| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner und Exploit.Drop.GSWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.09.2012, 13:04
| #1 |
| |  GVU Trojaner und Exploit.Drop.GS Hallo an alle! Vor zwei Tagen hatte ich plötzlich einen blockierten Bildschirm dank des Bundespolizeitrojaners. Über den abgesichtern Modus habe ich das System auf einen früheren Speicherpunkt zurückgesetzt. Danach konnte ich den Laptop normal starten und habe einen Scan mit Malwarebytes durchgeführt. Dabei fand das Programm den Trojaner Exploit.Drop.GS. Nach einer kurzen Suchen im Internet bin ich auf dieses Forum gestoßen und habe mich an die Ratgeber gehalten, die hier gepostet sind, was heißt, dass ich eine Rescue Disk von Kaspersky erstellt habe, mithilfe dieser meinen Laptop gescannt habe (währenddessen auch 5 oder 6 Funde erzielt wurden), alles gelöscht, neugestartet und einen kompletten Scan mit Malwarebytes gemacht habe (keine Funde). An und für sich läuft wieder alles normal, auch wurden mal wieder alle Datenbanken aktualisiert, etc. Ich würde trotzdem um einen kurzen Blick auf die OTL Logfiles bitten, um sicher zu gehen, dass nicht doch noch irgendwas im Argen ist. Vielen Dank im Voraus! Viele Grüße, Lydia Hier noch die Logs: Code:
ATTFilter OTL logfile created on: 02.09.2012 22:30:08 - Run 2 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Lydia\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 1014,36 Mb Total Physical Memory | 276,34 Mb Available Physical Memory | 27,24% Memory free 2,38 Gb Paging File | 1,63 Gb Available in Paging File | 68,59% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55,89 Gb Total Space | 3,89 Gb Free Space | 6,96% Space Free | Partition Type: NTFS Computer Name: MIEZER | User Name: Lydia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Documents and Settings\Lydia\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) PRC - C:\WINDOWS\system32\acs.exe (Atheros) PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () MOD - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll () MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll () MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\WINDOWS\system32\vpnapi.dll () MOD - C:\WINDOWS\system32\btwicons.dll () MOD - C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll () MOD - C:\WINDOWS\system32\devenum.dll () MOD - C:\WINDOWS\system32\msdmo.dll () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG) SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) SRV - (acs) -- C:\WINDOWS\system32\acs.exe (Atheros) SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssudserd) -- C:\WINDOWS\system32\drivers\ssudserd.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (ssudmdm) -- C:\WINDOWS\system32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (dg_ssudbus) -- C:\WINDOWS\system32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (mv64xxmm) -- C:\WINDOWS\System32\drivers\mv64xxmm.sys (Marvell Semiconductor Inc.) DRV - (iastor9) -- C:\WINDOWS\System32\drivers\iastor9.sys (Intel Corporation) DRV - (mvxxmm) -- C:\WINDOWS\System32\drivers\mvxxmm.sys (Marvell Semiconductor Inc.) DRV - (mv61xxmm) -- C:\WINDOWS\System32\drivers\mv61xxmm.sys (Marvell Semiconductor Inc.) DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6B528F7B-1290-4F85-BA27-8515B393FF4B} IE - HKLM\..\SearchScopes\{6B528F7B-1290-4F85-BA27-8515B393FF4B}: "URL" = hxxp://www.google.com/search?q={searchTerms} IE - HKLM\..\SearchScopes\{6BA4BBC5-3A34-465E-A7AD-CA216AD72022}: "URL" = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1645522239-1078081533-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1645522239-1078081533-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1645522239-1078081533-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1645522239-1078081533-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 5F B5 7A A9 CF CC 01 [binary data] IE - HKU\S-1-5-21-1645522239-1078081533-1417001333-1003\..\SearchScopes,DefaultScope = {6B528F7B-1290-4F85-BA27-8515B393FF4B} IE - HKU\S-1-5-21-1645522239-1078081533-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1645522239-1078081533-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1 FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.94 FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.6.18 FF - prefs.js..extensions.enabledItems: furiganainjector@yayakoshi.net:2.2.2 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: kitsune@kitsune.sourceforge.net:0.1.5 FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1 FF - prefs.js..extensions.enabledItems: {0620B69D-7B58-416d-A92A-0198860C2757}:3.0.2009060901 FF - prefs.js..extensions.enabledItems: amznUWL@amazon.com:2.12 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.3.0244 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: rikaichan-jpen@polarcloud.com:2.01.101002 FF - prefs.js..extensions.enabledItems: rikaichan-jpde@polarcloud.com:2.01.101002 FF - prefs.js..extensions.enabledItems: rikaichan-jpnames@polarcloud.com:2.01.101002 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {64e8cc5b-20db-4212-8320-178fc5ae71f7}:1.5 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45}:3.3.3.2 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" FF - prefs.js..network.proxy.http: "199.195.109.21" FF - prefs.js..network.proxy.http_port: 9090 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.01 13:32:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.15 19:59:02 | 000,000,000 | ---D | M] [2012.01.10 21:24:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lydia\Application Data\mozilla\Extensions [2012.09.01 13:47:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lydia\Application Data\mozilla\Firefox\Profiles\ajzs463t.default\extensions [2012.08.03 16:49:52 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Documents and Settings\Lydia\Application Data\mozilla\Firefox\Profiles\ajzs463t.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [2012.08.13 23:26:10 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Lydia\Application Data\mozilla\Firefox\Profiles\ajzs463t.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.01.21 18:57:10 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Lydia\Application Data\mozilla\Firefox\Profiles\ajzs463t.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.01.10 22:11:47 | 000,000,000 | ---D | M] (Remove It Permanently) -- C:\Documents and Settings\Lydia\Application Data\mozilla\Firefox\Profiles\ajzs463t.default\extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322} [2012.09.01 13:32:15 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Lydia\Application Data\mozilla\Firefox\Profiles\ajzs463t.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(2) [2012.03.30 09:19:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Lydia\Application Data\mozilla\Firefox\Profiles\ajzs463t.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.08.26 10:06:20 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\Lydia\Application Data\mozilla\Firefox\Profiles\ajzs463t.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2012.05.18 10:57:22 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Documents and Settings\Lydia\Application Data\mozilla\Firefox\Profiles\ajzs463t.default\extensions\ich@maltegoetz.de [2012.01.10 22:11:56 | 000,000,000 | ---D | M] (Rikaichan Japanese-German Dictionary File) -- C:\Documents and Settings\Lydia\Application Data\mozilla\Firefox\Profiles\ajzs463t.default\extensions\rikaichan-jpde@polarcloud.com [2012.01.10 22:11:55 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Documents and Settings\Lydia\Application Data\mozilla\Firefox\Profiles\ajzs463t.default\extensions\rikaichan-jpen@polarcloud.com [2012.01.10 22:11:54 | 000,000,000 | ---D | M] (Rikaichan Japanese Names Dictionary File) -- C:\Documents and Settings\Lydia\Application Data\mozilla\Firefox\Profiles\ajzs463t.default\extensions\rikaichan-jpnames@polarcloud.com [2012.09.02 11:04:24 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Lydia\Application Data\Mozilla\Firefox\Profiles\ajzs463t.default\searchplugins\icqplugin-2.xml [2011.08.31 19:52:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Lydia\Application Data\Mozilla\Firefox\Profiles\ajzs463t.default\searchplugins\icqplugin-3.xml [2011.09.07 19:16:34 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Lydia\Application Data\Mozilla\Firefox\Profiles\ajzs463t.default\searchplugins\icqplugin-4.xml [2011.09.30 23:15:04 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Lydia\Application Data\Mozilla\Firefox\Profiles\ajzs463t.default\searchplugins\icqplugin-5.xml [2011.11.09 14:23:38 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Lydia\Application Data\Mozilla\Firefox\Profiles\ajzs463t.default\searchplugins\icqplugin-6.xml [2011.06.16 23:17:18 | 000,001,056 | ---- | M] () -- C:\Documents and Settings\Lydia\Application Data\Mozilla\Firefox\Profiles\ajzs463t.default\searchplugins\icqplugin.xml [2012.03.11 23:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.03.11 23:45:59 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de [2012.08.27 09:36:04 | 000,222,566 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\LYDIA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AJZS463T.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI [2012.08.31 10:18:22 | 000,527,328 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\LYDIA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AJZS463T.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2011.10.30 11:52:48 | 000,434,392 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\LYDIA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AJZS463T.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI [2012.06.21 09:55:17 | 000,109,964 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\LYDIA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AJZS463T.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI [2012.08.12 16:02:42 | 000,122,406 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\LYDIA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AJZS463T.DEFAULT\EXTENSIONS\GIORGIO@GILESTRO.TK.XPI [2012.06.20 00:29:04 | 000,330,316 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\LYDIA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AJZS463T.