|
Plagegeister aller Art und deren Bekämpfung: Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.08.2012, 07:24 | #1 |
| Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus) Hallo ihr Lieben, wie schön, dass es diese Board gibt! Nachdem ich vorhin Virenmeldungen hatte, hatte ich wie verrückt gegoogelt und bin hier fündig geworden, habe größtenteils nach den Anweisungen hier gehandelt und hoffe, ich bin die Trojaner wieder los. Erst hatte antivir mir gemeldet, im c:/Recycle Ordner wären bds.zeroaccess Trojaner gefunden worden. Zugriff verweigert, gleich in Quarantäne. Ich habe dann gleich Malwarebytes rüberlaufen lassen, und es zeigte mir 3 infizierte Dateien an, trojan.phex.thagen6 im Ordner Appdata/Local selber in der Registry und dann noch mal im Memory Process. Im Taskmanager lief dann auch plötzlich "syshost.exe" mit. Ich habe die Funde gelöscht, sämtliche Einträge gelöscht, die ich finden konnte, auch im Autostart-Menü (wo sich syshost gleich schön eingefressen hatte), mit CCleaner nach Fehlern in der Registry gesucht, gleich beheben lassen, das ganze 4 x hintereinander. Nochmals mit OTL Oldtimer gescannt, gefixt. So: Großes Bibbern vor dem Neustart, ob ich so eine grauslige Erpresser-Seite zu sehen bekommen werde oder ob alles funktionieren wird. Habe es doch gewagt und es scheint alles gut zu laufen. Radikalfans sagen zwar, "ach, da bleibt immer was, da ist man nie mehr sicher, man MUSS den Computer neu aufsetzen", aber ist das wirklich so? Ich habe sehr viele Programme, die ich so durch eine Reformatierung und Neuinstallation nicht verlieren möchte, auch die ganzen Einstellungen und Bookmarks, und und und. Das würde mich an den Rand der Verzweiflung bringen! Ich scanne gerade erneut mit Malwarebytes. Hier der Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.29.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 :: PC [Administrator] 30.08.2012 07:01:04 mbam-log-2012-08-30 (07-01-04).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 359801 Laufzeit: 1 Stunde(n), 22 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 30.08.2012 08:26:24 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Patricia\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,96 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 30,57% Memory free 5,92 Gb Paging File | 3,53 Gb Available in Paging File | 59,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 218,20 Gb Total Space | 65,25 Gb Free Space | 29,90% Space Free | Partition Type: NTFS Drive E: | 7,55 Gb Total Space | 0,77 Gb Free Space | 10,20% Space Free | Partition Type: FAT32 Drive G: | 1,84 Gb Total Space | 1,59 Gb Free Space | 86,41% Space Free | Partition Type: FAT Drive H: | 980,72 Mb Total Space | 648,19 Mb Free Space | 66,09% Space Free | Partition Type: FAT Computer Name: PC | User Name: Patricia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.30 08:19:28 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Patricia\Desktop\OTL.exe PRC - [2012.08.30 06:36:27 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.08.08 21:14:36 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.05.08 21:27:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 21:27:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.01.27 04:15:18 | 000,131,552 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\WSCStub.exe PRC - [2011.11.30 04:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe PRC - [2011.11.11 03:04:30 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe PRC - [2011.09.06 19:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE PRC - [2011.08.18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE PRC - [2011.08.18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE PRC - [2011.08.01 19:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.05.21 16:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe PRC - [2008.12.18 22:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe PRC - [2003.12.02 09:49:00 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\SysWOW64\gearsec.exe ========== Modules (No Company Name) ========== MOD - [2012.08.30 06:36:26 | 002,242,528 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.06.14 18:19:19 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll MOD - [2012.06.14 18:18:59 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.14 18:18:49 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.06.14 18:18:41 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll MOD - [2012.05.12 23:50:28 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll MOD - [2012.05.12 19:24:24 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012.05.12 19:22:55 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.12 19:22:47 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.12 19:22:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.12 19:22:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.12 19:22:25 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.08.18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.17 03:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2009.06.29 06:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV) SRV - [2012.08.30 06:36:26 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.25 17:15:22 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe -- (NIS) SRV - [2012.05.08 21:27:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 21:27:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService) SRV - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto | Running] -- C:\Program Files (x86)\ShadowExplorer\sesvc.exe -- (sesvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.29 06:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009.05.21 16:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SRV - [2008.12.18 22:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2003.12.02 09:49:00 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\SysWOW64\gearsec.exe -- (gearsec) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.08.30 07:34:10 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012.07.06 04:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1308000.00E\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012.06.07 06:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1308000.00E\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012.05.22 03:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1308000.00E\symefa64.sys -- (SymEFA) DRV:64bit: - [2012.05.08 21:27:47 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 21:27:47 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.18 03:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1308000.00E\ironx64.sys -- (SymIRON) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.30 18:10:13 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\tbhsd.sys -- (tbhsd) DRV:64bit: - [2011.11.24 03:50:28 | 000,738,936 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1305000.091\srtsp64.sys -- (SRTSP) DRV:64bit: - [2011.11.17 05:38:00 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\SysNative\drivers\NISx64\1305000.091\symnets.sys -- (SymNetS) DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.16 08:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1308000.00E\symds64.sys -- (SymDS) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2009.09.02 11:29:06 | 000,626,688 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\emOEM64.sys -- (USB28xxOEM) DRV:64bit: - [2009.09.01 15:31:42 | 000,649,984 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\emBDA64.sys -- (USB28xxBGA) DRV:64bit: - [2009.08.28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2009.07.17 03:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:64bit: - [2009.07.17 03:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.29 06:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.06.03 05:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.05.20 05:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.08 10:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.02.05 13:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2007.06.22 18:59:50 | 000,077,824 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\emAudio64.sys -- (emAudio) DRV:64bit: - [2006.11.01 20:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2012.08.30 07:42:13 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120829.018\EX64.SYS -- (NAVEX15) DRV - [2012.08.30 07:42:11 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120829.018\ENG64.SYS -- (NAVENG) DRV - [2012.08.29 16:06:56 | 000,512,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120829.001\IDSviA64.sys -- (IDSVia64) DRV - [2012.08.23 03:52:48 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120823.007\BHDrvx64.sys -- (BHDrvx64) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.12.13 18:15:26 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2004.06.11 08:45:00 | 000,013,872 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {13698D86-664E-4E4D-BE5D-8013E23012DF} IE:64bit: - HKLM\..\SearchScopes\{13698D86-664E-4E4D-BE5D-8013E23012DF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{42B655B4-4BD7-4E35-AF3F-3740F4F8E904}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {42B655B4-4BD7-4E35-AF3F-3740F4F8E904} IE - HKCU\..\SearchScopes\{876E071F-11ED-423C-92E2-162FE5A643B1}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.mc367.mail.yahoo.com/mc/welcome?.gx=1&.rand=c1vutu9vdonk3" FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.67 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.8 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.9 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.8.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.7 FF - prefs.js..extensions.enabledItems: {5C655500-E712-41e7-9349-CE462F844B19}:0.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: sharemenot@franziroesner.com:1.0.0.4 FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..network.proxy.autoconfig_url: "chrome://viewtubes/content/viewtubes_false.pac" FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1" FF - prefs.js..network.proxy.backup.ftp_port: 4001 FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1" FF - prefs.js..network.proxy.backup.gopher_port: 4001 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1" FF - prefs.js..network.proxy.backup.ssl_port: 4001 FF - prefs.js..network.proxy.ftp: "127.0.0.1" FF - prefs.js..network.proxy.ftp_port: 4001 FF - prefs.js..network.proxy.gopher: "127.0.0.1" FF - prefs.js..network.proxy.gopher_port: 4001 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 4001 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 4001 FF - prefs.js..network.proxy.type: 2 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Patricia\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011.11.11 03:05:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012.08.30 07:34:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2012.08.30 07:34:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.30 06:36:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.20 00:11:25 | 000,000,000 | ---D | M] [2009.11.26 19:03:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patricia\AppData\Roaming\mozilla\Extensions [2012.08.30 06:36:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patricia\AppData\Roaming\mozilla\Firefox\Profiles\nidaa7xe.default\extensions [2011.07.17 20:51:17 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Patricia\AppData\Roaming\mozilla\Firefox\Profiles\nidaa7xe.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2012.08.30 06:36:31 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Patricia\AppData\Roaming\mozilla\Firefox\Profiles\nidaa7xe.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.03.30 16:18:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Patricia\AppData\Roaming\mozilla\Firefox\Profiles\nidaa7xe.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.10.29 00:42:53 | 000,000,000 | ---D | M] (Autofill Forms) -- C:\Users\Patricia\AppData\Roaming\mozilla\Firefox\Profiles\nidaa7xe.default\extensions\autofillForms@blueimp.net [2011.01.07 05:21:17 | 000,001,445 | ---- | M] () -- C:\Users\Patricia\AppData\Roaming\Mozilla\Firefox\Profiles\nidaa7xe.default\searchplugins\dictcc-en-de.xml [2012.06.20 00:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.20 00:11:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.08.29 01:31:40 | 000,527,469 | ---- | M] () (No name found) -- C:\USERS\PATRICIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NIDAA7XE.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2012.08.23 02:53:44 | 000,341,143 | ---- | M] () (No name found) -- C:\USERS\PATRICIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NIDAA7XE.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI [2012.01.06 14:33:18 | 000,017,992 | ---- | M] () (No name found) -- C:\USERS\PATRICIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NIDAA7XE.DEFAULT\EXTENSIONS\{B71ACFF2-E436-4CC7-B5E3-0C8E2CC981BA}.XPI [2012.01.22 15:44:29 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\PATRICIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NIDAA7XE.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI [2012.08.10 23:16:19 | 000,045,226 | ---- | M] () (No name found) -- C:\USERS\PATRICIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NIDAA7XE.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI [2012.06.20 23:42:54 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\PATRICIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NIDAA7XE.