| |
| |||||||
Log-Analyse und Auswertung: GVU Problem. System säubern ohne formatieren.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.09.2012, 22:10
| #1 | |
| |  GVU Problem. System säubern ohne formatieren. Hallo und guten Tag, heute diese tolle Warnung von GVU bekommen ich solle 100€ zahlen. Danach hab ich immer diese Fehlermeldung bekommen. Selbst nach Neustart war es nicht möglich überhaupt auf den Desktop zu kommen. Also wie hier beschrieben Zitat:
Danach hab ich versucht dem ganzen wie beschrieben mit Windowsunlocker zu Leibe zu rücken. Doch nach dem Schritt "Textmodus" oder "Grafikmodus" habe ich eine Fehlermeldung bekommen. Geht also nicht. Nun hab ich OTL Logfiles erstellt. Ich danke für Hilfe und sende beste Grüße |
|
07.09.2012, 11:52
| #2 |
| /// Helfer-Team  | GVU Problem. System säubern ohne formatieren. Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Programme_D\SiSoftware Sandra Lite 2012.SP2\WNt500x86\Sandra.sys -- (SANDRA)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=449e02b9000000000000001f3f032455
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=449e02b9000000000000001f3f032455
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.bild.de/"
FF - prefs.js..extensions.enabledAddons: pixelzoomer@matthiasschuetz.com:1.3
FF - prefs.js..extensions.enabledAddons: plugin@seitwert.de:1.0.7
FF - prefs.js..extensions.enabledAddons: seO4firefox@seobook.com:3.6.5
FF - prefs.js..extensions.enabledAddons: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.16
FF - prefs.js..extensions.enabledAddons: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.9.5.1
FF - prefs.js..extensions.enabledAddons: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8.1
FF - prefs.js..extensions.enabledAddons: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.10
FF - prefs.js..extensions.enabledAddons: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.41
FF - prefs.js..extensions.enabledAddons: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.12.9.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.36
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5.1
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.89
FF - prefs.js..extensions.enabledItems: plugin@seitwert.de:1.0.4
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=449e02b9000000000000001f3f032455&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57192
FF - prefs.js..network.proxy.type: 0
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ea124859-5bfa-11e1-8a53-001f3f032455}\Shell - "" = AutoRun
O33 - MountPoints2\{ea124859-5bfa-11e1-8a53-001f3f032455}\Shell\AutoRun\command - "" = G:\pushinst.exe
[2012.09.06 16:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012.09.06 14:53:16 | 004,503,728 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2
:Files
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Mali\AppData\Local\{*}
C:\Users\Mali\AppData\Local\Temp\*.exe
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
4. Schritt
__________________ |
|
07.09.2012, 18:28
| #3 |
| | GVU Problem. System säubern ohne formatieren. Okay beim fixen ist folgendes passiert. Rechner ist sofort runtergefahren und zur eingabeaufforderung gekommen. Also bevor ich mich bei windows anmelde.
__________________Logfiles sind keine entstanden, die entstandenen Ordner sind leer. Ich glaube ich habe einen Fehler gemacht  Ich habe heute Antivir komplett durchlaufen lassen, sowie meinen PC mit Tuneuputilities11 gesäubert. Vermutlich hätte ich das nicht tun sollen gell?Naja Mist meine Schuld. Ich habe jetzt einfach nocheinmal ein Logfile mit OTL erstellt Code:
ATTFilter OTL logfile created on: 07.09.2012 18:59:13 - Run 2 OTL by OldTimer - Version 3.2.61.1 Folder = C:\Users\Mali\Desktop Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,50 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 62,47% Memory free 5,00 Gb Paging File | 3,98 Gb Available in Paging File | 79,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 115,83 Gb Total Space | 54,76 Gb Free Space | 47,27% Space Free | Partition Type: NTFS Drive D: | 112,46 Gb Total Space | 109,50 Gb Free Space | 97,37% Space Free | Partition Type: NTFS Drive E: | 4,58 Gb Total Space | 1,48 Gb Free Space | 32,39% Space Free | Partition Type: FAT32 Computer Name: MALI-PC | User Name: Mali | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.07 18:11:47 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Mali\Desktop\OTL.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.06.22 11:38:46 | 000,575,448 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe PRC - [2012.02.14 10:18:55 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.01.04 01:06:00 | 001,605,632 | ---- | M] (Don HO don.h@free.fr) -- D:\Programme_D\Notepad++\notepad++.exe PRC - [2011.12.15 16:00:00 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.12.15 15:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.12.15 15:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.12.15 15:59:37 | 000,306,128 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe PRC - [2011.12.15 15:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.12.13 10:34:54 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe PRC - [2011.12.13 10:32:32 | 001,527,104 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2008.09.05 02:01:00 | 001,794,048 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe PRC - [2008.09.05 02:01:00 | 000,364,544 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe PRC - [2000.01.01 02:00:00 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe ========== Modules (No Company Name) ========== MOD - [2012.02.14 10:18:53 | 001,911,768 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.01.09 20:44:20 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- D:\Programme_D\FileZilla FTP Client\fzshellext.dll MOD - [2011.09.21 22:46:28 | 001,673,728 | ---- | M] () -- D:\Programme_D\Notepad++\plugins\NppFTP.dll MOD - [2011.07.18 23:04:08 | 000,296,448 | ---- | M] () -- D:\Programme_D\Notepad++\NppShell_04.dll ========== Services (SafeList) ========== SRV - [2012.08.31 10:24:43 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.28 14:04:35 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.22 11:38:46 | 000,575,448 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2011.12.15 15:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.12.15 15:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.12.13 10:32:32 | 001,527,104 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.12.13 10:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2008.09.05 02:01:00 | 000,364,544 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2000.01.01 