,645,328 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe PRC - [2009.09.17 15:29:04 | 000,378,088 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\mcafee\msc\mcupdui.exe PRC - [2009.09.17 15:29:04 | 000,262,168 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~2\McAfee\MSC\mcsvrcnt.exe PRC - [2009.09.15 11:23:54 | 000,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe PRC - [2009.07.08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe PRC - [2009.07.07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe PRC - [2009.07.07 18:45:22 | 000,436,752 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~2\COMMON~1\McAfee\MSC\McUICnt.exe PRC - [2009.07.07 17:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe PRC - [2009.06.24 23:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2009.05.21 15:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe PRC - [2009.05.21 15:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe PRC - [2009.05.08 00:30:22 | 000,192,128 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~2\McAfee\MSM\McSmtFwk.exe PRC - [2009.02.05 04:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2008.12.18 21:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe PRC - [2008.06.15 13:12:20 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2008.06.15 13:12:18 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe ========== Modules (No Company Name) ========== MOD - [2012.06.15 15:29:11 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\663112d3002034cf5126be253efff60d\System.Web.Services.ni.dll MOD - [2012.06.14 19:57:13 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.14 14:11:25 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.05.11 18:08:18 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll MOD - [2012.05.11 18:07:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.05.11 18:03:09 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.11 18:01:58 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.11 18:01:52 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011.06.21 15:48:28 | 000,910,336 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll MOD - [2011.06.20 15:37:16 | 010,836,992 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll MOD - [2011.06.20 13:52:20 | 001,283,584 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll MOD - [2011.06.20 13:32:40 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll MOD - [2011.06.20 13:21:50 | 007,994,880 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll MOD - [2011.06.20 13:04:56 | 002,233,344 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll MOD - [2011.05.26 11:38:06 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll MOD - [2011.05.26 11:38:06 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll MOD - [2010.07.27 12:01:09 | 000,484,816 | ---- | M] () -- C:\Program Files (x86)\3DataManager\3DataManager_Launcher.exe MOD - [2009.07.07 17:24:00 | 000,369,904 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll MOD - [2009.07.07 17:24:00 | 000,268,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll MOD - [2009.07.07 17:24:00 | 000,140,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll MOD - [2009.07.07 17:24:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll MOD - [2009.07.07 17:24:00 | 000,046,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll MOD - [2009.07.07 17:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe MOD - [2009.07.07 17:23:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll MOD - [2009.07.07 17:23:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll MOD - [2009.03.30 06:40:04 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.03.30 06:40:03 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.05.12 15:20:28 | 000,382,464 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\SysNative\ykx64mpcoinst.dll -- (yksvc) SRV:64bit: - [2009.05.11 21:21:42 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV) SRV:64bit: - [2009.05.11 21:21:08 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2009.03.12 17:24:10 | 000,949,760 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.18 18:06:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 18:06:03 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.07.18 18:06:01 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.07.18 18:06:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.07.02 17:25:14 | 002,232,504 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic) SRV - [2012.06.15 12:26:32 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe -- (McAfee SiteAdvisor Service) SRV - [2010.09.10 17:50:28 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.07.08 14:18:29 | 000,333,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\3DataManager\WTGService.exe -- (WTGService) SRV - [2010.04.30 13:24:18 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.28 14:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.10.02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service) SRV - [2009.09.17 15:29:04 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc) SRV - [2009.09.16 12:23:32 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2009.09.16 11:15:32 | 000,155,456 | ---- | M] (McAfee, Inc.) [Auto | Paused] -- C:\Programme\McAfee\VirusScan\Mcshield.exe -- (McShield) SRV - [2009.09.16 10:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon) SRV - [2009.09.15 11:23:54 | 000,894,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService) SRV - [2009.07.08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe -- (McProxy) SRV - [2009.07.07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe -- (McNASvc) SRV - [2009.05.21 15:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.12.18 21:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2008.06.15 13:12:20 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.18 18:06:32 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2012.07.18 18:06:32 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.07.18 18:06:32 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.08.02 23:48:22 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\cmnsusbser.sys -- (cmnsusbser) DRV:64bit: - [2010.03.31 03:58:04 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.03.06 15:14:44 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt) DRV:64bit: - [2010.03.06 15:14:43 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.01.19 13:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2010.01.19 13:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2010.01.19 13:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2010.01.19 13:49:52 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2009.11.03 17:46:58 | 000,031,264 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rrnetcap.sys -- (RRNetCapMP) DRV:64bit: - [2009.11.03 17:46:58 | 000,031,264 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\rrnetcap.sys -- (RRNetCap) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.09.16 11:22:40 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2009.09.16 11:22:40 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2009.09.16 11:22:40 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk) DRV:64bit: - [2009.09.16 11:15:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk) DRV:64bit: - [2009.06.15 20:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2009.05.12 15:20:28 | 000,406,016 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64) DRV:64bit: - [2009.05.11 21:22:00 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA) DRV:64bit: - [2009.05.08 02:39:36 | 000,266,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP) DRV:64bit: - [2009.05.08 02:28:02 | 000,069,120 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR) DRV:64bit: - [2009.04.09 14:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\Mpfp.sys -- (MPFP) DRV:64bit: - [2009.03.12 19:25:56 | 005,265,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300) DRV:64bit: - [2009.03.12 19:25:56 | 005,265,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.03.09 18:00:00 | 000,311,456 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA013Vid.sys -- (OA013Vid) DRV:64bit: - [2009.03.06 08:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA013Ufd.sys -- (OA013Ufd) DRV:64bit: - [2008.12.21 19:26:28 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) DRV:64bit: - [2008.06.15 00:12:08 | 000,395,800 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor) DRV:64bit: - [2008.01.21 04:47:27 | 000,903,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc) DRV:64bit: - [2008.01.21 04:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\.DEFAULT\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=at&l=de&s=gen IE - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.) IE - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} IE - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms} IE - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6R8jIAUMVx&i=26 IE - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\..\SearchScopes\{E39F208C-0FA5-46D7-BB53-BB5FFEBF5663}: "URL" = hxxp://search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Selina\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Selina\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.09.15 20:49:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.08.29 18:11:50 | 000,000,000 | ---D | M] [2009.11.01 14:39:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Selina\AppData\Roaming\mozilla\Extensions [2009.11.01 14:39:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Selina\AppData\Roaming\mozilla\Extensions\{SbX-140764-9783706833851-stu10} [2012.02.12 17:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - homepage: hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=48&sspv=CHSB18 CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=48&sspv=CHSB18 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Selina\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Selina\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Selina\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Selina\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Users\Selina\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\Selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Veoh Web Player = C:\Users\Selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe\10.11.23.8_0\ CHR - Extension: AT_KojiNishida = C:\Users\Selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbdhmimpfmefmegcdgmbohplkcbpgpjb\2\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\ CHR - Extension: Google Mail = C:\Users\Selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL () O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI9130~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media, inc) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll () O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll (Montera Technologeis LTD) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~2\mcafee\VIRUSS~1\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI9130~1\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI9130~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI9130~1\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\WI9130~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent File not found O4 - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O4 - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O4 - Startup: C:\Users\Selina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O7 - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Selina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Selina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000027 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000028 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E9B39AC7-B9FB-48CA-84A0-1659A06B0002} hxxp://www.wohnmoebel.de/Panthel-Rudolf/install/KPSA-Home%20PTRS.cab (ActiveFormX Element) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BCC3AD1-563C-4508-97C2-B512A29D6B9D}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30865096-9314-4F66-B6AD-2DB9C1FF95DD}: NameServer = 195.3.96.67 213.33.98.136 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{618D5FCE-27D4-460A-9614-AE2BF481C1F1}: NameServer = 195.3.96.67 213.33.98.136 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1770F4A-4A48-440E-8D78-F17CB45AC7BD}: NameServer = 195.3.96.67 213.33.98.136 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B32E793F-8B73-455D-90C7-CB24DA7AC86A}: NameServer = 195.3.96.67 213.33.98.136 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D54F656C-2CC5-45E6-93C1-0504901B6DA9}: NameServer = 195.3.96.67 213.33.98.136 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI9130~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WI9130~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI9130~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WI9130~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\WI9130~1\Datamngr\datamngr.dll) - C:\PROGRA~2\WI9130~1\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\WI9130~1\Datamngr\IEBHO.dll) - C:\PROGRA~2\WI9130~1\Datamngr\IEBHO.dll (Bandoo Media, inc) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Selina\Pictures\Internetbilder\Wallpapers\Süße Elfe.jpg O24 - Desktop BackupWallPaper: C:\Users\Selina\Pictures\Internetbilder\Wallpapers\Süße Elfe.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{322157ea-8177-11e0-a324-df0b8e29518c}\Shell - "" = AutoRun O33 - MountPoints2\{322157ea-8177-11e0-a324-df0b8e29518c}\Shell\AutoRun\command - "" = D:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{322157ef-8177-11e0-a324-df0b8e29518c}\Shell - "" = AutoRun O33 - MountPoints2\{322157ef-8177-11e0-a324-df0b8e29518c}\Shell\AutoRun\command - "" = D:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{66cf2876-c6eb-11de-a1b1-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{66cf2876-c6eb-11de-a1b1-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{66cf290e-c6eb-11de-a1b1-00256468d315}\Shell - "" = AutoRun O33 - MountPoints2\{66cf290e-c6eb-11de-a1b1-00256468d315}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{937f2470-bd16-11e0-b287-9b6faf5ab40e}\Shell - "" = AutoRun O33 - MountPoints2\{937f2470-bd16-11e0-b287-9b6faf5ab40e}\Shell\AutoRun\command - "" = D:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{a4d9d29e-bfe5-11de-bf7d-00256468d315}\Shell - "" = AutoRun O33 - MountPoints2\{a4d9d29e-bfe5-11de-bf7d-00256468d315}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{a4d9d2d0-bfe5-11de-bf7d-00256468d315}\Shell - "" = AutoRun O33 - MountPoints2\{a4d9d2d0-bfe5-11de-bf7d-00256468d315}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{a4d9d350-bfe5-11de-bf7d-00256468d315}\Shell - "" = AutoRun O33 - MountPoints2\{a4d9d350-bfe5-11de-bf7d-00256468d315}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{a4d9d362-bfe5-11de-bf7d-00256468d315}\Shell - "" = AutoRun O33 - MountPoints2\{a4d9d362-bfe5-11de-bf7d-00256468d315}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{a4d9d389-bfe5-11de-bf7d-00256468d315}\Shell - "" = AutoRun O33 - MountPoints2\{a4d9d389-bfe5-11de-bf7d-00256468d315}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{be1c7298-bd0b-11e0-8e2f-a65e343adc8a}\Shell - "" = AutoRun O33 - MountPoints2\{be1c7298-bd0b-11e0-8e2f-a65e343adc8a}\Shell\AutoRun\command - "" = D:\autorun.exe O33 - MountPoints2\{e3b9c5e1-f0d0-11de-828b-00256468d315}\Shell - "" = AutoRun O33 - MountPoints2\{e3b9c5e1-f0d0-11de-828b-00256468d315}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{f428cc50-e7fa-11de-9b3d-00256468d315}\Shell - "" = AutoRun O33 - MountPoints2\{f428cc50-e7fa-11de-9b3d-00256468d315}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{f733a4eb-c580-11de-a780-00256468d315}\Shell - "" = AutoRun O33 - MountPoints2\{f733a4eb-c580-11de-a780-00256468d315}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{f733a57e-c580-11de-a780-00256468d315}\Shell - "" = AutoRun O33 - MountPoints2\{f733a57e-c580-11de-a780-00256468d315}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{f733a5a8-c580-11de-a780-00256468d315}\Shell - "" = AutoRun O33 - MountPoints2\{f733a5a8-c580-11de-a780-00256468d315}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{f733a5df-c580-11de-a780-00256468d315}\Shell - "" = AutoRun O33 - MountPoints2\{f733a5df-c580-11de-a780-00256468d315}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\.