| |
| |||||||
Log-Analyse und Auswertung: AKM Trojaner auf VistaWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.09.2012, 21:07
| #31 |
 |  AKM Trojaner auf Vista OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.09.2012 21:40:05 - Run 2 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Julian\Documents Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 42,67% Memory free 4,22 Gb Paging File | 2,58 Gb Available in Paging File | 61,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,44 Gb Total Space | 32,32 Gb Free Space | 27,76% Space Free | Partition Type: NTFS Drive D: | 106,68 Gb Total Space | 106,55 Gb Free Space | 99,88% Space Free | Partition Type: NTFS Computer Name: PRIVAT_PC | User Name: Julian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.12 21:37:59 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Documents\OTL.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.03 19:14:33 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe PRC - [2012.09.03 19:14:03 | 000,722,528 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe PRC - [2012.08.10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Julian\AppData\Local\Akamai\netsession_win.exe PRC - [2012.07.08 07:37:22 | 000,026,008 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe PRC - [2012.06.28 15:43:16 | 008,613,888 | ---- | M] (Media Finder) -- C:\Program Files\Media Finder\Media Finder.exe PRC - [2012.05.29 15:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe PRC - [2012.05.24 23:20:51 | 001,241,184 | ---- | M] (Aeria Games & Entertainment) -- C:\Program Files\Aeria Games\Ignite\aeriaignite.exe PRC - [2012.02.26 16:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2012.01.04 22:24:50 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe PRC - [2012.01.04 22:24:50 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE PRC - [2008.02.21 16:02:54 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2008.01.16 02:27:10 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2007.12.12 01:13:22 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe PRC - [2007.12.04 19:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007.11.29 02:39:36 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe PRC - [2007.11.05 04:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe PRC - [2007.10.31 06:35:57 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.10.18 04:04:00 | 007,737,344 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe PRC - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe PRC - [2007.09.01 02:38:12 | 000,180,224 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2007.08.15 20:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007.07.06 01:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (No Company Name) ========== MOD - [2012.09.03 19:14:33 | 001,734,240 | ---- | M] () -- C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll MOD - [2012.09.03 19:14:33 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe MOD - [2012.09.03 19:14:09 | 000,564,832 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll MOD - [2012.09.03 19:14:05 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll MOD - [2012.06.19 15:18:40 | 000,311,808 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\sendspace.dll MOD - [2012.06.19 15:18:40 | 000,311,808 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\mediafire.dll MOD - [2012.06.19 15:18:38 | 000,359,424 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\uploading.dll MOD - [2012.06.19 15:18:38 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\uploadstation.dll MOD - [2012.06.19 15:18:38 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\unibytes.dll MOD - [2012.06.19 15:18:38 | 000,317,440 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\turbobit.dll MOD - [2012.06.19 15:18:38 | 000,315,392 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\rapidshare.dll MOD - [2012.06.19 15:18:36 | 000,437,760 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\extabit.dll MOD - [2012.06.19 15:18:36 | 000,359,936 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\filepost.dll MOD - [2012.06.19 15:18:36 | 000,357,376 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\madshare.dll MOD - [2012.06.19 15:18:36 | 000,320,000 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\letitbit.dll MOD - [2012.06.19 15:18:36 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\hotfile.dll MOD - [2012.06.19 15:18:36 | 000,314,880 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\furk.dll MOD - [2012.06.19 15:18:34 | 000,961,536 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\_4shared.dll MOD - [2012.06.19 15:18:34 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\depositfiles.dll MOD - [2012.06.15 14:29:51 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c06946b464ae8dd22151e0a6f310c976\System.Windows.Forms.ni.dll MOD - [2012.06.15 14:03:10 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bcec0e7db1d027328cc8cd702185fa66\PresentationFramework.ni.dll MOD - [2012.06.15 14:02:30 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b460188cf6862491550a006c3660e2e6\PresentationCore.ni.dll MOD - [2012.06.15 14:01:53 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1d3c2d83da69c30ba8edf5cfea3c0057\WindowsBase.ni.dll MOD - [2012.06.15 14:01:42 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\29e48cb144e24a7b4335d1360cc06642\System.Drawing.ni.dll MOD - [2012.05.24 13:19:00 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\oron.dll MOD - [2012.05.18 13:37:41 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.ni.dll MOD - [2012.05.18 13:37:40 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\6cb2089f1eaf08c3d94a54031cf1313a\System.Transactions.ni.dll MOD - [2012.05.18 13:37:40 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.Wrapper.dll MOD - [2012.05.18 13:37:37 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\3fe3910474b3e2a08fca9b09330a74f7\System.Runtime.Serialization.ni.dll MOD - [2012.05.18 13:37:33 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll MOD - [2012.05.13 08:46:55 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3263fe38362543170c1682381eeac25a\PresentationFramework.Aero.ni.dll MOD - [2012.05.13 08:38:24 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dll MOD - [2012.05.13 08:38:02 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\67065dc691dbf9574b3c8e5ac6ec5246\System.Data.ni.dll MOD - [2012.05.13 08:38:00 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll MOD - [2012.05.13 08:37:46 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll MOD - [2012.05.13 08:37:22 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll MOD - [2012.05.13 08:37:09 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll MOD - [2011.02.06 12:32:14 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe MOD - [2007.10.18 04:04:00 | 007,737,344 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe MOD - [2007.08.14 22:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll MOD - [2007.08.08 11:52:08 | 000,331,776 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll MOD - [2007.07.12 22:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 22:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll MOD - [2007.06.15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll MOD - [2007.06.02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ========== Services (SafeList) ========== SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.07 09:00:59 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_5891ae0.dll -- (Akamai) SRV - [2012.09.03 19:14:03 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6) SRV - [2012.08.29 08:30:47 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.01.04 22:24:50 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2011.04.03 09:33:47 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\microsoft shared\Service\Software Jukebox v2.0 Service File.exe -- (Software Jukebox v2.0 Service) SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.03.25 15:46:33 | 001,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice) SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2008.09.05 12:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2008.02.21 16:02:54 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2007.08.22 02:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost) SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007.06.15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VcommMgr.sys -- (VcommMgr) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VComm.sys -- (VComm) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100406.003\NAVEX15.SYS -- (NAVEX15) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100406.003\NAVENG.SYS -- (NAVENG) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Julian\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\BTHidMgr.sys -- (BTHidMgr) DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\vbtenum.sys -- (BTHidEnum) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcusb.sys -- (Btcsrusb) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\blueletaudio.sys -- (BlueletAudio) DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.09.03 19:14:07 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2011.08.24 16:32:39 | 000,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011.08.24 16:32:00 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.11.20 05:02:57 | 000,286,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20100402.001\IDSvix86.sys -- (IDSvix86) DRV - [2009.10.19 09:15:04 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009.08.26 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2009.06.10 12:09:45 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009.03.17 12:56:58 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2009.02.19 13:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM) DRV - [2009.02.19 13:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV) DRV - [2009.02.19 13:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI) DRV - [2009.02.19 13:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW) DRV - [2009.02.19 13:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV) DRV - [2009.02.19 13:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS) DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.07.30 18:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon) DRV - [2008.02.01 03:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2008.02.01 03:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2008.02.01 03:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2007.12.06 22:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.08.11 05:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm) DRV - [2007.08.09 05:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.08.08 18:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon) DRV - [2007.07.30 19:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2007.07.13 10:18:19 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2007.05.14 10:26:10 | 000,508,288 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207) DRV - [2007.01.24 20:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2006.12.14 02:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2005.12.06 05:27:29 | 000,287,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) DRV - [2005.12.06 05:26:16 | 000,039,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2005.06.17 05:20:20 | 000,119,424 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro1.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{6ED1C778-B97E-DD35-FABE-6CA263EEEC5D}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={7C039765-C69D-11E1-9C27-E27A5000B6AF} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=141113&systemid=426&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=wbst&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtBtByEtAtDtBtC0EtD0C0C0DtBzztN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=546726722 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://isearch.avg.com/?cid={82D50C6C-B345-4F4E-9266-706A40E44048}&mid=91afbe74f8a447d0bf9d333316e45f5c-39daabe3137589ede521b7b0ee817a8295dde623&lang=de&ds=cv011&pr=sa&d=2012-07-05 14:31:52&v=11.1.0.12&sap=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro1.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.claro-search.com/?q={searchTerms}&affID=113933&tt=3612_3&babsrc=SP_ss&mntrId=e0c5cd28000000000000002243021e0c IE - HKCU\..\SearchScopes\{6ED1C778-B97E-DD35-FABE-6CA263EEEC5D}: "URL" = hxxp://isearch.avg.com/search?cid={82D50C6C-B345-4F4E-9266-706A40E44048}&mid=91afbe74f8a447d0bf9d333316e45f5c-39daabe3137589ede521b7b0ee817a8295dde623&lang=de&ds=cv011&pr=sa&d=2012-07-05 14:31:52&v=11.1.0.12&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{82007ACF-53B7-404B-9D71-D2DD12C0E98C}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=331 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={82D50C6C-B345-4F4E-9266-706A40E44048}&mid=91afbe74f8a447d0bf9d333316e45f5c-39daabe3137589ede521b7b0ee817a8295dde623&lang=de&ds=cv011&pr=sa&d=2012-07-05 14:31:52&v=12.2.5.32&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=141113&systemid=426&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682 IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={7C039765-C69D-11E1-9C27-E27A5000B6AF} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://isearch.claro-search.com/?affID=113933&tt=3612_3&babsrc=HP_ss&mntrId=e0c5cd28000000000000002243021e0c" FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406" FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledAddons: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.6.0.10 FF - prefs.js..extensions.enabledAddons: ffxtlbra@softonic.com:1.5.0 FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 FF - prefs.js..extensions.enabledAddons: {af6ac4f2-9825-4fb6-a600-92bc5361f209}:4.6.0.1 FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.5.0.2 FF - prefs.js..extensions.enabledAddons: plugin@videofiledownload.com:1.5 FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00 FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.5.0 FF - prefs.js..extensions.enabledAddons: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.6.1.01 FF - prefs.js..extensions.enabledAddons: ffxtlbr@claro.com:1.5.0 FF - prefs.js..extensions.enabledAddons: @themediafinder.com:1.1.0 FF - prefs.js..extensions.enabledAddons: gencrawler@some.com:2.6 FF - prefs.js..extensions.enabledAddons: avg@toolbar:12.2.5.32 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchcore.net/426" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://isearch.claro-search.com/?affID=113933&tt=3612_3&babsrc=KW_ss&mntrId=e0c5cd28000000000000002243021e0c&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Julian\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.11.19 17:18:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012.09.03 19:14:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.03.19 15:51:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.04.08 19:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions [2011.02.15 16:48:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.09.08 21:53:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions [2011.01.30 00:35:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.08.11 18:07:52 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13} [2012.09.03 08:21:55 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012.04.08 19:21:37 | 000,000,000 | ---D | M] (Searchcore Toolbar) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{af6ac4f2-9825-4fb6-a600-92bc5361f209} [2012.08.07 16:29:19 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@babylon.com [2012.09.01 15:54:49 | 000,000,000 | ---D | M] (Claro Toolbar) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@claro.com [2012.07.05 14:42:48 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbra@softonic.com [2012.08.07 16:38:31 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\plugin@videofiledownload.com [2012.08.15 17:12:27 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\plugin@yontoo.com [2012.07.05 14:32:59 | 000,172,310 | ---- | M] () (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2011.08.02 12:16:02 | 000,000,941 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\conduit.xml [2012.08.21 17:04:17 | 000,002,325 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\Search.xml [2012.09.03 08:21:40 | 000,002,519 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\Search_Results.xml [2012.07.05 14:42:45 | 000,002,060 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\softonic.xml [2012.07.05 16:37:43 | 000,004,113 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\sweetim.xml [2012.09.09 15:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.01.15 20:38:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2012.04.08 19:22:00 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\SEARCHCORE TOOLBAR\DATAMNGR\FIREFOXEXTENSION [2012.09.03 19:14:16 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.32 [2012.09.03 08:08:58 | 000,000,000 | ---D | M] (Media Finder plugin) -- C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\@THEMEDIAFINDER.COM [2012.09.03 08:08:58 | 000,000,000 | ---D | M] (General Crawler) -- C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM [2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.09.03 19:14:32 | 000,003,771 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012.09.03 08:18:04 | 000,006,528 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011.06.24 15:17:30 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2012.09.03 08:21:40 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml ========== Chrome ========== CHR - homepage: Search CHR - default_search_provider: Search Results () CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=362&systemid=406&sr=0&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: Search CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Funmoods = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\ CHR - Extension: SpeedDial = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\ CHR - Extension: Babylon Toolbar = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\ CHR - Extension: IClaro = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmiifdbnlinfkcbohhdcfijbcipfndff\1.0_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: SweetIM for Facebook = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: Media Finder plugin = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai\1.1.0_0\ CHR - Extension: AVG Secure Search = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.32_0\ CHR - Extension: Funmoods = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\ CHR - Extension: SpeedDial = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\ CHR - Extension: Babylon Toolbar = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\ CHR - Extension: IClaro = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmiifdbnlinfkcbohhdcfijbcipfndff\1.0_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: SweetIM for Facebook = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: Media Finder plugin = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai\1.1.0_0\ CHR - Extension: AVG Secure Search = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.32_0\ O1 HOSTS File: ([2012.09.09 10:37:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro1.dll (Conduit Ltd.) O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll () O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.5.24.3\bh\Softonic.dll (Softonic.com) O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.5.24.3\SoftonicTlbr.dll (Softonic.com) O3 - HKLM\..