02:00:00 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- F:\INSTALL\GMSIPCI.SYS -- (GMSIPCI) DRV - [2012.06.22 11:39:14 | 000,070,768 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCTBD.sys -- (PCTBD) DRV - [2012.05.09 00:04:13 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.09 00:04:13 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.02.20 22:43:10 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.08.17 09:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011.07.28 18:37:10 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2011.06.06 17:03:54 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2010.11.20 23:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 23:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub) DRV - [2010.11.20 23:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010.11.20 23:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt) DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.08.13 16:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009.07.14 00:54:15 | 001,311,232 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32) DRV - [2009.07.14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 00:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS) DRV - [2008.09.05 02:01:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2008.09.05 02:01:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject) DRV - [2008.02.29 11:13:48 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2004.10.01 14:58:10 | 001,272,000 | ---- | M] (C-Media Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmudax.sys -- (cmudax) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=449e02b9000000000000001f3f032455 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A E0 F3 B7 5F 26 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=449e02b9000000000000001f3f032455 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "hxxp://www.bild.de/" FF - prefs.js..extensions.enabledAddons: pixelzoomer@matthiasschuetz.com:1.3 FF - prefs.js..extensions.enabledAddons: plugin@seitwert.de:1.0.7 FF - prefs.js..extensions.enabledAddons: seo4firefox@seobook.com:3.6.5 FF - prefs.js..extensions.enabledAddons: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.16 FF - prefs.js..extensions.enabledAddons: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.9.5.1 FF - prefs.js..extensions.enabledAddons: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8.1 FF - prefs.js..extensions.enabledAddons: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.10 FF - prefs.js..extensions.enabledAddons: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.41 FF - prefs.js..extensions.enabledAddons: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.12.9.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1 FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.36 FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5.1 FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.89 FF - prefs.js..extensions.enabledItems: plugin@seitwert.de:1.0.4 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=449e02b9000000000000001f3f032455&q=" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 57192 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mali\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mali\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.23 13:07:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012.09.06 16:40:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.14 10:18:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.23 13:07:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.14 10:18:55 | 000,000,000 | ---D | M] [2012.02.17 18:28:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mali\AppData\Roaming\mozilla\Extensions [2012.09.01 20:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mali\AppData\Roaming\mozilla\Firefox\Profiles\vw30zjhv.default\extensions [2012.08.30 10:43:25 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Mali\AppData\Roaming\mozilla\Firefox\Profiles\vw30zjhv.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2012.02.17 20:05:09 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Mali\AppData\Roaming\mozilla\Firefox\Profiles\vw30zjhv.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2012.08.03 09:06:09 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Mali\AppData\Roaming\mozilla\Firefox\Profiles\vw30zjhv.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012.08.28 14:02:59 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Mali\AppData\Roaming\mozilla\Firefox\Profiles\vw30zjhv.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2012.09.01 20:16:12 | 001,625,368 | ---- | M] () (No name found) -- C:\Users\Mali\AppData\Roaming\mozilla\firefox\profiles\vw30zjhv.default\extensions\firebug@software.joehewitt.com.xpi [2012.08.07 15:40:03 | 000,072,936 | ---- | M] () (No name found) -- C:\Users\Mali\AppData\Roaming\mozilla\firefox\profiles\vw30zjhv.default\extensions\pixelzoomer@matthiasschuetz.com.xpi [2012.05.16 00:34:56 | 000,065,304 | ---- | M] () (No name found) -- C:\Users\Mali\AppData\Roaming\mozilla\firefox\profiles\vw30zjhv.default\extensions\plugin@seitwert.de.xpi [2012.08.09 10:01:29 | 000,087,184 | ---- | M] () (No name found) -- C:\Users\Mali\AppData\Roaming\mozilla\firefox\profiles\vw30zjhv.default\extensions\seo4firefox@seobook.com.xpi [2011.08.25 01:41:32 | 000,028,993 | ---- | M] () (No name found) -- C:\Users\Mali\AppData\Roaming\mozilla\firefox\profiles\vw30zjhv.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2012.07.25 19:59:30 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Mali\AppData\Roaming\mozilla\firefox\profiles\vw30zjhv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.06.08 15:30:22 | 000,068,257 | ---- | M] () (No name found) -- C:\Users\Mali\AppData\Roaming\mozilla\firefox\profiles\vw30zjhv.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2012.01.29 22:24:16 | 000,002,519 | ---- | M] () -- C:\Users\Mali\AppData\Roaming\mozilla\firefox\profiles\vw30zjhv.default\searchplugins\Search_Results.xml [2012.04.24 23:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.08.31 10:24:43 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.05.05 18:35:18 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.08.31 10:24:42 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mali\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mali\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Mali\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mali\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll O1 HOSTS File: ([2012.09.07 13:51:04 | 000,001,387 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 secure.tune-up.com O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61D53828-0388-4BFB-BDF0-89E437E5EF86}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A33E87E4-1CBC-46BA-A398-409C915C47C1}: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27 - HKLM IFEO\chrome.