\Autorun.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.29 19:28:58 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Selina\Desktop\OTL.exe [2012.08.29 18:23:06 | 000,000,000 | ---D | C] -- C:\Users\Selina\AppData\Roaming\Malwarebytes [2012.08.29 18:22:07 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.29 18:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.29 18:22:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.29 18:19:48 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Selina\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.23 17:49:01 | 000,000,000 | ---D | C] -- C:\Users\Selina\AppData\Roaming\Avira [2012.08.23 17:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.08.23 17:42:44 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.08.23 17:42:44 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.08.23 17:42:44 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.08.23 17:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.08.23 17:42:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.08.23 00:33:05 | 000,000,000 | ---D | C] -- C:\Users\Selina\AppData\Local\Conduit [2012.08.23 00:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veoh_Web_Player [2012.08.23 00:32:46 | 000,000,000 | ---D | C] -- C:\Users\Selina\AppData\Local\CRE [2012.08.23 00:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Giraffic [2012.08.23 00:32:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Giraffic [2012.08.23 00:32:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Application Data [2012.08.23 00:32:13 | 000,000,000 | ---D | C] -- C:\Users\Selina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Veoh Networks, Inc [2012.08.23 00:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veoh Networks [2012.08.12 22:22:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack [2012.08.12 22:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012.08.12 22:22:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Searchqu Toolbar [2012.08.12 22:22:21 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioInfos.dll [2012.08.12 22:22:21 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioVisu.dll [2012.08.12 22:22:21 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudPlayer.dll [2012.08.12 22:22:21 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioRecord.dll [2012.08.12 22:22:21 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\WMAFile.dll [2012.08.12 22:22:20 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDesign.dll [2012.08.12 22:22:20 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudFile.dll [2012.08.12 22:22:20 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDisplay.dll [2012.08.12 22:22:18 | 000,000,000 | ---D | C] -- C:\Users\Selina\AppData\Roaming\FreeAudioPack [2012.08.12 22:22:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free mp3 Wma Converter [1 C:\Users\Selina\Documents\*.tmp files -> C:\Users\Selina\Documents\*.tmp -> ] [1 C:\Program Files (x86)\Common Files\*.tmp files -> C:\Program Files (x86)\Common Files\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.29 20:40:09 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4266846849-2628723606-1092748140-1000UA.job [2012.08.29 20:04:20 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.29 20:04:20 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.29 19:40:09 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4266846849-2628723606-1092748140-1000Core.job [2012.08.29 19:29:21 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Selina\Desktop\OTL.exe [2012.08.29 18:34:52 | 000,035,797 | ---- | M] () -- C:\Windows\SysNative\Config.MPF [2012.08.29 18:22:08 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.29 18:19:54 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Selina\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.29 18:04:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.29 18:04:06 | 3217,412,096 | -HS- | M] () -- C:\hiberfil.sys [2012.08.29 17:49:17 | 083,023,306 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad [2012.08.29 17:21:24 | 000,007,052 | ---- | M] () -- C:\Users\Selina\AppData\Local\d3d9caps.dat [2012.08.24 01:12:09 | 538,194,071 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.08.23 17:43:15 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.08.23 16:15:42 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Selina.job [2012.08.23 00:33:54 | 000,000,009 | ---- | M] () -- C:\END [2012.08.23 00:32:14 | 000,002,048 | ---- | M] () -- C:\Users\Selina\Desktop\Veoh Web Player.lnk [2012.08.16 16:24:30 | 004,890,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.15 01:37:29 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job [2012.08.12 22:22:30 | 000,001,133 | ---- | M] () -- C:\Users\Selina\Desktop\Free Mp3 Wma Converter.lnk [2012.08.10 12:46:27 | 000,002,655 | ---- | M] () -- C:\Users\Selina\Desktop\Microsoft Office Word 2007.lnk [2012.08.07 22:41:17 | 001,486,574 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.07 22:41:17 | 000,643,506 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.07 22:41:17 | 000,608,672 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.07 22:41:17 | 000,134,312 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.07 22:41:17 | 000,110,152 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [1 C:\Users\Selina\Documents\*.tmp files -> C:\Users\Selina\Documents\*.tmp -> ] [1 C:\Program Files (x86)\Common Files\*.tmp files -> C:\Program Files (x86)\Common Files\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.29 18:22:08 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.29 18:04:06 | 3217,412,096 | -HS- | C] () -- C:\hiberfil.sys [2012.08.28 22:31:27 | 083,023,306 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad [2012.08.23 17:43:15 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.08.23 00:32:34 | 000,000,009 | ---- | C] () -- C:\END [2012.08.23 00:32:14 | 000,002,048 | ---- | C] () -- C:\Users\Selina\Desktop\Veoh Web Player.lnk [2012.08.12 22:22:30 | 000,001,133 | ---- | C] () -- C:\Users\Selina\Desktop\Free Mp3 Wma Converter.lnk [2012.08.12 22:22:21 | 000,116,296 | ---- | C] () -- C:\Windows\SysWow64\NCTWMAProfiles.prx [2012.08.12 22:22:18 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2012.07.10 19:06:17 | 000,000,552 | ---- | C] () -- C:\Users\Selina\AppData\Local\d3d8caps.dat [2011.10.18 20:28:52 | 000,000,864 | ---- | C] () -- C:\Users\Selina\.recently-used.xbel [2011.05.16 20:26:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.10 15:28:39 | 000,000,000 | ---- | C] () -- C:\Users\Selina\AppData\Roaming\DataSafeDotNet.exe [2010.01.04 16:30:28 | 000,007,052 | ---- | C] () -- C:\Users\Selina\AppData\Local\d3d9caps.dat [2009.10.22 20:44:28 | 000,024,226 | ---- | C] () -- C:\Users\Selina\AppData\Roaming\UserTile.png [2009.10.22 18:01:39 | 000,023,552 | ---- | C] () -- C:\Users\Selina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.21 15:02:04 | 000,000,680 | RHS- | C] () -- C:\Users\Selina\ntuser.pol ========== LOP Check ========== [2011.09.17 