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI [2012.07.19 02:05:51 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.02.12 14:26:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 08:41:36 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.12 14:26:45 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.12 14:26:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.12 14:26:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.12 14:26:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1645522239-1078081533-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17F9C030-17A1-4380-B6D3-5F6FD4A1DE90}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Lydia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lydia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.01.10 15:50:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.02 19:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.09.02 19:17:01 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012.09.02 19:16:52 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012.09.02 19:16:51 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012.09.02 19:16:51 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012.09.02 17:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lydia\My Documents\Kaspersky Log [2012.09.02 17:05:55 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.09.02 14:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lydia\Desktop\rescue [2012.09.02 14:25:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lydia\Desktop\boot [2012.09.02 13:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lydia\Desktop\usb [2012.09.01 13:50:05 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lydia\Desktop\OTL.exe [2012.09.01 13:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lydia\Local Settings\Application Data\WMTools Downloaded Files [2012.09.01 13:39:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lydia\My Documents\My Videos [2012.09.01 02:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lydia\My Documents\Originalsjzu [2012.08.14 22:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lydia\My Documents\Originals [2012.08.12 16:27:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lydia\Recent [2012.08.10 12:06:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lydia\My Documents\Any Video Converter [2012.08.10 12:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lydia\Application Data\AnvSoft [2012.08.10 12:04:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AnvSoft [2012.08.10 12:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft [2012.08.08 18:36:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira [2012.08.08 10:35:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lydia\My Documents\Eigene Scans [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.02 22:33:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.09.02 22:18:32 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk [2012.09.02 22:18:29 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.09.02 22:18:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.09.02 21:46:01 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.09.02 19:16:32 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012.09.02 19:16:30 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012.09.02 19:16:30 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2012.09.02 19:16:30 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012.09.02 19:16:30 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012.09.02 19:16:30 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012.09.02 19:16:30 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012.09.02 13:06:36 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2012.09.02 12:55:59 | 000,379,463 | ---- | M] () -- C:\Documents and Settings\Lydia\Desktop\GVU-Trojaner entfernen - Trojaner-Board.pdf [2012.09.02 12:41:48 | 000,459,970 | ---- | M] () -- C:\Documents and Settings\Lydia\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten_ - Trojaner-Board.pdf [2012.09.01 13:50:09 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lydia\Desktop\OTL.exe [2012.09.01 12:12:47 | 004,503,728 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\nud0repor.pad [2012.09.01 12:10:49 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.09.01 11:48:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.09.01 02:28:47 | 000,435,066 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\tumblr_la2yba9Np31qbyea4.png [2012.08.31 13:19:53 | 000,060,475 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\291899_10151028556225172_445594245_n.jpg [2012.08.31 00:23:58 | 000,062,975 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\Two-faced-cat.jpg [2012.08.31 00:23:52 | 000,066,877 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\venus.jpg [2012.08.31 00:23:48 | 000,161,563 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\chimera-cat-1.jpg [2012.08.31 00:23:44 | 000,047,440 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\funny-cat-two-face-different-eyes-color.jpg [2012.08.31 00:23:37 | 000,033,882 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\R48VD.jpg [2012.08.31 00:23:34 | 000,042,493 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\Z7WZH.jpg [2012.08.28 23:39:48 | 000,159,490 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\screen-capture.png [2012.08.28 11:15:49 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.08.28 11:15:49 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.08.27 19:24:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.08.27 10:50:23 | 000,035,707 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\555699_256452831124691_928408394_n.jpg [2012.08.27 10:50:14 | 000,032,610 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\417426_255870754516232_1500006814_n.jpg [2012.08.21 16:11:19 | 000,401,637 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\hq3~3.jpg [2012.08.19 23:08:08 | 000,104,492 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\awwww.jpg [2012.08.18 20:33:32 | 000,459,743 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\bellbum.jpg [2012.08.18 20:30:04 | 000,242,509 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\cumberbum.jpg [2012.08.18 20:25:54 | 001,386,580 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0615.jpg [2012.08.18 20:25:47 | 001,378,794 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0614.jpg [2012.08.18 20:25:37 | 001,341,214 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0613.jpg [2012.08.17 18:59:11 | 001,034,143 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0612.jpg [2012.08.17 18:59:07 | 001,132,934 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0611.jpg [2012.08.17 17:32:55 | 004,885,066 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\paul_banks_the_base.mp3 [2012.08.17 10:11:48 | 000,199,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.08.17 01:58:45 | 000,000,584 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.08.16 00:37:47 | 000,048,161 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\jawn.jpg [2012.08.15 22:26:02 | 000,243,167 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\attimo.jpg [2012.08.15 22:20:23 | 000,297,493 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\bett.jpg [2012.08.15 22:12:40 | 001,949,646 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\lampe.jpg [2012.08.15 22:08:12 | 002,107,495 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\po3.jpg [2012.08.15 22:06:27 | 001,561,723 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\po2.jpg [2012.08.15 22:04:43 | 001,476,461 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\po.jpg [2012.08.15 22:02:57 | 000,128,000 | -H-- | M] () -- C:\Documents and Settings\Lydia\My Documents\photothumb.db [2012.08.15 20:31:46 | 000,045,646 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\tumblr_m3smixIauj1rrnlpso1_400.jpg [2012.08.15 19:20:10 | 001,147,337 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0608.jpg [2012.08.15 19:20:07 | 001,156,919 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0607.jpg [2012.08.15 19:20:01 | 001,141,189 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0606.jpg [2012.08.15 19:19:50 | 001,119,664 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0605.jpg [2012.08.15 19:19:36 | 001,038,347 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0604.jpg [2012.08.15 18:49:03 | 001,179,979 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0603.jpg [2012.08.15 18:48:56 | 001,192,781 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0602.jpg [2012.08.15 16:36:19 | 001,199,169 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0601.jpg [2012.08.15 16:36:11 | 001,247,444 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0600.jpg [2012.08.15 16:36:04 | 001,131,401 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0599.jpg [2012.08.15 16:00:52 | 001,197,371 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0598.jpg [2012.08.15 16:00:43 | 001,064,837 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0597.jpg [2012.08.15 16:00:19 | 001,149,501 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0596.jpg [2012.08.15 15:59:52 | 000,968,934 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0595.jpg [2012.08.15 15:59:23 | 001,096,711 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0594.jpg [2012.08.15 15:59:09 | 001,116,252 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0593.jpg [2012.08.15 15:58:41 | 001,210,666 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0592.jpg [2012.08.15 15:58:34 | 001,229,667 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0591.jpg [2012.08.15 00:32:00 | 000,797,793 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\tumblr_m8ql8wo17N1qffmheo5_1280.jpg [2012.08.15 00:31:56 | 000,603,918 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\tumblr_m8ql8wo17N1qffmheo3_1280.jpg [2012.08.14 22:24:35 | 000,640,177 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\Sherlock Holmes Museum.jpg [2012.08.14 22:22:35 | 000,210,937 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\sherlockbild.jpg [2012.08.14 21:55:10 | 000,497,193 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\tumblr_m6877lP11i1rwcc6bo1_400.gif [2012.08.12 20:34:36 | 000,327,273 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\druckula.jpg [2012.08.12 20:32:17 | 001,701,448 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\schirm.jpg [2012.08.12 15:19:32 | 000,002,523 | ---- | M] () -- C:\Documents and Settings\Lydia\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk [2012.08.12 14:19:20 | 002,334,485 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\mieze.jpg [2012.08.12 12:58:52 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Lydia\Application Data\Microsoft\Internet Explorer\Quick Launch\ Malwarebytes Anti-Malware .lnk [2012.08.11 17:58:21 | 001,206,094 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0590.jpg [2012.08.11 17:02:57 | 001,013,475 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0585.jpg [2012.08.11 15:04:59 | 001,135,935 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0584.jpg [2012.08.10 01:06:41 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Lydia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.09 23:30:21 | 000,851,879 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\tumblr_lzrxobCCXv1r2bb3n.gif [2012.08.09 22:57:54 | 000,362,662 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\tumblr_m4tpnxNfCI1qivy0do1_1280.jpg [2012.08.09 22:49:12 | 000,683,670 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\tumblr_m6k0ostrJw1rn6992.gif [2012.08.08 14:59:09 | 001,753,053 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0568_2.jpg [2012.08.08 12:07:56 | 001,790,333 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0568.jpg [2012.08.08 12:01:58 | 001,051,636 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\Sherlock Rahmen.jpg [2012.08.08 12:01:13 | 000,169,064 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\Sherlock Profil.jpg [2012.08.08 11:00:28 | 000,378,157 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\kartemaria.jpg [2012.08.08 10:38:53 | 000,747,550 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0573.jpg [2012.08.08 10:38:34 | 001,009,056 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0572.jpg [2012.08.08 10:38:13 | 001,060,117 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0571.jpg [2012.08.08 10:38:04 | 001,034,445 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0570.jpg [2012.08.08 10:37:56 | 001,031,531 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0569.jpg [2012.08.08 10:37:41 | 000,900,096 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0567.jpg [2012.08.08 10:37:14 | 000,934,000 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0566.jpg [2012.08.07 22:44:34 | 000,298,961 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\miezerbein.jpg [2012.08.07 17:35:40 | 001,131,438 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0565.jpg [2012.08.07 17:35:26 | 000,984,109 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0564.jpg [2012.08.07 17:35:16 | 001,115,536 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0563.jpg [2012.08.07 17:35:03 | 001,128,852 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0562.jpg [2012.08.07 17:34:56 | 001,010,725 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0561.jpg [2012.08.07 10:11:12 | 000,326,997 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\miezerbett.jpg [2012.08.07 09:38:06 | 001,198,275 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0559.jpg [2012.08.07 09:38:00 | 001,132,396 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0558.jpg [2012.08.07 09:37:47 | 000,985,870 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0557.jpg [2012.08.06 21:28:31 | 000,607,639 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\hegdehog jawn.gif [2012.08.06 21:14:46 | 000,465,489 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\miezerbusch.jpg [2012.08.06 20:07:53 | 000,043,361 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\tumblr_m8bjalGZFM1rvixgpo1_500.jpg [2012.08.06 10:16:07 | 001,007,398 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0555.jpg [2012.08.06 10:15:56 | 001,221,809 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0554.jpg [2012.08.06 09:12:51 | 001,522,433 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0553.jpg [2012.08.06 09:12:35 | 001,088,224 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0552.jpg [2012.08.06 09:12:05 | 001,672,817 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0542.jpg [2012.08.06 09:11:50 | 001,495,154 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0544.jpg [2012.08.06 09:10:55 | 001,072,884 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0551.jpg [2012.08.06 09:08:54 | 001,562,529 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0550.jpg [2012.08.06 09:08:48 | 001,839,671 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0549.jpg [2012.08.06 09:08:25 | 001,548,246 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0548.jpg [2012.08.06 09:08:21 | 001,829,276 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0547.jpg [2012.08.06 09:08:05 | 001,797,029 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0546.jpg [2012.08.06 09:07:51 | 001,804,413 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0545.jpg [2012.08.06 09:07:42 | 001,380,350 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0543.jpg [2012.08.06 09:07:27 | 001,657,605 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0541.jpg [2012.08.06 09:07:24 | 001,648,416 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0540.jpg [2012.08.06 09:07:10 | 001,556,239 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0539.jpg [2012.08.06 09:06:47 | 001,311,042 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0538.jpg [2012.08.06 09:06:37 | 001,697,451 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0537.jpg [2012.08.06 09:06:31 | 001,858,131 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0536.jpg [2012.08.05 21:34:39 | 001,073,682 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0535.jpg [2012.08.05 21:34:21 | 001,126,886 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0534.jpg [2012.08.05 21:34:12 | 001,078,608 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0533.jpg [2012.08.04 13:57:34 | 001,477,997 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0532.jpg [2012.08.04 13:57:27 | 001,239,177 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0531.jpg [2012.08.04 13:57:11 | 001,197,879 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0530.jpg [2012.08.04 13:57:06 | 001,245,278 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0529.jpg [2012.08.04 13:56:58 | 001,299,582 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0528.jpg [2012.08.04 13:56:49 | 001,296,811 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0527.jpg [2012.08.04 10:11:50 | 001,214,273 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0526.jpg [2012.08.04 10:11:46 | 001,233,527 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0525.jpg [2012.08.04 10:11:28 | 001,205,411 | ---- | M] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0524.jpg [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.02 14:25:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Lydia\Desktop\livecd [2012.09.02 12:55:58 | 000,379,463 | ---- | C] () -- C:\Documents and Settings\Lydia\Desktop\GVU-Trojaner entfernen - Trojaner-Board.pdf [2012.09.02 12:41:46 | 000,459,970 | ---- | C] () -- C:\Documents and Settings\Lydia\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten_ - Trojaner-Board.pdf [2012.09.01 12:03:21 | 004,503,728 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\nud0repor.pad [2012.09.01 02:27:50 | 000,435,066 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\tumblr_la2yba9Np31qbyea4.png [2012.08.31 13:19:51 | 000,060,475 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\291899_10151028556225172_445594245_n.jpg [2012.08.31 00:23:58 | 000,062,975 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\Two-faced-cat.jpg [2012.08.31 00:23:52 | 000,066,877 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\venus.jpg [2012.08.31 00:23:48 | 000,161,563 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\chimera-cat-1.jpg [2012.08.31 00:23:43 | 000,047,440 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\funny-cat-two-face-different-eyes-color.jpg [2012.08.31 00:23:37 | 000,033,882 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\R48VD.jpg [2012.08.31 00:23:27 | 000,042,493 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\Z7WZH.jpg [2012.08.28 23:39:46 | 000,159,490 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\screen-capture.png [2012.08.27 10:50:22 | 000,035,707 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\555699_256452831124691_928408394_n.jpg [2012.08.27 10:50:07 | 000,032,610 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\417426_255870754516232_1500006814_n.jpg [2012.08.21 16:11:18 | 000,401,637 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\hq3~3.jpg [2012.08.19 23:08:08 | 000,104,492 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\awwww.jpg [2012.08.18 20:33:32 | 000,459,743 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\bellbum.jpg [2012.08.18 20:30:03 | 000,242,509 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\cumberbum.jpg [2012.08.18 20:25:54 | 001,386,580 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0615.jpg [2012.08.18 20:25:47 | 001,378,794 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0614.jpg [2012.08.18 20:25:37 | 001,341,214 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0613.jpg [2012.08.17 18:59:11 | 001,034,143 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0612.jpg [2012.08.17 18:59:07 | 001,132,934 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0611.jpg [2012.08.17 17:32:17 | 004,885,066 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\paul_banks_the_base.mp3 [2012.08.17 01:52:05 | 000,000,584 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2012.08.16 00:37:46 | 000,048,161 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\jawn.jpg [2012.08.15 22:26:02 | 000,243,167 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\attimo.jpg [2012.08.15 22:20:23 | 000,297,493 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\bett.jpg [2012.08.15 22:12:40 | 001,949,646 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\lampe.jpg [2012.08.15 22:08:11 | 002,107,495 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\po3.jpg [2012.08.15 22:06:27 | 001,561,723 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\po2.jpg [2012.08.15 22:04:43 | 001,476,461 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\po.jpg [2012.08.15 22:02:41 | 000,128,000 | -H-- | C] () -- C:\Documents and Settings\Lydia\My Documents\photothumb.db [2012.08.15 20:31:43 | 000,045,646 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\tumblr_m3smixIauj1rrnlpso1_400.jpg [2012.08.15 19:20:10 | 001,147,337 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0608.jpg [2012.08.15 19:20:07 | 001,156,919 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0607.jpg [2012.08.15 19:20:01 | 001,141,189 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0606.jpg [2012.08.15 19:19:50 | 001,119,664 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0605.jpg [2012.08.15 19:19:36 | 001,038,347 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0604.jpg [2012.08.15 18:49:03 | 001,179,979 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0603.jpg [2012.08.15 18:48:56 | 001,192,781 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0602.jpg [2012.08.15 16:36:19 | 001,199,169 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0601.jpg [2012.08.15 16:36:11 | 001,247,444 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0600.jpg [2012.08.15 16:36:04 | 001,131,401 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0599.jpg [2012.08.15 16:00:52 | 001,197,371 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0598.jpg [2012.08.15 16:00:43 | 001,064,837 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0597.jpg [2012.08.15 16:00:19 | 001,149,501 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0596.jpg [2012.08.15 15:59:52 | 000,968,934 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0595.jpg [2012.08.15 15:59:23 | 001,096,711 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0594.jpg [2012.08.15 15:59:09 | 001,116,252 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0593.jpg [2012.08.15 15:58:41 | 001,210,666 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0592.jpg [2012.08.15 15:58:34 | 001,229,667 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0591.jpg [2012.08.15 00:31:59 | 000,797,793 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\tumblr_m8ql8wo17N1qffmheo5_1280.jpg [2012.08.15 00:31:55 | 000,603,918 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\tumblr_m8ql8wo17N1qffmheo3_1280.jpg [2012.08.14 22:22:35 | 000,210,937 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\sherlockbild.jpg [2012.08.14 21:55:07 | 000,497,193 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\tumblr_m6877lP11i1rwcc6bo1_400.gif [2012.08.12 20:34:36 | 000,327,273 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\druckula.jpg [2012.08.12 14:19:19 | 002,334,485 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\mieze.jpg [2012.08.12 13:26:06 | 001,701,448 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\schirm.jpg [2012.08.11 17:58:21 | 001,206,094 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0590.jpg [2012.08.11 17:02:57 | 001,013,475 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0585.jpg [2012.08.11 15:04:59 | 001,135,935 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0584.jpg [2012.08.09 23:30:12 | 000,851,879 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\tumblr_lzrxobCCXv1r2bb3n.gif [2012.08.09 22:57:53 | 000,362,662 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\tumblr_m4tpnxNfCI1qivy0do1_1280.jpg [2012.08.09 22:49:08 | 000,683,670 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\tumblr_m6k0ostrJw1rn6992.gif [2012.08.08 14:59:05 | 001,753,053 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0568_2.jpg [2012.08.08 12:01:13 | 000,169,064 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\Sherlock Profil.jpg [2012.08.08 11:58:33 | 001,051,636 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\Sherlock Rahmen.jpg [2012.08.08 11:54:56 | 000,640,177 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\Sherlock Holmes Museum.jpg [2012.08.08 11:00:28 | 000,378,157 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\kartemaria.jpg [2012.08.08 10:38:53 | 000,747,550 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0573.jpg [2012.08.08 10:38:34 | 001,009,056 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0572.jpg [2012.08.08 10:38:13 | 001,060,117 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0571.jpg [2012.08.08 10:38:04 | 001,034,445 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0570.jpg [2012.08.08 10:37:56 | 001,031,531 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0569.jpg [2012.08.08 10:37:46 | 001,790,333 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0568.jpg [2012.08.08 10:37:41 | 000,900,096 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0567.jpg [2012.08.08 10:37:14 | 000,934,000 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0566.jpg [2012.08.07 22:44:34 | 000,298,961 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\miezerbein.jpg [2012.08.07 17:35:40 | 001,131,438 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0565.jpg [2012.08.07 17:35:26 | 000,984,109 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0564.jpg [2012.08.07 