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI [2012.08.30 06:36:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.12 05:55:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 06:36:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.12 05:55:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.12 05:55:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.12 05:55:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.12 05:55:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\WINDOWS\System32\StikyNot.exe File not found O4 - Startup: C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: RF - Formular ausfüllen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O8:64bit: - Extra context menu item: RF - Formular speichern - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O8:64bit: - Extra context menu item: RF - Menü anpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html () O8:64bit: - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: RF - Formular ausfüllen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O8 - Extra context menu item: RF - Formular speichern - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O8 - Extra context menu item: RF - Menü anpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html () O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.5.0) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.30 08:19:27 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Patricia\Desktop\OTL.exe [2012.08.30 07:41:12 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnets.sys [2012.08.30 07:41:11 | 001,129,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.sys [2012.08.30 07:41:11 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.sys [2012.08.30 07:41:11 | 000,037,536 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.sys [2012.08.30 07:41:10 | 000,737,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.sys [2012.08.30 07:41:10 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ironx64.sys [2012.08.30 07:41:10 | 000,167,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.sys [2012.08.30 07:40:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E [2012.08.30 07:34:10 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012.08.30 07:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2012.08.30 07:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2012.08.30 07:33:10 | 001,092,728 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\SymEFA64.sys [2012.08.30 07:33:10 | 000,738,936 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtsp64.sys [2012.08.30 07:33:10 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\SymDS64.sys [2012.08.30 07:33:10 | 000,405,624 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symnets.sys [2012.08.30 07:33:10 | 000,190,072 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\Ironx64.sys [2012.08.30 07:33:10 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtspx64.sys [2012.08.30 07:33:08 | 000,167,048 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ccSetx64.sys [2012.08.30 07:32:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64 [2012.08.30 07:32:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1305000.091 [2012.08.30 07:32:37 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [2012.08.30 07:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security [2012.08.30 07:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012.08.30 07:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2012.08.30 07:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2012.08.30 07:27:17 | 119,139,072 | ---- | C] (Symantec Corporation) -- C:\Users\Patricia\Desktop\NIS-TW-30-19-5-0-145-EN.exe [2012.08.30 03:38:44 | 013,856,992 | ---- | C] (BitDefender LLC) -- C:\Users\Patricia\Desktop\BDRemovalToolLauncher_sirefef_sfc_x64.exe [2012.07.14 06:23:38 | 020,928,200 | ---- | C] (Audacity Team ) -- C:\Users\Patricia\audacity-win-2.0.1.exe [2012.07.06 04:51:59 | 021,869,488 | ---- | C] (Oracle Corporation) -- C:\Users\Patricia\jre-7u5-windows-x64.exe [2012.07.06 04:51:28 | 021,054,960 | ---- | C] (Oracle Corporation) -- C:\Users\Patricia\jre-7u5-windows-i586.exe [2011.11.11 02:58:47 | 007,951,672 | ---- | C] (Siber Systems) -- C:\Users\Patricia\AiRoboForm.exe [2011.09.15 07:13:57 | 003,480,352 | ---- | C] (Piriform Ltd) -- C:\Users\Patricia\ccsetup310.exe [2009.11.26 21:20:07 | 006,677,264 | ---- | C] (Adobe Systems Inc.) -- C:\Users\Patricia\Shockwave_Installer_Slim.exe [1 C:\Users\Patricia\Documents\*.tmp files -> C:\Users\Patricia\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.30 08:19:28 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Patricia\Desktop\OTL.exe [2012.08.30 08:02:17 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.30 08:00:57 | 000,000,378 | ---- | M] () -- C:\Users\Patricia\Documents\cc_20120830_080053.reg [2012.08.30 07:57:16 | 004,032,002 | ---- | M] () -- C:\Users\Patricia\Documents\bookmarks.html [2012.08.30 07:41:38 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\VT20120731.038 [2012.08.30 07:35:40 | 002,200,233 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\Cat.DB [2012.08.30 07:34:10 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012.08.30 07:34:10 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012.08.30 07:34:10 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012.08.30 07:34:04 | 000,002,586 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2012.08.30 07:29:48 | 119,139,072 | ---- | M] (Symantec Corporation) -- C:\Users\Patricia\Desktop\NIS-TW-30-19-5-0-145-EN.exe [2012.08.30 06:58:50 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.30 06:58:50 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.30 06:51:25 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2012.08.30 06:51:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.30 06:51:05 | 2384,744,448 | -HS- | M] () -- C:\hiberfil.sys [2012.08.30 06:35:33 | 018,236,077 | ---- | M] () -- C:\Users\Patricia\Documents\Firefox 14.0.1 (de) - 2012-08-30.pcv [2012.08.30 05:34:54 | 210,292,736 | ---- | M] () -- C:\Users\Patricia\Desktop\KWU_1.0.3.upd.iso [2012.08.30 04:47:35 | 000,000,538 | ---- | M] () -- C:\Users\Patricia\Documents\cc_20120830_044732.reg [2012.08.30 04:46:41 | 000,011,452 | ---- | M] () -- C:\Users\Patricia\Documents\cc_20120830_044627.reg [2012.08.30 04:44:09 | 000,618,227 | ---- | M] () -- C:\Users\Patricia\Desktop\adwcleaner.exe [2012.08.30 03:39:07 | 013,856,992 | ---- | M] (BitDefender LLC) -- C:\Users\Patricia\Desktop\BDRemovalToolLauncher_sirefef_sfc_x64.exe [2012.08.30 02:27:14 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.29 21:11:51 | 089,838,958 | ---- | M] () -- C:\Users\Patricia\Desktop\Zmix Mixathon 1st Hour.avi [2012.08.25 18:44:19 | 1027,966,474 | ---- | M] () -- C:\Users\Patricia\Desktop\Sting_Live_in_Berlin_12.08.12_02-05_zdfkultur_90_TVOON_DE.mpg.avi [2012.08.15 18:38:08 | 000,378,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.12 06:29:49 | 000,001,568 | ---- | M] () -- C:\Users\Patricia\AppData\Roaming\wklnhst.dat [2012.08.12 03:04:10 | 001,512,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.12 03:04:10 | 000,659,238 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.12 03:04:10 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.12 03:04:10 | 000,132,776 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.12 03:04:10 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.11 01:09:03 | 000,010,752 | ---- | M] () -- C:\Users\Patricia\Documents\Mimi itunes codes.xlr [2012.08.10 07:28:35 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\isolate.ini [2012.08.09 02:33:27 | 000,001,706 | ---- | M] () -- C:\Users\Patricia\Documents\cc_20120809_023317.reg [1 C:\Users\Patricia\Documents\*.tmp files -> C:\Users\Patricia\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.30 08:00:55 | 