\Toolbar: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (BrotherSoft Extreme Toolbar) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe () O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton 360\osCheck.exe (Symantec Corporation) O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Julian\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [Media Finder] C:\Program Files\Media Finder\Media Finder.exe (Media Finder) O4 - HKCU..\Run: [RockMelt Update] C:\Users\Julian\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (Google Inc.) O4 - HKCU..\Run: [SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Ltd) O4 - Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\xfire.exe (Xfire Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59392AD0-085B-4AAA-B346-699B938CA27F}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72B212A2-F5DB-4CF9-B478-17CB52DC02C6}: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll () O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Searchcore Toolbar\Datamngr\datamngr.dll (Discordia, LTD) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files\Searchcore Toolbar\Datamngr\IEBHO.dll (Discordia, LTD) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Julian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Julian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.12 21:37:59 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Julian\Documents\OTL.exe [2012.09.11 16:10:58 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\Download [2012.09.09 10:47:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.09.09 10:42:39 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\temp [2012.09.09 09:57:12 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Malwarebytes [2012.09.09 09:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.09 09:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.09 09:56:54 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.09 09:56:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.08 22:50:21 | 000,920,088 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\igxpun.exe [2012.09.08 22:50:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64 [2012.09.08 22:49:59 | 000,000,000 | ---D | C] -- C:\Windows\Temp [2012.09.08 22:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.09.08 21:07:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.09.08 21:07:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.09.08 21:07:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.09.08 21:07:03 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.09.08 20:51:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.09.03 19:14:07 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2012.09.03 08:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Get LLC [2012.09.03 08:18:41 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Media Get LLC [2012.09.03 08:17:55 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Free Media Pack [2012.09.01 15:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder [2012.09.01 15:55:13 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Media Finder [2012.09.01 15:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Media Finder [2012.09.01 15:55:09 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Uniblue [2012.09.01 15:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue [2012.09.01 15:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue [2012.09.01 15:54:55 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\IClaro [2012.09.01 15:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\Claro LTD [2012.08.16 08:40:13 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.08.16 08:40:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.08.16 08:40:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.08.16 08:40:09 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.08.16 08:40:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.08.16 08:40:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.08.16 08:40:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.08.16 08:39:31 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.08.15 18:37:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment [2012.08.15 18:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Youdagames [2012.08.15 18:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\Youdagames [2012.08.15 17:39:02 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Ilivid Player [2012.08.15 17:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\Searchqu Toolbar [2012.08.15 17:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo [2012.08.15 17:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer ========== Files - Modified Within 30 Days ========== [2012.09.12 21:37:59 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Documents\OTL.exe [2012.09.12 21:22:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.12 21:10:03 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3824640764-3932222006-762400181-1001UA.job [2012.09.12 21:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.12 21:02:54 | 000,000,916 | ---- | M] () -- C:\Users\Julian\Desktop\Internet Explorer.lnk [2012.09.12 20:36:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.12 20:36:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.12 19:31:53 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job [2012.09.12 18:37:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.12 18:37:04 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job [2012.09.12 18:36:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.12 18:36:50 | 2138,300,416 | -HS- | M] () -- C:\hiberfil.sys [2012.09.12 17:10:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3824640764-3932222006-762400181-1001Core.job [2012.09.11 20:22:33 | 000,001,356 | ---- | M] () -- C:\Users\Julian\AppData\Local\d3d9caps.dat [2012.09.11 20:19:17 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2012.09.11 20:17:21 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.09 10:37:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.09.09 09:48:13 | 000,002,333 | ---- | M] () -- C:\Users\Julian\Desktop\ComboFix - Verknüpfung.lnk [2012.09.08 22:47:06 | 000,171,120 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat [2012.09.08 22:43:09 | 000,002,241 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2012.09.07 21:30:04 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.07 21:30:04 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.07 21:30:04 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.07 21:30:04 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.03 19:14:07 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2012.09.03 08:18:08 | 000,002,217 | ---- | M] () -- C:\user.js [2012.08.29 08:30:47 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.08.29 08:30:46 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.08.25 18:01:26 | 000,001,921 | ---- | M] () -- C:\Users\Julian\Desktop\Spiral Knights.lnk [2012.08.16 08:53:40 | 000,461,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.09.12 21:02:54 | 000,000,916 | ---- | C] () -- C:\Users\Julian\Desktop\Internet Explorer.lnk [2012.09.09 09:56:56 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.09 09:48:13 | 000,002,333 | ---- | C] () -- C:\Users\Julian\Desktop\ComboFix - Verknüpfung.lnk [2012.09.09 08:43:10 | 2138,300,416 | -HS- | C] () -- C:\hiberfil.sys [2012.09.08 22:47:06 | 000,171,120 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2012.09.08 21:07:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.09.08 21:07:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.09.08 21:07:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.09.08 21:07:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.09.08 21:07:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.09.01 15:55:12 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\SpeedUpMyPC.job [2012.08.25 18:01:26 | 000,001,951 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiral Knights.lnk [2012.08.25 18:01:26 | 000,001,921 | ---- | C] () -- C:\Users\Julian\Desktop\Spiral Knights.lnk [2012.08.25 18:00:37 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2012.08.07 16:14:10 | 000,384,844 | ---- | C] () -- C:\Users\Julian\AppData\Local\funmoods-speeddial.crx [2012.02.06 17:09:47 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe [2011.08.24 16:32:39 | 000,165,376 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.08.24 16:32:00 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.08.12 17:58:04 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2011.04.17 10:54:24 | 000,001,356 | ---- | C] () -- C:\Users\Julian\AppData\Local\d3d9caps.dat [2011.01.30 00:37:03 | 000,023,040 | ---- | C] () -- C:\Users\Julian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.01 20:52:22 | 000,000,268 | RH-- | C] () -- C:\ProgramData\NetServices [2010.08.01 20:52:22 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2010.08.01 20:52:22 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Pedal Hard [2010.08.01 20:51:21 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Nature [2010.08.01 20:51:21 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2010.08.01 20:51:21 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Overdrive [2010.01.13 15:24:59 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol ========== Alternate Data Streams ========== @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E9DC8DCB @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.09.2012 21:40:05 - Run 2
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Julian\Documents
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 42,67% Memory free
4,22 Gb Paging File | 2,58 Gb Available in Paging File | 61,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 32,32 Gb Free Space | 27,76% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 106,55 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
Computer Name: PRIVAT_PC | User Name: Julian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C0D70F-531B-4EB0-B036-CAA6FA163E7B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{208774B8-F0A1-487D-BB36-E42AEDF909E7}" = lport=445 | protocol=6 | dir=in | app=system |
"{4B13F255-D055-47E5-B4B8-A0964AEE80A9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4F56665C-78B2-49BE-A4A8-1CDE8EA31D77}" = lport=137 | protocol=17 | dir=in | app=system |
"{5A269FE7-9970-404B-BDE9-AB5A3948B327}" = rport=138 | protocol=17 | dir=out | app=system |
"{7A736A6E-31AF-43BB-8142-CA5007D68095}" = rport=137 | protocol=17 | dir=out | app=system |
"{8C562371-8C65-43DC-A004-D5BCB8E0CA92}" = rport=445 | protocol=6 | dir=out | app=system |
"{BA4C19D9-E342-4C3C-8769-A1686FB6E99F}" = lport=138 | protocol=17 | dir=in | app=system |
"{DC573A11-8420-4DDA-8ADD-75A0635B3516}" = lport=139 | protocol=6 | dir=in | app=system |
"{E4F4DE4B-F0F6-495D-B43F-B60D9F29CF26}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041365C5-B662-451B-B123-7FEAA8299630}" = protocol=6 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe |
"{062A776D-FFB8-40D0-9038-F7E3C8FFCCF6}" = protocol=17 | dir=in | app=c:\program files\searchcore toolbar\datamngr\toolbar\dtuser.exe |
"{07EEB584-1D9F-4392-9CCC-11DF63CE1BAB}" = protocol=17 | dir=in | app=c:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\autorun\exe\autorun.exe |
"{11FE892B-BAA5-48CC-8133-149EDE40CF93}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{12B4FF67-9490-42FD-8ADB-1E232E470C2E}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{15B078D8-92A2-497C-A4E2-B76A6A11FF5A}" = protocol=6 | dir=in | app=c:\program files\searchcore toolbar\datamngr\toolbar\dtuser.exe |
"{15D6FB71-85A9-4402-B11C-F4C563287408}" = protocol=6 | dir=in | app=c:\users\julian\appdata\local\akamai\netsession_win.exe |
"{1893CE1D-6A38-4EA8-A44E-3F528D9CD6E9}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{18F2498C-41FA-4271-86D2-A612B594BBDF}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe |
"{2245F96D-2BC8-40D3-837D-6F30076ECBB7}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{274E4BD0-86FD-42C3-828E-3757CA74A351}" = protocol=17 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe |
"{2A89C101-EEF3-427E-A781-D04DF72AB5E4}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe |
"{30043F4C-153D-4323-AC3C-5A05572D5016}" = protocol=6 | dir=in | app=c:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\autorun\exe\autorun.exe |
"{35BF720D-DE16-4013-8ECA-C3AB11CFAD3A}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{3755F6C4-0D6B-4077-B0A8-9439A69C4404}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{37C10947-0D09-4333-BB64-E8D42BBFA0C2}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{49075855-5E4F-42D7-956C-299770F551E1}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{49A0E560-C080-49E5-BC1A-FE48A0234792}" = protocol=17 | dir=in | app=c:\users\julian\appdata\local\akamai\netsession_win.exe |
"{54E84D7D-C8E4-4305-88D5-0E6190FBC85D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{559F926F-DD48-4EAB-A351-A4359D907611}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe |
"{5A737496-C6D5-4808-94EE-BA3A9290C113}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{5FD34093-1B48-4667-9D09-F6D03AFE352D}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{63ED93F2-AE1B-49EA-B579-7C4C8D44C98A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6A4D2B4C-CC66-4F30-8D69-B242F5C48BD6}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6D8F8063-410F-403E-A7BD-5DB9FB798950}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6DF82AE0-FC6C-41B2-A403-4185AC4229D7}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{7A326EAF-CBA0-4009-9661-272C99975491}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{8519AC87-F8DD-4A90-9F97-9188F1D32793}" = protocol=17 | dir=in | app=c:\users\julian\downloads\facemoods.exe |
"{89BA8EAE-66BD-474F-BD06-A00D8EC82472}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{91D58EFF-14C8-4F29-A36A-15F1A18D0720}" = protocol=6 | dir=in | app=c:\users\julian\downloads\facemoods.exe |
"{94C52A11-F082-4AE6-A7E1-04E80B306828}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{95072148-549E-4110-959D-B096A6186EC4}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{95B19B0C-BDB8-489D-A7E3-12728FD5A969}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{A6B11090-952C-4528-BCC8-F4208FFB2BFE}" = protocol=17 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe |
"{ABA8EDAE-87B1-4AF2-8BCE-049EF096D71C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe |
"{AF22D5B6-E11A-4CCA-8B88-2AD0BFA8B73D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AF2DC172-CDFC-406F-8B8C-DDAED58B3039}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe |
"{AF6CA5B5-F900-486E-BC7B-99F8816CC774}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe |
"{BA009C22-9DBC-4221-8B41-49BD05805639}" = protocol=17 | dir=in | app=c:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\pcm.exe |
"{BA68D5A8-44E6-4E88-B2E7-1BFA836F22F3}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{C43432E2-E8FE-41CF-A98A-00F8A64CD28F}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{C6B1CCAB-3B84-4396-BAEB-900D6F05BBD9}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{C9DB3AA0-B929-4F62-A7A9-5D6DF742CD9F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CFDC7F0E-4231-4F69-9D61-E57A5610EC42}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D226C295-F5CF-480E-B5E0-AE47444ECDEC}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{D56727A9-2913-4B32-BC9C-D875A9857A68}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe |
"{E4671131-9414-43C8-86C1-3BB0D4B5E350}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{E8427696-6778-4D2C-BB15-B177FFE0E0F7}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{E98B947D-93E5-4492-8952-895F8E6BFED4}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{EE5F85A3-1477-4B0C-94E9-49306B464245}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F0CE7701-0271-4A29-80A0-E8BFB6BEB800}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F11EF3CE-0E80-4A11-ABFE-58E9BB7E367C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F45FE5E1-4F2E-451F-8B86-920F176FED92}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{F5E6B9C7-CB86-4883-9A15-567D975D0EF6}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{F94AA15E-E5A7-4412-A08E-8C94AAA1C623}" = protocol=6 | dir=in | app=c:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\pcm.exe |
"{FBE24523-40F1-40AB-A9DB-553A1E4E8AE0}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1CFE89F9-E734-41C3-A2EF-0C558FCE0C1F}" = SymNet
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 23
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2BA09774-34F7-4A06-8C7E-B69E44CB9EB0}" = DriverBoost
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{30837A37-8F9F-4817-8B52-C501B67DC3BE}" = Trust WB-1400T Webcam
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360
"{44E1DE63-C8FA-4C70-B4AA-0C49A947ACDE}" = Sid Meier's Railroads!
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{45A583AC-22D5-44F1-B093-FF0429D764E9}" = Jagen 2011
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{55D65D27-C0CD-4375-9021-F3D3D024ED90}_is1" = Minecraft PC Gamer Demo version 1.5
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C0A6B81-0D00-453F-B220-E1F7931B3C2A}" = LEGO® Star Wars™ III: The Clone Wars™
"{6DA399FC-350F-41AC-8CA6-B9F8496753BE}_is1" = Media Finder 1.0.9.29
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74AF34F6-ACF4-438C-9C7E-FA0307B60E45}" = IClaroInstaller
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94F15234-1602-49AA-9D8C-4E0655173725}" = Aeria Ignite
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EAA01BA0-6991-4296-A404-4FFF2DAC2225}" = ParaWorld
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}" = Sid Meier's Railroads!