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\setup.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{ea124859-5bfa-11e1-8a53-001f3f032455}\Shell - "" = AutoRun O33 - MountPoints2\{ea124859-5bfa-11e1-8a53-001f3f032455}\Shell\AutoRun\command - "" = G:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.07 18:17:25 | 000,000,000 | ---D | C] -- C:\_OTL [2012.09.07 18:14:27 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\Mali\Desktop\OTL.exe [2012.09.07 14:23:25 | 000,000,000 | ---D | C] -- C:\Users\Mali\Desktop\TuneUp.Utilities.2011.v10.0.4310.27.Keymaker.Only-CORE [2012.09.07 12:20:30 | 000,000,000 | ---D | C] -- C:\Users\Mali\Desktop\PDFs [2012.09.06 16:40:26 | 000,070,768 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTBD.sys [2012.09.06 16:40:25 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2012.09.06 16:40:25 | 001,689,560 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll [2012.09.06 16:40:25 | 000,149,464 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll [2012.09.06 16:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools [2012.09.06 16:35:44 | 000,203,120 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys [2012.09.06 16:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2012.09.06 16:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012.09.06 16:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2012.09.06 16:33:21 | 000,000,000 | ---D | C] -- C:\Users\Mali\AppData\Roaming\TestApp [2012.09.06 16:20:18 | 000,000,000 | ---D | C] -- C:\Users\Mali\Desktop\Kaspersky Rescue2Usb [2012.09.01 20:45:08 | 000,000,000 | ---D | C] -- C:\BEWERBUNGEN [2012.08.28 15:15:21 | 000,000,000 | ---D | C] -- C:\Users\Mali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.08.28 15:12:47 | 000,000,000 | ---D | C] -- C:\Users\Mali\AppData\Roaming\Opera [2012.08.28 15:12:47 | 000,000,000 | ---D | C] -- C:\Users\Mali\AppData\Local\Opera [2012.08.28 15:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2012.08.28 14:37:54 | 000,000,000 | ---D | C] -- C:\Users\Mali\Downloads\Documents\Visual Studio 2008 [2012.08.21 21:52:37 | 000,000,000 | ---D | C] -- C:\Finanzen-Ordner [2012.08.21 18:40:42 | 000,000,000 | ---D | C] -- C:\Users\Mali\AppData\Roaming\PDAppFlex [2012.08.21 18:37:11 | 000,000,000 | ---D | C] -- C:\Users\Mali\Downloads\Documents\Adobe Scripts [2012.08.21 18:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM [2012.08.21 17:33:42 | 000,000,000 | ---D | C] -- C:\Users\Mali\Desktop\Adobe Illustrator CS6 [2012.08.21 17:32:16 | 000,000,000 | ---D | C] -- C:\Users\Mali\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.08.21 17:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant [2012.08.21 17:10:44 | 000,000,000 | ---D | C] -- C:\ProgramData\CorelDRAW Graphics Suite X6.1 [2012.08.21 16:48:13 | 000,000,000 | ---D | C] -- C:\Users\Mali\Downloads\Documents\Meine Paletten [2012.08.21 16:47:21 | 000,000,000 | ---D | C] -- C:\Users\Mali\AppData\Roaming\Corel [2012.08.21 16:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis [2012.08.21 16:42:50 | 000,000,000 | ---D | C] -- C:\Users\Mali\Downloads\Documents\Corel [2012.08.21 16:42:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\Visual Studio 2008Templates [2012.08.21 16:42:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\Visual Studio 2008 [2012.08.21 16:42:36 | 000,000,000 | ---D | C] -- C:\Users\Mali\AppData\Local\Microsoft Help [2012.08.21 16:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs [2012.08.21 16:41:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0 [2012.08.21 16:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012.08.21 16:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel [2012.08.21 16:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\CorelDRAW Graphics Suite X6 [2012.08.21 16:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision [2012.08.21 16:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia [2012.08.21 16:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Macromedia [2012.08.16 01:33:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.08.16 01:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.08.16 01:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.08.16 01:32:39 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.08.16 01:32:39 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.08.15 09:27:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.08.15 09:27:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.08.15 09:27:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.08.15 09:27:15 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.08.15 09:27:14 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.08.15 09:27:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.08.15 09:27:13 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.08.15 09:08:39 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2012.08.15 09:08:37 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.08.15 09:08:35 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll [2012.08.11 20:20:21 | 000,000,000 | ---D | C] -- C:\Users\Mali\Desktop\Bilder [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.07 18:58:54 | 000,022,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.07 18:58:54 | 000,022,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.07 18:51:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.07 18:51:13 | 2012,913,664 | -HS- | M] () -- C:\hiberfil.sys [2012.09.07 18:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.07 18:11:47 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Mali\Desktop\OTL.exe [2012.09.07 15:44:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.07 15:44:50 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.07 15:44:50 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-565900265-4055734772-1650192657-1000UA.job [2012.09.07 15:44:50 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-565900265-4055734772-1650192657-1000Core.job [2012.09.07 13:51:04 | 000,001,387 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.09.07 13:12:50 | 000,353,251 | ---- | M] () -- C:\Users\Mali\Desktop\businessfrau_finanzdachs.jpg [2012.09.07 13:08:16 | 000,055,080 | ---- | M] () -- C:\Users\Mali\Desktop\frau1.jpg [2012.09.06 22:48:37 | 000,001,176 | ---- | M] () -- C:\Users\Mali\Desktop\Continue