000,000,378 | ---- | C] () -- C:\Users\Patricia\Documents\cc_20120830_080053.reg [2012.08.30 07:57:13 | 004,032,002 | ---- | C] () -- C:\Users\Patricia\Documents\bookmarks.html [2012.08.30 07:43:29 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\VT20120731.038 [2012.08.30 07:41:12 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnet64.cat [2012.08.30 07:41:12 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnet.inf [2012.08.30 07:41:11 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.cat [2012.08.30 07:41:11 | 000,003,435 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa.inf [2012.08.30 07:41:11 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds.inf [2012.08.30 07:41:11 | 000,001,419 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.inf [2012.08.30 07:41:10 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\iron.cat [2012.08.30 07:41:10 | 000,007,446 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.cat [2012.08.30 07:41:10 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.cat [2012.08.30 07:41:10 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.inf [2012.08.30 07:41:10 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.inf [2012.08.30 07:41:10 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\iron.inf [2012.08.30 07:40:25 | 000,007,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.cat [2012.08.30 07:40:25 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.cat [2012.08.30 07:40:25 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\isolate.ini [2012.08.30 07:34:13 | 002,200,233 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\Cat.DB [2012.08.30 07:34:10 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012.08.30 07:34:10 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012.08.30 07:34:04 | 000,002,586 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2012.08.30 07:32:58 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\SymEFA.inf [2012.08.30 07:32:58 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\SymDS.inf [2012.08.30 07:32:58 | 000,001,441 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\SymNet.inf [2012.08.30 07:32:58 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtsp64.inf [2012.08.30 07:32:58 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtspx64.inf [2012.08.30 07:32:58 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ccSetx64.inf [2012.08.30 07:32:58 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\Iron.inf [2012.08.30 07:32:42 | 000,004,782 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\SymVTcer.dat [2012.08.30 07:32:40 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\SymDS64.cat [2012.08.30 07:32:40 | 000,007,468 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ccSetx64.cat [2012.08.30 07:32:40 | 000,007,462 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtspx64.cat [2012.08.30 07:32:40 | 000,007,460 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\SymEFA64.cat [2012.08.30 07:32:40 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symnet64.cat [2012.08.30 07:32:40 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtsp64.cat [2012.08.30 07:32:40 | 000,007,450 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\iron.cat [2012.08.30 07:32:40 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\isolate.ini [2012.08.30 06:35:22 | 018,236,077 | ---- | C] () -- C:\Users\Patricia\Documents\Firefox 14.0.1 (de) - 2012-08-30.pcv [2012.08.30 05:30:06 | 210,292,736 | ---- | C] () -- C:\Users\Patricia\Desktop\KWU_1.0.3.upd.iso [2012.08.30 04:47:33 | 000,000,538 | ---- | C] () -- C:\Users\Patricia\Documents\cc_20120830_044732.reg [2012.08.30 04:46:33 | 000,011,452 | ---- | C] () -- C:\Users\Patricia\Documents\cc_20120830_044627.reg [2012.08.30 04:22:31 | 000,618,227 | ---- | C] () -- C:\Users\Patricia\Desktop\adwcleaner.exe [2012.08.29 21:00:13 | 089,838,958 | ---- | C] () -- C:\Users\Patricia\Desktop\Zmix Mixathon 1st Hour.avi [2012.08.25 18:07:54 | 1027,966,474 | ---- | C] () -- C:\Users\Patricia\Desktop\Sting_Live_in_Berlin_12.08.12_02-05_zdfkultur_90_TVOON_DE.mpg.avi [2012.08.13 03:41:51 | 000,048,181 | ---- | C] () -- C:\Users\Patricia\Desktop\ThroatClearM.mp3 [2012.08.09 02:33:24 | 000,001,706 | ---- | C] () -- C:\Users\Patricia\Documents\cc_20120809_023317.reg [2012.08.06 02:11:02 | 000,010,752 | ---- | C] () -- C:\Users\Patricia\Documents\Mimi itunes codes.xlr [2012.07.07 04:28:07 | 022,657,136 | ---- | C] () -- C:\Users\Patricia\vlc-2.0.2-win32.exe [2011.07.10 07:17:06 | 001,402,880 | ---- | C] () -- C:\Users\Patricia\HiJackThis.msi [2011.04.09 03:37:13 | 000,004,096 | -H-- | C] () -- C:\Users\Patricia\AppData\Local\keyfile3.drm [2011.03.04 21:23:18 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2011.03.04 21:22:31 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010.05.16 05:12:18 | 000,236,616 | ---- | C] () -- C:\Users\Patricia\install_win.html [2010.03.16 02:49:49 | 000,000,036 | ---- | C] () -- C:\Users\Patricia\AppData\Local\housecall.guid.cache [2009.12.22 16:58:24 | 001,057,102 | ---- | C] () -- C:\Users\Patricia\lameplugin.exe [2009.12.08 20:01:25 | 000,000,947 | ---- | C] () -- C:\Users\Patricia\AppData\Roaming\DataSafeDotNet.exe [2009.11.26 23:05:14 | 018,030,130 | ---- | C] () -- C:\Users\Patricia\vlc-1.0.3-win32.exe [2009.11.26 22:00:20 | 000,010,240 | ---- | C] () -- C:\Users\Patricia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.26 20:14:22 | 000,001,568 | ---- | C] () -- C:\Users\Patricia\AppData\Roaming\wklnhst.dat [2009.11.26 18:34:30 | 034,119,048 | ---- | C] () -- C:\Program Files\avira_antivir_personal408_de.exe [2008.10.30 10:49:34 | 000,000,022 | ---- | C] () -- C:\ProgramData\8f01a90e-7eb3-48d3-93b1-50d88fd146fb ========== LOP Check ========== [2010.06.29 20:08:49 | 000,000,000 | -HSD | M] -- C:\Users\Patricia\AppData\Roaming\.# [2010.03.10 06:25:41 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\Anthropics [2010.02.06 19:41:26 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\Ashampoo [2012.08.14 04:49:40 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\Audacity [2011.06.26 19:47:20 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\BOM [2009.12.01 04:20:54 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\Broad Intelligence [2010.03.16 02:06:56 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\DeepBurner [2010.05.08 09:07:00 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\FabFilter [2010.07.07 04:00:31 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\Foxit [2012.01.23 21:00:59 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\Foxit Software [2012.03.19 03:54:59 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\Free Download Manager [2010.03.16 21:45:15 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\Hardcore [2011.03.08 22:59:44 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\MAGIX [2009.12.10 02:07:53 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\OpenOffice.org [2009.12.05 18:18:40 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\phonostar GmbH [2010.03.16 17:19:48 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\QuickScan [2009.12.25 03:18:34 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\RapidSolution [2009.12.24 08:20:50 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\Samsung [2011.03.20 03:15:30 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\SF Software [2009.11.27 17:57:53 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\Template [2010.06.28 09:29:11 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\Wallpapers [2011.10.14 19:14:13 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\www.shadowexplorer.com [2012.07.20 12:10:25 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