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1)
"4077F884D1BB007055BDB83B621D87220A73F30F" = Windows-Treiberpaket - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Aeria Ignite" = Aeria Ignite
"Aeria Ignite 1.7.1238" = Aeria Ignite
"Akamai" = Akamai NetSession Interface
"AVG Secure Search" = AVG Security Toolbar
"BabylonToolbar" = Babylon toolbar on IE
"BrotherSoft_Extreme Toolbar" = BrotherSoft Extreme Toolbar
"claro" = Claro LTD toolbar on IE
"conduitEngine" = Conduit Engine
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EdenEternal-DE" = EdenEternal-DE
"ExpressBurn" = Express Burn
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"German Truck Simulator" = Austrian Truck Simulator 1.31
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{30837A37-8F9F-4817-8B52-C501B67DC3BE}" = Trust WB-1400T Webcam
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.2
"MAGIX Fotos auf CD & DVD 7 D" = MAGIX Fotos auf CD & DVD 7 7.0.2.0 (D)
"MAGIX Fotos auf CD & DVD 9 Download-Version D" = MAGIX Fotos auf CD & DVD 9 Download-Version 9.0.3.1 (D)
"MAGIX Goya burnR D" = MAGIX Goya burnR 1.3.1.3 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX PC Visit D" = MAGIX PC Visit
"MAGIX Screenshare D" = MAGIX Screenshare
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"PROHYBRIDR" = 2007 Microsoft Office system
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"Searchqu Toolbar" = Searchqu Toolbar
"Skyscraper Simulator" = Skyscraper Simulator
"Softonic" = Softonic toolbar on IE
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trophy Hunter 2003 Demo_is1" = Trophy Hunter 2003 Demo - Rocky Mountain Adventures
"TVWiz" = Intel(R) TV Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"UseNeXT_is1" = UseNeXT
"vfd-ob" = VideoFileDownload
"WavePad" = WavePad Sound Editor
"Windows Searchcore Toolbar" = Searchcore Toolbar
"Xfire" = Xfire (remove only)
"Youda Marina" = Youda Marina
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{E2AF26F0-6DCC-410c-A24D-ED093DDE1638}" = Free Media Pack
"Akamai" = Akamai NetSession Interface
"iPACS Viewer" = iPACS Viewer
"RockMelt" = RockMelt
"YourFileDownloader" = YourFileDownloader
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.09.2012 14:15:02 | Computer Name = Privat_PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9784554
Error - 11.09.2012 14:15:02 | Computer Name = Privat_PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9784554
Error - 11.09.2012 14:15:04 | Computer Name = Privat_PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 11.09.2012 14:15:04 | Computer Name = Privat_PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9786801
Error - 11.09.2012 14:15:04 | Computer Name = Privat_PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9786801
Error - 11.09.2012 14:20:38 | Computer Name = Privat_PC | Source = WinMgmt | ID = 10
Description =
Error - 12.09.2012 09:51:14 | Computer Name = Privat_PC | Source = WinMgmt | ID = 10
Description =
Error - 12.09.2012 12:34:03 | Computer Name = Privat_PC | Source = MsiInstaller | ID = 11706
Description =
Error - 12.09.2012 12:39:15 | Computer Name = Privat_PC | Source = WinMgmt | ID = 10
Description =
Error - 12.09.2012 13:42:18 | Computer Name = Privat_PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16448 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 102c Anfangszeit: 01cd910cfd143290 Zeitpunkt
der Beendigung: 143
Error - 12.09.2012 15:35:34 | Computer Name = Privat_PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16448, Zeitstempel
0x4fecf1b7, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5,
Ausnahmecode 0xc0000005, Fehleroffset 0x00066e5f, Prozess-ID 0x878, Anwendungsstartzeit
01cd911d0478a470.
[ System Events ]
Error - 11.09.2012 11:17:25 | Computer Name = Privat_PC | Source = DCOM | ID = 10010
Description =
Error - 11.09.2012 14:15:22 | Computer Name = Privat_PC | Source = DCOM | ID = 10010
Description =
Error - 11.09.2012 14:17:27 | Computer Name = Privat_PC | Source = DCOM | ID = 10010
Description =
Error - 11.09.2012 14:20:31 | Computer Name = Privat_PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 11.09.2012 14:20:41 | Computer Name = Privat_PC | Source = Service Control Manager | ID = 7026
Description =
Error - 12.09.2012 09:51:15 | Computer Name = Privat_PC | Source = Service Control Manager | ID = 7026
Description =
Error - 12.09.2012 09:52:59 | Computer Name = Privat_PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 12.09.2012 12:35:19 | Computer Name = Privat_PC | Source = DCOM | ID = 10010
Description =
Error - 12.09.2012 12:39:50 | Computer Name = Privat_PC | Source = Service Control Manager | ID = 7026
Description =
Error - 12.09.2012 12:41:45 | Computer Name = Privat_PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
Beide OTL File, aber mit dem Online Scan komm ich nicht zusammen. Ich kapiere nicht wie ich diesen herunterladen kann. lg |
|
12.09.2012, 21:09
| #32 |
| /// the machine /// TB-Ausbilder    | AKM Trojaner auf Vista Hier etwas ausführlicher
__________________ ESET Online Scanner
__________________ |
|
13.09.2012, 05:14
| #33 |
| | AKM Trojaner auf Vista C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application
__________________C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application C:\Program Files\Claro LTD\claro\1.6.4.1\escortShld.dll Win32/Toolbar.Funmoods application C:\Program Files\Searchcore Toolbar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application C:\Program Files\Searchcore Toolbar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite application C:\Program Files\Searchcore Toolbar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite application C:\Program Files\Searchcore Toolbar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite application C:\Program Files\Softonic\Softonic\1.5.24.3\escortShld.dll Win32/Toolbar.Funmoods application C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe Win32/SpeedUpMyPC application C:\Program Files\Uniblue\SpeedUpMyPC\spnotifier.exe Win32/SpeedUpMyPC application C:\Program Files\Uniblue\SpeedUpMyPC\sp_move_serial.exe Win32/SpeedUpMyPC application C:\Program Files\Uniblue\SpeedUpMyPC\sp_ubm.exe Win32/SpeedUpMyPC application C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe Win32/SpeedUpMyPC application C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Win32/Adware.Yontoo.B application C:\Qoobox\Quarantine\C\torrent.exe.vir Win32/BundleInstaller application C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Win32/Adware.Yontoo.B application C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application C:\Users\Julian\Downloads\Facemoods.exe probably a variant of Win32/InstallCore.A application C:\Users\Julian\Downloads\SoftonicDownloader_for_trophy-hunter.exe a variant of Win32/SoftonicDownloader.A application Operating memory multiple threats |
|
13.09.2012, 06:37
| #34 |
| /// the machine /// TB-Ausbilder | AKM Trojaner auf Vista Bitte bei Systemsteuerung > Software deinstallieren: Alles von Java Alle Toolbars!! Dann Java 7 Update 7 installieren. Fixen mit OTL
Code:
ATTFilter :OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VcommMgr.sys -- (VcommMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VComm.sys -- (VComm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100406.003\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100406.003\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Julian\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcusb.sys -- (Btcsrusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\blueletaudio.sys -- (BlueletAudio)
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6ED1C778-B97E-DD35-FABE-6CA263EEEC5D}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={7C039765-C69D-11E1-9C27-E27A5000B6AF}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=141113&systemid=426&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=wbst&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtBtByEtAtDtBtC0EtD0C0C0DtBzztN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=546726722
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://isearch.avg.com/?cid={82D50C6C-B345-4F4E-9266-706A40E44048}&mid=91afbe74f8a447d0bf9d333316e45f5c-39daabe3137589ede521b7b0ee817a8295dde623&lang=de&ds=cv011&pr=sa&d=2012-07-05 14:31:52&v=11.1.0.12&sap=hp
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.claro-search.com/?q={searchTerms}&affID=113933&tt=3612_3&babsrc=SP_ss&mntrId=e0c5cd28000000000000002243021e0c
IE - HKCU\..\SearchScopes\{6ED1C778-B97E-DD35-FABE-6CA263EEEC5D}: "URL" = hxxp://isearch.avg.com/search?cid={82D50C6C-B345-4F4E-9266-706A40E44048}&mid=91afbe74f8a447d0bf9d333316e45f5c-39daabe3137589ede521b7b0ee817a8295dde623&lang=de&ds=cv011&pr=sa&d=2012-07-05 14:31:52&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{82007ACF-53B7-404B-9D71-D2DD12C0E98C}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=331
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={82D50C6C-B345-4F4E-9266-706A40E44048}&mid=91afbe74f8a447d0bf9d333316e45f5c-39daabe3137589ede521b7b0ee817a8295dde623&lang=de&ds=cv011&pr=sa&d=2012-07-05 14:31:52&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=141113&systemid=426&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={7C039765-C69D-11E1-9C27-E27A5000B6AF}
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledAddons: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.6.0.10
FF - prefs.js..extensions.enabledAddons: ffxtlbra@softonic.com:1.5.0
FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledAddons: {af6ac4f2-9825-4fb6-a600-92bc5361f209}:4.6.0.1
FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.5.0.2
FF - prefs.js..extensions.enabledAddons: plugin@videofiledownload.com:1.5
FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.5.0
FF - prefs.js..extensions.enabledAddons: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.6.1.01
FF - prefs.js..extensions.enabledAddons: ffxtlbr@claro.com:1.5.0
FF - prefs.js..extensions.enabledAddons: @themediafinder.com:1.1.0
FF - prefs.js..extensions.enabledAddons: gencrawler@some.com:2.6
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchcore.net/426"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://isearch.claro-search.com/?affID=113933&tt=3612_3&babsrc=KW_ss&mntrId=e0c5cd28000000000000002243021e0c&q="
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E9DC8DCB
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
:Commands
[emptytemp]
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.09.2012, 19:05
| #35 |
| | AKM Trojaner auf VistaCode:
ATTFilter CODE
All processes killed
========== OTL ==========
Error: No service named VcommMgr was found to stop!
Service\Driver key VcommMgr not found.
File System32\Drivers\VcommMgr.sys not found.
Error: No service named VComm was found to stop!
Service\Driver key VComm not found.
File system32\DRIVERS\VComm.sys not found.
Error: No service named SymIMMP was found to stop!
Service\Driver key SymIMMP not found.
File system32\DRIVERS\SymIM.sys not found.
Error: No service named NwlnkFwd was found to stop!
Service\Driver key NwlnkFwd not found.
File system32\DRIVERS\nwlnkfwd.sys not found.
Error: No service named NwlnkFlt was found to stop!
Service\Driver key NwlnkFlt not found.
File system32\DRIVERS\nwlnkflt.sys not found.
Error: No service named NAVEX15 was found to stop!
Service\Driver key NAVEX15 not found.
File C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100406.003\NAVEX15.SYS not found.
Error: No service named NAVENG was found to stop!
Service\Driver key NAVENG not found.
File C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100406.003\NAVENG.SYS not found.
Error: No service named IpInIp was found to stop!
Service\Driver key IpInIp not found.
File system32\DRIVERS\ipinip.sys not found.
Error: No service named hwusbdev was found to stop!
Service\Driver key hwusbdev not found.
File system32\DRIVERS\ewusbdev.sys not found.
Error: No service named hwdatacard was found to stop!
Service\Driver key hwdatacard not found.
File system32\DRIVERS\ewusbmdm.sys not found.
Error: No service named catchme was found to stop!
Service\Driver key catchme not found.
File C:\Users\Julian\AppData\Local\Temp\catchme.sys not found.
Error: No service named BTHidMgr was found to stop!
Service\Driver key BTHidMgr not found.
File System32\Drivers\BTHidMgr.sys not found.
Error: No service named BTHidEnum was found to stop!
Service\Driver key BTHidEnum not found.
File System32\Drivers\vbtenum.sys not found.
Error: No service named Btcsrusb was found to stop!
Service\Driver key Btcsrusb not found.
File System32\Drivers\btcusb.sys not found.
Error: No service named BT was found to stop!
Service\Driver key BT not found.
File system32\DRIVERS\btnetdrv.sys not found.
Error: No service named BlueletSCOAudio was found to stop!
Service\Driver key BlueletSCOAudio not found.
File system32\DRIVERS\BlueletSCOAudio.sys not found.
Error: No service named BlueletAudio was found to stop!
Service\Driver key BlueletAudio not found.
File system32\DRIVERS\blueletaudio.sys not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Program Files\DVDVideoSoft\prxtbDVD2.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6ED1C778-B97E-DD35-FABE-6CA263EEEC5D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ED1C778-B97E-DD35-FABE-6CA263EEEC5D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Backup.Old.Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6ED1C778-B97E-DD35-FABE-6CA263EEEC5D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ED1C778-B97E-DD35-FABE-6CA263EEEC5D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{82007ACF-53B7-404B-9D71-D2DD12C0E98C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82007ACF-53B7-404B-9D71-D2DD12C0E98C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Prefs.js: "hxxp://www.searchnu.com/406" removed from browser.startup.homepage
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledAddons
Prefs.js: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.6.0.10 removed from extensions.enabledAddons
Prefs.js: ffxtlbra@softonic.com:1.5.0 removed from extensions.enabledAddons
Prefs.js: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 removed from extensions.enabledAddons
Prefs.js: {af6ac4f2-9825-4fb6-a600-92bc5361f209}:4.6.0.1 removed from extensions.enabledAddons
Prefs.js: {EEE6C361-6118-11DC-9C72-001320C79847}:1.5.0.2 removed from extensions.enabledAddons
Prefs.js: plugin@videofiledownload.com:1.5 removed from extensions.enabledAddons
Prefs.js: plugin@yontoo.com:1.20.00 removed from extensions.enabledAddons
Prefs.js: ffxtlbr@babylon.com:1.5.0 removed from extensions.enabledAddons
Prefs.js: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.6.1.01 removed from extensions.enabledAddons
Prefs.js: ffxtlbr@claro.com:1.5.0 removed from extensions.enabledAddons
Prefs.js: @themediafinder.com:1.1.0 removed from extensions.enabledAddons
Prefs.js: gencrawler@some.com:2.6 removed from extensions.enabledAddons
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}" removed from sweetim.toolbar.previous.browser.search.defaulturl
Prefs.js: "AVG Secure Search" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Prefs.js: "hxxp://www.searchcore.net/426" removed from browser.startup.homepage
Prefs.js: "hxxp://isearch.claro-search.com/?affID=113933&tt=3612_3&babsrc=KW_ss&mntrId=e0c5cd28000000000000002243021e0c&q=" removed from sweetim.toolbar.previous.keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Unable to delete ADS C:\ProgramData\TEMP:E9DC8DCB .
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Julian
->Temp folder emptied: 521905 bytes
->Temporary Internet Files folder emptied: 4017230 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Patrick Masser
->Temp folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 117732 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 4,00 mb
OTL by OldTimer - Version 3.2.61.4 log created on 09152012_195256
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
\CODE
|
|
15.09.2012, 19:23
| #36 |
| /// the machine /// TB-Ausbilder | AKM Trojaner auf Vista Frisches OTl logfile bitte. Noch Probleme mit dem Rechner?