12:30:09 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\.minecraft [2011.08.02 17:17:57 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\3DataManager [2010.03.11 19:09:31 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2009.10.26 12:23:06 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\mquadr.at [2011.09.15 19:02:00 | 000,000,000 | ---D | M] -- C:\Users\Selina\AppData\Roaming\.minecraft [2011.09.11 01:09:28 | 000,000,000 | ---D | M] -- C:\Users\Selina\AppData\Roaming\3DataManager [2010.08.25 15:01:42 | 000,000,000 | ---D | M] -- C:\Users\Selina\AppData\Roaming\AnvSoft [2011.08.03 00:59:49 | 000,000,000 | ---D | M] -- C:\Users\Selina\AppData\Roaming\Birdstep Technology [2012.04.26 21:44:36 | 000,000,000 | ---D | M] -- C:\Users\Selina\AppData\Roaming\calibre [2012.06.03 15:02:14 | 000,000,000 | ---D | M] -- C:\Users\Selina\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.01.31 22:11:48 | 000,000,000 | ---D | M] -- C:\Users\Selina\AppData\Roaming\DVDVideoSoft [2011.06.24 00:18:25 | 000,000,000 | ---D | M] -- C:\Users\Selina\AppData\Roaming\DVDVideoSoftIEHelpers [2012.05.31 21:19:38 | 000,000,000 | ---D | M] -- C:\Users\Selina\AppData\Roaming\Ebner [2012.08.12 22:22:52 | 000,000,000 | ---D | M] -- C:\Users\Selina\AppData\Roaming\FreeAudioPack [2011.08.03 00:52:37 | 000,000,000 | ---D | M] -- C:\Users\Selina\AppData\Roaming\GetRightToGo [2009.11.01 14:39:52 | 000,000,000 | ---D | M] -- C:\Users\Selina\AppData\Roaming\Manz [2009.10.24 11:51:41 | 000,000,000 | ---D | M] -- C:\Users\Selina\AppData\Roaming\mquadr.at [2010.08.25 16:49:43 | 000,000,000 | ---D | M] -- C:\Users\Selina\AppData\Roaming\Orbit [2011.09.23 13:29:52 | 000,000,000 | ---D | M] -- C:\Users\Selina\AppData\Roaming\Origin [2012.06.03 16:38:19 | 000,000,000 | ---D | M] -- C:\Users\Selina\AppData\Roaming\PDAppFlex [2009.10.22 20:44:28 | 000,000,000 | ---D | M] -- C:\Users\Selina\AppData\Roaming\PeerNetworking [2010.08.25 16:27:29 | 000,000,000 | ---D | M] -- C:\Users\Selina\AppData\Roaming\ProgSense [2012.06.03 16:42:35 | 000,000,000 | ---D | M] -- C:\Users\Selina\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.08.03 00:55:03 | 000,000,000 | ---D | M] -- C:\Users\Selina\AppData\Roaming\XSManager [2012.07.23 19:55:55 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\.minecraft [2011.09.13 20:11:24 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\3DataManager [2011.09.13 20:03:30 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Birdstep Technology [2010.04.13 19:42:17 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2009.10.29 19:58:55 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\mquadr.at [2011.09.13 16:20:38 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\XSManager [2012.08.15 01:37:29 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job [2012.04.01 01:00:27 | 000,000,334 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job [2012.08.25 01:07:51 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras.txt wurde angehängt. Puhh. Ist das richtig so? Als ich bei Avira die Viren (gestern?) gecheckt habe wurden 9 gefunden? Die befinden sich im Moment in Quarantäne. Kann ich sie löschen? Und was soll ich jetzt tun? Danke schon mal für eure Hilfe. LG Selina (die jetzt schon seit ca. 17 Uhr daran arbeitet, dieses Problem zu lösen  ) |
|
29.08.2012, 23:06
| #2 |
| /// Helfer-Team  |  "Polizei Trojaner" (Österreich) Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\.DEFAULT\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6R8jIAUMVx&i=26
IE - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\..\SearchScopes\{E39F208C-0FA5-46D7-BB53-BB5FFEBF5663}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - user.js - File not found
CHR - homepage: http://search.conduit.com/?ctid=CT2653012&SearchSource=48&sspv=CHSB18
O2 - BHO: (incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI9130~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI9130~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Selina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{322157ea-8177-11e0-a324-df0b8e29518c}\Shell - "" = AutoRun
O33 - MountPoints2\{322157ea-8177-11e0-a324-df0b8e29518c}\Shell\AutoRun\command - "" = D:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{322157ef-8177-11e0-a324-df0b8e29518c}\Shell - "" = AutoRun
O33 - MountPoints2\{322157ef-8177-11e0-a324-df0b8e29518c}\Shell\AutoRun\command - "" = D:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{66cf2876-c6eb-11de-a1b1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{66cf2876-c6eb-11de-a1b1-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{66cf290e-c6eb-11de-a1b1-00256468d315}\Shell - "" = AutoRun
O33 - MountPoints2\{66cf290e-c6eb-11de-a1b1-00256468d315}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{937f2470-bd16-11e0-b287-9b6faf5ab40e}\Shell - "" = AutoRun
O33 - MountPoints2\{937f2470-bd16-11e0-b287-9b6faf5ab40e}\Shell\AutoRun\command - "" = D:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{a4d9d29e-bfe5-11de-bf7d-00256468d315}\Shell - "" = AutoRun
O33 - MountPoints2\{a4d9d29e-bfe5-11de-bf7d-00256468d315}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{a4d9d2d0-bfe5-11de-bf7d-00256468d315}\Shell - "" = AutoRun
O33 - MountPoints2\{a4d9d2d0-bfe5-11de-bf7d-00256468d315}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{a4d9d350-bfe5-11de-bf7d-00256468d315}\Shell - "" = AutoRun
O33 - MountPoints2\{a4d9d350-bfe5-11de-bf7d-00256468d315}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{a4d9d362-bfe5-11de-bf7d-00256468d315}\Shell - "" = AutoRun
O33 - MountPoints2\{a4d9d362-bfe5-11de-bf7d-00256468d315}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{a4d9d389-bfe5-11de-bf7d-00256468d315}\Shell - "" = AutoRun
O33 - MountPoints2\{a4d9d389-bfe5-11de-bf7d-00256468d315}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{be1c7298-bd0b-11e0-8e2f-a65e343adc8a}\Shell - "" = AutoRun
O33 - MountPoints2\{be1c7298-bd0b-11e0-8e2f-a65e343adc8a}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{e3b9c5e1-f0d0-11de-828b-00256468d315}\Shell - "" = AutoRun
O33 - MountPoints2\{e3b9c5e1-f0d0-11de-828b-00256468d315}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{f428cc50-e7fa-11de-9b3d-00256468d315}\Shell - "" = AutoRun
O33 - MountPoints2\{f428cc50-e7fa-11de-9b3d-00256468d315}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{f733a4eb-c580-11de-a780-00256468d315}\Shell - "" = AutoRun
O33 - MountPoints2\{f733a4eb-c580-11de-a780-00256468d315}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{f733a57e-c580-11de-a780-00256468d315}\Shell - "" = AutoRun
O33 - MountPoints2\{f733a57e-c580-11de-a780-00256468d315}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{f733a5a8-c580-11de-a780-00256468d315}\Shell - "" = AutoRun
O33 - MountPoints2\{f733a5a8-c580-11de-a780-00256468d315}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{f733a5df-c580-11de-a780-00256468d315}\Shell - "" = AutoRun
O33 - MountPoints2\{f733a5df-c580-11de-a780-00256468d315}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\.\Autorun.exe AUTORUN=1
[2012.08.12 22:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012.08.29 17:49:17 | 083,023,306 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.23 00:33:05 | 000,000,000 | ---D | C] -- C:\Users\Selina\AppData\Local\Conduit
[2012.08.23 00:33:54 | 000,000,009 | ---- | M] () -- C:\END
[2011.05.16 20:26:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
:Files
C:\Users\Selina\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Selina\AppData\Local\Temp\*.exe
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp
%SystemRoot%\SysWOW64\*.tmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
30.08.2012, 00:09
| #3 |
| | "Polizei Trojaner" (Österreich) Hallo, ich hoffe ich habe alles richtig gemacht. Sieht für mich jedenfalls nicht schlecht aus.