17:35:16 | 001,115,536 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0563.jpg [2012.08.07 17:35:03 | 001,128,852 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0562.jpg [2012.08.07 17:34:56 | 001,010,725 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0561.jpg [2012.08.07 10:11:12 | 000,326,997 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\miezerbett.jpg [2012.08.07 09:38:06 | 001,198,275 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0559.jpg [2012.08.07 09:38:00 | 001,132,396 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0558.jpg [2012.08.07 09:37:47 | 000,985,870 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0557.jpg [2012.08.06 21:28:30 | 000,607,639 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\hegdehog jawn.gif [2012.08.06 21:14:45 | 000,465,489 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\miezerbusch.jpg [2012.08.06 20:07:53 | 000,043,361 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\tumblr_m8bjalGZFM1rvixgpo1_500.jpg [2012.08.06 10:16:07 | 001,007,398 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0555.jpg [2012.08.06 10:15:56 | 001,221,809 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0554.jpg [2012.08.06 09:12:51 | 001,522,433 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0553.jpg [2012.08.06 09:12:35 | 001,088,224 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0552.jpg [2012.08.06 09:12:05 | 001,672,817 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0542.jpg [2012.08.06 09:11:48 | 001,495,154 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0544.jpg [2012.08.06 09:10:55 | 001,072,884 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0551.jpg [2012.08.06 09:08:54 | 001,562,529 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0550.jpg [2012.08.06 09:08:48 | 001,839,671 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0549.jpg [2012.08.06 09:08:23 | 001,548,246 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0548.jpg [2012.08.06 09:08:19 | 001,829,276 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0547.jpg [2012.08.06 09:08:05 | 001,797,029 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0546.jpg [2012.08.06 09:07:51 | 001,804,413 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0545.jpg [2012.08.06 09:07:40 | 001,380,350 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0543.jpg [2012.08.06 09:07:27 | 001,657,605 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0541.jpg [2012.08.06 09:07:24 | 001,648,416 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0540.jpg [2012.08.06 09:07:10 | 001,556,239 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0539.jpg [2012.08.06 09:06:47 | 001,311,042 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0538.jpg [2012.08.06 09:06:37 | 001,697,451 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0537.jpg [2012.08.06 09:06:31 | 001,858,131 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0536.jpg [2012.08.05 21:34:39 | 001,073,682 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0535.jpg [2012.08.05 21:34:21 | 001,126,886 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0534.jpg [2012.08.05 21:34:12 | 001,078,608 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0533.jpg [2012.08.04 13:57:34 | 001,477,997 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0532.jpg [2012.08.04 13:57:27 | 001,239,177 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0531.jpg [2012.08.04 13:57:11 | 001,197,879 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0530.jpg [2012.08.04 13:57:06 | 001,245,278 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0529.jpg [2012.08.04 13:56:58 | 001,299,582 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0528.jpg [2012.08.04 13:56:49 | 001,296,811 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0527.jpg [2012.08.04 10:11:50 | 001,214,273 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0526.jpg [2012.08.04 10:11:46 | 001,233,527 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0525.jpg [2012.08.04 10:11:28 | 001,205,411 | ---- | C] () -- C:\Documents and Settings\Lydia\My Documents\IMG_0524.jpg [2012.07.08 15:11:44 | 000,002,755 | ---- | C] () -- C:\Documents and Settings\Lydia\Local Settings\Application Data\recently-used.xbel [2012.05.20 11:58:33 | 000,078,196 | ---- | C] () -- C:\WINDOWS\hpqins05.dat [2012.05.15 19:11:02 | 000,035,364 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2012.03.05 10:28:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Lydia\Ÿ=Ÿ= [2012.03.04 16:26:59 | 000,010,567 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat [2012.03.04 16:19:05 | 000,203,103 | ---- | C] () -- C:\WINDOWS\hpwins19.dat [2012.03.04 16:19:05 | 000,000,997 | R--- | C] () -- C:\WINDOWS\hpwmdl19.dat [2012.03.02 20:44:00 | 000,233,838 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1645522239-1078081533-1417001333-1003-0.dat [2012.02.27 23:27:34 | 000,233,838 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2012.02.15 12:05:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.01.31 19:15:44 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2012.01.31 19:15:42 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2012.01.31 19:15:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2012.01.31 19:15:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2012.01.31 19:15:42 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2012.01.14 01:19:35 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Lydia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.10 17:27:21 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2012.01.10 17:27:21 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2012.01.10 17:12:00 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\syndata.bin [2012.01.10 17:08:47 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.01.10 16:39:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012.01.10 16:38:15 | 000,199,344 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.01.10 16:17:35 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2012.01.10 16:17:35 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll [2012.01.10 16:17:35 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2012.01.10 15:52:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.01.10 15:46:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011.11.09 15:12:01 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\FontReg.exe [2010.09.27 13:03:08 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll [2010.09.27 12:57:26 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2010.09.22 15:18:56 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll ========== LOP Check ========== [2012.01.11 20:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm [2012.02.27 18:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung [2012.07.11 00:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\www.rene-zeidler.de [2012.04.28 14:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012.08.10 12:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\AnvSoft [2012.06.26 20:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Audacity [2012.01.21 18:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Garmin [2012.03.06 13:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Geot [2012.03.06 14:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Oqoz [2012.06.25 14:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Oracle [2012.07.11 19:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\pdfforge [2012.04.04 09:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\PhotoScape [2012.03.10 11:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Puudr [2012.03.16 00:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\QuickStoresToolbar [2012.02.27 18:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Samsung [2012.08.30 19:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Spotify [2012.03.11 23:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Tap [2012.03.04 22:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Ubseu [2012.03.11 23:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Ugi [2012.08.12 16:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\uTorrent [2012.07.11 00:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\www.rene-zeidler.de [2012.03.05 18:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Ydte [2012.03.09 09:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Ynfy ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.09.2012 22:30:08 - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Lydia\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
1014,36 Mb Total Physical Memory | 276,34 Mb Available Physical Memory | 27,24% Memory free
2,38 Gb Paging File | 1,63 Gb Available in Paging File | 68,59% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 3,89 Gb Free Space | 6,96% Space Free | Partition Type: NTFS
Computer Name: MIEZER | User Name: Lydia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-1645522239-1078081533-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)
"C:\Documents and Settings\Lydia\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Lydia\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1CE60928-8325-49A8-8B06-633E48DD2B67}" = Cisco Systems VPN Client 5.0.07.0410
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20F71B17-008C-43B4-8097-58FB62EA7AB8}" = Nero Kwik Media
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FE3D6A5-2F5E-4870-A3AC-D1D88E0B2797}" = Intel(R) PROSet/Wireless WiFi-Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5A9AA2C0-972F-4239-AA41-E409434194D5}" = MobileMe Control Panel
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.6.0
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Any Video Converter_is1" = Any Video Converter 3.4.2
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem
"Defraggler" = Defraggler
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"GIMP-2_is1" = GIMP 2.8.0
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LAME_is1" = LAME v3.99.3 (for Windows)
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PhotoScape" = PhotoScape
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.2
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1645522239-1078081533-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
"Winamp Detect" = Winamp Detector Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.09.2012 11:04:35 | Computer Name = MIEZER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1953
Error - 01.09.2012 11:04:35 | Computer Name = MIEZER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1953
Error - 01.09.2012 11:04:37 | Computer Name = MIEZER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 01.09.2012 11:04:37 | Computer Name = MIEZER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3938
Error - 01.09.2012 11:04:37 | Computer Name = MIEZER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3938
Error - 01.09.2012 11:04:39 | Computer Name = MIEZER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 01.09.2012 11:04:39 | Computer Name = MIEZER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5938
Error - 01.09.2012 11:04:39 | Computer Name = MIEZER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5938
Error - 02.09.2012 16:28:52 | Computer Name = MIEZER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.59.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 02.09.2012 16:28:55 | Computer Name = MIEZER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.59.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 02.09.2012 16:06:57 | Computer Name = MIEZER | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 02.09.2012 16:06:58 | Computer Name = MIEZER | Source = Service Control Manager | ID = 7034
Description = Dienst "Nero Update" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
Error - 02.09.2012 16:06:58 | Computer Name = MIEZER | Source = Service Control Manager | ID = 7034
Description = Dienst "Intel(R) PROSet/Wireless Registry Service" wurde unerwartet
beendet. Dies ist bereits 1 Mal passiert.