__________________ --> AKM Trojaner auf Vista |
|
17.09.2012, 20:33
| #37 |
| | AKM Trojaner auf VistaCode:
ATTFilter OTL Extras logfile created on: 17.09.2012 20:56:05 - Run 1
OTL by OldTimer - Version 3.2.61.4 Folder = C:\Users\Julian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,55 Gb Available Physical Memory | 27,58% Memory free
4,22 Gb Paging File | 2,60 Gb Available in Paging File | 61,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 32,59 Gb Free Space | 27,98% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 106,55 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
Computer Name: PRIVAT_PC | User Name: Julian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C0D70F-531B-4EB0-B036-CAA6FA163E7B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{208774B8-F0A1-487D-BB36-E42AEDF909E7}" = lport=445 | protocol=6 | dir=in | app=system |
"{4B13F255-D055-47E5-B4B8-A0964AEE80A9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4F56665C-78B2-49BE-A4A8-1CDE8EA31D77}" = lport=137 | protocol=17 | dir=in | app=system |
"{5A269FE7-9970-404B-BDE9-AB5A3948B327}" = rport=138 | protocol=17 | dir=out | app=system |
"{7A736A6E-31AF-43BB-8142-CA5007D68095}" = rport=137 | protocol=17 | dir=out | app=system |
"{8C562371-8C65-43DC-A004-D5BCB8E0CA92}" = rport=445 | protocol=6 | dir=out | app=system |
"{BA4C19D9-E342-4C3C-8769-A1686FB6E99F}" = lport=138 | protocol=17 | dir=in | app=system |
"{DC573A11-8420-4DDA-8ADD-75A0635B3516}" = lport=139 | protocol=6 | dir=in | app=system |
"{E4F4DE4B-F0F6-495D-B43F-B60D9F29CF26}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041365C5-B662-451B-B123-7FEAA8299630}" = protocol=6 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe |
"{07EEB584-1D9F-4392-9CCC-11DF63CE1BAB}" = protocol=17 | dir=in | app=c:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\autorun\exe\autorun.exe |
"{11FE892B-BAA5-48CC-8133-149EDE40CF93}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{12B4FF67-9490-42FD-8ADB-1E232E470C2E}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{15D6FB71-85A9-4402-B11C-F4C563287408}" = protocol=6 | dir=in | app=c:\users\julian\appdata\local\akamai\netsession_win.exe |
"{1893CE1D-6A38-4EA8-A44E-3F528D9CD6E9}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{18F2498C-41FA-4271-86D2-A612B594BBDF}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe |
"{2245F96D-2BC8-40D3-837D-6F30076ECBB7}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{274E4BD0-86FD-42C3-828E-3757CA74A351}" = protocol=17 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe |
"{2A89C101-EEF3-427E-A781-D04DF72AB5E4}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe |
"{30043F4C-153D-4323-AC3C-5A05572D5016}" = protocol=6 | dir=in | app=c:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\autorun\exe\autorun.exe |
"{35BF720D-DE16-4013-8ECA-C3AB11CFAD3A}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{3755F6C4-0D6B-4077-B0A8-9439A69C4404}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{37C10947-0D09-4333-BB64-E8D42BBFA0C2}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{49075855-5E4F-42D7-956C-299770F551E1}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{49A0E560-C080-49E5-BC1A-FE48A0234792}" = protocol=17 | dir=in | app=c:\users\julian\appdata\local\akamai\netsession_win.exe |
"{54E84D7D-C8E4-4305-88D5-0E6190FBC85D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{559F926F-DD48-4EAB-A351-A4359D907611}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe |
"{5A737496-C6D5-4808-94EE-BA3A9290C113}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{5FD34093-1B48-4667-9D09-F6D03AFE352D}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{63ED93F2-AE1B-49EA-B579-7C4C8D44C98A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6A4D2B4C-CC66-4F30-8D69-B242F5C48BD6}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6D8F8063-410F-403E-A7BD-5DB9FB798950}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6DF82AE0-FC6C-41B2-A403-4185AC4229D7}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{7A326EAF-CBA0-4009-9661-272C99975491}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{8519AC87-F8DD-4A90-9F97-9188F1D32793}" = protocol=17 | dir=in | app=c:\users\julian\downloads\facemoods.exe |
"{89BA8EAE-66BD-474F-BD06-A00D8EC82472}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{91D58EFF-14C8-4F29-A36A-15F1A18D0720}" = protocol=6 | dir=in | app=c:\users\julian\downloads\facemoods.exe |
"{94C52A11-F082-4AE6-A7E1-04E80B306828}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{95072148-549E-4110-959D-B096A6186EC4}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{95B19B0C-BDB8-489D-A7E3-12728FD5A969}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{A6B11090-952C-4528-BCC8-F4208FFB2BFE}" = protocol=17 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe |
"{ABA8EDAE-87B1-4AF2-8BCE-049EF096D71C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe |
"{AF22D5B6-E11A-4CCA-8B88-2AD0BFA8B73D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AF2DC172-CDFC-406F-8B8C-DDAED58B3039}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe |
"{AF6CA5B5-F900-486E-BC7B-99F8816CC774}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe |
"{BA009C22-9DBC-4221-8B41-49BD05805639}" = protocol=17 | dir=in | app=c:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\pcm.exe |
"{BA68D5A8-44E6-4E88-B2E7-1BFA836F22F3}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{C43432E2-E8FE-41CF-A98A-00F8A64CD28F}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{C6B1CCAB-3B84-4396-BAEB-900D6F05BBD9}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{C9DB3AA0-B929-4F62-A7A9-5D6DF742CD9F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CFDC7F0E-4231-4F69-9D61-E57A5610EC42}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D226C295-F5CF-480E-B5E0-AE47444ECDEC}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{D56727A9-2913-4B32-BC9C-D875A9857A68}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe |
"{E4671131-9414-43C8-86C1-3BB0D4B5E350}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{E8427696-6778-4D2C-BB15-B177FFE0E0F7}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{E98B947D-93E5-4492-8952-895F8E6BFED4}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{EE5F85A3-1477-4B0C-94E9-49306B464245}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F0CE7701-0271-4A29-80A0-E8BFB6BEB800}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F11EF3CE-0E80-4A11-ABFE-58E9BB7E367C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F45FE5E1-4F2E-451F-8B86-920F176FED92}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{F5E6B9C7-CB86-4883-9A15-567D975D0EF6}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{F94AA15E-E5A7-4412-A08E-8C94AAA1C623}" = protocol=6 | dir=in | app=c:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\pcm.exe |
"{FBE24523-40F1-40AB-A9DB-553A1E4E8AE0}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1CFE89F9-E734-41C3-A2EF-0C558FCE0C1F}" = SymNet
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2BA09774-34F7-4A06-8C7E-B69E44CB9EB0}" = DriverBoost
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{30837A37-8F9F-4817-8B52-C501B67DC3BE}" = Trust WB-1400T Webcam
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360
"{44E1DE63-C8FA-4C70-B4AA-0C49A947ACDE}" = Sid Meier's Railroads!
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{45A583AC-22D5-44F1-B093-FF0429D764E9}" = Jagen 2011
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{55D65D27-C0CD-4375-9021-F3D3D024ED90}_is1" = Minecraft PC Gamer Demo version 1.5
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C0A6B81-0D00-453F-B220-E1F7931B3C2A}" = LEGO® Star Wars™ III: The Clone Wars™
"{6DA399FC-350F-41AC-8CA6-B9F8496753BE}_is1" = Media Finder 1.0.9.29
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74AF34F6-ACF4-438C-9C7E-FA0307B60E45}" = IClaroInstaller
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94F15234-1602-49AA-9D8C-4E0655173725}" = Aeria Ignite
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EAA01BA0-6991-4296-A404-4FFF2DAC2225}" = ParaWorld
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}" = Sid Meier's Railroads!
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1)
"4077F884D1BB007055BDB83B621D87220A73F30F" = Windows-Treiberpaket - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Aeria Ignite" = Aeria Ignite
"Aeria Ignite 1.7.1238" = Aeria Ignite
"Akamai" = Akamai NetSession Interface
"conduitEngine" = Conduit Engine
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"EdenEternal-DE" = EdenEternal-DE
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressBurn" = Express Burn
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"German Truck Simulator" = Austrian Truck Simulator 1.31
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{30837A37-8F9F-4817-8B52-C501B67DC3BE}" = Trust WB-1400T Webcam
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.2
"MAGIX Fotos auf CD & DVD 7 D" = MAGIX Fotos auf CD & DVD 7 7.0.2.0 (D)
"MAGIX Fotos auf CD & DVD 9 Download-Version D" = MAGIX Fotos auf CD & DVD 9 Download-Version 9.0.3.1 (D)
"MAGIX Goya burnR D" = MAGIX Goya burnR 1.3.1.3 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX PC Visit D" = MAGIX PC Visit
"MAGIX Screenshare D" = MAGIX Screenshare
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"PROHYBRIDR" = 2007 Microsoft Office system
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"Skyscraper Simulator" = Skyscraper Simulator
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trophy Hunter 2003 Demo_is1" = Trophy Hunter 2003 Demo - Rocky Mountain Adventures
"TVWiz" = Intel(R) TV Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"UseNeXT_is1" = UseNeXT
"vfd-ob" = VideoFileDownload
"WavePad" = WavePad Sound Editor
"Xfire" = Xfire (remove only)
"Youda Marina" = Youda Marina
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{E2AF26F0-6DCC-410c-A24D-ED093DDE1638}" = Free Media Pack
"Akamai" = Akamai NetSession Interface
"iPACS Viewer" = iPACS Viewer
"RockMelt" = RockMelt
"YourFileDownloader" = YourFileDownloader
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.09.2012 02:13:05 | Computer Name = Privat_PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 38035586
Error - 15.09.2012 02:13:05 | Computer Name = Privat_PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 38035586
Error - 15.09.2012 02:13:11 | Computer Name = Privat_PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 15.09.2012 02:13:11 | Computer Name = Privat_PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 38041951
Error - 15.09.2012 02:13:11 | Computer Name = Privat_PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 38041951
Error - 15.09.2012 02:13:12 | Computer Name = Privat_PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 15.09.2012 02:13:12 | Computer Name = Privat_PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 38043090
Error - 15.09.2012 02:13:12 | Computer Name = Privat_PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 38043090
Error - 15.09.2012 13:36:31 | Computer Name = Privat_PC | Source = WinMgmt | ID = 10
Description =
Error - 15.09.2012 13:56:12 | Computer Name = Privat_PC | Source = WinMgmt | ID = 10
Description =
Error - 17.09.2012 14:52:15 | Computer Name = Privat_PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 14.09.2012 15:38:45 | Computer Name = Privat_PC | Source = Service Control Manager | ID = 7011
Description =
Error - 15.09.2012 13:37:19 | Computer Name = Privat_PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 15.09.2012 13:52:57 | Computer Name = Privat_PC | Source = Service Control Manager | ID = 7034
Description =
Error - 15.09.2012 13:52:59 | Computer Name = Privat_PC | Source = Service Control Manager | ID = 7031
Description =
Error - 15.09.2012 13:52:59 | Computer Name = Privat_PC | Source = Service Control Manager | ID = 7031
Description =
Error - 15.09.2012 13:52:59 | Computer Name = Privat_PC | Source = Service Control Manager | ID = 7034
Description =
Error - 15.09.2012 13:52:59 | Computer Name = Privat_PC | Source = Service Control Manager | ID = 7034
Description =
Error - 15.09.2012 13:53:16 | Computer Name = Privat_PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "VistaOS" aus.