__________________Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cd90bf73-20f6-44ef-993d-bb920303bd2e} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\ not found.
File C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ deleted successfully.
C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ not found.
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-4266846849-2628723606-1092748140-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found.
c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-4266846849-2628723606-1092748140-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cd90bf73-20f6-44ef-993d-bb920303bd2e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\ not found.
File C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll not found.
Registry value HKEY_USERS\S-1-5-21-4266846849-2628723606-1092748140-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll not found.
HKEY_USERS\S-1-5-21-4266846849-2628723606-1092748140-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4266846849-2628723606-1092748140-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-4266846849-2628723606-1092748140-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found.
Registry key HKEY_USERS\S-1-5-21-4266846849-2628723606-1092748140-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Registry key HKEY_USERS\S-1-5-21-4266846849-2628723606-1092748140-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E39F208C-0FA5-46D7-BB53-BB5FFEBF5663}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E39F208C-0FA5-46D7-BB53-BB5FFEBF5663}\ not found.
HKU\S-1-5-21-4266846849-2628723606-1092748140-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully.
C:\Program Files (x86)\incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
C:\PROGRA~2\WI9130~1\Datamngr\ToolBar\searchqudtx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\ not found.
File C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\PROGRA~2\WI9130~1\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cd90bf73-20f6-44ef-993d-bb920303bd2e} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\ not found.
File C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F9639E4A-801B-4843-AEE3-03D9DA199E77} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}\ deleted successfully.
C:\Program Files (x86)\incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}\ not found.
File C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}\ not found.
File C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_USERS\S-1-5-21-4266846849-2628723606-1092748140-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}\ not found.
File C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-4266846849-2628723606-1092748140-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4266846849-2628723606-1092748140-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
C:\Users\Selina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
C:\Programme\Dell\DellDock\DellDock.exe moved successfully.
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4266846849-2628723606-1092748140-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {02BCC737-B171-4746-94C9-0D8A0B2C0089}
C:\Windows\Downloaded Program Files\ieawsdc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{322157ea-8177-11e0-a324-df0b8e29518c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{322157ea-8177-11e0-a324-df0b8e29518c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{322157ea-8177-11e0-a324-df0b8e29518c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{322157ea-8177-11e0-a324-df0b8e29518c}\ not found.
File D:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{322157ef-8177-11e0-a324-df0b8e29518c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{322157ef-8177-11e0-a324-df0b8e29518c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{322157ef-8177-11e0-a324-df0b8e29518c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{322157ef-8177-11e0-a324-df0b8e29518c}\ not found.
File D:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66cf2876-c6eb-11de-a1b1-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66cf2876-c6eb-11de-a1b1-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66cf2876-c6eb-11de-a1b1-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66cf2876-c6eb-11de-a1b1-806e6f6e6963}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66cf290e-c6eb-11de-a1b1-00256468d315}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66cf290e-c6eb-11de-a1b1-00256468d315}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66cf290e-c6eb-11de-a1b1-00256468d315}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66cf290e-c6eb-11de-a1b1-00256468d315}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{937f2470-bd16-11e0-b287-9b6faf5ab40e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{937f2470-bd16-11e0-b287-9b6faf5ab40e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{937f2470-bd16-11e0-b287-9b6faf5ab40e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{937f2470-bd16-11e0-b287-9b6faf5ab40e}\ not found.
File D:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4d9d29e-bfe5-11de-bf7d-00256468d315}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4d9d29e-bfe5-11de-bf7d-00256468d315}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4d9d29e-bfe5-11de-bf7d-00256468d315}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4d9d29e-bfe5-11de-bf7d-00256468d315}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4d9d2d0-bfe5-11de-bf7d-00256468d315}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4d9d2d0-bfe5-11de-bf7d-00256468d315}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4d9d2d0-bfe5-11de-bf7d-00256468d315}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4d9d2d0-bfe5-11de-bf7d-00256468d315}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4d9d350-bfe5-11de-bf7d-00256468d315}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4d9d350-bfe5-11de-bf7d-00256468d315}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4d9d350-bfe5-11de-bf7d-00256468d315}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4d9d350-bfe5-11de-bf7d-00256468d315}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4d9d362-bfe5-11de-bf7d-00256468d315}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4d9d362-bfe5-11de-bf7d-00256468d315}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4d9d362-bfe5-11de-bf7d-00256468d315}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4d9d362-bfe5-11de-bf7d-00256468d315}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4d9d389-bfe5-11de-bf7d-00256468d315}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4d9d389-bfe5-11de-bf7d-00256468d315}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4d9d389-bfe5-11de-bf7d-00256468d315}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4d9d389-bfe5-11de-bf7d-00256468d315}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be1c7298-bd0b-11e0-8e2f-a65e343adc8a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be1c7298-bd0b-11e0-8e2f-a65e343adc8a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be1c7298-bd0b-11e0-8e2f-a65e343adc8a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be1c7298-bd0b-11e0-8e2f-a65e343adc8a}\ not found.