Error - 02.09.2012 16:06:58 | Computer Name = MIEZER | Source = Service Control Manager | ID = 7034
Description = Dienst "System Update" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 02.09.2012 16:06:58 | Computer Name = MIEZER | Source = Service Control Manager | ID = 7034
Description = Dienst "ThinkVantage Registry Monitor Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 02.09.2012 16:06:58 | Computer Name = MIEZER | Source = Service Control Manager | ID = 7034
Description = Dienst "TVT Scheduler" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 02.09.2012 16:06:59 | Computer Name = MIEZER | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Starten Sie den Dienst neu..
Error - 02.09.2012 16:06:59 | Computer Name = MIEZER | Source = Service Control Manager | ID = 7034
Description = Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
Error - 02.09.2012 16:18:36 | Computer Name = MIEZER | Source = b57w2k | ID = 327699
Description = BCM5701 Gigabit Ethernet: Der Treiber unterstützt dieses Gerät nicht.
Akualisieren Sie den Treiber auf die neuste Version.
Error - 02.09.2012 16:20:28 | Computer Name = MIEZER | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
gestartet.
< End of report >
|
|
03.09.2012, 20:49
| #2 |
| /// Helfer-Team  | GVU Trojaner und Exploit.Drop.GS Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
IE - HKLM\..\SearchScopes,DefaultScope = {6B528F7B-1290-4F85-BA27-8515B393FF4B}
IE - HKLM\..\SearchScopes\{6B528F7B-1290-4F85-BA27-8515B393FF4B}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKLM\..\SearchScopes\{6BA4BBC5-3A34-465E-A7AD-CA216AD72022}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1645522239-1078081533-1417001333-1003\..\SearchScopes,DefaultScope = {6B528F7B-1290-4F85-BA27-8515B393FF4B}
IE - HKU\S-1-5-21-1645522239-1078081533-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1645522239-1078081533-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.94
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.6.18
FF - prefs.js..extensions.enabledItems: furiganainjector@yayakoshi.net:2.2.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: kitsune@kitsune.sourceforge.net:0.1.5
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: {0620B69D-7B58-416d-A92A-0198860C2757}:3.0.2009060901
FF - prefs.js..extensions.enabledItems: amznUWL@amazon.com:2.12
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.3.0244
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: rikaichan-jpen@polarcloud.com:2.01.101002
FF - prefs.js..extensions.enabledItems: rikaichan-jpde@polarcloud.com:2.01.101002
FF - prefs.js..extensions.enabledItems: rikaichan-jpnames@polarcloud.com:2.01.101002
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {64e8cc5b-20db-4212-8320-178fc5ae71f7}:1.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45}:3.3.3.2
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..network.proxy.http: "199.195.109.21"
FF - prefs.js..network.proxy.http_port: 9090
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-1078081533-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.01.10 15:50:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2012.09.02 11:04:24 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Lydia\Application Data\Mozilla\Firefox\Profiles\ajzs463t.default\searchplugins\icqplugin-2.xml
[2011.08.31 19:52:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Lydia\Application Data\Mozilla\Firefox\Profiles\ajzs463t.default\searchplugins\icqplugin-3.xml
[2011.09.07 19:16:34 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Lydia\Application Data\Mozilla\Firefox\Profiles\ajzs463t.default\searchplugins\icqplugin-4.xml
[2011.09.30 23:15:04 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Lydia\Application Data\Mozilla\Firefox\Profiles\ajzs463t.default\searchplugins\icqplugin-5.xml
[2011.11.09 14:23:38 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Lydia\Application Data\Mozilla\Firefox\Profiles\ajzs463t.default\searchplugins\icqplugin-6.xml
[2011.06.16 23:17:18 | 000,001,056 | ---- | M] () -- C:\Documents and Settings\Lydia\Application Data\Mozilla\Firefox\Profiles\ajzs463t.default\searchplugins\icqplugin.xml
[2012.09.01 12:12:47 | 004,503,728 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\nud0repor.pad
[2012.08.27 19:24:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
:Files
C:\Users\Lydia\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Lydia\AppData\Local\Temp\*.exe
C:\Users\Lydia\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp
%SystemRoot%\SysWOW64\*.tmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
4. Schritt
__________________ |
|
04.09.2012, 02:10
| #3 |
| | GVU Trojaner und Exploit.Drop.GS Vielen Dank für die Antwort!
__________________Habe alles wie beschrieben ausgeführt und hier sind die 4 Logs: OTL: Code:
ATTFilter All processes killed
========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
File File not found not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
File File not found not found.
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
File File not found not found.
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
File File not found not found.
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
File File not found not found.
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
File File not found not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
File File not found not found.
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
File File not found not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
File File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6B528F7B-1290-4F85-BA27-8515B393FF4B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B528F7B-1290-4F85-BA27-8515B393FF4B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6BA4BBC5-3A34-465E-A7AD-CA216AD72022}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BA4BBC5-3A34-465E-A7AD-CA216AD72022}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-1645522239-1078081533-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-1645522239-1078081533-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1645522239-1078081533-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Google" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" removed from browser.search.defaulturl
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1 removed from extensions.enabledItems
Prefs.js: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.94 removed from extensions.enabledItems
Prefs.js: en-GB@dictionaries.addons.mozilla.org:1.19.1 removed from extensions.enabledItems
Prefs.js: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 removed from extensions.enabledItems
Prefs.js: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.6.18 removed from extensions.enabledItems
Prefs.js: furiganainjector@yayakoshi.net:2.2.2 removed from extensions.enabledItems
Prefs.js: jqs@sun.com:1.0 removed from extensions.enabledItems
Prefs.js: kitsune@kitsune.sourceforge.net:0.1.5 removed from extensions.enabledItems
Prefs.js: en-US@dictionaries.addons.mozilla.org:5.0.1 removed from extensions.enabledItems
Prefs.js: {0620B69D-7B58-416d-A92A-0198860C2757}:3.0.2009060901 removed from extensions.enabledItems
Prefs.js: amznUWL@amazon.com:2.12 removed from extensions.enabledItems
Prefs.js: DTToolbar@toolbarnet.com:1.1.3.0244 removed from extensions.enabledItems
Prefs.js: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 removed from extensions.enabledItems
Prefs.js: rikaichan-jpen@polarcloud.com:2.01.101002 removed from extensions.enabledItems
Prefs.js: rikaichan-jpde@polarcloud.com:2.01.101002 removed from extensions.enabledItems
Prefs.js: rikaichan-jpnames@polarcloud.com:2.01.101002 removed from extensions.enabledItems
Prefs.js: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 removed from extensions.enabledItems
Prefs.js: {64e8cc5b-20db-4212-8320-178fc5ae71f7}:1.5 removed from extensions.enabledItems
Prefs.js: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 removed from extensions.enabledItems
Prefs.js: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 removed from extensions.enabledItems
Prefs.js: 2020Player@2020Technologies.com:5.0.4.0 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: {84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45}:3.3.3.2 removed from extensions.enabledItems
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" removed from keyword.URL
Prefs.js: "199.195.109.21" removed from network.proxy.http
Prefs.js: 9090 removed from network.proxy.http_port
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UnlockerAssistant not found.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk moved successfully.