Download Accelerator Installation.lnk [2012.09.06 21:33:35 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.06 21:33:35 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.06 21:33:35 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.06 21:33:35 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.06 16:36:16 | 001,124,875 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB [2012.09.06 16:33:28 | 000,000,378 | ---- | M] () -- C:\Users\Mali\Desktop\sdsetup_aff.exe.lnk [2012.09.06 16:16:12 | 000,387,584 | ---- | M] () -- C:\Users\Mali\Desktop\rescue2usb.exe [2012.09.06 14:53:16 | 004,503,728 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.09.06 00:57:32 | 000,003,110 | ---- | M] () -- C:\Users\Mali\Desktop\Menuversuch.png [2012.09.06 00:57:32 | 000,000,132 | ---- | M] () -- C:\Users\Mali\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.09.02 21:21:04 | 000,001,456 | ---- | M] () -- C:\Users\Mali\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2012.09.02 21:08:56 | 000,052,185 | ---- | M] () -- C:\Users\Mali\Desktop\Businesfrau.jpg [2012.08.31 00:30:12 | 000,000,132 | ---- | M] () -- C:\Users\Mali\AppData\Roaming\Adobe GIF Format CS5 Prefs [2012.08.28 14:04:34 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.08.28 14:04:34 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.08.24 21:37:33 | 000,014,181 | ---- | M] () -- C:\Users\Mali\Desktop\Türbeschläge.ods [2012.08.22 09:29:19 | 007,283,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.21 00:53:32 | 000,064,688 | ---- | M] () -- C:\tagesgeldkonto-250.jpg [2012.08.16 01:32:19 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.08.16 01:32:19 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.08.16 01:32:19 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.08.13 21:34:18 | 000,000,197 | ---- | M] () -- C:\.htaccess [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.07 13:10:38 | 000,353,251 | ---- | C] () -- C:\Users\Mali\Desktop\businessfrau_finanzdachs.jpg [2012.09.07 13:08:05 | 000,055,080 | ---- | C] () -- C:\Users\Mali\Desktop\frau1.jpg [2012.09.07 12:53:55 | 000,052,185 | ---- | C] () -- C:\Users\Mali\Desktop\Businesfrau.jpg [2012.09.06 22:48:37 | 000,001,176 | ---- | C] () -- C:\Users\Mali\Desktop\Continue Download Accelerator Installation.lnk [2012.09.06 16:40:26 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll [2012.09.06 16:40:25 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip [2012.09.06 16:40:25 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml [2012.09.06 16:40:25 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml [2012.09.06 16:40:25 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip [2012.09.06 16:35:52 | 001,124,875 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB [2012.09.06 16:33:28 | 000,000,378 | ---- | C] () -- C:\Users\Mali\Desktop\sdsetup_aff.exe.lnk [2012.09.06 16:16:30 | 000,387,584 | ---- | C] () -- C:\Users\Mali\Desktop\rescue2usb.exe [2012.09.06 14:40:56 | 004,503,728 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.09.06 00:57:30 | 000,003,110 | ---- | C] () -- C:\Users\Mali\Desktop\Menuversuch.png [2012.08.28 15:14:16 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-565900265-4055734772-1650192657-1000UA.job [2012.08.28 15:14:15 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-565900265-4055734772-1650192657-1000Core.job [2012.08.28 15:12:40 | 000,001,787 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012.08.24 21:37:31 | 000,014,181 | ---- | C] () -- C:\Users\Mali\Desktop\Türbeschläge.ods [2012.08.21 18:33:57 | 000,001,608 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6.lnk [2012.08.21 18:33:23 | 000,001,127 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk [2012.08.21 18:32:17 | 000,001,311 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk [2012.08.21 18:32:12 | 000,001,477 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk [2012.08.21 18:31:43 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2012.08.21 17:32:11 | 000,001,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk [2012.08.21 16:59:30 | 000,322,017 | ---- | C] () -- C:\Users\Mali\Desktop\content.ai [2012.08.21 00:54:00 | 000,064,688 | ---- | C] () -- C:\tagesgeldkonto-250.jpg [2012.08.12 21:29:42 | 000,000,197 | ---- | C] () -- C:\.htaccess [2012.05.31 14:51:42 | 000,007,649 | ---- | C] () -- C:\Users\Mali\AppData\Local\Resmon.ResmonCfg [2012.03.23 13:10:13 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp [2012.03.23 13:01:05 | 000,245,266 | ---- | C] () -- C:\Windows\hpoins19.dat [2012.03.23 13:01:05 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2012.03.19 21:59:26 | 000,001,456 | ---- | C] () -- C:\Users\Mali\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2012.02.29 12:56:59 | 000,000,132 | ---- | C] () -- C:\Users\Mali\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.02.22 12:03:55 | 000,000,132 | ---- | C] () -- C:\Users\Mali\AppData\Roaming\Adobe GIF Format CS5 Prefs [2012.02.19 21:22:04 | 000,000,169 | ---- | C] () -- C:\Windows\RtlRack.ini [2012.02.19 21:11:57 | 000,237,568 | ---- | C] () -- C:\Windows\System32\cmirmdrv.exe [2012.02.19 21:11:57 | 000,028,672 | ---- | C] () -- C:\Windows\System32\cmirmdrv.dll [2012.02.19 21:11:57 | 000,001,176 | ---- | C] () -- C:\Windows\ImpTable.bin [2012.02.19 21:02:57 | 000,000,164 | ---- | C] () -- C:\Windows\avrack.ini [2012.02.19 21:02:54 | 000,156,672 | ---- | C] () -- C:\Windows\System32\RtlCPAPI.dll [2012.02.19 21:02:54 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ChCfg.exe [2012.02.17 15:56:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.02.17 15:56:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2010.11.21 02:30:51 | 000,696,620 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010.11.21 02:30:51 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010.11.21 02:30:51 | 000,147,916 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010.11.21 02:30:51 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.11.20 23:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > Was kann ich jetzt tun? Beste Grüße |
|
08.09.2012, 14:12
| #4 | |
| /// Helfer-Team | GVU Problem. System säubern ohne formatieren.Zitat:
Nochmal: http://www.trojaner-board.de/123646-...tml#post910414 |
|
08.09.2012, 19:54
| #5 |
| | GVU Problem. System säubern ohne formatieren. Okay war auch nur ein Versuch mit tuneup. Habs wieder runtergeschmissen. Von daher bitte auch bestimmte Meldungen im mbam-log ignorieren.  Also hier jetzt die geforderten Logs. OTL.log Code:
ATTFilter All processes killed
========== OTL ==========
Error: No service named SetupNTGLM7X was found to stop!