Error - 15.09.2012 13:57:30 | Computer Name = Privat_PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 17.09.2012 14:53:46 | Computer Name = Privat_PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
|
|
17.09.2012, 20:39
| #38 |
| /// the machine /// TB-Ausbilder | AKM Trojaner auf Vista Meine Frage? und du hast Extras.txt gepostet, ich brauch die frische OTl.txt.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.09.2012, 20:09
| #39 |
| | AKM Trojaner auf VistaCode:
ATTFilter OTL logfile created on: 18.09.2012 20:43:40 - Run 2 OTL by OldTimer - Version 3.2.61.4 Folder = C:\Users\Julian\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,56 Gb Available Physical Memory | 27,98% Memory free 4,22 Gb Paging File | 2,52 Gb Available in Paging File | 59,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,44 Gb Total Space | 32,59 Gb Free Space | 27,99% Space Free | Partition Type: NTFS Drive D: | 106,68 Gb Total Space | 106,55 Gb Free Space | 99,88% Space Free | Partition Type: NTFS Computer Name: PRIVAT_PC | User Name: Julian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.14 14:58:28 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.08.10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Julian\AppData\Local\Akamai\netsession_win.exe PRC - [2012.08.07 17:05:31 | 000,136,336 | ---- | M] (Google Inc.) -- C:\Users\Julian\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe PRC - [2012.07.08 07:37:22 | 000,026,008 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe PRC - [2012.06.28 15:43:16 | 008,613,888 | ---- | M] (Media Finder) -- C:\Program Files\Media Finder\Media Finder.exe PRC - [2012.05.29 15:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe PRC - [2012.05.24 23:20:51 | 001,241,184 | ---- | M] (Aeria Games & Entertainment) -- C:\Program Files\Aeria Games\Ignite\aeriaignite.exe PRC - [2012.03.08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe PRC - [2012.03.07 19:15:46 | 000,014,184 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe PRC - [2012.02.26 16:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2012.01.04 22:24:50 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe PRC - [2012.01.04 22:24:50 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.25 15:46:33 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe PRC - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE PRC - [2008.02.21 16:02:54 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2008.01.16 02:27:10 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2007.12.12 01:13:22 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe PRC - [2007.12.04 19:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007.11.29 02:39:36 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe PRC - [2007.11.05 04:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe PRC - [2007.10.31 06:35:57 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.10.18 04:04:00 | 007,737,344 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe PRC - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe PRC - [2007.09.01 02:38:12 | 000,180,224 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2007.08.15 20:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007.07.06 01:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (No Company Name) ========== MOD - [2012.06.19 15:18:40 | 000,311,808 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\sendspace.dll MOD - [2012.06.19 15:18:40 | 000,311,808 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\mediafire.dll MOD - [2012.06.19 15:18:38 | 000,359,424 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\uploading.dll MOD - [2012.06.19 15:18:38 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\uploadstation.dll MOD - [2012.06.19 15:18:38 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\unibytes.dll MOD - [2012.06.19 15:18:38 | 000,317,440 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\turbobit.dll MOD - [2012.06.19 15:18:38 | 000,315,392 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\rapidshare.dll MOD - [2012.06.19 15:18:36 | 000,437,760 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\extabit.dll MOD - [2012.06.19 15:18:36 | 000,359,936 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\filepost.dll MOD - [2012.06.19 15:18:36 | 000,357,376 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\madshare.dll MOD - [2012.06.19 15:18:36 | 000,320,000 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\letitbit.dll MOD - [2012.06.19 15:18:36 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\hotfile.dll MOD - [2012.06.19 15:18:36 | 000,314,880 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\furk.dll MOD - [2012.06.19 15:18:34 | 000,961,536 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\_4shared.dll MOD - [2012.06.19 15:18:34 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\depositfiles.dll MOD - [2012.06.15 14:29:51 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c06946b464ae8dd22151e0a6f310c976\System.Windows.Forms.ni.dll MOD - [2012.06.15 14:03:10 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bcec0e7db1d027328cc8cd702185fa66\PresentationFramework.ni.dll MOD - [2012.06.15 14:02:30 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b460188cf6862491550a006c3660e2e6\PresentationCore.ni.dll MOD - [2012.06.15 14:01:53 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1d3c2d83da69c30ba8edf5cfea3c0057\WindowsBase.ni.dll MOD - [2012.06.15 14:01:42 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\29e48cb144e24a7b4335d1360cc06642\System.Drawing.ni.dll MOD - [2012.05.24 13:19:00 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\oron.dll MOD - [2012.05.18 13:37:41 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.ni.dll MOD - [2012.05.18 13:37:40 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\6cb2089f1eaf08c3d94a54031cf1313a\System.Transactions.ni.dll MOD - [2012.05.18 13:37:40 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.Wrapper.dll MOD - [2012.05.18 13:37:37 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\3fe3910474b3e2a08fca9b09330a74f7\System.Runtime.Serialization.ni.dll MOD - [2012.05.18 13:37:33 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll MOD - [2012.05.13 08:46:55 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3263fe38362543170c1682381eeac25a\PresentationFramework.Aero.ni.dll MOD - [2012.05.13 08:38:24 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dll MOD - [2012.05.13 08:38:02 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\67065dc691dbf9574b3c8e5ac6ec5246\System.Data.ni.dll MOD - [2012.05.13 08:38:00 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll MOD - [2012.05.13 08:37:46 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll MOD - [2012.05.13 08:37:22 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll MOD - [2012.05.13 08:37:09 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll MOD - [2012.03.07 19:15:56 | 000,087,912 | ---- | M] () -- C:\Program Files\Safari\Apple Application Support\zlib1.dll MOD - [2012.03.07 19:15:36 | 001,242,472 | ---- | M] () -- C:\Program Files\Safari\Apple Application Support\libxml2.dll MOD - [2011.02.06 12:32:14 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe MOD - [2007.10.18 04:04:00 | 007,737,344 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe MOD - [2007.08.14 22:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll MOD - [2007.07.12 22:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 22:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll MOD - [2007.06.15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll MOD - [2007.06.02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ========== Services (SafeList) ========== SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.07 09:00:59 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_5891ae0.dll -- (Akamai) SRV - [2012.08.29 08:30:47 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.01.04 22:24:50 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2011.04.03 09:33:47 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\microsoft shared\Service\Software Jukebox v2.0 Service File.exe -- (Software Jukebox v2.0 Service) SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.03.25 15:46:33 | 001,245,064 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice) SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2008.09.05 12:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2008.02.21 16:02:54 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2007.08.22 02:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost) SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007.06.15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) ========== Driver Services (SafeList) ========== DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.08.24 16:32:39 | 000,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011.08.24 16:32:00 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.11.20 05:02:57 | 000,286,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20100402.001\IDSvix86.sys -- (IDSvix86) DRV - [2009.10.19 09:15:04 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009.08.26 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2009.06.10 12:09:45 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009.03.17 12:56:58 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2009.02.19 13:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM) DRV - [2009.02.19 13:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV) DRV - [2009.02.19 13:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI) DRV - [2009.02.19 13:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW) DRV - [2009.02.19 13:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV) DRV - [2009.02.19 13:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS) DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.07.30 18:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon) DRV - [2008.02.01 03:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2008.02.01 03:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2008.02.01 03:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2007.12.06 22:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.08.11 05:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm) DRV - [2007.08.09 05:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.08.08 18:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon) DRV - [2007.07.30 19:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2007.07.13 10:18:19 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2007.05.14 10:26:10 | 000,508,288 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207) DRV - [2007.01.24 20:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2006.12.14 02:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2005.12.06 05:27:29 | 000,287,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) DRV - [2005.12.06 05:26:16 | 000,039,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2005.06.17 05:20:20 | 000,119,424 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=wbst&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtBtByEtAtDtBtC0EtD0C0C0DtBzztN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=546726722 IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - No CLSID value found IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes,DefaultScope = {2360CF6C-F212-4A1B-88F6-F2FF35145945} IE - HKCU\..\SearchScopes\{2360CF6C-F212-4A1B-88F6-F2FF35145945}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_US&apn_ptnrs=U3&apn_dtid=OSJ000YYAT&apn_uid=FCCD4C62-1B6F-470C-A0A8-01B6F5E85838&apn_sauid=48896942-082A-462E-9A77-AA307067B1B9 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://isearch.claro-search.com/?affID=113933&tt=3612_3&babsrc=HP_ss&mntrId=e0c5cd28000000000000002243021e0c" FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406" FF - prefs.js..extensions.enabledAddons: FF - prefs.js..extensions.enabledAddons: FF - prefs.js..extensions.enabledAddons: FF - prefs.js..extensions.enabledAddons: FF - prefs.js..extensions.enabledAddons: FF - prefs.js..extensions.enabledAddons: FF - prefs.js..extensions.enabledAddons: FF - prefs.js..extensions.enabledAddons: FF - prefs.js..extensions.enabledAddons: FF - prefs.js..extensions.enabledAddons: FF - prefs.js..extensions.enabledAddons: FF - prefs.js..extensions.enabledAddons: FF - prefs.js..extensions.enabledAddons: FF - prefs.js..extensions.enabledAddons: avg@toolbar:12.2.5.32 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchcore.net/426" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://isearch.claro-search.com/?affID=113933&tt=3612_3&babsrc=KW_ss&mntrId=e0c5cd28000000000000002243021e0c&q=" FF - prefs.js..keyword.URL: "" FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Julian\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.11.19 17:18:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.03.19 15:51:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.04.08 19:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions [2011.02.15 16:48:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.09.15 19:48:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions [2011.01.30 00:35:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.08.11 18:07:52 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13} [2012.09.03 08:21:55 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012.04.08 19:21:37 | 000,000,000 | ---D | M] (Searchcore Toolbar) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{af6ac4f2-9825-4fb6-a600-92bc5361f209} [2012.08.07 16:29:19 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@babylon.com [2012.09.01 15:54:49 | 000,000,000 | ---D | M] (Claro Toolbar) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@claro.com [2012.07.05 14:42:48 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbra@softonic.com [2012.08.07 16:38:31 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\plugin@videofiledownload.com [2012.08.15 17:12:27 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\plugin@yontoo.com [2012.07.05 14:32:59 | 000,172,310 | ---- | M] () (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012.09.14 14:59:45 | 000,002,299 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\askcom.xml [2011.08.02 12:16:02 | 000,000,941 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\conduit.xml [2012.08.21 17:04:17 | 000,002,325 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\Search.xml [2012.09.03 08:21:40 | 000,002,519 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\Search_Results.xml [2012.07.05 14:42:45 | 000,002,060 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\softonic.xml [2012.07.05 16:37:43 | 000,004,113 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\sweetim.xml [2012.09.09 15:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.01.15 20:38:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.09.03 19:14:32 | 000,003,771 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012.09.03 08:18:04 | 000,006,528 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011.06.24 15:17:30 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2012.09.03 08:21:40 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml ========== Chrome ========== CHR - homepage: hxxp://www.searchnu.com/406 CHR - default_search_provider: Search Results () CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=362&systemid=406&sr=0&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.searchnu.com/406 CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Funmoods = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\ CHR - Extension: SpeedDial = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\ CHR - Extension: Babylon Toolbar = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\ CHR - Extension: IClaro = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmiifdbnlinfkcbohhdcfijbcipfndff\1.0_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: SweetIM for Facebook = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: Media Finder plugin = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai\1.1.0_0\ CHR - Extension: AVG Secure Search = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.32_0\ CHR - Extension: Funmoods = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\ CHR - Extension: SpeedDial = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\ CHR - Extension: Babylon Toolbar = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\ CHR - Extension: IClaro = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmiifdbnlinfkcbohhdcfijbcipfndff\1.0_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: SweetIM for Facebook = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: Media Finder plugin = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai\1.1.0_0\ CHR - Extension: AVG Secure Search = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.32_0\ O1 HOSTS File: ([2012.09.09 10:37:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found. O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe () O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton 360\osCheck.exe (Symantec Corporation) O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Julian\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [Media Finder] C:\Program Files\Media Finder\Media Finder.exe (Media Finder) O4 - HKCU..\Run: [RockMelt Update] C:\Users\Julian\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (Google Inc.) O4 - HKCU..\Run: [SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Ltd) O4 - Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\xfire.exe (Xfire Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59392AD0-085B-4AAA-B346-699B938CA27F}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72B212A2-F5DB-4CF9-B478-17CB52DC02C6}: DhcpNameServer = 10.0.0.138 O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - File not found O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Julian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Julian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.14 14:58:27 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe [2012.09.14 14:49:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2012.09.14 14:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.09.14 14:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.09.14 14:48:55 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.09.14 14:48:55 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.09.14 14:48:30 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.09.14 14:48:30 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.09.14 14:48:30 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.09.14 13:58:21 | 000,000,000 | ---D | C] -- C:\_OTL [2012.09.12 22:25:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.09.11 16:10:58 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\Download [2012.09.09 10:47:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.09.09 10:42:39 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\temp [2012.09.09 09:57:12 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Malwarebytes [2012.09.09 09:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.09 09:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.09 09:56:54 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.09 09:56:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.08 22:50:21 | 000,920,088 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\igxpun.exe [2012.09.08 22:50:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64 [2012.09.08 22:49:59 | 000,000,000 | ---D | C] -- C:\Windows\Temp [2012.09.08 22:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.09.08 20:51:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.09.03 08:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Get LLC [2012.09.03 08:18:41 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Media Get LLC [2012.09.03 08:17:55 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Free Media Pack [2012.09.01 15:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder [2012.09.01 15:55:13 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Media Finder [2012.09.01 15:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Media Finder [2012.09.01 15:55:09 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Uniblue [2012.09.01 15:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue [2012.09.01 15:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue [2012.09.01 15:54:55 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\IClaro ========== Files - Modified Within 30 Days ========== [2012.09.18 20:36:24 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.18 20:36:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.18 20:36:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.18 20:36:14 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job [2012.09.18 20:36:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.18 20:36:04 | 2138,300,416 | -HS- | M] () -- C:\hiberfil.sys [2012.09.17 21:22:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.17 