C:\WINDOWS\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1645522239-1078081533-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET1CE.tmp deleted successfully.
C:\WINDOWS\System32\SET1DA.tmp deleted successfully.
C:\Documents and Settings\Lydia\Application Data\Mozilla\Firefox\Profiles\ajzs463t.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Documents and Settings\Lydia\Application Data\Mozilla\Firefox\Profiles\ajzs463t.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Documents and Settings\Lydia\Application Data\Mozilla\Firefox\Profiles\ajzs463t.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Documents and Settings\Lydia\Application Data\Mozilla\Firefox\Profiles\ajzs463t.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Documents and Settings\Lydia\Application Data\Mozilla\Firefox\Profiles\ajzs463t.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Documents and Settings\Lydia\Application Data\Mozilla\Firefox\Profiles\ajzs463t.default\searchplugins\icqplugin.xml moved successfully.
C:\Documents and Settings\All Users\Application Data\nud0repor.pad moved successfully.
C:\WINDOWS\tasks\AppleSoftwareUpdate.job moved successfully.
========== FILES ==========
File\Folder C:\Users\Lydia\AppData\Local\{*} not found.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\Lydia\AppData\Local\Temp\*.exe not found.
File\Folder C:\Users\Lydia\AppData\LocalLow\Sun\Java\Deployment\cache not found.
File/Folder C:\Documents and Settings\Lydia\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\SysWOW64\*.tmp not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Documents and Settings\Lydia\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Lydia\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 854634 bytes
->Temporary Internet Files folder emptied: 897586 bytes
->FireFox cache emptied: 5868099 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Lydia
->Temp folder emptied: 41216531 bytes
->Temporary Internet Files folder emptied: 2074346 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 583072788 bytes
->Flash cache emptied: 2115 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 829365 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2422366 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1258070 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 360008094 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3815577 bytes
Total Files Cleaned = 956,00 mb
OTL by OldTimer - Version 3.2.59.1 log created on 09042012_015419
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.03.09 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Lydia :: MIEZER [Administrator] 04.09.2012 02:03:52 mbam-log-2012-09-04 (02-03-52).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 285606 Laufzeit: 48 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Documents and Settings\Lydia\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\1\1ca0d2c1-40f7b1cf (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v2.000 - Logfile created 09/04/2012 at 03:00:36
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Lydia - MIEZER
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Lydia\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Documents and Settings\Lydia\Application Data\Mozilla\Firefox\Profiles\ajzs463t.default\Conduit
Folder Found : C:\Documents and Settings\Lydia\Application Data\Mozilla\Firefox\Profiles\ajzs463t.default\ConduitEngine
Folder Found : C:\Documents and Settings\Lydia\Application Data\pdfforge
Folder Found : C:\Documents and Settings\Lydia\Application Data\QuickStoresToolbar
Folder Found : C:\Program Files\Mozilla Firefox\Extensions\quickstores@quickstores.de
Folder Found : C:\WINDOWS\assembly\GAC_MSIL\QuickStoresToolbar
***** [Registry] *****
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuickStores-Toolbar_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Documents and Settings\Lydia\Application Data\Mozilla\Firefox\Profiles\ajzs463t.default\prefs.js
Found : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2269050.CTID", "CT2269050");
Found : user_pref("CT2269050.CurrentServerDate", "20-9-2010");
Found : user_pref("CT2269050.DialogsAlignMode", "LTR");
Found : user_pref("CT2269050.DownloadReferralCookieData", "");
Found : user_pref("CT2269050.EMailNotifierPollDate", "Mon Sep 20 2010 08:25:31 GMT+0200");
Found : user_pref("CT2269050.FirstServerDate", "20-9-2010");
Found : user_pref("CT2269050.FirstTime", true);
Found : user_pref("CT2269050.FirstTimeFF3", true);
Found : user_pref("CT2269050.FirstTimeSettingsDone", true);
Found : user_pref("CT2269050.FixPageNotFoundErrors", true);
Found : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2269050.Initialize", true);
Found : user_pref("CT2269050.InitializeCommonPrefs", true);
Found : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1);
Found : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Found : user_pref("CT2269050.InstalledDate", "Mon Sep 20 2010 08:25:32 GMT+0200");
Found : user_pref("CT2269050.InvalidateCache", false);
Found : user_pref("CT2269050.IsGrouping", false);
Found : user_pref("CT2269050.IsMulticommunity", false);
Found : user_pref("CT2269050.IsOpenThankYouPage", false);
Found : user_pref("CT2269050.IsOpenUninstallPage", false);
Found : user_pref("CT2269050.LanguagePackLastCheckTime", "Mon Sep 20 2010 08:25:34 GMT+0200");
Found : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2269050.LastLogin_2.7.0.14", "Mon Sep 20 2010 08:25:36 GMT+0200");
Found : user_pref("CT2269050.LatestVersion", "2.7.2.0");
Found : user_pref("CT2269050.Locale", "en");
Found : user_pref("CT2269050.LoginCache", 4);
Found : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Found : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Found : user_pref("CT2269050.RadioIsPodcast", false);
Found : user_pref("CT2269050.RadioLastCheckTime", "Mon Sep 20 2010 08:25:37 GMT+0200");
Found : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Found : user_pref("CT2269050.RadioMediaID", "12473383");
Found : user_pref("CT2269050.RadioMediaType", "Media Player");
Found : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Found : user_pref("CT2269050.RadioStationName", "Hotmix");
Found : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Found : user_pref("CT2269050.SavedHomepage", "resource:/browserconfig.properties");
Found : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Found : user_pref("CT2269050.SearchInNewTabEnabled", true);
Found : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Mon Sep 20 2010 08:25:37 GMT+0200");
Found : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2269050.SearchInNewTabUserEnabled", false);
Found : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2269050.SettingsLastCheckTime", "Mon Sep 20 2010 08:25:30 GMT+0200");
Found : user_pref("CT2269050.SettingsLastUpdate", "1284635599");
Found : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Mon Sep 20 2010 08:25:29 GMT+0200");
Found : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Found : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Found : user_pref("CT2269050.UserID", "UN95076619766484883");
Found : user_pref("CT2269050.WeatherNetwork", "");
Found : user_pref("CT2269050.WeatherPollDate", "Mon Sep 20 2010 08:25:37 GMT+0200");
Found : user_pref("CT2269050.WeatherUnit", "C");
Found : user_pref("CT2269050.alertChannelId", "666138");
Found : user_pref("CT2269050.clientLogIsEnabled", false);
Found : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2269050.myStuffEnabled", true);
Found : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CT2602837..clientLogIsEnabled", true);
Found : user_pref("CT2602837..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2602837..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2602837.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2602837.AppTrackingLastCheckTime", "Wed Mar 16 2011 13:26:07 GMT+0100");
Found : user_pref("CT2602837.CT2602837", "CT2602837");
Found : user_pref("CT2602837.CurrentServerDate", "16-3-2011");
Found : user_pref("CT2602837.DialogsAlignMode", "LTR");
Found : user_pref("CT2602837.DialogsGetterLastCheckTime", "Wed Mar 16 2011 13:25:50 GMT+0100");
Found : user_pref("CT2602837.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Found : user_pref("CT2602837.FirstServerDate", "16-3-2011");
Found : user_pref("CT2602837.FirstTime", true);
Found : user_pref("CT2602837.FirstTimeFF3", true);
Found : user_pref("CT2602837.FixPageNotFoundErrors", false);
Found : user_pref("CT2602837.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2602837.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2602837.HasUserGlobalKeys", true);
Found : user_pref("CT2602837.Initialize", true);
Found : user_pref("CT2602837.InitializeCommonPrefs", true);
Found : user_pref("CT2602837.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2602837.InstalledDate", "Wed Mar 16 2011 13:25:55 GMT+0100");
Found : user_pref("CT2602837.IsGrouping", false);
Found : user_pref("CT2602837.IsMulticommunity", false);
Found : user_pref("CT2602837.IsOpenThankYouPage", true);
Found : user_pref("CT2602837.IsOpenUninstallPage", true);
Found : user_pref("CT2602837.LanguagePackLastCheckTime", "Wed Mar 30 2011 11:44:27 GMT+0200");
Found : user_pref("CT2602837.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2602837.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2602837.LastLogin_3.3.3.2", "Wed Mar 30 2011 11:44:27 GMT+0200");
Found : user_pref("CT2602837.LatestVersion", "3.2.5.2");
Found : user_pref("CT2602837.Locale", "en");
Found : user_pref("CT2602837.MCDetectTooltipHeight", "83");
Found : user_pref("CT2602837.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2602837.MCDetectTooltipWidth", "295");
Found : user_pref("CT2602837.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2602837.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT260[...]