30.08.2012, 18:24 | #2 |
/// Helfer-Team | Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus)__________________
__________________ |
30.08.2012, 21:07 | #3 |
| Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus) Hier der Log mit Funden:
__________________Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.29.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Patricia :: PC [Administrator] 30.08.2012 02:30:19 mbam-log-2012-08-30 (02-30-19).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|G:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 379526 Laufzeit: 1 Stunde(n), 44 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Users\Patricia\AppData\Local\{B7429B93-A782-6BCB-044E-5214E43289FC}\syshost.exe (Trojan.Phex.THAGen6) -> 2912 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|syshost32 (Trojan.Phex.THAGen6) -> Daten: C:\Users\Patricia\AppData\Local\{B7429B93-A782-6BCB-044E-5214E43289FC}\syshost.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Patricia\AppData\Local\{B7429B93-A782-6BCB-044E-5214E43289FC}\syshost.exe (Trojan.Phex.THAGen6) -> Löschen bei Neustart. (Ende) |
31.08.2012, 09:14 | #4 |
/// Helfer-Team | Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus) Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {13698D86-664E-4E4D-BE5D-8013E23012DF} IE:64bit: - HKLM\..\SearchScopes\{13698D86-664E-4E4D-BE5D-8013E23012DF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{42B655B4-4BD7-4E35-AF3F-3740F4F8E904}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\..\SearchScopes,DefaultScope = {42B655B4-4BD7-4E35-AF3F-3740F4F8E904} IE - HKCU\..\SearchScopes\{876E071F-11ED-423C-92E2-162FE5A643B1}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..network.proxy.autoconfig_url: "chrome://viewtubes/content/viewtubes_false.pac" FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1" FF - prefs.js..network.proxy.backup.ftp_port: 4001 FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1" FF - prefs.js..network.proxy.backup.gopher_port: 4001 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1" FF - prefs.js..network.proxy.backup.ssl_port: 4001 FF - prefs.js..network.proxy.ftp: "127.0.0.1" FF - prefs.js..network.proxy.ftp_port: 4001 FF - prefs.js..network.proxy.gopher: "127.0.0.1" FF - prefs.js..network.proxy.gopher_port: 4001 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 4001 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 4001 FF - prefs.js..network.proxy.type: 2 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Patricia\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012.08.30 07:34:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2012.08.30 07:34:19 | 000,000,000 | ---D | M] O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\WINDOWS\System32\StikyNot.exe File not found O4 - Startup: C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.5.0) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 [2010.06.29 20:08:49 | 000,000,000 | -HSD | M] -- C:\Users\Patricia\AppData\Roaming\.# :Files C:\Users\Patricia\AppData\Local\{*} C:\ProgramData\*.exe C:\ProgramData\TEMP C:\Users\Patricia\AppData\Local\Temp\*.exe C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk %SystemRoot%\System32\*.tmp %SystemRoot%\SysWOW64\*.tmp ipconfig /flushdns /c :Commands [purity] [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
4. Schritt
|
31.08.2012, 17:06 | #5 |
| Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus) Danke... Hier der OTL Log nach dem Fix Code:
ATTFilter All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{13698D86-664E-4E4D-BE5D-8013E23012DF}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13698D86-664E-4E4D-BE5D-8013E23012DF}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{42B655B4-4BD7-4E35-AF3F-3740F4F8E904}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42B655B4-4BD7-4E35-AF3F-3740F4F8E904}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{876E071F-11ED-423C-92E2-162FE5A643B1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{876E071F-11ED-423C-92E2-162FE5A643B1}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! Prefs.js: "Winload Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "chrf-ytbm" removed from browser.search.param.yahoo-fr Prefs.js: "chrf-ytbm" removed from browser.search.param.yahoo-fr-cjkt Prefs.js: "${8}" removed from browser.search.param.yahoo-type Prefs.js: false removed from browser.search.update Prefs.js: true removed from browser.search.useDBForOrder Prefs.js: "chrome://viewtubes/content/viewtubes_false.pac" removed from network.proxy.autoconfig_url Prefs.js: "127.0.0.1" removed from network.proxy.backup.ftp Prefs.js: 4001 removed from network.proxy.backup.ftp_port Prefs.js: "127.0.0.1" removed from network.proxy.backup.gopher Prefs.js: 4001 removed from network.proxy.backup.gopher_port Prefs.js: "" removed from network.proxy.backup.socks Prefs.js: 0 removed from network.proxy.backup.socks_port Prefs.js: "127.0.0.1" removed from network.proxy.backup.ssl Prefs.js: 4001 removed from network.proxy.backup.ssl_port Prefs.js: "127.0.0.1" removed from network.proxy.ftp Prefs.js: 4001 removed from network.proxy.ftp_port Prefs.js: "127.0.0.1" removed from network.proxy.gopher Prefs.js: 4001 removed from network.proxy.gopher_port Prefs.js: "127.0.0.1" removed from network.proxy.http Prefs.js: 4001 removed from network.proxy.http_port Prefs.js: true removed from network.proxy.share_proxy_settings Prefs.js: "127.0.0.1" removed from network.proxy.ssl Prefs.js: 4001 removed from network.proxy.ssl_port Prefs.js: 2 removed from network.proxy.type 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBDA0591-3099-440a-AA10-41764D9DB4DB}\ not found. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\components folder moved successfully. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\chrome\skin folder moved successfully. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\chrome folder moved successfully. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn folder moved successfully. Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}\ not found. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\content folder moved successfully. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\components folder moved successfully. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\chrome\skin folder moved successfully. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\chrome folder moved successfully. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724d43a9-0d85-11d4-9908-00400523e39a}\ deleted successfully. C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll moved successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ deleted successfully. File C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ deleted successfully. File C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES deleted successfully. C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\Windows\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\Users\Patricia\AppData\Roaming\.# folder moved successfully. ========== FILES ========== File\Folder C:\Users\Patricia\AppData\Local\{*} not found. File\Folder C:\ProgramData\*.exe not found. File\Folder C:\ProgramData\TEMP not found. File\Folder C:\Users\Patricia\AppData\Local\Temp\*.exe not found. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. C:\Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. File/Folder C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found. File/Folder C:\Windows\System32\*.tmp not found. File/Folder C:\Windows\SysWOW64\*.tmp not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Patricia\Desktop\cmd.bat deleted successfully. C:\Users\Patricia\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Patricia ->Temp folder emptied: 13975 bytes ->Temporary Internet Files folder emptied: 447024 bytes ->FireFox cache emptied: 61635661 bytes ->Flash cache emptied: 506 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 59,00 mb OTL by OldTimer - Version 3.2.59.1 log created on 08312012_175322 Files\Folders moved on Reboot... C:\Users\Patricia\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/31/2012 at 20:05:16 # Updated 14/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Patricia - PC # Boot Mode : Normal # Running from : C:\Users\Patricia\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\Patricia\AppData\LocalLow\Conduit Folder Found : C:\Program Files (x86)\Conduit ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\Conduit Key Found : HKLM\SOFTWARE\Conduit [x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit [x64] Key Found : HKCU\Software\Conduit ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B} Key Found : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9} Key Found : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v15.0 (de) Profile name : default File : C:\Users\Patricia\AppData\Roaming\Mozilla\Firefox\Profiles\nidaa7xe.default\prefs.js Found : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2319825.CTID", "CT2319825"); Found : user_pref("CT2319825.CurrentServerDate", "6-9-2010"); Found : user_pref("CT2319825.DialogsAlignMode", "LTR"); Found : user_pref("CT2319825.EMailNotifierPollDate", "Mon Sep 06 2010 04:11:13 GMT+0200"); Found : user_pref("CT2319825.FeedPollDate11908299", "Mon Sep 06 2010 03:52:27 GMT+0200"); Found : user_pref("CT2319825.FirstServerDate", "6-9-2010"); Found : user_pref("CT2319825.FirstTime", true); Found : user_pref("CT2319825.FirstTimeFF3", true); Found : user_pref("CT2319825.FixPageNotFoundErrors", true); Found : user_pref("CT2319825.GroupingServerCheckInterval", 1440); Found : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2319825.Initialize", true); Found : user_pref("CT2319825.InitializeCommonPrefs", true); Found : user_pref("CT2319825.InstalledDate", "Mon Sep 06 2010 03:52:25 GMT+0200"); Found : user_pref("CT2319825.InvalidateCache", false); Found : user_pref("CT2319825.IsGrouping", false); Found : user_pref("CT2319825.IsMulticommunity", false); Found : user_pref("CT2319825.IsOpenThankYouPage", false); Found : user_pref("CT2319825.IsOpenUninstallPage", true); Found : user_pref("CT2319825.LanguagePackLastCheckTime", "Mon Sep 06 2010 03:52:27 GMT+0200"); Found : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2319825.LastLogin_2.5.8.6", "Mon Sep 06 2010 03:52:25 GMT+0200"); Found : user_pref("CT2319825.LatestVersion", "2.7.2.0"); Found : user_pref("CT2319825.Locale", "de"); Found : user_pref("CT2319825.LoginCache", 4); Found : user_pref("CT2319825.MCDetectTooltipHeight", "83"); Found : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2319825.MCDetectTooltipWidth", "295"); Found : user_pref("CT2319825.RadioIsPodcast", false); Found : user_pref("CT2319825.RadioLastCheckTime", "Mon Sep 06 2010 03:52:26 GMT+0200"); Found : user_pref("CT2319825.RadioLastUpdateIPServer", "3"); Found : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000"); Found : user_pref("CT2319825.RadioMediaID", "11949532"); Found : user_pref("CT2319825.RadioMediaType", "Media Player"); Found : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532"); Found : user_pref("CT2319825.RadioStationName", "1Live"); Found : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...] Found : user_pref("CT2319825.SHRINK_TOOLBAR", 1); Found : user_pref("CT2319825.SavedHomepage", "hxxp://de.mc244.mail.yahoo.com/mc/welcome?.gx=1&.tm=1262381420[...] Found : user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Found : user_pref("CT2319825.SearchFromAddressBarIsInit", true); Found : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...] Found : user_pref("CT2319825.SearchInNewTabEnabled", true); Found : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Mon Sep 06 2010 03:52:25 GMT+0200"); Found : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Found : user_pref("CT2319825.SettingsCheckIntervalMin", 120); Found : user_pref("CT2319825.SettingsLastCheckTime", "Mon Sep 06 2010 03:52:24 GMT+0200"); Found : user_pref("CT2319825.SettingsLastUpdate", "1283347353"); Found : user_pref("CT2319825.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Mon Sep 06 2010 03:52:23 GMT+0200"); Found : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255348257"); Found : user_pref("CT2319825.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...] Found : user_pref("CT2319825.UserID", "UN04274578868090484"); Found : user_pref("CT2319825.ValidationData_Toolbar", 0); Found : user_pref("CT2319825.WeatherNetwork", ""); Found : user_pref("CT2319825.WeatherPollDate", "Mon Sep 06 2010 04:06:11 GMT+0200"); Found : user_pref("CT2319825.WeatherUnit", "C"); Found : user_pref("CT2319825.alertChannelId", "715912"); Found : user_pref("CT2319825.clientLogIsEnabled", true); Found : user_pref("CT2319825.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Found : user_pref("CT2319825.myStuffEnabled", true); Found : user_pref("CT2319825.myStuffPublihserMinWidth", 400); Found : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2319825.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2319825.