Service\Driver key SetupNTGLM7X not found.
File F:\NTGLM7X.sys not found.
Error: No service named SANDRA was found to stop!
Service\Driver key SANDRA not found.
File D:\Programme_D\SiSoftware Sandra Lite 2012.SP2\WNt500x86\Sandra.sys not found.
Error: No service named NTACCESS was found to stop!
Service\Driver key NTACCESS not found.
File F:\NTACCESS.sys not found.
Service GMSIPCI stopped successfully!
Service GMSIPCI deleted successfully!
File F:\INSTALL\GMSIPCI.SYS not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ deleted successfully.
C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.suggest.enabled
Prefs.js: "hxxp://www.bild.de/" removed from browser.startup.homepage
Prefs.js: pixelzoomer@matthiasschuetz.com:1.3 removed from extensions.enabledAddons
Prefs.js: plugin@seitwert.de:1.0.7 removed from extensions.enabledAddons
Prefs.js: seO4firefox@seobook.com:3.6.5 removed from extensions.enabledAddons
Prefs.js: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.16 removed from extensions.enabledAddons
Prefs.js: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.9.5.1 removed from extensions.enabledAddons
Prefs.js: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8.1 removed from extensions.enabledAddons
Prefs.js: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.10 removed from extensions.enabledAddons
Prefs.js: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.41 removed from extensions.enabledAddons
Prefs.js: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.12.9.1 removed from extensions.enabledAddons
Prefs.js: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 removed from extensions.enabledItems
Prefs.js: firebug@software.joehewitt.com:1.6.2 removed from extensions.enabledItems
Prefs.js: jqs@sun.com:1.0 removed from extensions.enabledItems
Prefs.js: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2 removed from extensions.enabledItems
Prefs.js: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 removed from extensions.enabledItems
Prefs.js: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1 removed from extensions.enabledItems
Prefs.js: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.36 removed from extensions.enabledItems
Prefs.js: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5.1 removed from extensions.enabledItems
Prefs.js: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.89 removed from extensions.enabledItems
Prefs.js: plugin@seitwert.de:1.0.4 removed from extensions.enabledItems
Prefs.js: "hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=449e02b9000000000000001f3f032455&q=" removed from keyword.URL
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 57192 removed from network.proxy.http_port
Prefs.js: 0 removed from network.proxy.type
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cmaudio deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea124859-5bfa-11e1-8a53-001f3f032455}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea124859-5bfa-11e1-8a53-001f3f032455}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea124859-5bfa-11e1-8a53-001f3f032455}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea124859-5bfa-11e1-8a53-001f3f032455}\ not found.
File G:\pushinst.exe not found.
C:\ProgramData\Temp folder moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
Unable to delete ADS C:\ProgramData\Temp:430C6D84 .
Unable to delete ADS C:\ProgramData\Temp:DFC5A2B2 .
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\Mali\AppData\Local\{*} not found.
C:\Users\Mali\AppData\Local\Temp\GC_PCTOOLS.exe moved successfully.
C:\Users\Mali\AppData\Local\Temp\TUUUninstallHelper.exe moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\Mali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Mali\Desktop\cmd.bat deleted successfully.
C:\Users\Mali\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Mali
->Temp folder emptied: 109466357 bytes
->Temporary Internet Files folder emptied: 12810012 bytes
->FireFox cache emptied: 134141042 bytes
->Google Chrome cache emptied: 6658025 bytes
->Opera cache emptied: 396034 bytes
->Flash cache emptied: 15221020 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 29504 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 525067 bytes
RecycleBin emptied: 2684315 bytes
Total Files Cleaned = 269,00 mb
OTL by OldTimer - Version 3.2.61.1 log created on 09082012_173403
Files\Folders moved on Reboot...
File\Folder C:\Windows\System32\uxt4319.tmp not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.08.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Mali :: MALI-PC [Administrator] 08.09.2012 17:48:42 mbam-log-2012-09-08 (17-48-42).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 502789 Laufzeit: 2 Stunde(n), 21 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCleaner.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Programme\Alcohol Soft\Alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mali\Desktop\TuneUp.Utilities.2011.v10.0.4310.27.Keymaker.Only-CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mali\Desktop\TuneUp.Utilities.2011.v10.0.4310.27.Keymaker.Only-CORE\keygen.exe (Malware.Packer) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\System Volume Information\_restore{26B6FC4A-E890-40BA-BD0D-C7A9D17456FD}\RP51\A0021272.dll (Trojan.Krypt) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\09082012_173403\C_Users\Mali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\2c707ef1-6e22a69e (Spyware.Passwords.JG) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v2.000 - Datei am 09/08/2012 um 20:29:47 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Enterprise Service Pack 1 (32 bits)