Found : user_pref("CT2602837.SearchInNewTabEnabled", true);
Found : user_pref("CT2602837.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2602837.SearchInNewTabLastCheckTime", "Wed Mar 30 2011 11:38:38 GMT+0200");
Found : user_pref("CT2602837.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2602837.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2602837.ServiceMapLastCheckTime", "Wed Mar 30 2011 11:44:27 GMT+0200");
Found : user_pref("CT2602837.SettingsLastCheckTime", "Wed Mar 30 2011 11:38:37 GMT+0200");
Found : user_pref("CT2602837.SettingsLastUpdate", "1297859196");
Found : user_pref("CT2602837.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2602837.ThirdPartyComponentsLastCheck", "Wed Mar 16 2011 13:25:40 GMT+0100");
Found : user_pref("CT2602837.ThirdPartyComponentsLastUpdate", "1246790578");
Found : user_pref("CT2602837.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2602837");
Found : user_pref("CT2602837.UserID", "UN56372569867449631");
Found : user_pref("CT2602837.alertChannelId", "995659");
Found : user_pref("CT2602837.approveUntrustedApps", true);
Found : user_pref("CT2602837.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Found : user_pref("CT2602837.globalFirstTimeInfoLastCheckTime", "Wed Mar 30 2011 11:44:27 GMT+0200");
Found : user_pref("CT2602837.isAppTrackingManagerOn", true);
Found : user_pref("CT2602837.myStuffEnabled", true);
Found : user_pref("CT2602837.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2602837.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2602837.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2602837.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2602837.testingCtid", "");
Found : user_pref("CT2602837.toolbarAppMetaDataLastCheckTime", "Wed Mar 30 2011 11:44:27 GMT+0200");
Found : user_pref("CT2602837.toolbarContextMenuLastCheckTime", "Wed Mar 16 2011 13:25:55 GMT+0100");
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/995659/991378/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2602837", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2602837",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2602837/CT2602837[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Found : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Found : user_pref("CommunityToolbar.EngineOwner", "CT2602837");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "superpoke_pets");
Found : user_pref("CommunityToolbar.IsEngineShown", false);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2602837");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "superpoke_pets");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,ConduitEngine,CT2602837");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050,CT2602837");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Jun 18 2011 22:44:02 GMT+02[...]
Found : user_pref("CommunityToolbar.alert.alertEnabled", false);
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Mar 16 2011 13:26:00 GMT+0100");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jun 23 2011 20:39:55 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "b32014a7-83bf-43f6-9301-cf5c0e3b5d40");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Sep 20 2010 08:25:37 GMT+0200");
Found : user_pref("CommunityToolbar.globalUserId", "26d58cb9-29fe-49ac-bd61-71ecf8666f4d");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sun Jun 19 2011 01:03:36 GMT+0200");
Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Wed Mar 16 2011 13:25:53 GMT+0100");
Found : user_pref("ConduitEngine.FirstServerDate", "03/16/2011 14");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Wed Mar 16 2011 13:25:53 GMT+0100");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Mar 16 2011 13:25:55 GMT+0100");
Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Wed Mar 16 2011 17:40:33 GMT+0100");
Found : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Mar 16 2011 17:40:28 GMT+0100");
Found : user_pref("ConduitEngine.UserID", "UN61377604001088677");
Found : user_pref("ConduitEngine.engineLocale", "de");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Mar 16 2011 13:25:52 GMT+0100");
Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Wed Mar 16 2011 21:40:47 GMT+0100");
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wkygso29.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [18894 octets] - [04/09/2012 02:59:33]
AdwCleaner[R2].txt - [18824 octets] - [04/09/2012 03:00:36]
########## EOF - C:\AdwCleaner[R2].txt - [18885 octets] ##########
Code:
ATTFilter # AdwCleaner v2.000 - Logfile created 09/04/2012 at 03:00:54
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Lydia - MIEZER
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Lydia\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Documents and Settings\Lydia\Application Data\Mozilla\Firefox\Profiles\ajzs463t.default\Conduit
Folder Deleted : C:\Documents and Settings\Lydia\Application Data\Mozilla\Firefox\Profiles\ajzs463t.default\ConduitEngine
Folder Deleted : C:\Documents and Settings\Lydia\Application Data\pdfforge
Folder Deleted : C:\Documents and Settings\Lydia\Application Data\QuickStoresToolbar
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\quickstores@quickstores.de
Folder Deleted : C:\WINDOWS\assembly\GAC_MSIL\QuickStoresToolbar
***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuickStores-Toolbar_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Documents and Settings\Lydia\Application Data\Mozilla\Firefox\Profiles\ajzs463t.default\prefs.js
C:\Documents and Settings\Lydia\Application Data\Mozilla\Firefox\Profiles\ajzs463t.default\user.js ... Deleted !
Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2269050.CTID", "CT2269050");
Deleted : user_pref("CT2269050.CurrentServerDate", "20-9-2010");
Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");
Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Mon Sep 20 2010 08:25:31 GMT+0200");
Deleted : user_pref("CT2269050.FirstServerDate", "20-9-2010");
Deleted : user_pref("CT2269050.FirstTime", true);
Deleted : user_pref("CT2269050.FirstTimeFF3", true);
Deleted : user_pref("CT2269050.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2269050.Initialize", true);
Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);
Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2269050.InstalledDate", "Mon Sep 20 2010 08:25:32 GMT+0200");
Deleted : user_pref("CT2269050.InvalidateCache", false);
Deleted : user_pref("CT2269050.IsGrouping", false);
Deleted : user_pref("CT2269050.IsMulticommunity", false);
Deleted : user_pref("CT2269050.IsOpenThankYouPage", false);
Deleted : user_pref("CT2269050.IsOpenUninstallPage", false);
Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Mon Sep 20 2010 08:25:34 GMT+0200");
Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2269050.LastLogin_2.7.0.14", "Mon Sep 20 2010 08:25:36 GMT+0200");
Deleted : user_pref("CT2269050.LatestVersion", "2.7.2.0");
Deleted : user_pref("CT2269050.Locale", "en");
Deleted : user_pref("CT2269050.LoginCache", 4);
Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2269050.RadioIsPodcast", false);
Deleted : user_pref("CT2269050.RadioLastCheckTime", "Mon Sep 20 2010 08:25:37 GMT+0200");
Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Deleted : user_pref("CT2269050.RadioMediaID", "12473383");
Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");
Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Deleted : user_pref("CT2269050.RadioStationName", "Hotmix");
Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Deleted : user_pref("CT2269050.SavedHomepage", "resource:/browserconfig.properties");
Deleted : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Mon Sep 20 2010 08:25:37 GMT+0200");
Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2269050.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Mon Sep 20 2010 08:25:30 GMT+0200");
Deleted : user_pref("CT2269050.SettingsLastUpdate", "1284635599");
Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Mon Sep 20 2010 08:25:29 GMT+0200");
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2269050.UserID", "UN95076619766484883");
Deleted : user_pref("CT2269050.WeatherNetwork", "");
Deleted : user_pref("CT2269050.WeatherPollDate", "Mon Sep 20 2010 08:25:37 GMT+0200");
Deleted : user_pref("CT2269050.WeatherUnit", "C");
Deleted : user_pref("CT2269050.alertChannelId", "666138");
Deleted : user_pref("CT2269050.clientLogIsEnabled", false);
Deleted : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2269050.myStuffEnabled", true);
Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2602837..clientLogIsEnabled", true);
Deleted : user_pref("CT2602837..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2602837..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2602837.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2602837.AppTrackingLastCheckTime", "Wed Mar 16 2011 13:26:07 GMT+0100");
Deleted : user_pref("CT2602837.CT2602837", "CT2602837");
Deleted : user_pref("CT2602837.CurrentServerDate", "16-3-2011");
Deleted : user_pref("CT2602837.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2602837.DialogsGetterLastCheckTime", "Wed Mar 16 2011 13:25:50 GMT+0100");
Deleted : user_pref("CT2602837.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Deleted : user_pref("CT2602837.FirstServerDate", "16-3-2011");
Deleted : user_pref("CT2602837.FirstTime", true);
Deleted : user_pref("CT2602837.FirstTimeFF3", true);
Deleted : user_pref("CT2602837.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2602837.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2602837.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2602837.HasUserGlobalKeys", true);
Deleted : user_pref("CT2602837.Initialize", true);
Deleted : user_pref("CT2602837.InitializeCommonPrefs", true);
Deleted : user_pref("CT2602837.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2602837.InstalledDate", "Wed Mar 16 2011 13:25:55 GMT+0100");
Deleted : user_pref("CT2602837.IsGrouping", false);
Deleted : user_pref("CT2602837.IsMulticommunity", false);
Deleted : user_pref("CT2602837.IsOpenThankYouPage", true);
Deleted : user_pref("CT2602837.IsOpenUninstallPage", true);
Deleted : user_pref("CT2602837.LanguagePackLastCheckTime", "Wed Mar 30 2011 11:44:27 GMT+0200");
Deleted : user_pref("CT2602837.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2602837.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2602837.LastLogin_3.3.3.2", "Wed Mar 30 2011 11:44:27 GMT+0200");
Deleted : user_pref("CT2602837.LatestVersion", "3.2.5.2");
Deleted : user_pref("CT2602837.Locale", "en");
Deleted : user_pref("CT2602837.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2602837.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2602837.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2602837.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2602837.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT260[...]