File D:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3b9c5e1-f0d0-11de-828b-00256468d315}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3b9c5e1-f0d0-11de-828b-00256468d315}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3b9c5e1-f0d0-11de-828b-00256468d315}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3b9c5e1-f0d0-11de-828b-00256468d315}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f428cc50-e7fa-11de-9b3d-00256468d315}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f428cc50-e7fa-11de-9b3d-00256468d315}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f428cc50-e7fa-11de-9b3d-00256468d315}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f428cc50-e7fa-11de-9b3d-00256468d315}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f733a4eb-c580-11de-a780-00256468d315}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f733a4eb-c580-11de-a780-00256468d315}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f733a4eb-c580-11de-a780-00256468d315}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f733a4eb-c580-11de-a780-00256468d315}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f733a57e-c580-11de-a780-00256468d315}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f733a57e-c580-11de-a780-00256468d315}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f733a57e-c580-11de-a780-00256468d315}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f733a57e-c580-11de-a780-00256468d315}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f733a5a8-c580-11de-a780-00256468d315}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f733a5a8-c580-11de-a780-00256468d315}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f733a5a8-c580-11de-a780-00256468d315}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f733a5a8-c580-11de-a780-00256468d315}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f733a5df-c580-11de-a780-00256468d315}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f733a5df-c580-11de-a780-00256468d315}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f733a5df-c580-11de-a780-00256468d315}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f733a5df-c580-11de-a780-00256468d315}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\.\Autorun.exe AUTORUN=1 not found.
C:\ProgramData\boost_interprocess\5755770F9178CD01 folder moved successfully.
C:\ProgramData\boost_interprocess folder moved successfully.
C:\ProgramData\ism_0_llatsni.pad moved successfully.
C:\Users\Selina\AppData\Local\Conduit folder moved successfully.
C:\END moved successfully.
C:\ProgramData\ezsidmv.dat moved successfully.
========== FILES ==========
File\Folder C:\Users\Selina\AppData\Local\{*} not found.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
C:\Users\Selina\AppData\Local\Temp\0203371346276261mcinst.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\conduitinstaller.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\contentDATs.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD1035.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD113E.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD1351.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD1360.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD1370.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD13CE.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD165D.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD1840.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD1AC0.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD1BE8.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD1D6E.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD1E1A.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD1E68.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD1EC6.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD1F23.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD1F81.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD206B.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD2193.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD21F1.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD23E4.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD2683.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD26D1.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD2960.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD2A0C.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD2BE0.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD2ECC.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD30DF.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD312D.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD317B.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD3294.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD32A3.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD3330.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD334F.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD337E.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD3448.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD36D8.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD37D1.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD37F0.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD39A5.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD3ADD.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD3B0C.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD3E28.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD3F02.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD3F7F.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD3FEC.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD403A.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD405.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD41C0.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD422D.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD42E8.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD445F.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD4558.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD47C8.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD47D8.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD497D.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD499D.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD4D73.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD4DF0.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD4F18.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD52B1.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD55C.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD5659.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD5772.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD581D.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD5917.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD5B77.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD5D1C.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD60D4.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD6161.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD6547.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD6595.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD66FC.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD671B.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD67F5.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD67F6.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD685.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD68DF.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD68E0.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD6AC3.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD6C3.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD6CE5.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD6F84.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD7609.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD7A0F.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD7AF9.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD7CC.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD7D69.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD7D97.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD7E24.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD80E2.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD815F.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD817E.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD81EB.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD8342.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD846B.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD84C8.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD86AC.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD8748.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD8A06.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD8AF0.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD8BDA.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD8C28.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD8F43.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD902D.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD94EE.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD962.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD96E1.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD9B93.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD9F1B.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EAD9F1C.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADA0EF.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADA13E.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADA4C.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADA977.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADAABF.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADAD3F.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADAD8.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADAEC5.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADAF41.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADAF61.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADAF8F.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADB1D5.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADB3E4.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADB5D6.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADB615.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADB616.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADB6DF.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADB6EF.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADB77B.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADBC9A.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADBD26.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADBE8D.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADBF58.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADBFE4.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADC0AF.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADC2A2.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADC995.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADCC14.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADCCCF.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADCD3D.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADCD3E.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADCE65.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADD01A.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADD077.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADD2F7.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADD47D.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADD5F3.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADD623.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADD8B1.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADD9BB.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADDAE3.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADDBBD.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADE09E.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADE178.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADE732.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADEBF3.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADED0C.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADED3B.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADEEE0.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADF047.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADF324.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADF68E.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADF69D.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADF6A.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADF758.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADFB5E.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADFC86.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\EADFCC5.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\eauninstall.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\GLB1A2B.EXE moved successfully.
C:\Users\Selina\AppData\Local\Temp\GoogleUpdateSetup.exe91e87 moved successfully.
C:\Users\Selina\AppData\Local\Temp\rootsupd.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\SecurityScan_Release.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\SetupDataMngr_Searchqu.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\statisticsStub.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\stub.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\The Sims 2_uninst.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\vcredist_x64.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\vcredist_x86.exe moved successfully.
C:\Users\Selina\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\6baea4fe-3d2b9b94-n folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\1a209876-6d591453-n folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\5535ab32-5f0c113f-n folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\f84c6ae-1fa9ab18-n folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\759e98ee-6a278c42-n folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\4f710eed-3464fb79-n folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\4488892a-7965c4ab-n folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\7ec4bf04-16467fdb-n folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\14e5d595-4ce0b46c-n folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6d0ad391-6a909fc4-n folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\Selina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
File/Folder C:\Windows\System32\*.tmp not found.
File/Folder C:\Windows\SysWOW64\*.tmp not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Selina\Desktop\cmd.bat deleted successfully.
C:\Users\Selina\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Mathias
->Temp folder emptied: 283315064 bytes
->Temporary Internet Files folder emptied: 52858378 bytes
->Java cache emptied: 48911996 bytes
->Flash cache emptied: 2933 bytes
User: Public
User: Selina
->Temp folder emptied: 1657029124 bytes
->Temporary Internet Files folder emptied: 1360662378 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 3187261 bytes
User: Stefan
->Temp folder emptied: 628705606 bytes
->Temporary Internet Files folder emptied: 1259080802 bytes
->Java cache emptied: 56731146 bytes
->Flash cache emptied: 10624 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1351749006 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 5619 bytes
Total Files Cleaned = 6.393,00 mb
OTL by OldTimer - Version 3.2.59.1 log created on 08302012_004403
Files\Folders moved on Reboot...