21:10:06 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3824640764-3932222006-762400181-1001UA.job [2012.09.17 21:08:19 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.15 19:54:44 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2012.09.15 19:34:59 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3824640764-3932222006-762400181-1001Core.job [2012.09.15 09:25:57 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job [2012.09.14 14:58:28 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe [2012.09.14 14:47:49 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.09.14 14:47:36 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.09.14 14:47:36 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.09.14 14:47:35 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.09.14 14:47:34 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.09.14 14:47:33 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.09.14 14:05:55 | 000,461,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.12 21:02:54 | 000,000,916 | ---- | M] () -- C:\Users\Julian\Desktop\Internet Explorer.lnk [2012.09.11 20:22:33 | 000,001,356 | ---- | M] () -- C:\Users\Julian\AppData\Local\d3d9caps.dat [2012.09.11 20:17:21 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.09 10:37:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.09.09 09:48:13 | 000,002,333 | ---- | M] () -- C:\Users\Julian\Desktop\ComboFix - Verknüpfung.lnk [2012.09.08 22:47:06 | 000,171,120 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat [2012.09.08 22:43:09 | 000,002,241 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2012.09.07 21:30:04 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.07 21:30:04 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.07 21:30:04 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.07 21:30:04 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.03 08:18:08 | 000,002,217 | ---- | M] () -- C:\user.js [2012.08.29 08:30:47 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.08.29 08:30:46 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.08.25 18:01:26 | 000,001,921 | ---- | M] () -- C:\Users\Julian\Desktop\Spiral Knights.lnk ========== Files Created - No Company Name ========== [2012.09.12 21:02:54 | 000,000,916 | ---- | C] () -- C:\Users\Julian\Desktop\Internet Explorer.lnk [2012.09.09 09:56:56 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.09 09:48:13 | 000,002,333 | ---- | C] () -- C:\Users\Julian\Desktop\ComboFix - Verknüpfung.lnk [2012.09.09 08:43:10 | 2138,300,416 | -HS- | C] () -- C:\hiberfil.sys [2012.09.08 22:47:06 | 000,171,120 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2012.09.01 15:55:12 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\SpeedUpMyPC.job [2012.08.25 18:01:26 | 000,001,951 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiral Knights.lnk [2012.08.25 18:01:26 | 000,001,921 | ---- | C] () -- C:\Users\Julian\Desktop\Spiral Knights.lnk [2012.08.25 18:00:37 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2012.08.07 16:14:10 | 000,384,844 | ---- | C] () -- C:\Users\Julian\AppData\Local\funmoods-speeddial.crx [2012.02.06 17:09:47 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe [2011.08.24 16:32:39 | 000,165,376 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.08.24 16:32:00 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.08.12 17:58:04 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2011.04.17 10:54:24 | 000,001,356 | ---- | C] () -- C:\Users\Julian\AppData\Local\d3d9caps.dat [2011.01.30 00:37:03 | 000,023,040 | ---- | C] () -- C:\Users\Julian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.01 20:52:22 | 000,000,268 | RH-- | C] () -- C:\ProgramData\NetServices [2010.08.01 20:52:22 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2010.08.01 20:52:22 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Pedal Hard [2010.08.01 20:51:21 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Nature [2010.08.01 20:51:21 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2010.08.01 20:51:21 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Overdrive [2010.01.13 15:24:59 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol < End of report > |
|
18.09.2012, 20:14
| #40 |
| /// the machine /// TB-Ausbilder | AKM Trojaner auf Vista Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.09.2012, 20:19
| #41 |
| | AKM Trojaner auf VistaCode:
ATTFilter # AdwCleaner v2.002 - Datei am 09/18/2012 um 21:17:41 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Julian - PRIVAT_PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Julian\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
Datei Gefunden : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\Julian\AppData\Local\funmoods-speeddial.crx
Datei Gefunden : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gefunden : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\searchplugins\Conduit.xml
Datei Gefunden : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\searchplugins\search.xml
Datei Gefunden : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\searchplugins\Search_Results.xml
Datei Gefunden : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\searchplugins\softonic.xml
Datei Gefunden : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\searchplugins\SweetIm.xml
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\ConduitEngine
Ordner Gefunden : C:\Program Files\DVDVideoSoftTB
Ordner Gefunden : C:\Program Files\Media Finder
Ordner Gefunden : C:\Program Files\SweetIM
Ordner Gefunden : C:\Program Files\Trymedia
Ordner Gefunden : C:\Program Files\Yontoo
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\ProgramData\IBUpdaterService
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Ordner Gefunden : C:\ProgramData\SweetIM
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\ProgramData\Trymedia
Ordner Gefunden : C:\Users\Julian\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Ordner Gefunden : C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Ordner Gefunden : C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Ordner Gefunden : C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Ordner Gefunden : C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Ordner Gefunden : C:\Users\Julian\AppData\Local\Ilivid Player
Ordner Gefunden : C:\Users\Julian\AppData\LocalLow\BabylonToolbar
Ordner Gefunden : C:\Users\Julian\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Julian\AppData\LocalLow\ConduitEngine
Ordner Gefunden : C:\Users\Julian\AppData\LocalLow\DVDVideoSoftTB
Ordner Gefunden : C:\Users\Julian\AppData\LocalLow\Funmoods
Ordner Gefunden : C:\Users\Julian\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Julian\AppData\LocalLow\searchquband
Ordner Gefunden : C:\Users\Julian\AppData\LocalLow\Searchqutoolbar
Ordner Gefunden : C:\Users\Julian\AppData\LocalLow\Softonic
Ordner Gefunden : C:\Users\Julian\AppData\LocalLow\SweetIM
Ordner Gefunden : C:\Users\Julian\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Julian\AppData\Roaming\Media Finder
Ordner Gefunden : C:\Users\Julian\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com
Ordner Gefunden : C:\Users\Julian\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Ordner Gefunden : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\ConduitCommon
Ordner Gefunden : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\CT2776682
Ordner Gefunden : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
Ordner Gefunden : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Ordner Gefunden : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@babylon.com
Ordner Gefunden : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbra@softonic.com
Ordner Gefunden : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\plugin@yontoo.com
Ordner Gefunden : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\Searchqutoolbar
Ordner Gefunden : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\SweetPacksToolbarData
Ordner Gefunden : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
***** [Registrierungsdatenbank] *****
Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gefunden : HKCU\Software\IGearSettings
Schlüssel Gefunden : HKCU\Software\MediaFinder
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4C81E141-8511-41EC-9040-3B37533DC253}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKCU\Software\SweetIm
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{3F39D17D-50C7-4AC4-A63A-CDF6CDBD0C61}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4C81E141-8511-41EC-9040-3B37533DC253}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{531BCE90-785D-44F8-ABBF-EE7BB2BE6266}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5E6C20B1-081B-4281-998F-9F7C160C529C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2206084
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2776682
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\conduitEngine
Schlüssel Gefunden : HKLM\Software\conduitEngine
Schlüssel Gefunden : HKLM\Software\DVDVideoSoftTB
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{703DE105-88C1-4C1A-A393-3AFA0B6BAAF2}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4C81E141-8511-41EC-9040-3B37533DC253}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Software
Schlüssel Gefunden : HKLM\Software\SweetIm
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=wbst&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtBtByEtAtDtBtC0EtD0C0C0DtBzztN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=546726722
-\\ Mozilla Firefox v5.0 (de)
Profilname : default
Datei : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\prefs.js
Gefunden : user_pref("CT2776682..clientLogIsEnabled", false);
Gefunden : user_pref("CT2776682..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2776682..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2776682.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2776682.BrowserCompStateIsOpen_129572712621916480", true);
Gefunden : user_pref("CT2776682.BrowserCompStateIsOpen_129593629341665798", true);
Gefunden : user_pref("CT2776682.BrowserCompStateIsOpen_129678129407612905", true);
Gefunden : user_pref("CT2776682.BrowserCompStateIsOpen_129681725882385585", true);
Gefunden : user_pref("CT2776682.BrowserCompStateIsOpen_129736214107504978", true);
Gefunden : user_pref("CT2776682.BrowserCompStateIsOpen_129762727427121022", true);
Gefunden : user_pref("CT2776682.BrowserCompStateIsOpen_129858486831400866", true);
Gefunden : user_pref("CT2776682.BrowserCompStateIsOpen_129908764909615116", true);
Gefunden : user_pref("CT2776682.CTID", "ct2776682");
Gefunden : user_pref("CT2776682.CurrentServerDate", "8-9-2012");
Gefunden : user_pref("CT2776682.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2776682.DialogsGetterLastCheckTime", "Thu Sep 06 2012 19:44:59 GMT+0200");
Gefunden : user_pref("CT2776682.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2776682.FirstServerDate", "20-9-2011");
Gefunden : user_pref("CT2776682.FirstTime", true);
Gefunden : user_pref("CT2776682.FirstTimeFF3", true);
Gefunden : user_pref("CT2776682.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2776682.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2776682.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2776682.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2776682.HomePageProtectorEnabled", true);
Gefunden : user_pref("CT2776682.Initialize", true);
Gefunden : user_pref("CT2776682.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2776682.InstallationAndCookieDataSentCount", 3);
Gefunden : user_pref("CT2776682.InstallationId", "ct2776682_brothersoft_extreme.exe");
Gefunden : user_pref("CT2776682.InstallationType", "ConduitStubIntegration");
Gefunden : user_pref("CT2776682.InstalledDate", "Tue Sep 20 2011 14:28:05 GMT+0200");
Gefunden : user_pref("CT2776682.InvalidateCache", false);
Gefunden : user_pref("CT2776682.IsAlertDBUpdated", true);
Gefunden : user_pref("CT2776682.IsGrouping", false);
Gefunden : user_pref("CT2776682.IsInitSetupIni", true);
Gefunden : user_pref("CT2776682.IsMulticommunity", false);
Gefunden : user_pref("CT2776682.IsOpenThankYouPage", false);
Gefunden : user_pref("CT2776682.IsOpenUninstallPage", true);
Gefunden : user_pref("CT2776682.IsProtectorsInit", true);
Gefunden : user_pref("CT2776682.LanguagePackLastCheckTime", "Tue Sep 20 2011 14:28:25 GMT+0200");
Gefunden : user_pref("CT2776682.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2776682.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2776682.LastLogin_3.6.0.10", "Sat Sep 08 2012 22:14:12 GMT+0200");
Gefunden : user_pref("CT2776682.LatestVersion", "3.14.1.0");
Gefunden : user_pref("CT2776682.Locale", "en");
Gefunden : user_pref("CT2776682.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2776682.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2776682.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2776682.MyStuffEnabledAtInstallation", true);
Gefunden : user_pref("CT2776682.OriginalFirstVersion", "3.6.0.10");
Gefunden : user_pref("CT2776682.RadioIsPodcast", false);
Gefunden : user_pref("CT2776682.RadioLastCheckTime", "Tue Sep 20 2011 14:28:07 GMT+0200");
Gefunden : user_pref("CT2776682.RadioLastUpdateIPServer", "0");
Gefunden : user_pref("CT2776682.RadioMediaID", "9962");
Gefunden : user_pref("CT2776682.RadioMediaType", "Media Player");
Gefunden : user_pref("CT2776682.RadioMenuSelectedID", "EBRadioMenu_CT27766829962");
Gefunden : user_pref("CT2776682.RadioShrinkedFromSetup", false);
Gefunden : user_pref("CT2776682.RadioStationName", "California%20Rock");
Gefunden : user_pref("CT2776682.RadioStationURL", "hxxp://feedlive.net/california.asx");
Gefunden : user_pref("CT2776682.SavedHomepage", "hxxp://www.google.at/firefox?client=firefox-a&rls=org.mozilla:[...]
Gefunden : user_pref("CT2776682.SearchEngineBeforeUnload", "BrotherSoft Extreme Customized Web Search");
Gefunden : user_pref("CT2776682.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2776682.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT277[...]
Gefunden : user_pref("CT2776682.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2776682.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2776682.SearchInNewTabLastCheckTime", "Tue Sep 20 2011 14:28:05 GMT+0200");
Gefunden : user_pref("CT2776682.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2776682.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gefunden : user_pref("CT2776682.SearchProtectorEnabled", true);
Gefunden : user_pref("CT2776682.SearchProtectorToolbarDisabled", false);
Gefunden : user_pref("CT2776682.ServiceMapLastCheckTime", "Sat Sep 08 2012 08:35:28 GMT+0200");
Gefunden : user_pref("CT2776682.SettingsLastCheckTime", "Tue Sep 20 2011 14:27:56 GMT+0200");
Gefunden : user_pref("CT2776682.SettingsLastUpdate", "1316354704");
Gefunden : user_pref("CT2776682.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2776682.ThirdPartyComponentsLastCheck", "Tue Sep 20 2011 14:27:56 GMT+0200");
Gefunden : user_pref("CT2776682.ThirdPartyComponentsLastUpdate", "1312887586");
Gefunden : user_pref("CT2776682.ToolbarShrinkedFromSetup", false);
Gefunden : user_pref("CT2776682.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2776682");
Gefunden : user_pref("CT2776682.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gefunden : user_pref("CT2776682.UserID", "UN86564511272044042");
Gefunden : user_pref("CT2776682.ValidationData_Toolbar", 2);
Gefunden : user_pref("CT2776682.alertChannelId", "1168776");
Gefunden : user_pref("CT2776682.backendstorage.autocompletepro_enable_auto", "31");
Gefunden : user_pref("CT2776682.backendstorage.cbcountry_001", "4154");
Gefunden : user_pref("CT2776682.backendstorage.cbfirsttime", "5468752046656220313620323031322031353A31313A31302[...]
Gefunden : user_pref("CT2776682.backendstorage.ct2776682ads1", "25374225323261647325323225334125354225374225323[...]
Gefunden : user_pref("CT2776682.backendstorage.ct2776682current_term", "74726F6A616E65722B626F617264");
Gefunden : user_pref("CT2776682.backendstorage.ct2776682sdate", "38");
Gefunden : user_pref("CT2776682.backendstorage.sf_just_installed", "46414C5345");
Gefunden : user_pref("CT2776682.backendstorage.sf_status", "454E41424C4544");
Gefunden : user_pref("CT2776682.backendstorage.sf_user_id", "6369645F383932303132383335343031393435323933");
Gefunden : user_pref("CT2776682.backendstorage.shoppingapp.gk.exipres", "5468752053657020313320323031322030383A[...]
Gefunden : user_pref("CT2776682.backendstorage.shoppingapp.gk.geolocation", "61757374726961");
Gefunden : user_pref("CT2776682.backendstorage.url_history0001", "687474703A2F2F7777772E647A672E61742F3A3A3A636[...]
Gefunden : user_pref("CT2776682.ct2776682.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2776682.ct2776682.InvalidateCache", false);
Gefunden : user_pref("CT2776682.ct2776682.LanguagePackLastCheckTime", "Sat Sep 08 2012 08:35:29 GMT+0200");
Gefunden : user_pref("CT2776682.ct2776682.Locale", "en");
Gefunden : user_pref("CT2776682.ct2776682.RadioLastCheckTime", "Sat Sep 08 2012 08:35:29 GMT+0200");
Gefunden : user_pref("CT2776682.ct2776682.RadioLastUpdateIPServer", "3");
Gefunden : user_pref("CT2776682.ct2776682.RadioLastUpdateServer", "3");
Gefunden : user_pref("CT2776682.ct2776682.SearchInNewTabLastCheckTime", "Sat Sep 08 2012 08:35:27 GMT+0200");
Gefunden : user_pref("CT2776682.ct2776682.SettingsLastCheckTime", "Sat Sep 08 2012 22:14:11 GMT+0200");
Gefunden : user_pref("CT2776682.ct2776682.SettingsLastUpdate", "1347008525");
Gefunden : user_pref("CT2776682.ct2776682.ThirdPartyComponentsLastCheck", "Tue Aug 21 2012 17:04:51 GMT+0200");
Gefunden : user_pref("CT2776682.ct2776682.ThirdPartyComponentsLastUpdate", "1331805997");
Gefunden : user_pref("CT2776682.ct2776682.globalFirstTimeInfoLastCheckTime", "Sat Sep 08 2012 22:14:13 GMT+0200[...]
Gefunden : user_pref("CT2776682.ct2776682.toolbarAppMetaDataLastCheckTime", "Sat Sep 08 2012 08:35:29 GMT+0200"[...]
Gefunden : user_pref("CT2776682.ct2776682.toolbarContextMenuLastCheckTime", "Thu Sep 06 2012 19:44:59 GMT+0200"[...]
Gefunden : user_pref("CT2776682.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gefunden : user_pref("CT2776682.globalFirstTimeInfoLastCheckTime", "Tue Sep 20 2011 14:28:02 GMT+0200");
Gefunden : user_pref("CT2776682.homepageProtectorEnableByLogin", true);
Gefunden : user_pref("CT2776682.initDone", true);
Gefunden : user_pref("CT2776682.isAppTrackingManagerOn", false);
Gefunden : user_pref("CT2776682.isFirstRadioInstallation", false);
Gefunden : user_pref("CT2776682.myStuffEnabled", true);
Gefunden : user_pref("CT2776682.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2776682.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2776682.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2776682.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2776682.oldAppsList", "129288498392881552,129288498393350308,111,129681725882385585,129[...]
Gefunden : user_pref("CT2776682.searchProtectorDialogDelayInSec", 10);
Gefunden : user_pref("CT2776682.searchProtectorEnableByLogin", true);
Gefunden : user_pref("CT2776682.testingCtid", "");
Gefunden : user_pref("CT2776682.toolbarAppMetaDataLastCheckTime", "Tue Sep 20 2011 14:28:01 GMT+0200");
Gefunden : user_pref("CT2776682.toolbarContextMenuLastCheckTime", "Tue Sep 20 2011 14:28:25 GMT+0200");
Gefunden : user_pref("CT2776682.usagesFlag", 2);
Gefunden : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2776682&Search[...]
Gefunden : user_pref("CommunityToolbar.ConduitSearchList", "BrotherSoft Extreme Customized Web Search");
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2776682", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2776682", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2776682",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2776682&octid=[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2776682&octid=[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"018[...]
Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Julian\\AppData\\Roaming\\Mozilla\\[...]
Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2776682");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2776682");
Gefunden : user_pref("CommunityToolbar.ToolbarsList4", "CT2776682");
Gefunden : user_pref("CommunityToolbar.globalUserId", "7e073cab-9597-41c6-96cd-bebf8912a49b");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2776682");
Gefunden : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Sep 06 2012 19:44:5[...]
Gefunden : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.locale", "en");
Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Sep 08 2012 08:35:29 GMT+0200");
Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gefunden : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.notifications.userId", "5710975b-3d9e-455c-8e9f-56d101e57688");
Gefunden : user_pref("backup.old.browser.startup.homepage", "hxxp://isearch.claro-search.com/?affID=113933&tt=3[...]
Gefunden : user_pref("browser.newtab.url", "hxxp://isearch.claro-search.com/?affID=110808&tt=3612_6&babsrc=NT_s[...]