Deleted : user_pref("CT2602837.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2602837.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2602837.SearchInNewTabLastCheckTime", "Wed Mar 30 2011 11:38:38 GMT+0200");
Deleted : user_pref("CT2602837.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2602837.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2602837.ServiceMapLastCheckTime", "Wed Mar 30 2011 11:44:27 GMT+0200");
Deleted : user_pref("CT2602837.SettingsLastCheckTime", "Wed Mar 30 2011 11:38:37 GMT+0200");
Deleted : user_pref("CT2602837.SettingsLastUpdate", "1297859196");
Deleted : user_pref("CT2602837.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2602837.ThirdPartyComponentsLastCheck", "Wed Mar 16 2011 13:25:40 GMT+0100");
Deleted : user_pref("CT2602837.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2602837.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2602837");
Deleted : user_pref("CT2602837.UserID", "UN56372569867449631");
Deleted : user_pref("CT2602837.alertChannelId", "995659");
Deleted : user_pref("CT2602837.approveUntrustedApps", true);
Deleted : user_pref("CT2602837.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Deleted : user_pref("CT2602837.globalFirstTimeInfoLastCheckTime", "Wed Mar 30 2011 11:44:27 GMT+0200");
Deleted : user_pref("CT2602837.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2602837.myStuffEnabled", true);
Deleted : user_pref("CT2602837.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2602837.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2602837.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2602837.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2602837.testingCtid", "");
Deleted : user_pref("CT2602837.toolbarAppMetaDataLastCheckTime", "Wed Mar 30 2011 11:44:27 GMT+0200");
Deleted : user_pref("CT2602837.toolbarContextMenuLastCheckTime", "Wed Mar 16 2011 13:25:55 GMT+0100");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/995659/991378/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2602837", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2602837",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2602837/CT2602837[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2602837");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "superpoke_pets");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2602837");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "superpoke_pets");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,ConduitEngine,CT2602837");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050,CT2602837");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Jun 18 2011 22:44:02 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Mar 16 2011 13:26:00 GMT+0100");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jun 23 2011 20:39:55 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "b32014a7-83bf-43f6-9301-cf5c0e3b5d40");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Sep 20 2010 08:25:37 GMT+0200");
Deleted : user_pref("CommunityToolbar.globalUserId", "26d58cb9-29fe-49ac-bd61-71ecf8666f4d");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sun Jun 19 2011 01:03:36 GMT+0200");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Wed Mar 16 2011 13:25:53 GMT+0100");
Deleted : user_pref("ConduitEngine.FirstServerDate", "03/16/2011 14");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Wed Mar 16 2011 13:25:53 GMT+0100");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Mar 16 2011 13:25:55 GMT+0100");
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Wed Mar 16 2011 17:40:33 GMT+0100");
Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Mar 16 2011 17:40:28 GMT+0100");
Deleted : user_pref("ConduitEngine.UserID", "UN61377604001088677");
Deleted : user_pref("ConduitEngine.engineLocale", "de");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Mar 16 2011 13:25:52 GMT+0100");
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Wed Mar 16 2011 21:40:47 GMT+0100");
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wkygso29.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [18894 octets] - [04/09/2012 02:59:33]
AdwCleaner[R2].txt - [18955 octets] - [04/09/2012 03:00:36]
AdwCleaner[S1].txt - [19864 octets] - [04/09/2012 03:00:54]
########## EOF - C:\AdwCleaner[S1].txt - [19925 octets] ##########
 Viele Grüße! |
|
04.09.2012, 18:17
| #4 |
| /// Helfer-Team | GVU Trojaner und Exploit.Drop.GS Sehr gut!  Wie laeuft der Rechner? Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
05.09.2012, 21:21
| #5 |
| | GVU Trojaner und Exploit.Drop.GS An und für sich läuft er ganz normal, beim Scan gab's jedoch wieder einen Fund, siehe Log. Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 04.09.2012 19:58:23
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 04.09.2012 20:02:35
C:\System Volume Information\_restore{4F080D65-E34A-487F-A78E-24C736875AC5}\RP288\A0034894.lnk gefunden: Trojan.LNK.Reveton!E2
Gescannt 546752
Gefunden 1
Scan Ende: 04.09.2012 23:03:44
Scan Zeit: 3:01:09
C:\System Volume Information\_restore{4F080D65-E34A-487F-A78E-24C736875AC5}\RP288\A0034894.lnk Quarantäne Trojan.LNK.Reveton!E2
Quarantäne 1
|
|
06.09.2012, 01:18
| #6 |
| /// Helfer-Team | GVU Trojaner und Exploit.Drop.GS Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck
__________________ --> GVU Trojaner und Exploit.Drop.GS |
|
06.09.2012, 11:04
| #7 |
| | GVU Trojaner und Exploit.Drop.GS Habe Java aktuallisiert und alle alten Versionen gelöscht, Einstellungen vorgenommen wie beschrieben und hier das Ergebnis des Plugin-Check: Code:
ATTFilter PluginCheck
Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.
Firefox 14.0.1 ist aktuell
Flash (11,4,402,265) ist aktuell.
Java (1,7,0,7) ist aktuell.
Adobe Reader 10,1,4,38 ist aktuell.
Zurück
Tools:
StartSeite
PluginCheck
Secunia Online Scan
Weiterführendes:
Java Updaten und Einstellen
Secunia Personal Software Inspector (PSI)
Family:
TR/Agent
Code:
ATTFilter PluginCheck
Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.
Firefox 14.0.1 ist aktuell
Flash (11,4,402,265) ist aktuell.
Java ist Installiert aber nicht aktiviert.
Adobe Reader 10,1,4,38 ist aktuell.
|
|
06.09.2012, 18:41
| #8 |
| /// Helfer-Team | GVU Trojaner und Exploit.Drop.GS Sehr gut! damit bist Du sauber und entlassen! adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html PC wird immer langsamer - was tun? |
|
07.09.2012, 10:28
| #9 |
| | GVU Trojaner und Exploit.Drop.GS Vielen Dank für die Hilfe! Der Rechner läuft relativ normal (hat sich gestern 3 mal hintereinander aufgehangen, aber seitdem glücklicherweise erstmal nicht mehr) und die Lektüre werd ich mir demnächst mal zu Gemüte führen in der Hoffnung solche Vorfälle in der Zukunft zu minimieren. Vielen Dank noch mal und einen schönen Tag wünsche ich! |
|
07.09.2012, 15:03
| #10 |
| /// Helfer-Team | GVU Trojaner und Exploit.Drop.GS Bitte mal ausfuehren: http://www.trojaner-board.de/72874-s...eparieren.html Danach: - neustarten und weiter beobachten |
|
27.10.2012, 04:47
| #11 |
| /// Helfer-Team | GVU Trojaner und Exploit.Drop.GS Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu GVU Trojaner und Exploit.Drop.GS |
| 32 bit, antivir, avira, bildschirm, bonjour, entfernen, error, firefox, flash player, format, gvu trojaner entfernen windows xp, internet, kaspersky, langs, launch, lenovo, mozilla, officejet, plug-in, programm, realtek, registry, scan, security, senden, software, starten, system, trojaner |
Linear-Darstellung