# Benutzer : Mali - MALI-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Mali\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\Mali\AppData\Roaming\Mozilla\Firefox\Profiles\vw30zjhv.default\searchplugins\Search_Results.xml
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\Users\Mali\AppData\Local\Babylon
Ordner Gefunden : C:\Users\Mali\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Mali\AppData\Roaming\Mozilla\Firefox\Profiles\vw30zjhv.default\Conduit
Ordner Gefunden : C:\Users\Mali\AppData\Roaming\Mozilla\Firefox\Profiles\vw30zjhv.default\Searchqutoolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\Mali\AppData\Roaming\Mozilla\Firefox\Profiles\vw30zjhv.default\prefs.js
Gefunden : user_pref("CT2504091..clientLogIsEnabled", true);
Gefunden : user_pref("CT2504091..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2504091..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2504091.AppTrackingLastCheckTime", "Tue Apr 19 2011 08:37:05 GMT+0200");
Gefunden : user_pref("CT2504091.CTID", "CT2504091");
Gefunden : user_pref("CT2504091.CurrentServerDate", "19-4-2011");
Gefunden : user_pref("CT2504091.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2504091.DialogsGetterLastCheckTime", "Tue Apr 19 2011 08:36:50 GMT+0200");
Gefunden : user_pref("CT2504091.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2504091.EMailNotifierPollDate", "Tue Apr 19 2011 08:36:52 GMT+0200");
Gefunden : user_pref("CT2504091.FeedLastCount129079840422964131", 10);
Gefunden : user_pref("CT2504091.FeedPollDate128891351169457140", "Tue Apr 19 2011 08:36:53 GMT+0200");
Gefunden : user_pref("CT2504091.FeedPollDate129079840422964131", "Tue Apr 19 2011 08:36:53 GMT+0200");
Gefunden : user_pref("CT2504091.FeedTTL128891351169457140", 40);
Gefunden : user_pref("CT2504091.FirstServerDate", "19-4-2011");
Gefunden : user_pref("CT2504091.FirstTime", true);
Gefunden : user_pref("CT2504091.FirstTimeFF3", true);
Gefunden : user_pref("CT2504091.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2504091.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2504091.Initialize", true);
Gefunden : user_pref("CT2504091.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2504091.InstallationAndCookieDataSentCount", 1);
Gefunden : user_pref("CT2504091.InstallationId", "StubInstaller");
Gefunden : user_pref("CT2504091.InstallationType", "ConduitIntegration");
Gefunden : user_pref("CT2504091.InstalledDate", "Tue Apr 19 2011 08:36:52 GMT+0200");
Gefunden : user_pref("CT2504091.IsGrouping", false);
Gefunden : user_pref("CT2504091.IsMulticommunity", false);
Gefunden : user_pref("CT2504091.IsOpenThankYouPage", false);
Gefunden : user_pref("CT2504091.IsOpenUninstallPage", false);
Gefunden : user_pref("CT2504091.LanguagePackLastCheckTime", "Tue Apr 19 2011 08:36:53 GMT+0200");
Gefunden : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2504091.LastLogin_3.3.3.2", "Tue Apr 19 2011 08:36:51 GMT+0200");
Gefunden : user_pref("CT2504091.LatestVersion", "3.3.3.2");
Gefunden : user_pref("CT2504091.Locale", "en-us");
Gefunden : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2504091.MCDetectTooltipShow", false);
Gefunden : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Gefunden : user_pref("CT2504091.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Tue Apr 19 2011 08:36:52 GMT+0200");
Gefunden : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gefunden : user_pref("CT2504091.SearchInNewTabUserEnabled", false);
Gefunden : user_pref("CT2504091.ServiceMapLastCheckTime", "Tue Apr 19 2011 08:36:35 GMT+0200");
Gefunden : user_pref("CT2504091.SettingsLastCheckTime", "Tue Apr 19 2011 08:36:37 GMT+0200");
Gefunden : user_pref("CT2504091.SettingsLastUpdate", "1301829146");
Gefunden : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Tue Apr 19 2011 08:36:35 GMT+0200");
Gefunden : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1246786978");
Gefunden : user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2504091");
Gefunden : user_pref("CT2504091.UserID", "UN47858559120534769");
Gefunden : user_pref("CT2504091.ValidationData_Toolbar", 0);
Gefunden : user_pref("CT2504091.alertChannelId", "897164");
Gefunden : user_pref("CT2504091.components.1000034", false);
Gefunden : user_pref("CT2504091.components.129079840422182852", false);
Gefunden : user_pref("CT2504091.components.129079840422339107", false);
Gefunden : user_pref("CT2504091.components.129079840422964131", false);
Gefunden : user_pref("CT2504091.components.129079849636241789", false);
Gefunden : user_pref("CT2504091.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Gefunden : user_pref("CT2504091.globalFirstTimeInfoLastCheckTime", "Tue Apr 19 2011 08:36:51 GMT+0200");
Gefunden : user_pref("CT2504091.isAppTrackingManagerOn", true);
Gefunden : user_pref("CT2504091.myStuffEnabled", true);
Gefunden : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2504091.testingCtid", "");
Gefunden : user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Tue Apr 19 2011 08:36:51 GMT+0200");
Gefunden : user_pref("CT2504091.toolbarContextMenuLastCheckTime", "Tue Apr 19 2011 08:36:53 GMT+0200");
Gefunden : user_pref("CT2504091.usagesFlag", 2);
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/897164/892962/DE", "\"0\"")[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2504091/CT2504091[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Gefunden : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Gefunden : user_pref("CommunityToolbar.EngineOwner", "");
Gefunden : user_pref("CommunityToolbar.EngineOwnerGuid", "");
Gefunden : user_pref("CommunityToolbar.EngineOwnerToolbarId", "");
Gefunden : user_pref("CommunityToolbar.IsEngineShown", false);
Gefunden : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
Gefunden : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Apr 19 2011 08:36:38 GMT+02[...]