Gefunden : user_pref("browser.search.defaultthis.engineName", "BrotherSoft Extreme Customized Web Search");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("browser.search.selectedEngine", "Ask.com");
Gefunden : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/406");
Gefunden : user_pref("extensions.BabylonToolbar.admin", false);
Gefunden : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gefunden : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Gefunden : user_pref("extensions.BabylonToolbar.babExt", "");
Gefunden : user_pref("extensions.BabylonToolbar.babTrack", "affID=112555&tt=3212_7");
Gefunden : user_pref("extensions.BabylonToolbar.cntry", "AT");
Gefunden : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gefunden : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Gefunden : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Gefunden : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gefunden : user_pref("extensions.BabylonToolbar.hdrMd5", "FF85E8170A1E2FE221647657094CCCED");
Gefunden : user_pref("extensions.BabylonToolbar.hmpg", true);
Gefunden : user_pref("extensions.BabylonToolbar.id", "e0c5cd28000000000000002243021e0c");
Gefunden : user_pref("extensions.BabylonToolbar.instlDay", "15561");
Gefunden : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gefunden : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.4.611:09:56");
Gefunden : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.0");
Gefunden : user_pref("extensions.BabylonToolbar.newTab", false);
Gefunden : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gefunden : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gefunden : user_pref("extensions.BabylonToolbar.sg", "none");
Gefunden : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Gefunden : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Gefunden : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Gefunden : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.4.611:09:56");
Gefunden : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Gefunden : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=3212_7");
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.611:09:56");
Gefunden : user_pref("extensions.Softonic.admin", false);
Gefunden : user_pref("extensions.Softonic.aflt", "SD");
Gefunden : user_pref("extensions.Softonic.autoRvrt", "false");
Gefunden : user_pref("extensions.Softonic.cntry", "AT");
Gefunden : user_pref("extensions.Softonic.cv", "cv5");
Gefunden : user_pref("extensions.Softonic.dfltLng", "de");
Gefunden : user_pref("extensions.Softonic.dfltSrch", true);
Gefunden : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)");
Gefunden : user_pref("extensions.Softonic.dspOld", "SweetIM Search");
Gefunden : user_pref("extensions.Softonic.envrmnt", "production");
Gefunden : user_pref("extensions.Softonic.excTlbr", false);
Gefunden : user_pref("extensions.Softonic.hdrMd5", "EC13F0031E2FBDFB5FD0DA4EBD7D33AF");
Gefunden : user_pref("extensions.Softonic.hmpg", true);
Gefunden : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&[...]
Gefunden : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc[...]
Gefunden : user_pref("extensions.Softonic.hpOld", "hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={7C039765[...]
Gefunden : user_pref("extensions.Softonic.id", "e0c5cd28000000000000002243021e0c");
Gefunden : user_pref("extensions.Softonic.instlDay", "15526");
Gefunden : user_pref("extensions.Softonic.instlRef", "MON00015");
Gefunden : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=[...]
Gefunden : user_pref("extensions.Softonic.lastVrsnTs", "1.5.24.314:42:49");
Gefunden : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
Gefunden : user_pref("extensions.Softonic.newTab", true);
Gefunden : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1[...]
Gefunden : user_pref("extensions.Softonic.prdct", "Softonic");
Gefunden : user_pref("extensions.Softonic.prtnrId", "softonic");
Gefunden : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]
Gefunden : user_pref("extensions.Softonic.sg", "az");
Gefunden : user_pref("extensions.Softonic.smplGrp", "none");
Gefunden : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Gefunden : user_pref("extensions.Softonic.tlbrId", "base");
Gefunden : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource[...]
Gefunden : user_pref("extensions.Softonic.vrsn", "1.5.24.3");
Gefunden : user_pref("extensions.Softonic.vrsnTs", "1.5.24.314:42:49");
Gefunden : user_pref("extensions.Softonic.vrsni", "1.5.24.3");
Gefunden : user_pref("extensions.Softonic_i.dnsErr", true);
Gefunden : user_pref("extensions.Softonic_i.hmpg", true);
Gefunden : user_pref("extensions.Softonic_i.newTab", true);
Gefunden : user_pref("extensions.Softonic_i.smplGrp", "none");
Gefunden : user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.314:42:49");
Gefunden : user_pref("extensions.facemoods.aflt", "_#gppc");
Gefunden : user_pref("extensions.facemoods.firstRun", false);
Gefunden : user_pref("extensions.facemoods.lastActv", "24");
Gefunden : user_pref("extensions.funmoods.aflt", "wbst");
Gefunden : user_pref("extensions.funmoods.autoRvrt", false);
Gefunden : user_pref("extensions.funmoods.cntry", "AT");
Gefunden : user_pref("extensions.funmoods.cv", "cv5");
Gefunden : user_pref("extensions.funmoods.dfltLng", "");
Gefunden : user_pref("extensions.funmoods.dfltSrch", true);
Gefunden : user_pref("extensions.funmoods.dnsErr", true);
Gefunden : user_pref("extensions.funmoods.envrmnt", "production");
Gefunden : user_pref("extensions.funmoods.excTlbr", false);
Gefunden : user_pref("extensions.funmoods.hdrMd5", "2F6DF4AC3C7489C14C23A64D0D54FA45");
Gefunden : user_pref("extensions.funmoods.hmpg", true);
Gefunden : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=wbst&chnl=&cd=2XzuyEtN2Y1[...]
Gefunden : user_pref("extensions.funmoods.id", "002243021E0CCD28");
Gefunden : user_pref("extensions.funmoods.instlDay", "15559");
Gefunden : user_pref("extensions.funmoods.instlRef", "");
Gefunden : user_pref("extensions.funmoods.isdcmntcmplt", true);
Gefunden : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2216:14:3");
Gefunden : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Gefunden : user_pref("extensions.funmoods.newTab", true);
Gefunden : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=wbst&chnl=&cd=2XzuyEtN2[...]
Gefunden : user_pref("extensions.funmoods.prdct", "funmoods");
Gefunden : user_pref("extensions.funmoods.prtnrId", "funmoods");
Gefunden : user_pref("extensions.funmoods.sg", "none");
Gefunden : user_pref("extensions.funmoods.smplGrp", "none");
Gefunden : user_pref("extensions.funmoods.srchPrvdr", "Search");
Gefunden : user_pref("extensions.funmoods.tlbrId", "base");
Gefunden : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=wbst&chnl=&cd=2XzuyEt[...]
Gefunden : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Gefunden : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2216:14:3");
Gefunden : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Gefunden : user_pref("extensions.funmoods_i.newTab", true);
Gefunden : user_pref("extensions.funmoods_i.smplGrp", "none");
Gefunden : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2216:14:3");
Gefunden : user_pref("sweetim.toolbar.cargo", "3.1010000.10002");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Gefunden : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.html")[...]
Gefunden : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Gefunden : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Gefunden : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Gefunden : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Gefunden : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Gefunden : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Gefunden : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Gefunden : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Gefunden : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Gefunden : user_pref("sweetim.toolbar.mode.debug", "false");
Gefunden : user_pref("sweetim.toolbar.prad.initialized_by_rc", "true");
Gefunden : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsEx[...]
Gefunden : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Gefunden : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.searchcore.net/426");
Gefunden : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://isearch.claro-search.com/?affID=113933&tt=[...]
Gefunden : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Gefunden : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Gefunden : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Gefunden : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Gefunden : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Gefunden : user_pref("sweetim.toolbar.scripts.0.enable", "true");
Gefunden : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Gefunden : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Gefunden : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");
Gefunden : user_pref("sweetim.toolbar.scripts.1.callback", "");
Gefunden : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Gefunden : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");
Gefunden : user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");
Gefunden : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Gefunden : user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");
Gefunden : user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Gefunden : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Gefunden : user_pref("sweetim.toolbar.search.history.capacity", "10");
Gefunden : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
Gefunden : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
Gefunden : user_pref("sweetim.toolbar.searchguard.enable", "true");
Gefunden : user_pref("sweetim.toolbar.simapp_id", "{7C039765-C69D-11E1-9C27-E27A5000B6AF}");
Gefunden : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={7C03[...]
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gefunden [l.8] : homepage = "hxxp://www.searchnu.com/406",
Gefunden [l.12] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]
Gefunden [l.35] : search_url = "hxxp://dts.search-results.com/sr?src=crb&appid=362&systemid=406&sr=0&q={searchTerms}"
Gefunden [l.366] : homepage = "hxxp://www.searchnu.com/406",
Gefunden [l.542] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]
*************************
AdwCleaner[R1].txt - [47145 octets] - [18/09/2012 21:17:41]
########## EOF - C:\AdwCleaner[R1].txt - [47206 octets] ##########
lg |
|
18.09.2012, 20:22
| #42 |
| /// the machine /// TB-Ausbilder | AKM Trojaner auf Vista
Neues OTL log bitte. Probleme weg?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.09.2012, 20:34
| #43 |
| | AKM Trojaner auf VistaCode:
ATTFilter # AdwCleaner v2.002 - Datei am 09/18/2012 um 21:26:39 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Julian - PRIVAT_PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Julian\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
Datei Gelöscht : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Julian\AppData\Local\funmoods-speeddial.crx
Datei Gelöscht : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\searchplugins\search.xml
Datei Gelöscht : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\searchplugins\softonic.xml
Datei Gelöscht : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\searchplugins\SweetIm.xml
Gelöscht mit Neustart : C:\Program Files\SweetIM
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\ConduitEngine
Ordner Gelöscht : C:\Program Files\DVDVideoSoftTB
Ordner Gelöscht : C:\Program Files\Media Finder
Ordner Gelöscht : C:\Program Files\Trymedia
Ordner Gelöscht : C:\Program Files\Yontoo
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\Julian\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Ordner Gelöscht : C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Ordner Gelöscht : C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Ordner Gelöscht : C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Ordner Gelöscht : C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Ordner Gelöscht : C:\Users\Julian\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Julian\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Julian\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Julian\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Julian\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Julian\AppData\LocalLow\Funmoods
Ordner Gelöscht : C:\Users\Julian\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Julian\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Julian\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Julian\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Julian\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\Julian\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Julian\AppData\Roaming\Media Finder
Ordner Gelöscht : C:\Users\Julian\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com
Ordner Gelöscht : C:\Users\Julian\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Ordner Gelöscht : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\ConduitCommon
Ordner Gelöscht : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\CT2776682
Ordner Gelöscht : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
Ordner Gelöscht : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Ordner Gelöscht : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbra@softonic.com
Ordner Gelöscht : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\plugin@yontoo.com
Ordner Gelöscht : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\Searchqutoolbar
Ordner Gelöscht : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\SweetPacksToolbarData
Ordner Gelöscht : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\MediaFinder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4C81E141-8511-41EC-9040-3B37533DC253}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\SweetIm
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3F39D17D-50C7-4AC4-A63A-CDF6CDBD0C61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4C81E141-8511-41EC-9040-3B37533DC253}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{531BCE90-785D-44F8-ABBF-EE7BB2BE6266}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E6C20B1-081B-4281-998F-9F7C160C529C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2206084
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2776682
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{703DE105-88C1-4C1A-A393-3AFA0B6BAAF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4C81E141-8511-41EC-9040-3B37533DC253}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Schlüssel Gelöscht : HKLM\Software\SweetIm
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=wbst&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtBtByEtAtDtBtC0EtD0C0C0DtBzztN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=546726722 --> hxxp://www.google.com
-\\ Mozilla Firefox v5.0 (de)
Profilname : default
Datei : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\prefs.js
C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2776682..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2776682..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2776682..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2776682.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2776682.BrowserCompStateIsOpen_129572712621916480", true);
Gelöscht : user_pref("CT2776682.BrowserCompStateIsOpen_129593629341665798", true);
Gelöscht : user_pref("CT2776682.BrowserCompStateIsOpen_129678129407612905", true);
Gelöscht : user_pref("CT2776682.BrowserCompStateIsOpen_129681725882385585", true);
Gelöscht : user_pref("CT2776682.BrowserCompStateIsOpen_129736214107504978", true);
Gelöscht : user_pref("CT2776682.BrowserCompStateIsOpen_129762727427121022", true);
Gelöscht : user_pref("CT2776682.BrowserCompStateIsOpen_129858486831400866", true);
Gelöscht : user_pref("CT2776682.BrowserCompStateIsOpen_129908764909615116", true);
Gelöscht : user_pref("CT2776682.CTID", "ct2776682");
Gelöscht : user_pref("CT2776682.CurrentServerDate", "8-9-2012");
Gelöscht : user_pref("CT2776682.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2776682.DialogsGetterLastCheckTime", "Thu Sep 06 2012 19:44:59 GMT+0200");
Gelöscht : user_pref("CT2776682.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2776682.FirstServerDate", "20-9-2011");
Gelöscht : user_pref("CT2776682.FirstTime", true);
Gelöscht : user_pref("CT2776682.FirstTimeFF3", true);
Gelöscht : user_pref("CT2776682.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2776682.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2776682.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2776682.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2776682.HomePageProtectorEnabled", true);
Gelöscht : user_pref("CT2776682.Initialize", true);
Gelöscht : user_pref("CT2776682.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2776682.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2776682.InstallationId", "ct2776682_brothersoft_extreme.exe");
Gelöscht : user_pref("CT2776682.InstallationType", "ConduitStubIntegration");
Gelöscht : user_pref("CT2776682.InstalledDate", "Tue Sep 20 2011 14:28:05 GMT+0200");
Gelöscht : user_pref("CT2776682.InvalidateCache", false);
Gelöscht : user_pref("CT2776682.IsAlertDBUpdated", true);
Gelöscht : user_pref("CT2776682.IsGrouping", false);
Gelöscht : user_pref("CT2776682.IsInitSetupIni", true);
Gelöscht : user_pref("CT2776682.IsMulticommunity", false);
Gelöscht : user_pref("CT2776682.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2776682.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2776682.IsProtectorsInit", true);
Gelöscht : user_pref("CT2776682.LanguagePackLastCheckTime", "Tue Sep 20 2011 14:28:25 GMT+0200");
Gelöscht : user_pref("CT2776682.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2776682.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2776682.LastLogin_3.6.0.10", "Sat Sep 08 2012 22:14:12 GMT+0200");
Gelöscht : user_pref("CT2776682.LatestVersion", "3.14.1.0");
Gelöscht : user_pref("CT2776682.Locale", "en");
Gelöscht : user_pref("CT2776682.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2776682.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2776682.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2776682.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2776682.OriginalFirstVersion", "3.6.0.10");
Gelöscht : user_pref("CT2776682.RadioIsPodcast", false);
Gelöscht : user_pref("CT2776682.RadioLastCheckTime", "Tue Sep 20 2011 14:28:07 GMT+0200");
Gelöscht : user_pref("CT2776682.RadioLastUpdateIPServer", "0");
Gelöscht : user_pref("CT2776682.RadioMediaID", "9962");
Gelöscht : user_pref("CT2776682.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2776682.RadioMenuSelectedID", "EBRadioMenu_CT27766829962");
Gelöscht : user_pref("CT2776682.RadioShrinkedFromSetup", false);
Gelöscht : user_pref("CT2776682.RadioStationName", "California%20Rock");
Gelöscht : user_pref("CT2776682.RadioStationURL", "hxxp://feedlive.net/california.asx");
Gelöscht : user_pref("CT2776682.SavedHomepage", "hxxp://www.google.at/firefox?client=firefox-a&rls=org.mozilla:[...]