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!
C:\Windows\temp\mcafee_pVBPZivb28KTC8w moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 Ich habe heute Morgen noch einmal Malwarebytes Anti-Malware durchlaufen lassen (davor natürlich aktualisiert. Gefunden wurde immer noch nichts. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.30.02 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Selina :: SELINA-PC [Administrator] Schutz: Aktiviert 30.08.2012 09:36:13 mbam-log-2012-08-30 (09-36-13).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 450085 Laufzeit: 1 Stunde(n), 14 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v2.000 - Datei am 08/30/2012 um 17:45:35 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Selina - SELINA-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Selina\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\user.js
Ordner Gefunden : C:\Program Files (x86)\Common Files\DVDVideoSoft
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\DVDVideoSoft
Ordner Gefunden : C:\Program Files (x86)\SweetIM
Ordner Gefunden : C:\Program Files (x86)\Windows Searchqu Toolbar
Ordner Gefunden : C:\ProgramData\InstallMate
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
Ordner Gefunden : C:\Users\Mathias\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Mathias\AppData\LocalLow\DVDVideoSoft
Ordner Gefunden : C:\Users\Mathias\AppData\LocalLow\SweetIM
Ordner Gefunden : C:\Users\Selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe
Ordner Gefunden : C:\Users\Selina\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\Selina\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Selina\AppData\LocalLow\DVDVideoSoft
Ordner Gefunden : C:\Users\Selina\AppData\LocalLow\Searchqutoolbar
Ordner Gefunden : C:\Users\Selina\AppData\Roaming\DVDVideoSoft
Ordner Gefunden : C:\Users\Selina\Documents\DVDVideoSoft
Ordner Gefunden : C:\Users\Stefan\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Stefan\AppData\LocalLow\DVDVideoSoft
Ordner Gefunden : C:\Users\Stefan\AppData\LocalLow\SweetIM
Ordner Gefunden : C:\Users\Stefan\Documents\DVDVideoSoft
***** [Registrierungsdatenbank] *****
Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WI9130~1\Datamngr\datamngr.dll C:\PROGRA~2\WI9130~1\Datamngr\IEBHO.dll
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\DVDVideoSoft
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\DVDVideoSoft
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoft Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E957D74-33C0-4829-A787-9F92C18C79C1}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\SweetIm
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\I
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2653012
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\DVDVideoSoft
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E957D74-33C0-4829-A787-9F92C18C79C1}
Schlüssel Gefunden : HKLM\Software\SearchquMediabarTb
Schlüssel Gefunden : HKLM\Software\SweetIm
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E957D74-33C0-4829-A787-9F92C18C79C1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F0356CB6-4AB7-425B-A31C-0369E0CB5E81}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoft Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F0356CB6-4AB7-425B-A31C-0369E0CB5E81}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gefunden : HKLM\SOFTWARE\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v21.0.1180.83
Datei : C:\Users\Selina\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gefunden [l.11] : homepage = "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=48&sspv=CHSB18",
Gefunden [l.1382] : homepage = "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=48&sspv=CHSB18",
*************************
AdwCleaner[R1].txt - [12668 octets] - [30/08/2012 17:45:35]
########## EOF - C:\AdwCleaner[R1].txt - [12729 octets] ##########
LG Selina |
|
30.08.2012, 18:33
| #4 |
| /// Helfer-Team | "Polizei Trojaner" (Österreich) Sehr gut! 
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
30.08.2012, 22:13
| #5 |
| | "Polizei Trojaner" (Österreich) Super, danke. Alles erledigt. AdwCleaner: Code:
ATTFilter # AdwCleaner v2.000 - Datei am 08/30/2012 um 19:43:32 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Selina - SELINA-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Selina\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\user.js
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\DVDVideoSoft
Gelöscht mit Neustart : C:\Program Files (x86)\Conduit
Gelöscht mit Neustart : C:\Program Files (x86)\DVDVideoSoft
Gelöscht mit Neustart : C:\Program Files (x86)\SweetIM
Gelöscht mit Neustart : C:\Program Files (x86)\Windows Searchqu Toolbar
Gelöscht mit Neustart : C:\ProgramData\InstallMate
Gelöscht mit Neustart : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
Gelöscht mit Neustart : C:\Users\Mathias\AppData\LocalLow\Conduit
Gelöscht mit Neustart : C:\Users\Mathias\AppData\LocalLow\DVDVideoSoft
Gelöscht mit Neustart : C:\Users\Mathias\AppData\LocalLow\SweetIM
Gelöscht mit Neustart : C:\Users\Selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe
Gelöscht mit Neustart : C:\Users\Selina\AppData\LocalLow\boost_interprocess
Gelöscht mit Neustart : C:\Users\Selina\AppData\LocalLow\Conduit
Gelöscht mit Neustart : C:\Users\Selina\AppData\LocalLow\DVDVideoSoft
Gelöscht mit Neustart : C:\Users\Selina\AppData\LocalLow\Searchqutoolbar
Gelöscht mit Neustart : C:\Users\Selina\AppData\Roaming\DVDVideoSoft
Gelöscht mit Neustart : C:\Users\Selina\Documents\DVDVideoSoft
Gelöscht mit Neustart : C:\Users\Stefan\AppData\LocalLow\Conduit
Gelöscht mit Neustart : C:\Users\Stefan\AppData\LocalLow\DVDVideoSoft
Gelöscht mit Neustart : C:\Users\Stefan\AppData\LocalLow\SweetIM
Gelöscht mit Neustart : C:\Users\Stefan\Documents\DVDVideoSoft
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WI9130~1\Datamngr\datamngr.dll C:\PROGRA~2\WI9130~1\Datamngr\IEBHO.dll
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoft
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\DVDVideoSoft
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoft Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E957D74-33C0-4829-A787-9F92C18C79C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SweetIm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\I