Gefunden : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gefunden : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Apr 30 2011 10:54:37 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.locale", "en");
Gefunden : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Apr 30 2011 10:54:19 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1303303927");
Gefunden : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.alert.userId", "155b4a1d-73fc-4241-925e-9942b3037235");
Gefunden : user_pref("CommunityToolbar.globalUserId", "ba328342-bdf6-4090-8fa0-e1d1ff95f2fc");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gefunden : user_pref("extensions.BabylonToolbar.aflt", "orgnl");
Gefunden : user_pref("extensions.BabylonToolbar.bbDpng", 4);
Gefunden : user_pref("extensions.BabylonToolbar.firstRun", false);
Gefunden : user_pref("extensions.BabylonToolbar.lastDP", 4);
Gefunden : user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
Gefunden : user_pref("extensions.BabylonToolbar.newTab", true);
Gefunden : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Gefunden : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Gefunden : user_pref("extensions.BabylonToolbar.smplGrp", "free");
Gefunden : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Gefunden : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819");
Gefunden : user_pref("extensions.BabylonToolbar_i.hardId", "449e02b9000000000000001f3f032455");
Gefunden : user_pref("extensions.BabylonToolbar_i.id", "449e02b9000000000000001f3f032455");
Gefunden : user_pref("extensions.BabylonToolbar_i.instlDay", "15465");
Gefunden : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&babsrc=N[...]
Gefunden : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gefunden : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gefunden : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:35:25");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Gefunden : user_pref("extensions.softonic_i.aflt", "SD");
Gefunden : user_pref("extensions.softonic_i.dfltLng", "de");
Gefunden : user_pref("extensions.softonic_i.excTlbr", false);
Gefunden : user_pref("extensions.softonic_i.id", "449e02b90000000000000013d301ceee");
Gefunden : user_pref("extensions.softonic_i.instlDay", "15372");
Gefunden : user_pref("extensions.softonic_i.instlRef", "MON00015");
Gefunden : user_pref("extensions.softonic_i.newTab", false);
Gefunden : user_pref("extensions.softonic_i.prdct", "softonic");
Gefunden : user_pref("extensions.softonic_i.prtnrId", "softonic");
Gefunden : user_pref("extensions.softonic_i.smplGrp", "eng7");
Gefunden : user_pref("extensions.softonic_i.tlbrId", "de12JANdefault");
Gefunden : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSour[...]
Gefunden : user_pref("extensions.softonic_i.vrsn", "1.5.11.5");
Gefunden : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.522:12:50");
Gefunden : user_pref("extensions.softonic_i.vrsni", "1.5.11.5");
-\\ Google Chrome v21.0.1180.89
Datei : C:\Users\Mali\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v12.1.1532.0
Datei : C:\Users\Mali\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [15251 octets] - [08/09/2012 20:29:47]
########## EOF - C:\AdwCleaner[R1].txt - [15312 octets] ##########
Code:
ATTFilter # AdwCleaner v2.000 - Datei am 09/08/2012 um 20:32:35 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Enterprise Service Pack 1 (32 bits)
# Benutzer : Mali - MALI-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Mali\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Mali\AppData\Roaming\Mozilla\Firefox\Profiles\vw30zjhv.default\searchplugins\Search_Results.xml
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Mali\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Mali\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Mali\AppData\Roaming\Mozilla\Firefox\Profiles\vw30zjhv.default\Conduit
Ordner Gelöscht : C:\Users\Mali\AppData\Roaming\Mozilla\Firefox\Profiles\vw30zjhv.default\Searchqutoolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\Mali\AppData\Roaming\Mozilla\Firefox\Profiles\vw30zjhv.default\prefs.js
C:\Users\Mali\AppData\Roaming\Mozilla\Firefox\Profiles\vw30zjhv.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2504091..clientLogIsEnabled", true);
Gelöscht : user_pref("CT2504091..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2504091..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2504091.AppTrackingLastCheckTime", "Tue Apr 19 2011 08:37:05 GMT+0200");
Gelöscht : user_pref("CT2504091.CTID", "CT2504091");
Gelöscht : user_pref("CT2504091.CurrentServerDate", "19-4-2011");
Gelöscht : user_pref("CT2504091.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2504091.DialogsGetterLastCheckTime", "Tue Apr 19 2011 08:36:50 GMT+0200");
Gelöscht : user_pref("CT2504091.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2504091.EMailNotifierPollDate", "Tue Apr 19 2011 08:36:52 GMT+0200");
Gelöscht : user_pref("CT2504091.FeedLastCount129079840422964131", 10);
Gelöscht : user_pref("CT2504091.FeedPollDate128891351169457140", "Tue Apr 19 2011 08:36:53 GMT+0200");
Gelöscht : user_pref("CT2504091.FeedPollDate129079840422964131", "Tue Apr 19 2011 08:36:53 GMT+0200");
Gelöscht : user_pref("CT2504091.FeedTTL128891351169457140", 40);
Gelöscht : user_pref("CT2504091.FirstServerDate", "19-4-2011");
Gelöscht : user_pref("CT2504091.FirstTime", true);
Gelöscht : user_pref("CT2504091.FirstTimeFF3", true);
Gelöscht : user_pref("CT2504091.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2504091.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2504091.Initialize", true);
Gelöscht : user_pref("CT2504091.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2504091.InstallationAndCookieDataSentCount", 1);
Gelöscht : user_pref("CT2504091.InstallationId", "StubInstaller");
Gelöscht : user_pref("CT2504091.InstallationType", "ConduitIntegration");
Gelöscht : user_pref("CT2504091.InstalledDate", "Tue Apr 19 2011 08:36:52 GMT+0200");
Gelöscht : user_pref("CT2504091.IsGrouping", false);
Gelöscht : user_pref("CT2504091.IsMulticommunity", false);
Gelöscht : user_pref("CT2504091.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2504091.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2504091.LanguagePackLastCheckTime", "Tue Apr 19 2011 08:36:53 GMT+0200");
Gelöscht : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2504091.LastLogin_3.3.3.2", "Tue Apr 19 2011 08:36:51 GMT+0200");