Gelöscht : user_pref("CT2776682.SearchEngineBeforeUnload", "BrotherSoft Extreme Customized Web Search");
Gelöscht : user_pref("CT2776682.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2776682.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT277[...]
Gelöscht : user_pref("CT2776682.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2776682.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2776682.SearchInNewTabLastCheckTime", "Tue Sep 20 2011 14:28:05 GMT+0200");
Gelöscht : user_pref("CT2776682.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2776682.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gelöscht : user_pref("CT2776682.SearchProtectorEnabled", true);
Gelöscht : user_pref("CT2776682.SearchProtectorToolbarDisabled", false);
Gelöscht : user_pref("CT2776682.ServiceMapLastCheckTime", "Sat Sep 08 2012 08:35:28 GMT+0200");
Gelöscht : user_pref("CT2776682.SettingsLastCheckTime", "Tue Sep 20 2011 14:27:56 GMT+0200");
Gelöscht : user_pref("CT2776682.SettingsLastUpdate", "1316354704");
Gelöscht : user_pref("CT2776682.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2776682.ThirdPartyComponentsLastCheck", "Tue Sep 20 2011 14:27:56 GMT+0200");
Gelöscht : user_pref("CT2776682.ThirdPartyComponentsLastUpdate", "1312887586");
Gelöscht : user_pref("CT2776682.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2776682.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2776682");
Gelöscht : user_pref("CT2776682.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2776682.UserID", "UN86564511272044042");
Gelöscht : user_pref("CT2776682.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2776682.alertChannelId", "1168776");
Gelöscht : user_pref("CT2776682.backendstorage.autocompletepro_enable_auto", "31");
Gelöscht : user_pref("CT2776682.backendstorage.cbcountry_001", "4154");
Gelöscht : user_pref("CT2776682.backendstorage.cbfirsttime", "5468752046656220313620323031322031353A31313A31302[...]
Gelöscht : user_pref("CT2776682.backendstorage.ct2776682ads1", "25374225323261647325323225334125354225374225323[...]
Gelöscht : user_pref("CT2776682.backendstorage.ct2776682current_term", "74726F6A616E65722B626F617264");
Gelöscht : user_pref("CT2776682.backendstorage.ct2776682sdate", "38");
Gelöscht : user_pref("CT2776682.backendstorage.sf_just_installed", "46414C5345");
Gelöscht : user_pref("CT2776682.backendstorage.sf_status", "454E41424C4544");
Gelöscht : user_pref("CT2776682.backendstorage.sf_user_id", "6369645F383932303132383335343031393435323933");
Gelöscht : user_pref("CT2776682.backendstorage.shoppingapp.gk.exipres", "5468752053657020313320323031322030383A[...]
Gelöscht : user_pref("CT2776682.backendstorage.shoppingapp.gk.geolocation", "61757374726961");
Gelöscht : user_pref("CT2776682.backendstorage.url_history0001", "687474703A2F2F7777772E647A672E61742F3A3A3A636[...]
Gelöscht : user_pref("CT2776682.ct2776682.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2776682.ct2776682.InvalidateCache", false);
Gelöscht : user_pref("CT2776682.ct2776682.LanguagePackLastCheckTime", "Sat Sep 08 2012 08:35:29 GMT+0200");
Gelöscht : user_pref("CT2776682.ct2776682.Locale", "en");
Gelöscht : user_pref("CT2776682.ct2776682.RadioLastCheckTime", "Sat Sep 08 2012 08:35:29 GMT+0200");
Gelöscht : user_pref("CT2776682.ct2776682.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2776682.ct2776682.RadioLastUpdateServer", "3");
Gelöscht : user_pref("CT2776682.ct2776682.SearchInNewTabLastCheckTime", "Sat Sep 08 2012 08:35:27 GMT+0200");
Gelöscht : user_pref("CT2776682.ct2776682.SettingsLastCheckTime", "Sat Sep 08 2012 22:14:11 GMT+0200");
Gelöscht : user_pref("CT2776682.ct2776682.SettingsLastUpdate", "1347008525");
Gelöscht : user_pref("CT2776682.ct2776682.ThirdPartyComponentsLastCheck", "Tue Aug 21 2012 17:04:51 GMT+0200");
Gelöscht : user_pref("CT2776682.ct2776682.ThirdPartyComponentsLastUpdate", "1331805997");
Gelöscht : user_pref("CT2776682.ct2776682.globalFirstTimeInfoLastCheckTime", "Sat Sep 08 2012 22:14:13 GMT+0200[...]
Gelöscht : user_pref("CT2776682.ct2776682.toolbarAppMetaDataLastCheckTime", "Sat Sep 08 2012 08:35:29 GMT+0200"[...]
Gelöscht : user_pref("CT2776682.ct2776682.toolbarContextMenuLastCheckTime", "Thu Sep 06 2012 19:44:59 GMT+0200"[...]
Gelöscht : user_pref("CT2776682.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2776682.globalFirstTimeInfoLastCheckTime", "Tue Sep 20 2011 14:28:02 GMT+0200");
Gelöscht : user_pref("CT2776682.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2776682.initDone", true);
Gelöscht : user_pref("CT2776682.isAppTrackingManagerOn", false);
Gelöscht : user_pref("CT2776682.isFirstRadioInstallation", false);
Gelöscht : user_pref("CT2776682.myStuffEnabled", true);
Gelöscht : user_pref("CT2776682.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2776682.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2776682.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2776682.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2776682.oldAppsList", "129288498392881552,129288498393350308,111,129681725882385585,129[...]
Gelöscht : user_pref("CT2776682.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2776682.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2776682.testingCtid", "");
Gelöscht : user_pref("CT2776682.toolbarAppMetaDataLastCheckTime", "Tue Sep 20 2011 14:28:01 GMT+0200");
Gelöscht : user_pref("CT2776682.toolbarContextMenuLastCheckTime", "Tue Sep 20 2011 14:28:25 GMT+0200");
Gelöscht : user_pref("CT2776682.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2776682&Search[...]
Gelöscht : user_pref("CommunityToolbar.ConduitSearchList", "BrotherSoft Extreme Customized Web Search");
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2776682", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2776682", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2776682",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2776682&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2776682&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"018[...]
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Julian\\AppData\\Roaming\\Mozilla\\[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2776682");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2776682");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2776682");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "7e073cab-9597-41c6-96cd-bebf8912a49b");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2776682");
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Sep 06 2012 19:44:5[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Sep 08 2012 08:35:29 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "5710975b-3d9e-455c-8e9f-56d101e57688");
Gelöscht : user_pref("backup.old.browser.startup.homepage", "hxxp://isearch.claro-search.com/?affID=113933&tt=3[...]
Gelöscht : user_pref("browser.newtab.url", "hxxp://isearch.claro-search.com/?affID=110808&tt=3612_6&babsrc=NT_s[...]
Gelöscht : user_pref("browser.search.defaultthis.engineName", "BrotherSoft Extreme Customized Web Search");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/406");
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar.babTrack", "affID=112555&tt=3212_7");
Gelöscht : user_pref("extensions.BabylonToolbar.cntry", "AT");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Gelöscht : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.hdrMd5", "FF85E8170A1E2FE221647657094CCCED");
Gelöscht : user_pref("extensions.BabylonToolbar.hmpg", true);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "e0c5cd28000000000000002243021e0c");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15561");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.4.611:09:56");
Gelöscht : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.0");
Gelöscht : user_pref("extensions.BabylonToolbar.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.sg", "none");
Gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.4.611:09:56");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=3212_7");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.611:09:56");
Gelöscht : user_pref("extensions.Softonic.admin", false);
Gelöscht : user_pref("extensions.Softonic.aflt", "SD");
Gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
Gelöscht : user_pref("extensions.Softonic.cntry", "AT");
Gelöscht : user_pref("extensions.Softonic.cv", "cv5");
Gelöscht : user_pref("extensions.Softonic.dfltLng", "de");
Gelöscht : user_pref("extensions.Softonic.dfltSrch", true);
Gelöscht : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)");
Gelöscht : user_pref("extensions.Softonic.dspOld", "SweetIM Search");
Gelöscht : user_pref("extensions.Softonic.envrmnt", "production");
Gelöscht : user_pref("extensions.Softonic.excTlbr", false);
Gelöscht : user_pref("extensions.Softonic.hdrMd5", "EC13F0031E2FBDFB5FD0DA4EBD7D33AF");
Gelöscht : user_pref("extensions.Softonic.hmpg", true);
Gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&[...]
Gelöscht : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc[...]
Gelöscht : user_pref("extensions.Softonic.hpOld", "hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={7C039765[...]
Gelöscht : user_pref("extensions.Softonic.id", "e0c5cd28000000000000002243021e0c");
Gelöscht : user_pref("extensions.Softonic.instlDay", "15526");
Gelöscht : user_pref("extensions.Softonic.instlRef", "MON00015");
Gelöscht : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=[...]
Gelöscht : user_pref("extensions.Softonic.lastVrsnTs", "1.5.24.314:42:49");
Gelöscht : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
Gelöscht : user_pref("extensions.Softonic.newTab", true);
Gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1[...]
Gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
Gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
Gelöscht : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]
Gelöscht : user_pref("extensions.Softonic.sg", "az");
Gelöscht : user_pref("extensions.Softonic.smplGrp", "none");
Gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Gelöscht : user_pref("extensions.Softonic.tlbrId", "base");
Gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource[...]
Gelöscht : user_pref("extensions.Softonic.vrsn", "1.5.24.3");
Gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.5.24.314:42:49");
Gelöscht : user_pref("extensions.Softonic.vrsni", "1.5.24.3");
Gelöscht : user_pref("extensions.Softonic_i.dnsErr", true);
Gelöscht : user_pref("extensions.Softonic_i.hmpg", true);
Gelöscht : user_pref("extensions.Softonic_i.newTab", true);
Gelöscht : user_pref("extensions.Softonic_i.smplGrp", "none");
Gelöscht : user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.314:42:49");
Gelöscht : user_pref("extensions.facemoods.aflt", "_#gppc");
Gelöscht : user_pref("extensions.facemoods.firstRun", false);
Gelöscht : user_pref("extensions.facemoods.lastActv", "24");
Gelöscht : user_pref("extensions.funmoods.aflt", "wbst");
Gelöscht : user_pref("extensions.funmoods.autoRvrt", false);
Gelöscht : user_pref("extensions.funmoods.cntry", "AT");
Gelöscht : user_pref("extensions.funmoods.cv", "cv5");
Gelöscht : user_pref("extensions.funmoods.dfltLng", "");
Gelöscht : user_pref("extensions.funmoods.dfltSrch", true);
Gelöscht : user_pref("extensions.funmoods.dnsErr", true);
Gelöscht : user_pref("extensions.funmoods.envrmnt", "production");
Gelöscht : user_pref("extensions.funmoods.excTlbr", false);
Gelöscht : user_pref("extensions.funmoods.hdrMd5", "2F6DF4AC3C7489C14C23A64D0D54FA45");
Gelöscht : user_pref("extensions.funmoods.hmpg", true);
Gelöscht : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=wbst&chnl=&cd=2XzuyEtN2Y1[...]
Gelöscht : user_pref("extensions.funmoods.id", "002243021E0CCD28");
Gelöscht : user_pref("extensions.funmoods.instlDay", "15559");
Gelöscht : user_pref("extensions.funmoods.instlRef", "");
Gelöscht : user_pref("extensions.funmoods.isdcmntcmplt", true);
Gelöscht : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2216:14:3");
Gelöscht : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Gelöscht : user_pref("extensions.funmoods.newTab", true);
Gelöscht : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=wbst&chnl=&cd=2XzuyEtN2[...]
Gelöscht : user_pref("extensions.funmoods.prdct", "funmoods");
Gelöscht : user_pref("extensions.funmoods.prtnrId", "funmoods");
Gelöscht : user_pref("extensions.funmoods.sg", "none");
Gelöscht : user_pref("extensions.funmoods.smplGrp", "none");
Gelöscht : user_pref("extensions.funmoods.srchPrvdr", "Search");
Gelöscht : user_pref("extensions.funmoods.tlbrId", "base");
Gelöscht : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=wbst&chnl=&cd=2XzuyEt[...]
Gelöscht : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Gelöscht : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2216:14:3");
Gelöscht : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Gelöscht : user_pref("extensions.funmoods_i.newTab", true);
Gelöscht : user_pref("extensions.funmoods_i.smplGrp", "none");
Gelöscht : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2216:14:3");
Gelöscht : user_pref("sweetim.toolbar.cargo", "3.1010000.10002");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.html")[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Gelöscht : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
Gelöscht : user_pref("sweetim.toolbar.prad.initialized_by_rc", "true");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsEx[...]
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.searchcore.net/426");
Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://isearch.claro-search.com/?affID=113933&tt=[...]
Gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
Gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
Gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{7C039765-C69D-11E1-9C27-E27A5000B6AF}");
Gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={7C03[...]
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.8] : homepage = "hxxp://www.searchnu.com/406",
Gelöscht [l.12] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]
Gelöscht [l.35] : search_url = "hxxp://dts.search-results.com/sr?src=crb&appid=362&systemid=406&sr=0&q={searchTerms}"
Gelöscht [l.366] : homepage = "hxxp://www.searchnu.com/406",
Gelöscht [l.542] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]
*************************
AdwCleaner[R1].txt - [47276 octets] - [18/09/2012 21:17:41]
AdwCleaner[R2].txt - [47337 octets] - [18/09/2012 21:26:00]
AdwCleaner[S1].txt - [46885 octets] - [18/09/2012 21:26:39]
########## EOF - C:\AdwCleaner[S1].txt - [46946 octets] ##########
|
|
18.09.2012, 20:36
| #44 |
| /// the machine /// TB-Ausbilder | AKM Trojaner auf Vista Was meinst Du genau?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.09.2012, 20:44
| #45 |
| | AKM Trojaner auf Vista wenn ich den Internet Explorer öffne und mich auf der Trojaner Board Seite einloggen will, lässt er mich zwar rein, aber im gleichen Augenblick muß ich meine Login daten wieder eingeben. Und über Safari klappt das aber. lg |
|
| Themen zu AKM Trojaner auf Vista |
| akm trojaner, funktionier, funktioniert, heute, nichts, troja, trojaner, vista |
.
Linear-Darstellung