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2653012
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoft
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E957D74-33C0-4829-A787-9F92C18C79C1}
Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb
Schlüssel Gelöscht : HKLM\Software\SweetIm
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E957D74-33C0-4829-A787-9F92C18C79C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoft Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F0356CB6-4AB7-425B-A31C-0369E0CB5E81}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Google Chrome v21.0.1180.83
Datei : C:\Users\Selina\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.11] : homepage = "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=48&sspv=CHSB18",
Gelöscht [l.1382] : homepage = "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=48&sspv=CHSB18",
*************************
AdwCleaner[R1].txt - [12751 octets] - [30/08/2012 17:45:35]
AdwCleaner[S1].txt - [12044 octets] - [30/08/2012 19:43:32]
########## EOF - C:\AdwCleaner[S1].txt - [12105 octets] ##########
Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 30.08.2012 20:15:14
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, E:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 30.08.2012 20:15:34
c:\program files (x86)\gamespy arcade gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\install.log gefunden: Trace.File.gamespy arcade!E1
C:\_OTL\MovedFiles\08302012_004403\C_Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\7ac02ad2-69d3aaec -> b4a\b4a.class gefunden: Exploit.Java.CVE-2012-4681!E2
C:\_OTL\MovedFiles\08302012_004403\C_Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\7ac02ad2-69d3aaec -> b4a\b4d.class gefunden: Exploit.Java.Blacole!E2
C:\_OTL\MovedFiles\08302012_004403\C_Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\7ac02ad2-69d3aaec -> b4a\b4f.class gefunden: Exploit.Java.Blacole!E2
C:\_OTL\MovedFiles\08302012_004403\C_Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\7ac02ad2-69d3aaec -> b4a\b4b.class gefunden: Exploit.Java.Blacole!E2
C:\_OTL\MovedFiles\08302012_004403\C_Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\7ac02ad2-69d3aaec -> b4a\b4c.class gefunden: Exploit.Java.Blacole!E2
C:\_OTL\MovedFiles\08302012_004403\C_Users\Selina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\7ac02ad2-69d3aaec -> b4a\b4e.class gefunden: Exploit.Java.CVE-2012-4681!E2
C:\_OTL\MovedFiles\08302012_004403\C_Users\Selina\AppData\Local\Temp\EAD30DF.exe gefunden: Trojan.Crypt!E2
C:\_OTL\MovedFiles\08302012_004403\C_Users\Selina\AppData\Local\Temp\EAD7A0F.exe gefunden: Trojan.Crypt!E2
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe gefunden: Riskware.Win32.Toolbar.Zugo.AMN!E1
Gescannt 659180
Gefunden 11
Scan Ende: 30.08.2012 22:54:07
Scan Zeit: 2:38:33
Geändert von s.b.k. (30.08.2012 um 23:02 Uhr) |
|
31.08.2012, 15:11
| #6 |
| /// Helfer-Team | "Polizei Trojaner" (Österreich) Sehr gut! die Funde sind schon bei OTL in Quarantaene Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
__________________ --> "Polizei Trojaner" (Österreich) |
|
31.08.2012, 20:37
| #7 |
| | "Polizei Trojaner" (Österreich) Hallo, alles erledigt. Logfile: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cd8c4ffb7332b942ab9045ba79988e7c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-31 07:07:02
# local_time=2012-08-31 09:07:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 696841 696841 0 0
# compatibility_mode=5121 16777214 0 10 152809 98795749 0 0
# compatibility_mode=5892 16776573 100 56 0 183957307 0 0
# compatibility_mode=8192 67108863 100 0 220 220 0 0
# scanned=220407
# found=2
# cleaned=2
# scan_time=6621
C:\Users\Selina\Downloads\FinalTorrent2010Setup.exe probably a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08302012_004403\C_Users\Selina\AppData\Local\Temp\SetupDataMngr_Searchqu.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
 |
|
31.08.2012, 22:54
| #8 |
| /// Helfer-Team | "Polizei Trojaner" (Österreich) Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck |
|
01.09.2012, 00:19
| #9 |
| | "Polizei Trojaner" (Österreich) Ich schon wieder.  Ich konnte Java über Systemsteuerung --> Programme nicht öffnen, weil es bei mir dort gar kein Java gibt. (Zumindest wird es dort nicht angezeigt) Schließlich habe ich es einfach über den Explorer geöffnet, ich hoffe das ist in Ordnung. PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Internet Explorer 9.0 ist aktuell Flash 11,1,102,55 ist veraltet! Aktualisieren Sie bitte auf die neueste Version! Java (1,7,0,7) ist aktuell. Adobe Reader 10,1,0,0 ist veraltet! Aktualisieren Sie bitte auf die neueste Version: 10,1,3 |
|
01.09.2012, 00:32
| #10 |
| /// Helfer-Team | "Polizei Trojaner" (Österreich) Aktualisiere den Rest! Sehr gut! damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html PC wird immer langsamer - was tun? |
|
01.09.2012, 14:34
| #11 |
| | "Polizei Trojaner" (Österreich) Guten Tag, ich habe alles bis auf die letzten 2 Punkte gemacht. Wenn ich in der Registry Fehler suche und behebe, zerstört das nicht Windows? Das will ich ja nicht.  Oder doch?Danke schon mal für deine Antwort. |
|
02.09.2012, 05:29
| #12 |
| /// Helfer-Team | "Polizei Trojaner" (Österreich) Schoen, dass dir das auffaellt! Ich verlinke die Anleitung, weil man es nicht aus Spass tun soll. Hier ist es aber geboten. |
|
02.09.2012, 17:54
| #13 |
| | "Polizei Trojaner" (Österreich) Achso, dann mach ich das mal. Noch mal vielen, vielen Dank für deine Hilfe!!! PS: Ich habe alle Fehler behoben und Windows funktioniert auch noch.  Geändert von s.b.k. (02.09.2012 um 18:00 Uhr) |
|
02.09.2012, 20:35
| #14 |
| /// Helfer-Team | "Polizei Trojaner" (Österreich)wir wuenschen eine virenfreie Zeit |
|
| Themen zu "Polizei Trojaner" (Österreich) |
| antivir, avira, bandoo, bho, browser, conduit, converter, error, firefox, home, homepage, incredibar toolbar, logfile, löschen?, mp3, object, phishing, plug-in, problem, realtek, registry, security, senden, siteadvisor, software, stick, trojaner, viren, virus, vista, wallpapers |
Linear-Darstellung