Gelöscht : user_pref("CT2504091.LatestVersion", "3.3.3.2");
Gelöscht : user_pref("CT2504091.Locale", "en-us");
Gelöscht : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2504091.MCDetectTooltipShow", false);
Gelöscht : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Gelöscht : user_pref("CT2504091.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Tue Apr 19 2011 08:36:52 GMT+0200");
Gelöscht : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2504091.SearchInNewTabUserEnabled", false);
Gelöscht : user_pref("CT2504091.ServiceMapLastCheckTime", "Tue Apr 19 2011 08:36:35 GMT+0200");
Gelöscht : user_pref("CT2504091.SettingsLastCheckTime", "Tue Apr 19 2011 08:36:37 GMT+0200");
Gelöscht : user_pref("CT2504091.SettingsLastUpdate", "1301829146");
Gelöscht : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Tue Apr 19 2011 08:36:35 GMT+0200");
Gelöscht : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1246786978");
Gelöscht : user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2504091");
Gelöscht : user_pref("CT2504091.UserID", "UN47858559120534769");
Gelöscht : user_pref("CT2504091.ValidationData_Toolbar", 0);
Gelöscht : user_pref("CT2504091.alertChannelId", "897164");
Gelöscht : user_pref("CT2504091.components.1000034", false);
Gelöscht : user_pref("CT2504091.components.129079840422182852", false);
Gelöscht : user_pref("CT2504091.components.129079840422339107", false);
Gelöscht : user_pref("CT2504091.components.129079840422964131", false);
Gelöscht : user_pref("CT2504091.components.129079849636241789", false);
Gelöscht : user_pref("CT2504091.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Gelöscht : user_pref("CT2504091.globalFirstTimeInfoLastCheckTime", "Tue Apr 19 2011 08:36:51 GMT+0200");
Gelöscht : user_pref("CT2504091.isAppTrackingManagerOn", true);
Gelöscht : user_pref("CT2504091.myStuffEnabled", true);
Gelöscht : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2504091.testingCtid", "");
Gelöscht : user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Tue Apr 19 2011 08:36:51 GMT+0200");
Gelöscht : user_pref("CT2504091.toolbarContextMenuLastCheckTime", "Tue Apr 19 2011 08:36:53 GMT+0200");
Gelöscht : user_pref("CT2504091.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/897164/892962/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2504091/CT2504091[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Gelöscht : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", false);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Apr 19 2011 08:36:38 GMT+02[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Apr 30 2011 10:54:37 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Apr 30 2011 10:54:19 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1303303927");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "155b4a1d-73fc-4241-925e-9942b3037235");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "ba328342-bdf6-4090-8fa0-e1d1ff95f2fc");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "orgnl");
Gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 4);
Gelöscht : user_pref("extensions.BabylonToolbar.firstRun", false);
Gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 4);
Gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
Gelöscht : user_pref("extensions.BabylonToolbar.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Gelöscht : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "free");
Gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819");
Gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "449e02b9000000000000001f3f032455");
Gelöscht : user_pref("extensions.BabylonToolbar_i.id", "449e02b9000000000000001f3f032455");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15465");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&babsrc=N[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:35:25");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Gelöscht : user_pref("extensions.softonic_i.aflt", "SD");
Gelöscht : user_pref("extensions.softonic_i.dfltLng", "de");
Gelöscht : user_pref("extensions.softonic_i.excTlbr", false);
Gelöscht : user_pref("extensions.softonic_i.id", "449e02b90000000000000013d301ceee");
Gelöscht : user_pref("extensions.softonic_i.instlDay", "15372");
Gelöscht : user_pref("extensions.softonic_i.instlRef", "MON00015");
Gelöscht : user_pref("extensions.softonic_i.newTab", false);
Gelöscht : user_pref("extensions.softonic_i.prdct", "softonic");
Gelöscht : user_pref("extensions.softonic_i.prtnrId", "softonic");
Gelöscht : user_pref("extensions.softonic_i.smplGrp", "eng7");
Gelöscht : user_pref("extensions.softonic_i.tlbrId", "de12JANdefault");
Gelöscht : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSour[...]
Gelöscht : user_pref("extensions.softonic_i.vrsn", "1.5.11.5");
Gelöscht : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.522:12:50");
Gelöscht : user_pref("extensions.softonic_i.vrsni", "1.5.11.5");
-\\ Google Chrome v21.0.1180.89
Datei : C:\Users\Mali\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v12.1.1532.0
Datei : C:\Users\Mali\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [15382 octets] - [08/09/2012 20:29:47]
AdwCleaner[S1].txt - [15855 octets] - [08/09/2012 20:32:35]
########## EOF - C:\AdwCleaner[S1].txt - [15916 octets] ##########
|
|
08.09.2012, 20:37
| #6 | |
| /// Helfer-Team | GVU Problem. System säubern ohne formatieren.Zitat:
Schon mal darueber nachgedacht, warum es Cracks gibt? Mit Cracks & Co installiert man sich Hintertueren auf dem Rechner. Kriminelle nutzen solche Rechner als Botnetz fuer ihre Machenschaften. Dein System ist als nicht vertrauenswuerdig einzustufen und du solltest keine sensiblen Sachen wie Homebanking an dem PC betreiben. Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP 1. Datenrettung:
2. Formatieren, Windows neu instalieren:
3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
__________________ --> GVU Problem. System säubern ohne formatieren. |
|
| Themen zu GVU Problem. System säubern ohne formatieren. |
| angezeigt, aufrufe, aufrufen, befehl, bli, desktop, dont.steal.our.software, fehlermeldung, formatieren, installiert, locker, löschen, malware.packer, malware.packer.genx, modus, nicht möglich, programm, rechner, security.hijack, spyware.passwords.jg, starte, startet, trojan.krypt, trojaner, verlangt, warnung, überhaupt |
Linear-Darstellung