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Found : user_pref("CommunityToolbar.ToolbarsList", "CT2319825"); Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825"); Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Sep 06 2010 03:52:26 GMT+0200"); Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2319825"); Found : user_pref("gm-notifier.ui.counter.showInbox", true); ************************* AdwCleaner[R1].txt - [7655 octets] - [31/08/2012 20:05:16] ########## EOF - C:\AdwCleaner[R1].txt - [7783 octets] ########## Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/31/2012 at 20:07:28 # Updated 14/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Patricia - PC # Boot Mode : Normal # Running from : C:\Users\Patricia\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Patricia\AppData\LocalLow\Conduit Folder Deleted : C:\Program Files (x86)\Conduit ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\Conduit Key Deleted : HKLM\SOFTWARE\Conduit ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v15.0 (de) Profile name : default File : C:\Users\Patricia\AppData\Roaming\Mozilla\Firefox\Profiles\nidaa7xe.default\prefs.js C:\Users\Patricia\AppData\Roaming\Mozilla\Firefox\Profiles\nidaa7xe.default\user.js ... Deleted ! Deleted : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2319825.CTID", "CT2319825"); Deleted : user_pref("CT2319825.CurrentServerDate", "6-9-2010"); Deleted : user_pref("CT2319825.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2319825.EMailNotifierPollDate", "Mon Sep 06 2010 04:11:13 GMT+0200"); Deleted : user_pref("CT2319825.FeedPollDate11908299", "Mon Sep 06 2010 03:52:27 GMT+0200"); Deleted : user_pref("CT2319825.FirstServerDate", "6-9-2010"); Deleted : user_pref("CT2319825.FirstTime", true); Deleted : user_pref("CT2319825.FirstTimeFF3", true); Deleted : user_pref("CT2319825.FixPageNotFoundErrors", true); Deleted : user_pref("CT2319825.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2319825.Initialize", true); Deleted : user_pref("CT2319825.InitializeCommonPrefs", true); Deleted : user_pref("CT2319825.InstalledDate", "Mon Sep 06 2010 03:52:25 GMT+0200"); Deleted : user_pref("CT2319825.InvalidateCache", false); Deleted : user_pref("CT2319825.IsGrouping", false); Deleted : user_pref("CT2319825.IsMulticommunity", false); Deleted : user_pref("CT2319825.IsOpenThankYouPage", false); Deleted : user_pref("CT2319825.IsOpenUninstallPage", true); Deleted : user_pref("CT2319825.LanguagePackLastCheckTime", "Mon Sep 06 2010 03:52:27 GMT+0200"); Deleted : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2319825.LastLogin_2.5.8.6", "Mon Sep 06 2010 03:52:25 GMT+0200"); Deleted : user_pref("CT2319825.LatestVersion", "2.7.2.0"); Deleted : user_pref("CT2319825.Locale", "de"); Deleted : user_pref("CT2319825.LoginCache", 4); Deleted : user_pref("CT2319825.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2319825.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2319825.RadioIsPodcast", false); Deleted : user_pref("CT2319825.RadioLastCheckTime", "Mon Sep 06 2010 03:52:26 GMT+0200"); Deleted : user_pref("CT2319825.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000"); Deleted : user_pref("CT2319825.RadioMediaID", "11949532"); Deleted : user_pref("CT2319825.RadioMediaType", "Media Player"); Deleted : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532"); Deleted : user_pref("CT2319825.RadioStationName", "1Live"); Deleted : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...] Deleted : user_pref("CT2319825.SHRINK_TOOLBAR", 1); Deleted : user_pref("CT2319825.SavedHomepage", "hxxp://de.mc244.mail.yahoo.com/mc/welcome?.gx=1&.tm=1262381420[...] Deleted : user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Deleted : user_pref("CT2319825.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...] Deleted : user_pref("CT2319825.SearchInNewTabEnabled", true); Deleted : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Mon Sep 06 2010 03:52:25 GMT+0200"); Deleted : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2319825.SettingsCheckIntervalMin", 120); Deleted : user_pref("CT2319825.SettingsLastCheckTime", "Mon Sep 06 2010 03:52:24 GMT+0200"); Deleted : user_pref("CT2319825.SettingsLastUpdate", "1283347353"); Deleted : user_pref("CT2319825.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Mon Sep 06 2010 03:52:23 GMT+0200"); Deleted : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255348257"); Deleted : user_pref("CT2319825.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...] Deleted : user_pref("CT2319825.UserID", "UN04274578868090484"); Deleted : user_pref("CT2319825.ValidationData_Toolbar", 0); Deleted : user_pref("CT2319825.WeatherNetwork", ""); Deleted : user_pref("CT2319825.WeatherPollDate", "Mon Sep 06 2010 04:06:11 GMT+0200"); Deleted : user_pref("CT2319825.WeatherUnit", "C"); Deleted : user_pref("CT2319825.alertChannelId", "715912"); Deleted : user_pref("CT2319825.clientLogIsEnabled", true); Deleted : user_pref("CT2319825.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Deleted : user_pref("CT2319825.myStuffEnabled", true); Deleted : user_pref("CT2319825.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2319825.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2319825.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2319825"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825"); Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Sep 06 2010 03:52:26 GMT+0200"); Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2319825"); Deleted : user_pref("gm-notifier.ui.counter.showInbox", true); ************************* AdwCleaner[R1].txt - [7772 octets] - [31/08/2012 20:05:16] AdwCleaner[S1].txt - [7676 octets] - [31/08/2012 20:07:28] ########## EOF - C:\AdwCleaner[S1].txt - [7804 octets] ########## |
31.08.2012, 23:44 | #6 |
/// Helfer-Team | Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus) Bitte das Malwarebytes Logfile posten! (Reiter Logberichte)
__________________ --> Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus) |
31.08.2012, 23:51 | #7 |
| Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus) Malwarebytes Log Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.31.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Patricia :: PC [Administrator] 31.08.2012 18:09:49 mbam-log-2012-08-31 (18-09-49).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 528478 Laufzeit: 1 Stunde(n), 42 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
01.09.2012, 00:29 | #8 |
/// Helfer-Team | Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus) Sehr gut! Wie laeuft der Rechner? Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
01.09.2012, 20:34 | #9 |
| Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus) Bericht Emsisoft: Bericht Emsisoft: (Aaargh, immer noch was gefunden oder ist das die Quarantäne von OTL? Und im Dell DataSafe Backup... komisch) Auch der Fund auf F:/ in dem Cakewalk Programm... warum haben den weder Malwarebytes, Norton, Avira, OTL und andere gefunden? Bin total verwirrt... (Rechner läuft übrigens gut, keine Auffälligkeiten, aber die hatte ich ja komischerweise auch vorher nicht, obwohl der Virus/die Trojaner drauf waren, sehr tricky! OTL hat zwar einige harmlose Anwendungen gelöscht, z.B. das RocketDock, aber nicht so schlimm, lieber vorsichtig als zu oberflächlich, brauche das auch nicht zwingend...) Du hast geschrieben: Nichts löschen lassen... in der Anleitung steht "Ausgewähltes in Quarantäne"... bin mir jetzt sehr unsicher und lasse das Fenster die ganze Zeit geöffnet... Danke nochmals! Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6 Letztes Update: 01.09.2012 21:34:54 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, F:\ Archiv Scan: An ADS Scan: An Scan Beginn: 01.09.2012 21:39:51 C:\_OTL\MovedFiles\08312012_175322\C_Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\281badbc-7293f148 -> Wiki.class gefunden: Java.CVE!E2 C:\_OTL\MovedFiles\08312012_175322\C_Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\1741bbb7-31fea221 -> json\ThreadParser.class gefunden: Exploit.Java.Blacole!E2 C:\_OTL\MovedFiles\08312012_175322\C_Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\1741bbb7-31fea221 -> json\Option.class gefunden: JAVA.Agent!E2 C:\_OTL\MovedFiles\08312012_175322\C_Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\1741bbb7-31fea221 -> json\SP.class gefunden: Exploit.Java.Blacole!E2 C:\_OTL\MovedFiles\08312012_175322\C_Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\348c9e55-2aacc733 -> apps\MyWorker.class gefunden: Exploit.JAVA.Vedenbi!E2 C:\_OTL\MovedFiles\08312012_175322\C_Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\348c9e55-2aacc733 -> apps\MyLoader.class gefunden: JAVA.Agent!E2 C:\_OTL\MovedFiles\08312012_175322\C_Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\348c9e55-2aacc733 -> apps\MyApplet.class gefunden: Java.CVE!E2 C:\_OTL\MovedFiles\08312012_175322\C_Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\43e2e0d4-50c0c222 -> asd$1.class gefunden: JAVA.Agent!E2 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Updates\DataSafe_LGG_Tag_ini_Update.exe gefunden: Trojan.SuspectCRC!E2 F:\BACK UP\Program Files C\Cakewalk\Shared Dxi\ReValver SE\ReValver SE.dll gefunden: Virus.Win32.Nimnul!E2 F:\Programs\U-he.Zebra.VSTi.v2.1.Incl.Keygen-AiR\keygen.exe gefunden: Trojan-Dropper.Win32.Small.aww!E2 Gescannt 763137 Gefunden 11 Scan Ende: 02.09.2012 00:01:18 Scan Zeit: 2:21:27 Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6 Letztes Update: 01.09.2012 21:34:54 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, F:\ Archiv Scan: An ADS Scan: An Scan Beginn: 01.09.2012 21:39:51 C:\_OTL\MovedFiles\08312012_175322\C_Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\281badbc-7293f148 -> Wiki.class gefunden: Java.CVE!E2 C:\_OTL\MovedFiles\08312012_175322\C_Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\1741bbb7-31fea221 -> json\ThreadParser.class gefunden: Exploit.Java.Blacole!E2 C:\_OTL\MovedFiles\08312012_175322\C_Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\1741bbb7-31fea221 -> json\Option.class gefunden: JAVA.Agent!E2 C:\_OTL\MovedFiles\08312012_175322\C_Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\1741bbb7-31fea221 -> json\SP.class gefunden: Exploit.Java.Blacole!E2 C:\_OTL\MovedFiles\08312012_175322\C_Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\348c9e55-2aacc733 -> apps\MyWorker.class gefunden: Exploit.JAVA.Vedenbi!E2 C:\_OTL\MovedFiles\08312012_175322\C_Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\348c9e55-2aacc733 -> apps\MyLoader.class gefunden: JAVA.Agent!E2 C:\_OTL\MovedFiles\08312012_175322\C_Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\348c9e55-2aacc733 -> apps\MyApplet.class gefunden: Java.CVE!E2 C:\_OTL\MovedFiles\08312012_175322\C_Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\43e2e0d4-50c0c222 -> asd$1.class gefunden: JAVA.Agent!E2 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Updates\DataSafe_LGG_Tag_ini_Update.exe gefunden: Trojan.SuspectCRC!E2 F:\BACK UP\Program Files C\Cakewalk\Shared Dxi\ReValver SE\ReValver SE.dll gefunden: Virus.Win32.Nimnul!E2 F:\Programs\U-he.Zebra.VSTi.v2.1.Incl.Keygen-AiR\keygen.exe gefunden: Trojan-Dropper.Win32.Small.aww!E2 Gescannt 763137 Gefunden 11 Scan Ende: 02.09.2012 00:01:18 Scan Zeit: 2:21:27 F:\Programs\U-he.Zebra.VSTi.v2.1.Incl.Keygen-AiR\keygen.exe Quarantäne Trojan-Dropper.Win32.Small.aww!E2 F:\BACK UP\Program Files C\Cakewalk\Shared Dxi\ReValver SE\ReValver SE.dll Quarantäne Virus.Win32.Nimnul!E2 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Updates\DataSafe_LGG_Tag_ini_Update.exe Quarantäne Trojan.SuspectCRC!E2 C:\_OTL\MovedFiles\08312012_175322\C_Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\348c9e55-2aacc733 -> apps\MyWorker.class Quarantäne Exploit.JAVA.Vedenbi!E2 C:\_OTL\MovedFiles\08312012_175322\C_Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\1741bbb7-31fea221 -> json\Option.class Quarantäne JAVA.Agent!E2 C:\_OTL\MovedFiles\08312012_175322\C_Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\43e2e0d4-50c0c222 -> asd$1.class Quarantäne JAVA.Agent!E2 C:\_OTL\MovedFiles\08312012_175322\C_Users\Patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\281badbc-7293f148 -> Wiki.class Quarantäne Java.CVE!E2 Quarantäne 7 |
02.09.2012, 09:25 | #10 |
/// Helfer-Team | Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus) Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
02.09.2012, 21:22 | #11 |
| Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus) ESET log Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=2413457724665a4d83f5e6472c58aed0 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-09-02 08:17:15 # local_time=2012-09-02 10:17:15 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 27947307 27947307 0 0 # compatibility_mode=3588 16777214 85 67 234288 15308726 0 0 # compatibility_mode=5893 16776574 66 94 0 98231660 0 0 # compatibility_mode=8192 67108863 100 0 140 140 0 0 # scanned=330630 # found=0 # cleaned=0 # scan_time=15225 |
03.09.2012, 19:36 | #12 |
/// Helfer-Team | Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus) Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
03.09.2012, 20:52 | #13 | |
| Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus)Zitat:
jre6 - lib - ext befindet (Hier ist auch noch QTjava .zip drin) ... den Ordner auch löschen? Dann bleibt nämlich nur noch jre7 über... Plug-In check: PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 15.0 ist aktuell Flash (11,4,402,265) ist aktuell. Java ist Installiert aber nicht aktiviert. Adobe Reader ist nicht installiert oder aktiviert. (Plug-In war vorher schon deaktiviert, seit dem Tipp hier wegen der Sicherheitslücke, Vor- und Nachher Plug-In Check entsprechen beide dem obigen Ergebnis) Geändert von goodlife (03.09.2012 um 21:37 Uhr) |
04.09.2012, 17:47 | #14 |
/// Helfer-Team | Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus) Sehr gut! damit bist Du sauber und entlassen! adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html PC wird immer langsamer - was tun? |
04.09.2012, 17:50 | #15 |
| Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus) Danke! Bin jetzt aber etwas verwirrt, was ist denn jetzt mit den Viren passiert, die Emsisoft auf meiner externen Festplatte gefunden hatte? Die ich in Quarantäne geschoben hatte? (Paypal Spende geht natürlich klar!) |
Themen zu Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus) |
administrator, anti-malware, antivir, application/pdf:, audacity, aufsetzen, ccleaner, ccsetup, code, computer, dateien, einstellungen, explorer, fehler, free download, gelöscht, infizierte, infizierte dateien, log, malwarebytes, neu aufsetzen, neustart, ordner, plug-in, programme, registry, rojaner gefunden, speicher, taskmanager, trojaner, verlieren, zugriff, zugriff verweigert |